gooneyryan/hermes-webui
1
0
Fork 0
mirror of https://github.com/nesquena/hermes-webui.git synced 2026-05-25 11:10:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Stage-batch14: update passkey test for HERMES_WEBUI_PASSKEY feature flag

Browse Source 
test_passwordless_mode_keeps_auth_enabled_with_passkeys now sets
HERMES_WEBUI_PASSKEY=1 via monkeypatch since are_passkeys_enabled()
gates on the feature flag.

Adds 2 new tests:
- test_passkey_feature_flag_off_disables_passkeys_even_with_credentials
- test_passkey_feature_flag_via_config
This commit is contained in:
nesquena-hermes
2026-05-25 00:17:11 +00:00
parent 46ed70bfde
commit 19c6e5d5f2
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_passkey_auth.py
+24
View File
@@ -153,6 +153,8 @@ def test_login_page_has_default_hidden_passkey_button_and_script_wiring():
def test_passwordless_mode_keeps_auth_enabled_with_passkeys(monkeypatch, tmp_path):
import api.auth as auth
# Stage-batch14: passkey support is opt-in default-off behind HERMES_WEBUI_PASSKEY=1
monkeypatch.setenv("HERMES_WEBUI_PASSKEY", "1")
passkeys = _set_paths(monkeypatch, tmp_path)
passkeys._save_credentials([{"id": "cred-1", "label": "This device"}])
monkeypatch.setattr(auth, "get_password_hash", lambda: None)
@@ -161,6 +163,28 @@ def test_passwordless_mode_keeps_auth_enabled_with_passkeys(monkeypatch, tmp_pat
assert auth.is_auth_enabled() is True
def test_passkey_feature_flag_off_disables_passkeys_even_with_credentials(monkeypatch, tmp_path):
"""When HERMES_WEBUI_PASSKEY is unset/0, are_passkeys_enabled() returns False."""
import api.auth as auth
passkeys = _set_paths(monkeypatch, tmp_path)
passkeys._save_credentials([{"id": "cred-1", "label": "This device"}])
monkeypatch.delenv("HERMES_WEBUI_PASSKEY", raising=False)
monkeypatch.setattr(auth, "get_config", lambda: {}, raising=False)
assert auth.are_passkeys_enabled() is False
def test_passkey_feature_flag_via_config(monkeypatch, tmp_path):
"""webui_passkey_enabled: true in config also enables the surface."""
import api.auth as auth
passkeys = _set_paths(monkeypatch, tmp_path)
passkeys._save_credentials([{"id": "cred-1", "label": "This device"}])
monkeypatch.delenv("HERMES_WEBUI_PASSKEY", raising=False)
# Patch the config import inside _passkey_feature_flag_enabled
import api.config
monkeypatch.setattr(api.config, "get_config", lambda: {"webui_passkey_enabled": True})
assert auth.are_passkeys_enabled() is True
def test_passwordless_settings_and_last_passkey_guard_are_wired():
routes = open("api/routes.py", encoding="utf-8").read()
panels = open("static/panels.js", encoding="utf-8").read()