feat: multi-user auth — per-user spaces, pbkdf2 passwords, session tokens, login page

2026-04-01 08:39:16 +02:00
parent 94dd871031
commit 1466a1529f
7 changed files with 468 additions and 24 deletions
@@ -0,0 +1,91 @@
+import importlib
+import os
+import tempfile
+from unittest.mock import patch
+
+
+def _fresh_auth(tmpdir):
+    """Reload auth module with a temp users file and clear sessions."""
+    import auth
+    importlib.reload(auth)
+    auth._sessions.clear()
+    return os.path.join(tmpdir, "users.toml")
+
+
+def test_has_users_false_when_empty():
+    with tempfile.TemporaryDirectory() as tmpdir:
+        import auth
+        importlib.reload(auth)
+        users_path = os.path.join(tmpdir, "users.toml")
+        with patch("auth.USERS_PATH", users_path):
+            assert not auth.has_users()
+
+
+def test_create_and_authenticate():
+    with tempfile.TemporaryDirectory() as tmpdir:
+        import auth
+        importlib.reload(auth)
+        auth._sessions.clear()
+        users_path = os.path.join(tmpdir, "users.toml")
+        with patch("auth.USERS_PATH", users_path):
+            auth.create_user("thomas", "geheim123", "/tmp/transkripte", is_admin=True)
+            token = auth.authenticate("thomas", "geheim123")
+            assert token is not None
+            assert len(token) > 10
+
+
+def test_authenticate_wrong_password():
+    with tempfile.TemporaryDirectory() as tmpdir:
+        import auth
+        importlib.reload(auth)
+        auth._sessions.clear()
+        users_path = os.path.join(tmpdir, "users.toml")
+        with patch("auth.USERS_PATH", users_path):
+            auth.create_user("thomas", "geheim123", "/tmp/transkripte")
+            assert auth.authenticate("thomas", "falsch") is None
+
+
+def test_authenticate_unknown_user():
+    with tempfile.TemporaryDirectory() as tmpdir:
+        import auth
+        importlib.reload(auth)
+        users_path = os.path.join(tmpdir, "users.toml")
+        with patch("auth.USERS_PATH", users_path):
+            assert auth.authenticate("niemand", "irgendwas") is None
+
+
+def test_get_user_for_token():
+    with tempfile.TemporaryDirectory() as tmpdir:
+        import auth
+        importlib.reload(auth)
+        auth._sessions.clear()
+        users_path = os.path.join(tmpdir, "users.toml")
+        with patch("auth.USERS_PATH", users_path):
+            auth.create_user("anna", "secret456", "/tmp/anna")
+            token = auth.authenticate("anna", "secret456")
+            user = auth.get_user_for_token(token)
+            assert user["username"] == "anna"
+            assert user["output_dir"] == "/tmp/anna"
+
+
+def test_invalidate_token():
+    with tempfile.TemporaryDirectory() as tmpdir:
+        import auth
+        importlib.reload(auth)
+        auth._sessions.clear()
+        users_path = os.path.join(tmpdir, "users.toml")
+        with patch("auth.USERS_PATH", users_path):
+            auth.create_user("bob", "pass789!", "/tmp/bob")
+            token = auth.authenticate("bob", "pass789!")
+            auth.invalidate_token(token)
+            assert auth.get_user_for_token(token) is None
+
+
+def test_has_users_true_after_create():
+    with tempfile.TemporaryDirectory() as tmpdir:
+        import auth
+        importlib.reload(auth)
+        users_path = os.path.join(tmpdir, "users.toml")
+        with patch("auth.USERS_PATH", users_path):
+            auth.create_user("lisa", "abc123!", "/tmp/lisa")
+            assert auth.has_users()