Refactor app instance to Keycloak SSO

2026-06-15 15:54:39 +08:00
parent fc9fd93c36
commit 461d1300ad
246 changed files with 1350 additions and 52721 deletions
--- a/app-instance/backend/tests/unit/test_web_files_api.py
+++ b/app-instance/backend/tests/unit/test_web_files_api.py
@ -5,6 +5,7 @@ from pathlib import Path
 from fastapi.testclient import TestClient

 from beaver.interfaces.web.app import create_app
+from beaver.interfaces.web.keycloak_auth import KeycloakIdentity
 from beaver.services.agent_service import AgentService
 from beaver.services.user_file_resolver import UserFileStorageResolver
 from beaver.services.user_files import LocalUserFileStorage, UserFileService
@ -12,10 +13,24 @@ from beaver.services.user_files import LocalUserFileStorage, UserFileService

 def _auth_headers(app, username: str = "alice") -> dict[str, str]:
    token = f"test-token-{username}"
-    app.state.auth_tokens[token] = username
+    app.state.keycloak_token_verifier = _FakeKeycloakVerifier(username=username)
    return {"Authorization": f"Bearer {token}"}


+class _FakeKeycloakVerifier:
+    def __init__(self, *, username: str) -> None:
+        self.username = username
+
+    def verify(self, token: str, *, expected_nonce: str | None = None) -> KeycloakIdentity:
+        return KeycloakIdentity(
+            user_id=self.username,
+            username=self.username,
+            email=f"{self.username}@example.com",
+            realm_roles=("user",),
+            client_roles=("agent-user",),
+        )
+
+
 def test_workspace_browser_api_manages_workspace_files(tmp_path: Path) -> None:
    service = AgentService(workspace=tmp_path)
    app = create_app(service=service, manage_service_lifecycle=False)