feat(properties): prepare property commands before execution
Build and Push Docker Container / build-and-push (push) Successful in 4m28s
Build and Push Docker Container / build-and-push (push) Successful in 4m28s
- Create missing note files before running property:set. - Default date-only datetime values to midnight. - Keep property names out of path authorization checks. - Split policy, vault, daily note, and command target helpers. - Split n8n node args, description, output, and API response helpers. - Split API tests by auth, command, daily note, and property behavior. - Bump API and n8n node versions.
This commit is contained in:
@@ -0,0 +1,60 @@
|
||||
import json
|
||||
|
||||
from conftest import client, use_jwt_auth, use_work_vault
|
||||
|
||||
def test_path_restricted_token_allows_daily_command_from_obsidian_config(monkeypatch, tmp_path):
|
||||
vault = tmp_path / "vault"
|
||||
config = vault / ".obsidian"
|
||||
config.mkdir(parents=True)
|
||||
(config / "daily-notes.json").write_text(json.dumps({"folder": "00. Journal", "format": "YYYY-MM-DD"}))
|
||||
|
||||
use_work_vault(monkeypatch, vault)
|
||||
token = use_jwt_auth(monkeypatch, {"sub": "daily", "commands": ["daily:append"], "vaults": ["work"], "paths": ["00. Journal/"]})
|
||||
|
||||
response = client.post(
|
||||
"/commands",
|
||||
headers={"Authorization": f"Bearer {token}"},
|
||||
json={"args": ["vault=work", "daily:append", "content=ok"], "cwd": str(vault)},
|
||||
)
|
||||
|
||||
assert response.status_code == 200
|
||||
assert response.json()["command"] == ["python", "vault=work", "daily:append", "content=ok"]
|
||||
|
||||
def test_path_restricted_token_allows_vault_info_command(monkeypatch):
|
||||
token = use_jwt_auth(monkeypatch, {"sub": "daily", "commands": ["daily:append", "vault", "vaults"], "vaults": ["*"], "paths": ["00. Journal/"]})
|
||||
|
||||
response = client.post(
|
||||
"/commands",
|
||||
headers={"Authorization": f"Bearer {token}"},
|
||||
json={"args": ["vault"]},
|
||||
)
|
||||
|
||||
assert response.status_code == 200
|
||||
assert response.json()["command"] == ["python", "vault"]
|
||||
|
||||
response = client.post(
|
||||
"/commands",
|
||||
headers={"Authorization": f"Bearer {token}"},
|
||||
json={"args": ["vaults"]},
|
||||
)
|
||||
|
||||
assert response.status_code == 200
|
||||
assert response.json()["command"] == ["python", "vaults"]
|
||||
|
||||
def test_path_restricted_token_denies_daily_command_outside_obsidian_config(monkeypatch, tmp_path):
|
||||
vault = tmp_path / "vault"
|
||||
config = vault / ".obsidian"
|
||||
config.mkdir(parents=True)
|
||||
(config / "daily-notes.json").write_text(json.dumps({"folder": "Journal", "format": "YYYY-MM-DD"}))
|
||||
|
||||
use_work_vault(monkeypatch, vault)
|
||||
token = use_jwt_auth(monkeypatch, {"sub": "daily", "commands": ["daily:append"], "vaults": ["work"], "paths": ["00. Journal/"]})
|
||||
|
||||
response = client.post(
|
||||
"/commands",
|
||||
headers={"Authorization": f"Bearer {token}"},
|
||||
json={"args": ["vault=work", "daily:append", "content=ok"], "cwd": str(vault)},
|
||||
)
|
||||
|
||||
assert response.status_code == 403
|
||||
assert response.json()["detail"].startswith("token is not allowed to access path: Journal/")
|
||||
Reference in New Issue
Block a user