mirror of
https://github.com/we-promise/sure.git
synced 2026-05-29 23:39:03 +00:00
c81055ea58
Adds the Anthropic panel and the install-wide LLM provider selector to the self-hosting settings page, plus a shared data-retention disclosure that covers both OpenAI and Anthropic. - New _llm_provider_selector partial: select for Setting.llm_provider (openai | anthropic), respects the LLM_PROVIDER env var (disables the control + shows the "configured through environment variables" hint when set, mirroring the existing OpenAI panel behaviour), and renders a compact data-handling block with one-line retention statements for each provider. - New _anthropic_settings partial mirrors _openai_settings exactly: password-field for the API key with **** redaction, optional base_url (for AWS Bedrock / GCP Vertex), optional default model. All three fields disable when their ENV var is set. - show.html.erb renders provider selector + OpenAI panel + Anthropic panel under the same "General" section so users can configure either (or both) without switching pages. - Settings::HostingsController#update now permits and persists anthropic_access_token (ignoring the **** placeholder, same pattern as OpenAI), anthropic_base_url, anthropic_model, and llm_provider (validated against %w[openai anthropic]). On Setting::ValidationError the rescue branch preserves anthropic_base_url / anthropic_model input so the form re-renders with the user's typed values intact — parity with the issue #1824 fix for OpenAI. - Locale keys added under settings.hostings.{llm_provider_selector, anthropic_settings}. Tests cover token update + placeholder redaction, base_url + model update, llm_provider switch to anthropic, and rejection of unknown provider values. The existing GET render test still passes, exercising all three new partials. Closes the 5/5 Anthropic series stacked on #1986.
467 lines
16 KiB
Ruby
467 lines
16 KiB
Ruby
require "test_helper"
|
|
require "ostruct"
|
|
|
|
class Settings::HostingsControllerTest < ActionDispatch::IntegrationTest
|
|
include ProviderTestHelper
|
|
|
|
setup do
|
|
sign_in users(:family_admin)
|
|
|
|
@provider = mock
|
|
Provider::Registry.stubs(:get_provider).with(:twelve_data).returns(@provider)
|
|
|
|
@provider.stubs(:healthy?).returns(true)
|
|
Provider::Registry.stubs(:get_provider).with(:yahoo_finance).returns(@provider)
|
|
@provider.stubs(:usage).returns(provider_success_response(
|
|
OpenStruct.new(
|
|
used: 10,
|
|
limit: 100,
|
|
utilization: 10,
|
|
plan: "free",
|
|
)
|
|
))
|
|
end
|
|
|
|
test "cannot edit when self hosting is disabled" do
|
|
@provider.stubs(:usage).returns(@usage_response)
|
|
|
|
Rails.configuration.stubs(:app_mode).returns("managed".inquiry)
|
|
get settings_hosting_url
|
|
assert_response :forbidden
|
|
|
|
patch settings_hosting_url, params: { setting: { onboarding_state: "invite_only" } }
|
|
assert_response :forbidden
|
|
end
|
|
|
|
test "should get edit when self hosting is enabled" do
|
|
@provider.expects(:usage).returns(@usage_response)
|
|
|
|
with_self_hosting do
|
|
get settings_hosting_url
|
|
assert_response :success
|
|
end
|
|
end
|
|
|
|
test "can update settings when self hosting is enabled" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: { twelve_data_api_key: "1234567890" } }
|
|
|
|
assert_equal "1234567890", Setting.twelve_data_api_key
|
|
end
|
|
end
|
|
|
|
test "can update onboarding state when self hosting is enabled" do
|
|
sign_in users(:sure_support_staff)
|
|
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: { onboarding_state: "invite_only" } }
|
