forked from github/copilot-sdk-java
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathPerSessionAuthTest.java
More file actions
145 lines (119 loc) · 5.55 KB
/
PerSessionAuthTest.java
File metadata and controls
145 lines (119 loc) · 5.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
/*---------------------------------------------------------------------------------------------
* Copyright (c) Microsoft Corporation. All rights reserved.
*--------------------------------------------------------------------------------------------*/
package com.github.copilot.sdk;
import static org.junit.jupiter.api.Assertions.*;
import java.util.HashMap;
import java.util.Map;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import com.github.copilot.sdk.generated.rpc.SessionAuthGetStatusResult;
import com.github.copilot.sdk.json.CopilotClientOptions;
import com.github.copilot.sdk.json.PermissionHandler;
import com.github.copilot.sdk.json.SessionConfig;
/**
* Tests for per-session GitHub authentication.
*
* <p>
* These tests verify that a per-session GitHub token is resolved into a full
* identity by the CLI runtime and that sessions with different tokens are
* isolated from each other.
* </p>
*/
public class PerSessionAuthTest {
private static E2ETestContext ctx;
@BeforeAll
static void setup() throws Exception {
ctx = E2ETestContext.create();
}
@AfterAll
static void teardown() throws Exception {
if (ctx != null) {
ctx.close();
}
}
/**
* Creates a CopilotClient with the GitHub API URL redirected to the proxy so
* that per-session auth token resolution (fetchCopilotUser) is intercepted.
*/
private CopilotClient createAuthTestClient() {
Map<String, String> env = new HashMap<>(ctx.getEnvironment());
env.put("COPILOT_DEBUG_GITHUB_API_URL", ctx.getProxyUrl());
return ctx.createClient(new CopilotClientOptions().setEnvironment(env));
}
private void setupCopilotUsers() throws Exception {
// Initialize proxy state before registering tokens — the proxy requires its
// internal state to be initialized (via /config) before it can handle the
// /copilot_internal/user endpoint used for per-session auth resolution.
ctx.initializeProxy();
ctx.setCopilotUserByToken("token-alice", "alice", "individual_pro", ctx.getProxyUrl(),
"https://localhost:1/telemetry", "alice-tracking-id");
ctx.setCopilotUserByToken("token-bob", "bob", "business", ctx.getProxyUrl(), "https://localhost:1/telemetry",
"bob-tracking-id");
}
@Test
void shouldAuthenticateWithGitHubToken() throws Exception {
setupCopilotUsers();
try (CopilotClient client = createAuthTestClient()) {
CopilotSession session = client.createSession(new SessionConfig().setGitHubToken("token-alice")
.setOnPermissionRequest(PermissionHandler.APPROVE_ALL)).get();
try {
SessionAuthGetStatusResult authStatus = session.getRpc().auth.getStatus().get();
assertTrue(authStatus.isAuthenticated(), "Expected session to be authenticated");
assertEquals("alice", authStatus.login());
} finally {
session.close();
}
}
}
@Test
void shouldIsolateAuthBetweenSessions() throws Exception {
setupCopilotUsers();
try (CopilotClient client = createAuthTestClient()) {
CopilotSession sessionA = client.createSession(new SessionConfig().setGitHubToken("token-alice")
.setOnPermissionRequest(PermissionHandler.APPROVE_ALL)).get();
CopilotSession sessionB = client.createSession(new SessionConfig().setGitHubToken("token-bob")
.setOnPermissionRequest(PermissionHandler.APPROVE_ALL)).get();
try {
SessionAuthGetStatusResult statusA = sessionA.getRpc().auth.getStatus().get();
SessionAuthGetStatusResult statusB = sessionB.getRpc().auth.getStatus().get();
assertTrue(statusA.isAuthenticated(), "Expected session A to be authenticated");
assertEquals("alice", statusA.login());
assertTrue(statusB.isAuthenticated(), "Expected session B to be authenticated");
assertEquals("bob", statusB.login());
} finally {
sessionA.close();
sessionB.close();
}
}
}
@Test
void shouldBeUnauthenticatedWithoutToken() throws Exception {
try (CopilotClient client = createAuthTestClient()) {
CopilotSession session = client
.createSession(new SessionConfig().setOnPermissionRequest(PermissionHandler.APPROVE_ALL)).get();
try {
SessionAuthGetStatusResult authStatus = session.getRpc().auth.getStatus().get();
// Without a per-session token, there is no per-session identity.
// In CI the process-level fake token may still authenticate globally,
// so we check login rather than isAuthenticated.
assertNull(authStatus.login(), "Expected no login without per-session token");
} finally {
session.close();
}
}
}
@Test
void shouldFailWithInvalidToken() throws Exception {
setupCopilotUsers();
try (CopilotClient client = createAuthTestClient()) {
Exception ex = assertThrows(Exception.class, () -> {
CopilotSession session = client.createSession(new SessionConfig().setGitHubToken("invalid-token")
.setOnPermissionRequest(PermissionHandler.APPROVE_ALL)).get();
session.close();
});
assertNotNull(ex);
}
}
}