e53c0aa5d1
- test_orchestrator_service.py: update orchestrator service tests - test_settings_persistence.py: update settings persistence tests - test_user_agent_service.py: update user agent service tests
248 lines
11 KiB
Python
248 lines
11 KiB
Python
from __future__ import annotations
|
|
|
|
from pathlib import Path
|
|
import hashlib
|
|
import json
|
|
import secrets
|
|
import tempfile
|
|
|
|
import yaml
|
|
from sqlalchemy import create_engine
|
|
from sqlalchemy.orm import Session, sessionmaker
|
|
|
|
from app.core import admin_secret
|
|
from app.core import secret_box
|
|
from app.db.base import Base
|
|
from app.models.system_model_setting import SystemModelSetting
|
|
from app.models.system_setting import SystemSetting
|
|
from app.models.system_setting_secret import SystemSettingSecret
|
|
from app.schemas.settings import SettingsWrite
|
|
from app.services.hermes_sync import get_hermes_config_path
|
|
from app.services.settings import SettingsService
|
|
|
|
|
|
def build_session(db_file: Path) -> Session:
|
|
engine = create_engine(
|
|
f"sqlite+pysqlite:///{db_file.as_posix()}",
|
|
connect_args={"check_same_thread": False},
|
|
)
|
|
SystemSetting.__table__.create(bind=engine)
|
|
SystemSettingSecret.__table__.create(bind=engine)
|
|
SystemModelSetting.__table__.create(bind=engine)
|
|
session_factory = sessionmaker(bind=engine, autoflush=False, autocommit=False)
|
|
return session_factory()
|
|
|
|
|
|
def build_temp_secret_dir() -> Path:
|
|
return Path(tempfile.mkdtemp(prefix="xf-settings-test-"))
|
|
|
|
|
|
def test_settings_service_persists_non_secret_and_secret_fields(monkeypatch) -> None:
|
|
temp_dir = build_temp_secret_dir()
|
|
monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
|
|
monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
|
|
monkeypatch.setenv("HERMES_HOME", str(temp_dir / ".hermes"))
|
|
|
|
with build_session(temp_dir / "settings.db") as db:
|
|
service = SettingsService(db)
|
|
initial_snapshot = service.get_settings_snapshot()
|
|
payload = initial_snapshot.model_dump()
|
|
|
|
payload["companyForm"]["companyName"] = "YGSOFT"
|
|
payload["companyForm"]["displayName"] = "云广软件"
|
|
payload["adminForm"]["adminAccount"] = "admin-root"
|
|
payload["adminForm"]["adminEmail"] = "admin@example.com"
|
|
payload["adminForm"]["newPassword"] = "54321"
|
|
payload["adminForm"]["confirmPassword"] = "54321"
|
|
payload["sessionForm"]["conversationRetentionDays"] = 7
|
|
payload["llmForm"]["mainModel"] = "glm-4.5"
|
|
payload["llmForm"]["mainApiKey"] = "main-secret"
|
|
payload["renderForm"]["enabled"] = True
|
|
payload["renderForm"]["publicUrl"] = "http://10.10.10.122:8082"
|
|
payload["renderForm"]["jwtSecret"] = "change-me-onlyoffice"
|
|
payload["mailForm"]["password"] = "smtp-secret"
|
|
|
|
saved_snapshot = service.save_settings_snapshot(SettingsWrite(**payload))
|
|
|
|
assert saved_snapshot.companyForm.companyName == "YGSOFT"
|
|
assert saved_snapshot.companyForm.displayName == "云广软件"
|
|
assert saved_snapshot.sessionForm.conversationRetentionDays == 7
|
|
assert saved_snapshot.llmForm.mainModel == "glm-4.5"
|
|
assert saved_snapshot.llmForm.mainApiKey == ""
|
|
assert saved_snapshot.llmForm.mainApiKeyConfigured is True
|
|
assert saved_snapshot.renderForm.enabled is True
|
|
assert saved_snapshot.renderForm.publicUrl == "http://10.10.10.122:8082"
|
|
assert saved_snapshot.renderForm.jwtSecret == ""
|
|
assert saved_snapshot.renderForm.jwtSecretConfigured is True
|
|
assert saved_snapshot.mailForm.password == ""
|
|
assert saved_snapshot.mailForm.passwordConfigured is True
|
|
assert saved_snapshot.adminForm.newPassword == ""