|
|
|
assert_equal "invite_only", Setting.onboarding_state
|
|
assert Setting.require_invite_for_signup
|
|
|
|
patch settings_hosting_url, params: { setting: { onboarding_state: "closed" } }
|
|
|
|
assert_equal "closed", Setting.onboarding_state
|
|
refute Setting.require_invite_for_signup
|
|
end
|
|
end
|
|
|
|
test "can update openai access token when self hosting is enabled" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: { openai_access_token: "token" } }
|
|
|
|
assert_equal "token", Setting.openai_access_token
|
|
end
|
|
end
|
|
|
|
test "can update anthropic access token when self hosting is enabled" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: { anthropic_access_token: "sk-ant-test" } }
|
|
|
|
assert_equal "sk-ant-test", Setting.anthropic_access_token
|
|
end
|
|
end
|
|
|
|
test "ignores redacted anthropic token placeholder" do
|
|
with_self_hosting do
|
|
Setting.anthropic_access_token = "previous-token"
|
|
|
|
patch settings_hosting_url, params: { setting: { anthropic_access_token: "********" } }
|
|
|
|
assert_equal "previous-token", Setting.anthropic_access_token
|
|
end
|
|
end
|
|
|
|
test "can update anthropic base_url and model" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: { anthropic_base_url: "https://bedrock.example.com", anthropic_model: "claude-opus-4-7" } }
|
|
|
|
assert_equal "https://bedrock.example.com", Setting.anthropic_base_url
|
|
assert_equal "claude-opus-4-7", Setting.anthropic_model
|
|
end
|
|
end
|
|
|
|
test "can update llm_provider to anthropic" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: { llm_provider: "anthropic" } }
|
|
|
|
assert_equal "anthropic", Setting.llm_provider
|
|
end
|
|
end
|
|
|
|
test "rejects unknown llm_provider values" do
|
|
with_self_hosting do
|
|
Setting.llm_provider = "openai"
|
|
|
|
patch settings_hosting_url, params: { setting: { llm_provider: "bogus" } }
|
|
|
|
assert_equal "openai", Setting.llm_provider
|
|
end
|
|
end
|
|
|
|
test "can update openai uri base and model together when self hosting is enabled" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: { openai_uri_base: "https://api.example.com/v1", openai_model: "gpt-4" } }
|
|
|
|
assert_equal "https://api.example.com/v1", Setting.openai_uri_base
|
|
assert_equal "gpt-4", Setting.openai_model
|
|
end
|
|
end
|
|
|
|
test "cannot update openai uri base without model when self hosting is enabled" do
|
|
with_self_hosting do
|
|
Setting.openai_model = ""
|
|
|
|
patch settings_hosting_url, params: { setting: { openai_uri_base: "https://api.example.com/v1" } }
|
|
|
|
assert_response :unprocessable_entity
|
|
assert_match(/OpenAI model is required/, flash[:alert])
|
|
assert Setting.openai_uri_base.blank?, "Expected openai_uri_base to remain blank after failed validation"
|
|
end
|
|
end
|
|
|
|
# Regression: issue #1824. The OpenAI form auto-submits on blur, so entering
|
|
# the URI base before the model fires a partial submit that fails validation.
|
|
# The re-rendered form must show the user's submitted URI base — not the
|
|
# still-blank saved value — so they can finish typing the model.
|
|
test "preserves submitted openai uri base in form when validation fails" do
|
|
with_self_hosting do
|
|
Setting.openai_uri_base = nil
|
|
Setting.openai_model = ""
|
|
|
|
patch settings_hosting_url, params: { setting: { openai_uri_base: "https://api.example.com/v1" } }
|
|
|
|
assert_response :unprocessable_entity
|
|
assert_select "input[name=?]", "setting[openai_uri_base]" do |inputs|
|
|
assert_equal "https://api.example.com/v1", inputs.first["value"]
