From 72548a8ac4026827dccb07108e4d5372ac084e03 Mon Sep 17 00:00:00 2001 From: bigcat88 Date: Wed, 10 Sep 2025 10:39:55 +0300 Subject: [PATCH] added additional tests; sorted tests --- tests-assets/test_crud.py | 116 ++++++++++++++++++- tests-assets/test_tags.py | 27 +++++ tests-assets/test_uploads.py | 192 ++++++++++++++++++++++++-------- tests-assets/test_validation.py | 23 ---- 4 files changed, 289 insertions(+), 69 deletions(-) delete mode 100644 tests-assets/test_validation.py diff --git a/tests-assets/test_crud.py b/tests-assets/test_crud.py index 5e0d953d5..99ea329c5 100644 --- a/tests-assets/test_crud.py +++ b/tests-assets/test_crud.py @@ -1,7 +1,33 @@ +import uuid import aiohttp import pytest +@pytest.mark.asyncio +async def test_create_from_hash_success( + http: aiohttp.ClientSession, api_base: str, seeded_asset: dict +): + h = seeded_asset["asset_hash"] + payload = { + "hash": h, + "name": "from_hash_ok.safetensors", + "tags": ["models", "checkpoints", "unit-tests", "from-hash"], + "user_metadata": {"k": "v"}, + } + async with http.post(f"{api_base}/api/assets/from-hash", json=payload) as r1: + b1 = await r1.json() + assert r1.status == 201, b1 + assert b1["asset_hash"] == h + assert b1["created_new"] is False + aid = b1["id"] + + # Calling again with the same name should return the same AssetInfo id + async with http.post(f"{api_base}/api/assets/from-hash", json=payload) as r2: + b2 = await r2.json() + assert r2.status == 201, b2 + assert b2["id"] == aid + + @pytest.mark.asyncio async def test_get_and_delete_asset(http: aiohttp.ClientSession, api_base: str, seeded_asset: dict): aid = seeded_asset["id"] @@ -25,6 +51,41 @@ async def test_get_and_delete_asset(http: aiohttp.ClientSession, api_base: str, assert body["error"]["code"] == "ASSET_NOT_FOUND" +@pytest.mark.asyncio +async def test_delete_upon_reference_count( + http: aiohttp.ClientSession, api_base: str, seeded_asset: dict +): + # Create a second reference to the same asset via from-hash + src_hash = seeded_asset["asset_hash"] + payload = { + "hash": src_hash, + "name": "unit_ref_copy.safetensors", + "tags": ["models", "checkpoints", "unit-tests", "del-flow"], + "user_metadata": {"note": "copy"}, + } + async with http.post(f"{api_base}/api/assets/from-hash", json=payload) as r2: + copy = await r2.json() + assert r2.status == 201, copy + assert copy["asset_hash"] == src_hash + assert copy["created_new"] is False + + # Delete original reference -> asset identity must remain + aid1 = seeded_asset["id"] + async with http.delete(f"{api_base}/api/assets/{aid1}") as rd1: + assert rd1.status == 204 + + async with http.head(f"{api_base}/api/assets/hash/{src_hash}") as rh1: + assert rh1.status == 200 # identity still present + + # Delete the last reference with default semantics -> identity and cached files removed + aid2 = copy["id"] + async with http.delete(f"{api_base}/api/assets/{aid2}") as rd2: + assert rd2.status == 204 + + async with http.head(f"{api_base}/api/assets/hash/{src_hash}") as rh2: + assert rh2.status == 404 # orphan content removed + + @pytest.mark.asyncio async def test_update_asset_fields(http: aiohttp.ClientSession, api_base: str, seeded_asset: dict): aid = seeded_asset["id"] @@ -45,7 +106,7 @@ async def test_update_asset_fields(http: aiohttp.ClientSession, api_base: str, s @pytest.mark.asyncio -async def test_head_asset_by_hash_and_invalids(http: aiohttp.ClientSession, api_base: str, seeded_asset: dict): +async def test_head_asset_by_hash(http: aiohttp.ClientSession, api_base: str, seeded_asset: dict): h = seeded_asset["asset_hash"] # Existing @@ -56,6 +117,59 @@ async def test_head_asset_by_hash_and_invalids(http: aiohttp.ClientSession, api_ async with http.head(f"{api_base}/api/assets/hash/blake3:{'0'*64}") as rh2: assert rh2.status == 404 + +@pytest.mark.asyncio +async def test_delete_nonexistent_returns_404(http: aiohttp.ClientSession, api_base: str): + bogus = str(uuid.uuid4()) + async with http.delete(f"{api_base}/api/assets/{bogus}") as r: + body = await r.json() + assert r.status == 404 + assert body["error"]["code"] == "ASSET_NOT_FOUND" + + +@pytest.mark.asyncio +async def test_create_from_hash_invalids(http: aiohttp.ClientSession, api_base: str): + # Bad hash algorithm + bad = { + "hash": "sha256:" + "0" * 64, + "name": "x.bin", + "tags": ["models", "checkpoints", "unit-tests"], + } + async