Improve remote auth bootstrap flow

This commit is contained in:
Dymas
2026-05-23 14:37:48 +02:00
parent 91691244d7
commit c6ba7fdbe2
6 changed files with 254 additions and 20 deletions
+35
View File
@@ -161,6 +161,41 @@ class NetworkGuardTests(unittest.TestCase):
self.assertEqual(handler.response_status, HTTPStatus.SEE_OTHER)
self.assertEqual(headers.get("Location"), "/")
self.assertIn("ani_cli_web_token=secret-token", headers.get("Set-Cookie", ""))
self.assertIn("Max-Age=", headers.get("Set-Cookie", ""))
def test_remote_browser_get_without_token_renders_login_page(self):
handler = DummyHandler("/")
handler.client_address = ("192.168.1.25", 8421)
handler.command = "GET"
with mock.patch.dict(
os.environ,
{"ANI_CLI_WEB_ALLOW_REMOTE": "1", "ANI_CLI_WEB_REMOTE_TOKEN": "secret-token"},
clear=False,
):
APP.Handler.do_GET(handler)
body = handler.wfile.getvalue().decode("utf-8")
self.assertEqual(handler.response_status, HTTPStatus.UNAUTHORIZED)
self.assertIn('<form method="post" action="/auth/login">', body)
self.assertIn("Remote access token", body)
def test_remote_login_post_sets_cookie_and_redirects(self):
body = b"token=secret-token&next=%2Fwatchlist"
handler = DummyHandler("/auth/login", body=body, content_length=len(body))
handler.client_address = ("192.168.1.25", 8421)
with mock.patch.dict(
os.environ,
{"ANI_CLI_WEB_ALLOW_REMOTE": "1", "ANI_CLI_WEB_REMOTE_TOKEN": "secret-token"},
clear=False,
):
APP.Handler.do_POST(handler)
headers = dict(handler.response_headers)
self.assertEqual(handler.response_status, HTTPStatus.SEE_OTHER)
self.assertEqual(headers.get("Location"), "/watchlist")
self.assertIn("ani_cli_web_token=secret-token", headers.get("Set-Cookie", ""))
def test_loopback_proxy_with_forwarded_remote_ip_requires_token(self):
handler = DummyHandler("/api/config")