"""Integration tests for NAVI_AUTH_ENABLED=false mode."""
import pytest
from fastapi.testclient import TestClient
from navi.auth import User
from navi.core.registry import BackendRegistry
from navi.core.session import InMemorySessionStore
from navi.main import app
from tests.conftest_factory import FakeConnection, FakeLLMBackend, FakePool, make_profile_registry, make_registry_with_tools
@pytest.fixture
def no_auth_client(monkeypatch):
"""FastAPI TestClient with auth disabled and real auth dependencies."""
import navi.config as _config
new_settings = _config.Settings(
database_url="postgresql://fake",
navi_auth_enabled=False,
)
# Patch settings everywhere it is imported as a module-level name.
monkeypatch.setattr("navi.config.settings", new_settings)
monkeypatch.setattr("navi.auth.deps.settings", new_settings)
monkeypatch.setattr("navi.api.routes.auth.settings", new_settings)
monkeypatch.setattr("navi.api.routes.sessions.settings", new_settings)
store = InMemorySessionStore()
profiles = make_profile_registry()
tools = make_registry_with_tools()
backends = BackendRegistry()
backends.register("ollama", FakeLLMBackend())
_fake_conn = FakeConnection()
_fake_pool = FakePool(_fake_conn)
async def _fake_get_pool():
return _fake_pool
store._get_pool = _fake_get_pool
store._pool = _fake_pool
from tests.conftest_factory import make_scheduler_with_pool
_fake_scheduler = make_scheduler_with_pool(_fake_conn)
from navi.core.container import AppContainer
container = AppContainer(
database=None,
memory_store=None,
session_store=store,
kv_store=None,
scheduler=_fake_scheduler,
tool_registry=tools,
profile_registry=profiles,
backend_registry=backends,
cp_registry=None,
workers=[],
mcp_manager=None,
)
fake_agent = object() # routes requiring an agent are not exercised here
container._agent = fake_agent
app.state.container = container
from navi.api.deps import set_container
set_container(container)
# Clear any auth overrides left by other fixtures in this app instance.
for dep in (
"get_current_user",
"get_current_user_ws",
"require_user",
"require_admin",
"require_permission",
):
app.dependency_overrides.pop(getattr(__import__("navi.api.deps", fromlist=[dep]), dep), None)
# Patch WebSocket user resolver at module level so the real function sees disabled auth.
from navi.auth import deps as auth_deps_mod
original_get_current_user_ws = auth_deps_mod.get_current_user_ws
monkeypatch.setattr(auth_deps_mod, "get_current_user_ws", original_get_current_user_ws)
return TestClient(app), store
class TestNoAuthStatus:
def test_auth_status_reports_disabled(self, no_auth_client):
client, _ = no_auth_client
response = client.get("/auth/status")
assert response.status_code == 200
data = response.json()
assert data["enabled"] is False
assert data["configured"] is False
class TestNoAuthSessions:
@pytest.mark.anyio
async def test_create_session_without_auth(self, no_auth_client):
client, store = no_auth_client
response = client.post("/sessions", json={"profile_id": "secretary"})
assert response.status_code == 201
data = response.json()
assert "session_id" in data
assert data["profile_id"] == "secretary"
session = await store.get(data["session_id"])
assert session is not None
assert session.user_id == "anonymous"
@pytest.mark.anyio
async def test_list_sessions_without_auth(self, no_auth_client):
client, store = no_auth_client
create_resp = client.post("/sessions", json={"profile_id": "secretary"})
session_id = create_resp.json()["session_id"]
response = client.get("/sessions")
assert response.status_code == 200
sessions = response.json()
assert any(s["session_id"] == session_id for s in sessions)