with http.post(f"{api_base}/api/assets/from-hash", json=bad) as r1: + b1 = await r1.json() + assert r1.status == 400 + assert b1["error"]["code"] == "INVALID_BODY" + + # Invalid JSON body + async with http.post(f"{api_base}/api/assets/from-hash", data=b"{not json}") as r2: + b2 = await r2.json() + assert r2.status == 400 + assert b2["error"]["code"] == "INVALID_JSON" + + +@pytest.mark.asyncio +async def test_get_update_download_bad_ids(http: aiohttp.ClientSession, api_base: str): + # All endpoints should be not found, as we UUID regex directly in the route definition. + bad_id = "not-a-uuid" + + async with http.get(f"{api_base}/api/assets/{bad_id}") as r1: + assert r1.status == 404 + + async with http.get(f"{api_base}/api/assets/{bad_id}/content") as r3: + assert r3.status == 404 + + +@pytest.mark.asyncio +async def test_update_requires_at_least_one_field(http: aiohttp.ClientSession, api_base: str, seeded_asset: dict): + aid = seeded_asset["id"] + async with http.put(f"{api_base}/api/assets/{aid}", json={}) as r: + body = await r.json() + assert r.status == 400 + assert body["error"]["code"] == "INVALID_BODY" + + +@pytest.mark.asyncio +async def test_head_asset_bad_hash(http: aiohttp.ClientSession, api_base: str): # Invalid format async with http.head(f"{api_base}/api/assets/hash/not_a_hash") as rh3: jb = await rh3.json() diff --git a/tests-assets/test_tags.py b/tests-assets/test_tags.py index 273efdd03..bba91581f 100644 --- a/tests-assets/test_tags.py +++ b/tests-assets/test_tags.py @@ -1,3 +1,4 @@ +import json import aiohttp import pytest @@ -98,3 +99,29 @@ async def test_tags_list_order_and_prefix(http: aiohttp.ClientSession, api_base: b2 = await r2.json() assert r2.status == 400 assert b2["error"]["code"] == "INVALID_QUERY" + + +@pytest.mark.asyncio +async def test_tags_endpoints_invalid_bodies(http: aiohttp.ClientSession, api_base: str, seeded_asset: dict): + aid = seeded_asset["id"] + + # Add with empty list + async with http.post(f"{api_base}/api/assets/{aid}/tags", json={"tags": []}) as r1: + b1 = await r1.json() + assert r1.status == 400 + assert b1["error"]["code"] == "INVALID_BODY" + + # Remove with wrong type + async with http.delete(f"{api_base}/api/assets/{aid}/tags", json={"tags": [123]}) as r2: + b2 = await r2.json() + assert r2.status == 400 + assert b2["error"]["code"] == "INVALID_BODY" + + # metadata_filter provided as JSON array should be rejected (must be object) + async with http.get( + api_base + "/api/assets", + params={"metadata_filter": json.dumps([{"x": 1}])}, + ) as r3: + b3 = await r3.json() + assert r3.status == 400 + assert b3["error"]["code"] == "INVALID_QUERY" diff --git a/tests-assets/test_uploads.py b/tests-assets/test_uploads.py index 8c50beb09..1d8df4e40 100644 --- a/tests-assets/test_uploads.py +++ b/tests-assets/test_uploads.py @@ -3,51 +3,6 @@ import aiohttp import pytest -@pytest.mark.asyncio -async def test_upload_requires_multipart(http: aiohttp.ClientSession, api_base: str): - async with http.post(api_base + "/api/assets", json={"foo": "bar"}) as r: - body = await r.json() - assert r.status == 415 - assert body["error"]["code"] == "UNSUPPORTED_MEDIA_TYPE" - - -@pytest.mark.asyncio -async def test_upload_missing_file_and_hash(http: aiohttp.ClientSession, api_base: str): - form = aiohttp.FormData(default_to_multipart=True) - form.add_field("tags", json.dumps(["models", "checkpoints", "unit-tests"])) - form.add_field("name", "x.safetensors") - async with http.post(api_base + "/api/assets", data=form) as r: - body = await r.json() - assert r.status == 400 - assert body["error"]["code"] == "MISSING_FILE" - - -@pytest.mark.asyncio -async def test_upload_models_unknown_category(http: aiohttp.ClientSession, api_base: str): - form = aiohttp.FormData() - form.add_field("file", b"A" * 128, filename="m.safetensors", content_type="application/octet-stream") - form.add_field("tags", json.dumps(["models", "no_such_category", "unit-tests"])) - form.add_field("name", "m.safetensors") - async with http.post(api_base + "/api/assets", data=form) as r: - body = await r.json() - assert r.status == 400 - assert body["error"]["code"] == "INVALID_BODY" - assert "unknown models category" in body["error"]["message"] or "unknown model category" in body["error"]["message"] - - -@pytest.mark.asyncio -async def test_upload_tags_traversal_guard(http: