Major Progress Towards Interactive Remote Powershell

2026-02-05 14:00:31 -07:00 · 2025-12-06 00:27:57 -07:00
parent 52e40c3753
commit 68dd46347b
9 changed files with 1247 additions and 53 deletions
--- a/Data/Engine/Unit_Tests/test_reverse_tunnel.py
+++ b/Data/Engine/Unit_Tests/test_reverse_tunnel.py
@@ -0,0 +1,90 @@
+# ======================================================
+# Data\Engine\Unit_Tests\test_reverse_tunnel.py
+# Description: Validates reverse tunnel lease API basics (allocation, token contents, and domain limit).
+#
+# API Endpoints (if applicable):
+# - POST /api/tunnel/request
+# ======================================================
+
+from __future__ import annotations
+
+import base64
+import json
+
+import pytest
+
+from .conftest import EngineTestHarness
+
+
+def _client_with_admin_session(harness: EngineTestHarness):
+    client = harness.app.test_client()
+    with client.session_transaction() as sess:
+        sess["username"] = "admin"
+        sess["role"] = "Admin"
+    return client
+
+
+def _decode_token_segment(token: str) -> dict:
+    """Decode the unsigned payload segment from the tunnel token."""
+    if not token:
+        return {}
+    segment = token.split(".")[0]
+    padding = "=" * (-len(segment) % 4)
+    raw = base64.urlsafe_b64decode(segment + padding)
+    try:
+        return json.loads(raw.decode("utf-8"))
+    except Exception:
+        return {}
+
+
+@pytest.mark.parametrize("agent_id", ["test-device-agent"])
+def test_tunnel_request_happy_path(engine_harness: EngineTestHarness, agent_id: str) -> None:
+    client = _client_with_admin_session(engine_harness)
+    resp = client.post(
+        "/api/tunnel/request",
+        json={"agent_id": agent_id, "protocol": "ps", "domain": "ps"},
+    )
+    assert resp.status_code == 200
+    payload = resp.get_json()
+    assert payload["agent_id"] == agent_id
+    assert payload["protocol"] == "ps"
+    assert payload["domain"] == "ps"
+    assert isinstance(payload["port"], int) and payload["port"] >= 30000
+    assert payload.get("token")
+
+    claims = _decode_token_segment(payload["token"])
+    assert claims.get("agent_id") == agent_id
+    assert claims.get("protocol") == "ps"
+    assert claims.get("domain") == "ps"
+    assert claims.get("tunnel_id") == payload["tunnel_id"]
+    assert claims.get("assigned_port") == payload["port"]
+
+
+def test_tunnel_request_domain_limit(engine_harness: EngineTestHarness) -> None:
+    client = _client_with_admin_session(engine_harness)
+    first = client.post(
+        "/api/tunnel/request",
+        json={"agent_id": "test-device-agent", "protocol": "ps", "domain": "ps"},
+    )
+    assert first.status_code == 200
+
+    second = client.post(
+        "/api/tunnel/request",
+        json={"agent_id": "test-device-agent", "protocol": "ps", "domain": "ps"},
+    )
+    assert second.status_code == 409
+    data = second.get_json()
+    assert data.get("error") == "domain_limit"
+
+
+def test_tunnel_request_includes_timeouts(engine_harness: EngineTestHarness) -> None:
+    client = _client_with_admin_session(engine_harness)
+    resp = client.post(
+        "/api/tunnel/request",
+        json={"agent_id": "test-device-agent", "protocol": "ps", "domain": "ps"},
+    )
+    assert resp.status_code == 200
+    payload = resp.get_json()
+    assert payload.get("idle_seconds") and payload["idle_seconds"] > 0
+    assert payload.get("grace_seconds") and payload["grace_seconds"] > 0
+    assert payload.get("expires_at") and int(payload["expires_at"]) > 0