c34dab2cca
Build and Push Docker Container / build-and-push (push) Successful in 4m28s
- Create missing note files before running property:set. - Default date-only datetime values to midnight. - Keep property names out of path authorization checks. - Split policy, vault, daily note, and command target helpers. - Split n8n node args, description, output, and API response helpers. - Split API tests by auth, command, daily note, and property behavior. - Bump API and n8n node versions.
61 lines
2.2 KiB
Python
61 lines
2.2 KiB
Python
import json
|
|
|
|
from conftest import client, use_jwt_auth, use_work_vault
|
|
|
|
def test_path_restricted_token_allows_daily_command_from_obsidian_config(monkeypatch, tmp_path):
|
|
vault = tmp_path / "vault"
|
|
config = vault / ".obsidian"
|
|
config.mkdir(parents=True)
|
|
(config / "daily-notes.json").write_text(json.dumps({"folder": "00. Journal", "format": "YYYY-MM-DD"}))
|
|
|
|
use_work_vault(monkeypatch, vault)
|
|
token = use_jwt_auth(monkeypatch, {"sub": "daily", "commands": ["daily:append"], "vaults": ["work"], "paths": ["00. Journal/"]})
|
|
|
|
response = client.post(
|
|
"/commands",
|
|
headers={"Authorization": f"Bearer {token}"},
|
|
json={"args": ["vault=work", "daily:append", "content=ok"], "cwd": str(vault)},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
assert response.json()["command"] == ["python", "vault=work", "daily:append", "content=ok"]
|
|
|
|
def test_path_restricted_token_allows_vault_info_command(monkeypatch):
|
|
token = use_jwt_auth(monkeypatch, {"sub": "daily", "commands": ["daily:append", "vault", "vaults"], "vaults": ["*"], "paths": ["00. Journal/"]})
|
|
|
|
response = client.post(
|
|
"/commands",
|
|
headers={"Authorization": f"Bearer {token}"},
|
|
json={"args": ["vault"]},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
assert response.json()["command"] == ["python", "vault"]
|
|
|
|
response = client.post(
|
|
"/commands",
|
|
headers={"Authorization": f"Bearer {token}"},
|
|
json={"args": ["vaults"]},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
assert response.json()["command"] == ["python", "vaults"]
|
|
|
|
def test_path_restricted_token_denies_daily_command_outside_obsidian_config(monkeypatch, tmp_path):
|
|
vault = tmp_path / "vault"
|
|
config = vault / ".obsidian"
|
|
config.mkdir(parents=True)
|
|
(config / "daily-notes.json").write_text(json.dumps({"folder": "Journal", "format": "YYYY-MM-DD"}))
|
|
|
|
use_work_vault(monkeypatch, vault)
|
|
token = use_jwt_auth(monkeypatch, {"sub": "daily", "commands": ["daily:append"], "vaults": ["work"], "paths": ["00. Journal/"]})
|
|
|
|
response = client.post(
|
|
"/commands",
|
|
headers={"Authorization": f"Bearer {token}"},
|
|
json={"args": ["vault=work", "daily:append", "content=ok"], "cwd": str(vault)},
|
|
)
|
|
|
|
assert response.status_code == 403
|
|
assert response.json()["detail"].startswith("token is not allowed to access path: Journal/")
|