aiohttp.ClientSession, api_base: str): - form = aiohttp.FormData() - form.add_field("file", b"A" * 256, filename="evil.safetensors", content_type="application/octet-stream") - # '..' should be rejected by destination resolver - form.add_field("tags", json.dumps(["models", "checkpoints", "unit-tests", "..", "zzz"])) - form.add_field("name", "evil.safetensors") - async with http.post(api_base + "/api/assets", data=form) as r: - body = await r.json() - assert r.status == 400 - assert body["error"]["code"] in ("BAD_REQUEST", "INVALID_BODY") - - @pytest.mark.asyncio async def test_upload_ok_duplicate_reference(http: aiohttp.ClientSession, api_base: str, make_asset_bytes): name = "dup_a.safetensors" @@ -120,6 +75,56 @@ async def test_upload_fastpath_from_existing_hash_no_file(http: aiohttp.ClientSe assert b2["asset_hash"] == h +@pytest.mark.asyncio +async def test_upload_fastpath_with_known_hash_and_file( + http: aiohttp.ClientSession, api_base: str +): + # Seed + form1 = aiohttp.FormData() + form1.add_field("file", b"C" * 128, filename="seed.safetensors", content_type="application/octet-stream") + form1.add_field("tags", json.dumps(["models", "checkpoints", "unit-tests", "fp"])) + form1.add_field("name", "seed.safetensors") + form1.add_field("user_metadata", json.dumps({})) + async with http.post(api_base + "/api/assets", data=form1) as r1: + b1 = await r1.json() + assert r1.status == 201, b1 + h = b1["asset_hash"] + + # Send both file and hash of existing content -> server must drain file and create from hash (200) + form2 = aiohttp.FormData() + form2.add_field("file", b"ignored" * 10, filename="ignored.bin", content_type="application/octet-stream") + form2.add_field("hash", h) + form2.add_field("tags", json.dumps(["models", "checkpoints", "unit-tests", "fp"])) + form2.add_field("name", "copy_from_hash.safetensors") + form2.add_field("user_metadata", json.dumps({})) + async with http.post(api_base + "/api/assets", data=form2) as r2: + b2 = await r2.json() + assert r2.status == 200, b2 + assert b2["created_new"] is False + assert b2["asset_hash"] == h + + +@pytest.mark.asyncio +async def test_upload_multiple_tags_fields_are_merged(http: aiohttp.ClientSession, api_base: str): + form = aiohttp.FormData() + form.add_field("file", b"B" * 256, filename="merge.safetensors", content_type="application/octet-stream") + form.add_field("tags", "models,checkpoints") # CSV + form.add_field("tags", json.dumps(["unit-tests", "alpha"])) # JSON array in second field + form.add_field("name", "merge.safetensors") + form.add_field("user_metadata", json.dumps({"u": 1})) + async with http.post(api_base + "/api/assets", data=form) as r1: + created = await r1.json() + assert r1.status in (200, 201), created + aid = created["id"] + + # Verify all tags are present on the resource + async with http.get(f"{api_base}/api/assets/{aid}") as rg: + detail = await rg.json() + assert rg.status == 200, detail + tags = set(detail["tags"]) + assert {"models", "checkpoints", "unit-tests", "alpha"}.issubset(tags) + + @pytest.mark.asyncio async def test_create_from_hash_endpoint_404(http: aiohttp.ClientSession, api_base: str): payload = { @@ -131,3 +136,100 @@ async def test_create_from_hash_endpoint_404(http: aiohttp.ClientSession, api_ba body = await r.json() assert r.status == 404 assert body["error"]["code"] == "ASSET_NOT_FOUND" + + +@pytest.mark.asyncio +async def test_upload_zero_byte_rejected(http: aiohttp.ClientSession, api_base: str): + form = aiohttp.FormData() + form.add_field("file", b"", filename="empty.safetensors", content_type="application/octet-stream") + form.add_field("tags", json.dumps(["models", "checkpoints", "unit-tests", "edge"])) + form.add_field("name", "empty.safetensors") + form.add_field("user_metadata", json.dumps({})) + async with http.post(api_base + "/api/assets", data=form) as r: + body = await r.json() + assert r.status == 400 + assert body["error"]["code"] == "EMPTY_UPLOAD" + + +@pytest.mark.asyncio +async def test_upload_invalid_root_tag_rejected(http: aiohttp.ClientSession, api_base: str): + form = aiohttp.FormData() + form.add_field("file", b"A" * 64, filename="badroot.bin", content_type="application/octet-stream") + form.add_field("tags", json.dumps(["not-a-root", "whatever"])) + form.add_field("name", "badroot.bin") + form.add_field("user_metadata", json.dumps({})) + async