|
|
end
|
|
end
|
|
ensure
|
|
Setting.openai_uri_base = nil
|
|
Setting.openai_model = nil
|
|
end
|
|
|
|
# PR #1862 review (jjmata): symmetric coverage for the model field. When the
|
|
# user changes the URI base and clears the model in the same auto-submit, the
|
|
# cross-field validation fails — the re-rendered model input must reflect the
|
|
# user's submitted (cleared) value, not silently revert to the saved model.
|
|
test "preserves submitted openai model in form when validation fails" do
|
|
with_self_hosting do
|
|
Setting.openai_uri_base = "https://saved.example.com/v1"
|
|
Setting.openai_model = "saved-model"
|
|
|
|
patch settings_hosting_url, params: { setting: {
|
|
openai_uri_base: "https://new.example.com/v1",
|
|
openai_model: ""
|
|
} }
|
|
|
|
assert_response :unprocessable_entity
|
|
assert_select "input[name=?]", "setting[openai_uri_base]" do |inputs|
|
|
assert_equal "https://new.example.com/v1", inputs.first["value"]
|
|
end
|
|
assert_select "input[name=?]", "setting[openai_model]" do |inputs|
|
|
assert_not_equal "saved-model", inputs.first["value"].to_s,
|
|
"model field must reflect the submitted (cleared) value, not the saved model"
|
|
end
|
|
end
|
|
ensure
|
|
Setting.openai_uri_base = nil
|
|
Setting.openai_model = nil
|
|
end
|
|
|
|
test "can update openai model alone when self hosting is enabled" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: { openai_model: "gpt-4" } }
|
|
|
|
assert_equal "gpt-4", Setting.openai_model
|
|
end
|
|
end
|
|
|
|
test "cannot clear openai model when custom uri base is set" do
|
|
with_self_hosting do
|
|
Setting.openai_uri_base = "https://api.example.com/v1"
|
|
Setting.openai_model = "gpt-4"
|
|
|
|
patch settings_hosting_url, params: { setting: { openai_model: "" } }
|
|
|
|
assert_response :unprocessable_entity
|
|
assert_match(/OpenAI model is required/, flash[:alert])
|
|
assert_equal "gpt-4", Setting.openai_model
|
|
end
|
|
end
|
|
|
|
test "can clear data cache when self hosting is enabled" do
|
|
account = accounts(:investment)
|
|
holding = account.holdings.first
|
|
exchange_rate = exchange_rates(:one)
|
|
security_price = holding.security.prices.first
|
|
account_balance = account.balances.create!(date: Date.current, balance: 1000, currency: "USD")
|
|
|
|
with_self_hosting do
|
|
perform_enqueued_jobs(only: DataCacheClearJob) do
|
|
delete clear_cache_settings_hosting_url
|
|
end
|
|
end
|
|
|
|
assert_redirected_to settings_hosting_url
|
|
assert_equal I18n.t("settings.hostings.clear_cache.cache_cleared"), flash[:notice]
|
|
|
|
assert_not ExchangeRate.exists?(exchange_rate.id)
|
|
assert_not Security::Price.exists?(security_price.id)
|
|
assert_not Holding.exists?(holding.id)
|
|
assert_not Balance.exists?(account_balance.id)
|
|
end
|
|
|
|
test "can update assistant type to external" do
|
|
with_self_hosting do
|
|
assert_equal "builtin", users(:family_admin).family.assistant_type
|
|
|
|
patch settings_hosting_url, params: { family: { assistant_type: "external" } }
|
|
|
|
assert_redirected_to settings_hosting_url
|
|
assert_equal "external", users(:family_admin).family.reload.assistant_type
|
|
end
|
|
end
|
|
|
|
test "ignores invalid assistant type values" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { family: { assistant_type: "hacked" } }
|
|
|
|
assert_redirected_to settings_hosting_url
|
|
assert_equal "builtin", users(:family_admin).family.reload.assistant_type
|
|
end
|
|
end
|
|
|
|
test "ignores assistant type update when ASSISTANT_TYPE env is set" do
|
|
with_self_hosting do
|
|
with_env_overrides("ASSISTANT_TYPE" => "external") do
