feat(subsonic): response envelope, id scheme, and error mapping
- envelope: one serializer emitting the <subsonic-response> wrapper in XML (default) and JSON (f=json), carrying status/version/type/serverVersion - ids: stable, reversible type-prefixed ids (tr-/al-/ar-/pl-) ↔ UUIDs - errors: /rest requests render the Subsonic error envelope (always HTTP 200) with standard codes (10 missing param, 40 wrong creds, 50, 70 not found) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Senko-san
@@ -0,0 +1,70 @@
|
||||
"""Unit tests for Subsonic crypto + id helpers (no DB, no network)."""
|
||||
|
||||
import hashlib
|
||||
import uuid
|
||||
|
||||
import pytest
|
||||
from app.api.rest import ids
|
||||
from app.api.rest.ids import IdKind
|
||||
from app.core.security import SubsonicPasswordCipher, generate_subsonic_password
|
||||
from app.domain.errors import AuthenticationError, NotFoundError
|
||||
|
||||
|
||||
def test_generate_subsonic_password_is_long_and_unique() -> None:
|
||||
a = generate_subsonic_password()
|
||||
b = generate_subsonic_password()
|
||||
assert a != b
|
||||
assert len(a) >= 20
|
||||
|
||||
|
||||
def test_cipher_roundtrip() -> None:
|
||||
cipher = SubsonicPasswordCipher("a-secret-key")
|
||||
plaintext = generate_subsonic_password()
|
||||
token = cipher.encrypt(plaintext)
|
||||
assert token != plaintext
|
||||
assert cipher.decrypt(token) == plaintext
|
||||
|
||||
|
||||
def test_cipher_token_then_md5_matches() -> None:
|
||||
"""The decrypted app-password must reproduce a client's t=md5(password+salt)."""
|
||||
cipher = SubsonicPasswordCipher("a-secret-key")
|
||||
password = generate_subsonic_password()
|
||||
enc = cipher.encrypt(password)
|
||||
|
||||
salt = "c19b2d"
|
||||
decrypted = cipher.decrypt(enc)
|
||||
expected = hashlib.md5((decrypted + salt).encode(), usedforsecurity=False).hexdigest()
|
||||
client_token = hashlib.md5((password + salt).encode(), usedforsecurity=False).hexdigest()
|
||||
assert expected == client_token
|
||||
|
||||
|
||||
def test_cipher_wrong_key_fails() -> None:
|
||||
token = SubsonicPasswordCipher("key-one").encrypt("hunter2")
|
||||
with pytest.raises(AuthenticationError):
|
||||
SubsonicPasswordCipher("key-two").decrypt(token)
|
||||
|
||||
|
||||
def test_id_encode_decode_roundtrip() -> None:
|
||||
value = uuid.uuid4()
|
||||
assert ids.decode_track(ids.encode_track(value)) == value
|
||||
assert ids.decode_album(ids.encode_album(value)) == value
|
||||
assert ids.decode_artist(ids.encode_artist(value)) == value
|
||||
assert ids.decode_playlist(ids.encode_playlist(value)) == value
|
||||
|
||||
|
||||
def test_id_parse_returns_kind() -> None:
|
||||
value = uuid.uuid4()
|
||||
kind, parsed = ids.parse(ids.encode_album(value))
|
||||
assert kind is IdKind.ALBUM
|
||||
assert parsed == value
|
||||
|
||||
|
||||
def test_id_wrong_prefix_rejected() -> None:
|
||||
track = ids.encode_track(uuid.uuid4())
|
||||
with pytest.raises(NotFoundError):
|
||||
ids.decode_album(track)
|
||||
|
||||
|
||||
def test_id_malformed_rejected() -> None:
|
||||
with pytest.raises(NotFoundError):
|
||||
ids.parse("not-a-real-id")
|
||||
Reference in New Issue
Block a user