mirror of
https://github.com/apache/superset.git
synced 2026-05-21 15:55:10 +00:00
fix(mcp): add type annotations to test fixtures and parameters
Address code review feedback: add explicit type annotations to all new test function parameters and fixture return types.
This commit is contained in:
Amin Ghadersohi
@@ -22,6 +22,7 @@ from unittest.mock import MagicMock, patch
|
||||
import pytest
|
||||
from flask import g
|
||||
|
||||
from superset.app import SupersetApp
|
||||
from superset.mcp_service.auth import (
|
||||
_resolve_user_from_jwt_context,
|
||||
get_user_from_request,
|
||||
@@ -229,7 +230,7 @@ def test_relationship_reload_failure_returns_original_user(app, mock_user) -> No
|
||||
|
||||
|
||||
@pytest.mark.usefixtures("_enable_api_keys")
|
||||
def test_non_matching_bearer_token_skips_api_key_auth(app) -> None:
|
||||
def test_non_matching_bearer_token_skips_api_key_auth(app: SupersetApp) -> None:
|
||||
"""When a Bearer token is present but does not match FAB_API_KEY_PREFIXES
|
||||
(e.g., a JWT token), extract_api_key_from_request returns None and API key
|
||||
auth is skipped, falling through to the next auth method."""
|
||||
@@ -254,7 +255,7 @@ def test_non_matching_bearer_token_skips_api_key_auth(app) -> None:
|
||||
# -- API key pass-through from CompositeTokenVerifier --
|
||||
|
||||
|
||||
def test_jwt_context_with_api_key_passthrough_returns_none(app) -> None:
|
||||
def test_jwt_context_with_api_key_passthrough_returns_none(app: SupersetApp) -> None:
|
||||
"""When CompositeTokenVerifier passes through an API key token,
|
||||
_resolve_user_from_jwt_context should detect the _api_key_passthrough
|
||||
claim and return None so get_user_from_request falls through to
|
||||
@@ -274,7 +275,7 @@ def test_jwt_context_with_api_key_passthrough_returns_none(app) -> None:
|
||||
# -- SecurityManager method name regression test --
|
||||
|
||||
|
||||
def test_security_manager_has_expected_api_key_methods(app) -> None:
|
||||
def test_security_manager_has_expected_api_key_methods(app: SupersetApp) -> None:
|
||||
"""Regression test: verify the SecurityManager method names referenced in
|
||||
auth._resolve_user_from_api_key() actually exist on the FAB SecurityManager
|
||||
class. This catches future renames before they silently break API key auth
|
||||
|
||||
@@ -26,7 +26,7 @@ from superset.mcp_service.composite_token_verifier import CompositeTokenVerifier
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def mock_jwt_verifier():
|
||||
def mock_jwt_verifier() -> MagicMock:
|
||||
verifier = MagicMock()
|
||||
verifier.required_scopes = []
|
||||
verifier.verify_token = AsyncMock()
|
||||
@@ -34,7 +34,7 @@ def mock_jwt_verifier():
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def composite_verifier(mock_jwt_verifier):
|
||||
def composite_verifier(mock_jwt_verifier: MagicMock) -> CompositeTokenVerifier:
|
||||
return CompositeTokenVerifier(
|
||||
jwt_verifier=mock_jwt_verifier,
|
||||
api_key_prefixes=["sst_", "pat_"],
|
||||
@@ -42,7 +42,9 @@ def composite_verifier(mock_jwt_verifier):
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_api_key_token_returns_passthrough(composite_verifier) -> None:
|
||||
async def test_api_key_token_returns_passthrough(
|
||||
composite_verifier: CompositeTokenVerifier,
|
||||
) -> None:
|
||||
"""Tokens matching an API key prefix return a pass-through AccessToken."""
|
||||
api_key = "sst_abc123secret" # noqa: S105
|
||||
result = await composite_verifier.verify_token(api_key)
|
||||
@@ -54,7 +56,9 @@ async def test_api_key_token_returns_passthrough(composite_verifier) -> None:
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_second_prefix_matches(composite_verifier) -> None:
|
||||
async def test_second_prefix_matches(
|
||||
composite_verifier: CompositeTokenVerifier,
|
||||
) -> None:
|
||||
"""All configured prefixes are checked, not just the first."""
|
||||
result = await composite_verifier.verify_token("pat_mytoken")
|
||||
|
||||
@@ -64,7 +68,7 @@ async def test_second_prefix_matches(composite_verifier) -> None:
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_jwt_token_delegates_to_wrapped_verifier(
|
||||
composite_verifier, mock_jwt_verifier
|
||||
composite_verifier: CompositeTokenVerifier, mock_jwt_verifier: MagicMock
|
||||
) -> None:
|
||||
"""Non-API-key tokens are delegated to the wrapped JWT verifier."""
|
||||
jwt_token = "eyJhbGciOiJSUzI1NiJ9.jwt_payload" # noqa: S105
|
||||
@@ -85,7 +89,9 @@ async def test_jwt_token_delegates_to_wrapped_verifier(
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_invalid_jwt_returns_none(composite_verifier, mock_jwt_verifier) -> None:
|
||||
async def test_invalid_jwt_returns_none(
|
||||
composite_verifier: CompositeTokenVerifier, mock_jwt_verifier: MagicMock
|
||||
) -> None:
|
||||
"""When the JWT verifier rejects a token, None is returned."""
|
||||
mock_jwt_verifier.verify_token.return_value = None
|
||||
|
||||
@@ -97,7 +103,7 @@ async def test_invalid_jwt_returns_none(composite_verifier, mock_jwt_verifier) -
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_api_key_does_not_call_jwt_verifier(
|
||||
composite_verifier, mock_jwt_verifier
|
||||
composite_verifier: CompositeTokenVerifier, mock_jwt_verifier: MagicMock
|
||||
) -> None:
|
||||
"""API key tokens bypass the JWT verifier entirely."""
|
||||
await composite_verifier.verify_token("sst_test_key")
|
||||
|
||||
Reference in New Issue
Block a user