import base64 import hashlib import hmac import json import os import time from starlette.testclient import TestClient os.environ.setdefault("OBSIDIAN_JWT_SECRET", "test-jwt-secret") os.environ.setdefault("OBSIDIAN_CLI_BIN", "python") os.environ.setdefault("OBSIDIAN_VAULT_PATH", ".") import app.auth as authmod # noqa: E402 from app.main import app # noqa: E402 client = TestClient(app) def make_jwt(claims:dict, secret:bytes = b"test-jwt-secret") -> str: header = {"alg": "HS256", "typ": "JWT"} def enc(value:dict) -> str: raw = json.dumps(value, separators=(",", ":")).encode() return base64.urlsafe_b64encode(raw).decode().rstrip("=") signing_input = f"{enc(header)}.{enc(claims)}" signature = hmac.new(secret, signing_input.encode(), hashlib.sha256).digest() return f"{signing_input}.{base64.urlsafe_b64encode(signature).decode().rstrip('=')}" def jwt(claims:dict|None = None) -> str: claims = claims or {} claims.setdefault("sub", "tests") claims.setdefault("vaults", ["*"]) claims.setdefault("paths", ["*"]) claims.setdefault("commands", ["*"]) claims.setdefault("exp", int(time.time()) + 3600) return make_jwt(claims) def use_jwt_auth(monkeypatch, claims:dict) -> str: monkeypatch.setattr(authmod, "JWT_SECRET", "test-jwt-secret") return jwt(claims) def use_work_vault(monkeypatch, vault) -> None: monkeypatch.setattr("app.vaults.REGISTERED_VAULTS", {"work": str(vault)}) monkeypatch.setattr("app.vaults.DEFAULT_VAULT_NAME", "work") monkeypatch.setattr("app.policy.DEFAULT_VAULT_NAME", "work")