|
|
patch settings_hosting_url, params: { family: { assistant_type: "external" } }
|
|
|
|
assert_redirected_to settings_hosting_url
|
|
# DB value should NOT change when env override is active
|
|
assert_equal "builtin", users(:family_admin).family.reload.assistant_type
|
|
end
|
|
end
|
|
end
|
|
|
|
test "can update external assistant settings" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: {
|
|
external_assistant_url: "https://agent.example.com/v1/chat",
|
|
external_assistant_token: "my-secret-token",
|
|
external_assistant_agent_id: "finance-bot"
|
|
} }
|
|
|
|
assert_redirected_to settings_hosting_url
|
|
assert_equal "https://agent.example.com/v1/chat", Setting.external_assistant_url
|
|
assert_equal "my-secret-token", Setting.external_assistant_token
|
|
assert_equal "finance-bot", Setting.external_assistant_agent_id
|
|
end
|
|
ensure
|
|
Setting.external_assistant_url = nil
|
|
Setting.external_assistant_token = nil
|
|
Setting.external_assistant_agent_id = nil
|
|
end
|
|
|
|
test "does not overwrite token with masked placeholder" do
|
|
with_self_hosting do
|
|
Setting.external_assistant_token = "real-secret"
|
|
|
|
patch settings_hosting_url, params: { setting: { external_assistant_token: "********" } }
|
|
|
|
assert_equal "real-secret", Setting.external_assistant_token
|
|
end
|
|
ensure
|
|
Setting.external_assistant_token = nil
|
|
end
|
|
|
|
test "disconnect external assistant clears settings and resets type" do
|
|
with_self_hosting do
|
|
with_env_overrides("EXTERNAL_ASSISTANT_URL" => nil, "EXTERNAL_ASSISTANT_TOKEN" => nil) do
|
|
Setting.external_assistant_url = "https://agent.example.com/v1/chat"
|
|
Setting.external_assistant_token = "token"
|
|
Setting.external_assistant_agent_id = "finance-bot"
|
|
users(:family_admin).family.update!(assistant_type: "external")
|
|
|
|
delete disconnect_external_assistant_settings_hosting_url
|
|
|
|
assert_redirected_to settings_hosting_url
|
|
# Force cache refresh so configured? reads fresh DB state after
|
|
# the disconnect action cleared the settings within its own request.
|
|
Setting.clear_cache
|
|
assert_not Assistant::External.configured?
|
|
assert_equal "builtin", users(:family_admin).family.reload.assistant_type
|
|
end
|
|
end
|
|
ensure
|
|
Setting.external_assistant_url = nil
|
|
Setting.external_assistant_token = nil
|
|
Setting.external_assistant_agent_id = nil
|
|
end
|
|
|
|
test "disconnect external assistant requires admin" do
|
|
with_self_hosting do
|
|
sign_in users(:family_member)
|
|
delete disconnect_external_assistant_settings_hosting_url
|
|
|
|
assert_redirected_to settings_hosting_url
|
|
assert_equal I18n.t("settings.hostings.not_authorized"), flash[:alert]
|
|
end
|
|
end
|
|
|
|
test "accepts valid llm budget overrides and blanks clear them" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: {
|
|
llm_context_window: "4096",
|
|
llm_max_response_tokens: "1024",
|
|
llm_max_items_per_call: "40"
|
|
} }
|
|
|
|
assert_redirected_to settings_hosting_url
|
|
assert_equal 4096, Setting.llm_context_window
|
|
assert_equal 1024, Setting.llm_max_response_tokens
|
|
assert_equal 40, Setting.llm_max_items_per_call
|
|
|
|
patch settings_hosting_url, params: { setting: {
|
|
llm_context_window: "",
|
|
llm_max_response_tokens: "",
|
|
llm_max_items_per_call: ""
|
|
} }
|
|
|
|
assert_nil Setting.llm_context_window
|
|
assert_nil Setting.llm_max_response_tokens
|
|
assert_nil Setting.llm_max_items_per_call
|
|
end
|
|
ensure
|
|
Setting.llm_context_window = nil
|
|
Setting.llm_max_response_tokens = nil
|
|
Setting.llm_max_items_per_call = nil
