e5d9c7f043
- Add "Connect Spotify" OAuth flow (/connect/spotify) so newly created Spotify apps can read playlists: Spotify now requires a user token for playlist reads, which client-credentials alone can no longer provide. The stored refresh token is rendered as spotify-refresh into each playlist's sldl .conf -- sldl's own docs confirm supplying it skips its interactive login flow, which is what was causing multi-hour hangs on a stuck sync. Grandfathered apps keep working unchanged if no account is connected. - Fix the connect flow's redirect_uri: request.url_for() reflected the raw connection scheme (http) rather than what the reverse proxy actually served over, which Spotify's exact-match redirect_uri check rejected. Force https rather than trust the unproxied scheme. - Add an AzuraCast base URL credential field alongside the API key, with a keyfile fallback so the scheduled enrich-buy-url.py job can actually reach AzuraCast (previously it had no way to receive a base URL at all when run from the scheduler, so the reprocess call was silently always skipped). - Fix build-fingerprint-index.py exiting non-zero on any single fingerprint failure instead of only when nothing was written. - Guard enrich-buy-url.py's AzuraCast reprocess against an empty --azuracast-base (raised ValueError since PD2 removed the hardcoded base). Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
87 lines
3.4 KiB
Python
87 lines
3.4 KiB
Python
import os
|
|
import stat
|
|
|
|
from app.services import credential_service as cs
|
|
from app.services import playlist_service as pl
|
|
|
|
|
|
def test_set_conf_field_replaces_existing():
|
|
text = "user = OLD\npass = OLD\n"
|
|
out = cs._set_conf_field(text, "user", "newuser")
|
|
assert "user = newuser" in out
|
|
assert "pass = OLD" in out # other lines untouched
|
|
|
|
|
|
def test_set_conf_field_appends_when_absent():
|
|
out = cs._set_conf_field("input = x\n", "user", "bob")
|
|
assert out.rstrip().endswith("user = bob")
|
|
|
|
|
|
def test_set_conf_field_strips_newlines():
|
|
# a newline in a value must not inject a second config line
|
|
out = cs._set_conf_field("user = x\n", "user", "bad\nname = injected")
|
|
assert "\nname = injected" not in out
|
|
assert "user = badname = injected" in out
|
|
|
|
|
|
def test_secret_keys_classification():
|
|
assert "password" in cs.SECRET_KEYS
|
|
assert "client_secret" in cs.SECRET_KEYS
|
|
# identifiers/urls/prefs are NOT secret (shown as text in the UI)
|
|
assert "username" not in cs.SECRET_KEYS
|
|
assert "base_url" not in cs.SECRET_KEYS
|
|
assert "region" not in cs.SECRET_KEYS
|
|
|
|
|
|
def test_render_playlist_confs_injects_creds_safely(db, config_dir):
|
|
cs.set_credentials(db, "spotify", {"client_id": "CID", "client_secret": "CSECRET"})
|
|
# a password containing shell metacharacters must land literally
|
|
cs.set_credentials(db, "soulseek", {"username": "seek", "password": "p'a$(id)ss"})
|
|
pl.create(db, name="rtest", spotify_url="https://open.spotify.com/playlist/Z")
|
|
|
|
conf = config_dir / "pipeline" / "rtest.conf"
|
|
text = conf.read_text()
|
|
assert "user = seek" in text
|
|
assert "pass = p'a$(id)ss" in text
|
|
assert "spotify-id = CID" in text
|
|
assert "spotify-secret = CSECRET" in text
|
|
# no account connected yet -- rendered blank, not left as the placeholder
|
|
assert "spotify-refresh = \n" in text
|
|
# rendered config must be owner-only (holds the Soulseek password)
|
|
assert stat.S_IMODE(os.stat(conf).st_mode) == 0o600
|
|
|
|
|
|
def test_render_playlist_confs_includes_spotify_refresh_when_connected(db, config_dir):
|
|
cs.set_credentials(db, "spotify", {"client_id": "CID", "client_secret": "CSECRET", "refresh_token": "RTOK"})
|
|
cs.set_credentials(db, "soulseek", {"username": "seek", "password": "pw"})
|
|
pl.create(db, name="rtest2", spotify_url="https://open.spotify.com/playlist/Z")
|
|
|
|
conf = config_dir / "pipeline" / "rtest2.conf"
|
|
text = conf.read_text()
|
|
assert "spotify-refresh = RTOK" in text
|
|
|
|
|
|
def test_azuracast_renders_and_clears_base_url(db, config_dir):
|
|
cs.set_credentials(db, "azuracast", {"base_url": "https://radio.example.com", "api_key": "KEY"})
|
|
|
|
az_dir = config_dir / "pipeline" / "azuracast"
|
|
assert (az_dir / "base_url").read_text() == "https://radio.example.com"
|
|
assert (az_dir / "api_key").read_text() == "KEY"
|
|
|
|
cs.set_scope_enabled(db, "azuracast", False)
|
|
assert not (az_dir / "base_url").exists()
|
|
assert not (az_dir / "api_key").exists()
|
|
|
|
cs.set_scope_enabled(db, "azuracast", True)
|
|
assert (az_dir / "base_url").read_text() == "https://radio.example.com"
|
|
|
|
|
|
def test_bandcamp_cookie_expiry_parsing():
|
|
jar = "\n".join([
|
|
"# Netscape HTTP Cookie File",
|
|
"\t".join([".bandcamp.com", "TRUE", "/", "TRUE", "1893456000", "identity", "abc"]),
|
|
])
|
|
exp = cs._bandcamp_cookie_expiry(jar)
|
|
assert exp == 1893456000.0
|
|
assert cs._bandcamp_cookie_expiry("no identity cookie here") is None
|