|
|
assert saved_snapshot.adminForm.adminPasswordConfigured is True
|
|
|
|
model_row = db.get(SystemModelSetting, "main")
|
|
settings_row = db.get(SystemSetting, "default")
|
|
secrets_row = db.get(SystemSettingSecret, "default")
|
|
assert model_row is not None
|
|
assert model_row.model_name == "glm-4.5"
|
|
assert model_row.api_key_encrypted
|
|
assert settings_row is not None
|
|
assert settings_row.conversation_retention_days == 7
|
|
assert settings_row.onlyoffice_enabled is True
|
|
assert settings_row.onlyoffice_public_url == "http://10.10.10.122:8082"
|
|
assert secrets_row is not None
|
|
assert secrets_row.onlyoffice_jwt_secret_encrypted
|
|
|
|
assert service.load_saved_model_api_key("main") == "main-secret"
|
|
assert service.verify_admin_login("admin-root", "54321") is not None
|
|
assert service.verify_admin_login("admin@example.com", "54321") is not None
|
|
|
|
|
|
def test_blank_secret_input_does_not_clear_saved_secret(monkeypatch) -> None:
|
|
temp_dir = build_temp_secret_dir()
|
|
monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
|
|
monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
|
|
monkeypatch.setenv("HERMES_HOME", str(temp_dir / ".hermes"))
|
|
|
|
with build_session(temp_dir / "settings.db") as db:
|
|
service = SettingsService(db)
|
|
first_payload = service.get_settings_snapshot().model_dump()
|
|
first_payload["llmForm"]["mainApiKey"] = "persisted-key"
|
|
service.save_settings_snapshot(SettingsWrite(**first_payload))
|
|
|
|
second_payload = service.get_settings_snapshot().model_dump()
|
|
second_payload["llmForm"]["mainApiKey"] = ""
|
|
service.save_settings_snapshot(SettingsWrite(**second_payload))
|
|
|
|
assert service.load_saved_model_api_key("main") == "persisted-key"
|
|
|
|
|
|
def test_runtime_model_config_returns_decrypted_main_model(monkeypatch) -> None:
|
|
temp_dir = build_temp_secret_dir()
|
|
monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
|
|
monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
|
|
monkeypatch.setenv("HERMES_HOME", str(temp_dir / ".hermes"))
|
|
|
|
with build_session(temp_dir / "settings.db") as db:
|
|
service = SettingsService(db)
|
|
payload = service.get_settings_snapshot().model_dump()
|
|
payload["llmForm"]["mainProvider"] = "MiniMax"
|
|
payload["llmForm"]["mainModel"] = "MiniMax-Text-01"
|
|
payload["llmForm"]["mainEndpoint"] = "https://api.minimaxi.com/v1"
|
|
payload["llmForm"]["mainApiKey"] = "shared-main-key"
|
|
service.save_settings_snapshot(SettingsWrite(**payload))
|
|
|
|
runtime_model = service.get_runtime_model_config("main")
|
|
|
|
assert runtime_model["slot"] == "main"
|
|
assert runtime_model["provider"] == "MiniMax"
|
|
assert runtime_model["model"] == "MiniMax-Text-01"
|
|
assert runtime_model["endpoint"] == "https://api.minimaxi.com/v1"
|
|
assert runtime_model["apiKey"] == "shared-main-key"
|
|
assert runtime_model["capability"] == "chat"
|
|
|
|
|
|
def test_legacy_setup_admin_password_is_migrated_to_database(monkeypatch) -> None:
|
|
temp_dir = build_temp_secret_dir()
|
|
admin_file = temp_dir / "admin.json"
|
|
monkeypatch.setattr(admin_secret, "ADMIN_SECRET_FILE", admin_file)
|
|
monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
|
|
monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
|
|
monkeypatch.setenv("HERMES_HOME", str(temp_dir / ".hermes"))
|
|
|
|
password = "setup-secret"
|
|
salt = secrets.token_bytes(16)
|
|
derived_key = hashlib.scrypt(password.encode("utf-8"), salt=salt, n=16384, r=8, p=1, dklen=64)
|
|
admin_file.write_text(
|
|
json.dumps(
|
|
{
|
|
"algorithm": "scrypt",
|
|
"username": "setup-admin",
|