|
|
end
|
|
|
|
test "rejects llm budget below field minimum" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: { llm_context_window: "0" } }
|
|
|
|
assert_response :unprocessable_entity
|
|
assert_match(/must be a whole number/, flash[:alert])
|
|
assert_nil Setting.llm_context_window
|
|
|
|
patch settings_hosting_url, params: { setting: { llm_max_response_tokens: "-5" } }
|
|
|
|
assert_response :unprocessable_entity
|
|
assert_match(/must be a whole number/, flash[:alert])
|
|
assert_nil Setting.llm_max_response_tokens
|
|
|
|
patch settings_hosting_url, params: { setting: { llm_max_items_per_call: "not-a-number" } }
|
|
|
|
assert_response :unprocessable_entity
|
|
assert_match(/must be a whole number/, flash[:alert])
|
|
assert_nil Setting.llm_max_items_per_call
|
|
end
|
|
ensure
|
|
Setting.llm_context_window = nil
|
|
Setting.llm_max_response_tokens = nil
|
|
Setting.llm_max_items_per_call = nil
|
|
end
|
|
|
|
test "can clear data only when admin" do
|
|
with_self_hosting do
|
|
sign_in users(:family_member)
|
|
|
|
assert_no_enqueued_jobs do
|
|
delete clear_cache_settings_hosting_url
|
|
end
|
|
|
|
assert_redirected_to settings_hosting_url
|
|
assert_equal I18n.t("settings.hostings.not_authorized"), flash[:alert]
|
|
end
|
|
end
|
|
|
|
# --- Securities provider toggle ---
|
|
|
|
test "can update securities providers" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: { securities_providers: [ "twelve_data", "yahoo_finance" ] } }
|
|
|
|
assert_redirected_to settings_hosting_url
|
|
assert_equal "twelve_data,yahoo_finance", Setting.securities_providers
|
|
end
|
|
ensure
|
|
Setting.securities_providers = ""
|
|
end
|
|
|
|
test "filters out invalid provider names" do
|
|
with_self_hosting do
|
|
patch settings_hosting_url, params: { setting: { securities_providers: [ "twelve_data", "fake_provider", "hacked" ] } }
|
|
|
|
assert_redirected_to settings_hosting_url
|
|
# Only valid providers are stored
|
|
enabled = Setting.enabled_securities_providers
|
|
assert_includes enabled, "twelve_data"
|
|
refute_includes enabled, "fake_provider"
|
|
refute_includes enabled, "hacked"
|
|
end
|
|
ensure
|
|
Setting.securities_providers = ""
|
|
end
|
|
|
|
test "removing a provider marks linked securities offline" do
|
|
with_self_hosting do
|
|
security = Security.create!(ticker: "CSPX", exchange_operating_mic: "XLON", price_provider: "tiingo", offline: false)
|
|
|
|
# First enable tiingo
|
|
Setting.securities_providers = "twelve_data,tiingo"
|
|
|
|
# Then remove tiingo
|
|
patch settings_hosting_url, params: { setting: { securities_providers: [ "twelve_data" ] } }
|
|
|
|
security.reload
|
|
assert security.offline?, "Security should be marked offline when its provider is removed"
|
|
assert_equal "provider_disabled", security.offline_reason
|
|
end
|
|
ensure
|
|
Setting.securities_providers = ""
|
|
end
|
|
|
|
test "re-adding a provider brings securities back online" do
|
|
with_self_hosting do
|
|
security = Security.create!(
|
|
ticker: "CSPX2", exchange_operating_mic: "XLON",
|
|
price_provider: "tiingo", offline: true, offline_reason: "provider_disabled"
|
|
)
|
|
|
|
# Start without tiingo
|
|
Setting.securities_providers = "twelve_data"
|
|
|
|
# Re-add tiingo
|
|
patch settings_hosting_url, params: { setting: { securities_providers: [ "twelve_data", "tiingo" ] } }
|
|
|
|
security.reload
|
|
refute security.offline?, "Security should come back online when its provider is re-added"
|
|
assert_nil security.offline_reason
|
|
end
|
|
ensure
|
|
Setting.securities_providers = ""
|
|
end
|
|
end
|