with http.post(api_base + "/api/assets", data=form) as r: + body = await r.json() + assert r.status == 400 + assert body["error"]["code"] == "INVALID_BODY" + + +@pytest.mark.asyncio +async def test_upload_user_metadata_must_be_json(http: aiohttp.ClientSession, api_base: str): + form = aiohttp.FormData() + form.add_field("file", b"A" * 128, filename="badmeta.bin", content_type="application/octet-stream") + form.add_field("tags", json.dumps(["models", "checkpoints", "unit-tests", "edge"])) + form.add_field("name", "badmeta.bin") + form.add_field("user_metadata", "{not json}") # invalid + async with http.post(api_base + "/api/assets", data=form) as r: + body = await r.json() + assert r.status == 400 + assert body["error"]["code"] == "INVALID_BODY" + + +@pytest.mark.asyncio +async def test_upload_requires_multipart(http: aiohttp.ClientSession, api_base: str): + async with http.post(api_base + "/api/assets", json={"foo": "bar"}) as r: + body = await r.json() + assert r.status == 415 + assert body["error"]["code"] == "UNSUPPORTED_MEDIA_TYPE" + + +@pytest.mark.asyncio +async def test_upload_missing_file_and_hash(http: aiohttp.ClientSession, api_base: str): + form = aiohttp.FormData(default_to_multipart=True) + form.add_field("tags", json.dumps(["models", "checkpoints", "unit-tests"])) + form.add_field("name", "x.safetensors") + async with http.post(api_base + "/api/assets", data=form) as r: + body = await r.json() + assert r.status == 400 + assert body["error"]["code"] == "MISSING_FILE" + + +@pytest.mark.asyncio +async def test_upload_models_unknown_category(http: aiohttp.ClientSession, api_base: str): + form = aiohttp.FormData() + form.add_field("file", b"A" * 128, filename="m.safetensors", content_type="application/octet-stream") + form.add_field("tags", json.dumps(["models", "no_such_category", "unit-tests"])) + form.add_field("name", "m.safetensors") + async with http.post(api_base + "/api/assets", data=form) as r: + body = await r.json() + assert r.status == 400 + assert body["error"]["code"] == "INVALID_BODY" + assert "unknown models category" in body["error"]["message"] or "unknown model category" in body["error"]["message"] + + +@pytest.mark.asyncio +async def test_upload_models_requires_category(http: aiohttp.ClientSession, api_base: str): + form = aiohttp.FormData() + form.add_field("file", b"A" * 64, filename="nocat.safetensors", content_type="application/octet-stream") + form.add_field("tags", json.dumps(["models"])) # missing category + form.add_field("name", "nocat.safetensors") + form.add_field("user_metadata", json.dumps({})) + async with http.post(api_base + "/api/assets", data=form) as r: + body = await r.json() + assert r.status == 400 + assert body["error"]["code"] == "INVALID_BODY" + + +@pytest.mark.asyncio +async def test_upload_tags_traversal_guard(http: aiohttp.ClientSession, api_base: str): + form = aiohttp.FormData() + form.add_field("file", b"A" * 256, filename="evil.safetensors", content_type="application/octet-stream") + # '..' should be rejected by destination resolver + form.add_field("tags", json.dumps(["models", "checkpoints", "unit-tests", "..", "zzz"])) + form.add_field("name", "evil.safetensors") + async with http.post(api_base + "/api/assets", data=form) as r: + body = await r.json() + assert r.status == 400 + assert body["error"]["code"] in ("BAD_REQUEST", "INVALID_BODY") diff --git a/tests-assets/test_validation.py b/tests-assets/test_validation.py deleted file mode 100644 index 24ccc794f..000000000 --- a/tests-assets/test_validation.py +++ /dev/null @@ -1,23 +0,0 @@ -import aiohttp -import pytest - - -@pytest.mark.asyncio -async def test_get_update_download_bad_ids(http: aiohttp.ClientSession, api_base: str): - # All endpoints should be not found, as we UUID regex directly in the route definition. - bad_id = "not-a-uuid" - - async with http.get(f"{api_base}/api/assets/{bad_id}") as r1: - assert r1.status == 404 - - async with http.get(f"{api_base}/api/assets/{bad_id}/content") as r3: - assert r3.status == 404 - - -@pytest.mark.asyncio -async def test_update_requires_at_least_one_field(http: aiohttp.ClientSession, api_base: str, seeded_asset: dict): - aid = seeded_asset["id"] - async with http.put(f"{api_base}/api/assets/{aid}", json={}) as r: - body = await r.json() - assert r.status == 400 - assert body["error"]["code"] == "INVALID_BODY"