|
"salt": salt.hex(),
|
|
"derived_key": derived_key.hex(),
|
|
"key_length": 64,
|
|
"N": 16384,
|
|
"r": 8,
|
|
"p": 1,
|
|
}
|
|
),
|
|
encoding="utf-8",
|
|
)
|
|
|
|
with build_session(temp_dir / "settings.db") as db:
|
|
service = SettingsService(db)
|
|
snapshot = service.get_settings_snapshot()
|
|
secrets_row = db.get(SystemSettingSecret, "default")
|
|
|
|
assert snapshot.adminForm.adminPasswordConfigured is True
|
|
assert secrets_row is not None
|
|
assert secrets_row.admin_password_hash.startswith("scrypt$")
|
|
assert service.verify_admin_login("setup-admin", password) is not None
|
|
|
|
|
|
def test_settings_service_syncs_models_to_hermes_config(monkeypatch) -> None:
|
|
temp_dir = build_temp_secret_dir()
|
|
hermes_home = temp_dir / ".hermes"
|
|
hermes_home.mkdir(parents=True, exist_ok=True)
|
|
hermes_config_path = hermes_home / "config.yaml"
|
|
hermes_config_path.write_text(
|
|
yaml.safe_dump({"toolsets": ["hermes-cli"], "browser": {"record_sessions": False}}, sort_keys=False),
|
|
encoding="utf-8",
|
|
)
|
|
|
|
monkeypatch.setenv("HERMES_HOME", str(hermes_home))
|
|
monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
|
|
monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
|
|
|
|
with build_session(temp_dir / "settings.db") as db:
|
|
service = SettingsService(db)
|
|
payload = service.get_settings_snapshot().model_dump()
|
|
payload["llmForm"]["mainProvider"] = "Claude"
|
|
payload["llmForm"]["mainModel"] = "claude-sonnet-4-6"
|
|
payload["llmForm"]["mainEndpoint"] = "https://api.anthropic.com/v1/"
|
|
payload["llmForm"]["mainApiKey"] = "anthropic-secret"
|
|
payload["llmForm"]["backupProvider"] = "GLM"
|
|
payload["llmForm"]["backupModel"] = "glm-5.1"
|
|
payload["llmForm"]["backupEndpoint"] = "https://open.bigmodel.cn/api/paas/v4/"
|
|
payload["llmForm"]["backupApiKey"] = "glm-secret"
|
|
|
|
service.save_settings_snapshot(SettingsWrite(**payload))
|
|
|
|
hermes_config = yaml.safe_load(get_hermes_config_path().read_text(encoding="utf-8"))
|
|
assert hermes_config["toolsets"] == ["hermes-cli"]
|
|
assert hermes_config["browser"] == {"record_sessions": False}
|
|
assert hermes_config["model"] == {
|
|
"provider": "custom",
|
|
"default": "claude-sonnet-4-6",
|
|
"base_url": "https://api.anthropic.com/v1",
|
|
"api_key": "anthropic-secret",
|
|
"api_mode": "anthropic_messages",
|
|
}
|
|
assert hermes_config["fallback_model"] == {
|
|
"provider": "custom",
|
|
"model": "glm-5.1",
|
|
"base_url": "https://open.bigmodel.cn/api/paas/v4",
|
|
"api_key": "glm-secret",
|
|
}
|
|
|
|
|
|
def test_blank_secret_input_keeps_synced_hermes_api_key(monkeypatch) -> None:
|
|
temp_dir = build_temp_secret_dir()
|
|
monkeypatch.setenv("HERMES_HOME", str(temp_dir / ".hermes"))
|
|
monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
|
|
monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
|
|
|
|
with build_session(temp_dir / "settings.db") as db:
|
|
service = SettingsService(db)
|
|
first_payload = service.get_settings_snapshot().model_dump()
|
|
first_payload["llmForm"]["mainApiKey"] = "persisted-main-key"
|
|
service.save_settings_snapshot(SettingsWrite(**first_payload))
|
|
|
|
second_payload = service.get_settings_snapshot().model_dump()
|
|
second_payload["llmForm"]["mainModel"] = "gpt-5.4-mini"
|
|
second_payload["llmForm"]["mainApiKey"] = ""
|
|
service.save_settings_snapshot(SettingsWrite(**second_payload))
|
|
|
|
hermes_config = yaml.safe_load(get_hermes_config_path().read_text(encoding="utf-8"))
|
|
assert hermes_config["model"]["default"] == "gpt-5.4-mini"
|
|
assert hermes_config["model"]["api_key"] == "persisted-main-key"
|