yumoqing/hermes-web-cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
hermes-web-cli/test_multiuser.py
yumoqing d423a03a6d feat(hermes-web-cli): refactor user context, settings, services and sessions management 
- Remove deprecated UNKNOWN.egg-info and user_context.py
- Refactor crud_ops, db_tables, and init modules
- Update settings UI and save handlers (appearance, general, security)
- Update services list, remove, and test DSPY files
- Update sessions list DSPY file
- Add multi-user test script
- Update pyproject.toml dependencies
2026-04-25 21:47:46 +08:00

153 lines
5.6 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""
Test script to verify multi-user data isolation in hermes-web-cli module.
This script simulates multiple users and verifies that they can only access their own data.
"""
import asyncio
import sys
import os
# Add the module path to Python path
sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..'))
from hermes_web_cli.init import (
get_all_services, create_service, delete_service, get_service_by_id,
create_session, get_active_sessions, get_recent_sessions, get_session_by_id,
get_setting, save_setting
)
from hermes_web_cli.user_context import get_current_user_id
# Mock ahserver's get_user function for testing
async def mock_get_user_1():
return "user1"
async def mock_get_user_2():
return "user2"
async def test_multiuser_isolation():
"""Test that users can only access their own data."""
print("Testing multi-user data isolation...")
# Test user 1
print("\n--- Testing User 1 ---")
# Mock user context for user 1
import hermes_web_cli.user_context
hermes_web_cli.user_context.get_user = mock_get_user_1
# Create service for user 1
service1_id = await create_service(
name="User1 Service",
url="http://localhost:8080",
description="Service for user 1",
apikey="user1-key"
)
print(f"Created service for user 1: {service1_id}")
# Get services for user 1
services1 = await get_all_services()
print(f"User 1 sees {len(services1)} services")
# Verify user 1 can access their service
service1 = await get_service_by_id(service1_id)
assert service1 is not None, "User 1 should be able to access their own service"
print("User 1 can access their own service ✓")
# Test user 2
print("\n--- Testing User 2 ---")
# Mock user context for user 2
hermes_web_cli.user_context.get_user = mock_get_user_2
# Create service for user 2
service2_id = await create_service(
name="User2 Service",
url="http://localhost:8081",
description="Service for user 2",
apikey="user2-key"
)
print(f"Created service for user 2: {service2_id}")
# Get services for user 2
services2 = await get_all_services()
print(f"User 2 sees {len(services2)} services")
# Verify user 2 can access their service
service2 = await get_service_by_id(service2_id)
assert service2 is not None, "User 2 should be able to access their own service"
print("User 2 can access their own service ✓")
# Verify user 2 cannot access user 1's service
service1_from_user2 = await get_service_by_id(service1_id)
assert service1_from_user2 is None, "User 2 should NOT be able to access user 1's service"
print("User 2 cannot access user 1's service ✓")
# Verify user 1 still only sees their own service
hermes_web_cli.user_context.get_user = mock_get_user_1
services1_after = await get_all_services()
assert len(services1_after) == 1, "User 1 should still only see 1 service"
print("User 1 still only sees their own service ✓")
# Test sessions
print("\n--- Testing Session Isolation ---")
# Create session for user 1
hermes_web_cli.user_context.get_user = mock_get_user_1
session1_id = await create_session(service1_id, "user1", "Hello from user 1")
print(f"Created session for user 1: {session1_id}")
# Create session for user 2
hermes_web_cli.user_context.get_user = mock_get_user_2
session2_id = await create_session(service2_id, "user2", "Hello from user 2")
print(f"Created session for user 2: {session2_id}")
# Verify user 1 only sees their session
hermes_web_cli.user_context.get_user = mock_get_user_1
sessions1 = await get_active_sessions()
assert len(sessions1) == 1, "User 1 should only see 1 session"
assert sessions1[0]['session_id'] == session1_id, "User 1 should see their own session"
print("User 1 session isolation ✓")
# Verify user 2 only sees their session
hermes_web_cli.user_context.get_user = mock_get_user_2
sessions2 = await get_active_sessions()
assert len(sessions2) == 1, "User 2 should only see 1 session"
assert sessions2[0]['session_id'] == session2_id, "User 2 should see their own session"
print("User 2 session isolation ✓")
# Test settings
print("\n--- Testing Settings Isolation ---")
# Save setting for user 1
hermes_web_cli.user_context.get_user = mock_get_user_1
await save_setting("appearance", "theme", "dark")
# Save setting for user 2
hermes_web_cli.user_context.get_user = mock_get_user_2
await save_setting("appearance", "theme", "light")
# Verify user 1 gets their setting
hermes_web_cli.user_context.get_user = mock_get_user_1
settings1 = await get_setting()
assert settings1.get('appearance', {}).get('theme') == 'dark', "User 1 should have dark theme"
print("User 1 settings isolation ✓")
# Verify user 2 gets their setting
hermes_web_cli.user_context.get_user = mock_get_user_2
settings2 = await get_setting()
assert settings2.get('appearance', {}).get('theme') == 'light', "User 2 should have light theme"
print("User 2 settings isolation ✓")
# Clean up
print("\n--- Cleaning Up ---")
hermes_web_cli.user_context.get_user = mock_get_user_1
await delete_service(service1_id)
hermes_web_cli.user_context.get_user = mock_get_user_2
await delete_service(service2_id)
print("\n✅ All multi-user isolation tests passed!")
if __name__ == "__main__":
asyncio.run(test_multiuser_isolation())
Reference in New Issue View Git Blame Copy Permalink