fix(apigw/authentication.py): fix missing tenant_id in UserBackend (TencentBlueKing#221)

wklken · web-flow · commit 100b22dcf267 · 2025-04-22T16:11:46.000+08:00
diff --git a/.github/workflows/apigw-manager.yml b/.github/workflows/apigw-manager.yml
@@ -19,7 +19,7 @@ jobs:
       fail-fast: false
       matrix:
         python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
-        os: [ubuntu-20.04, macos-13, windows-latest]
+        os: [ubuntu-22.04, macos-13, windows-latest]
     steps:
     - uses: actions/checkout@v4
 
diff --git a/sdks/apigw-manager/pyproject.toml b/sdks/apigw-manager/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "apigw-manager"
-version = "4.0.2"
+version = "4.0.3"
 description = "The SDK for managing blueking gateway resource."
 readme = "README.md"
 authors = ["blueking <blueking@tencent.com>"]
diff --git a/sdks/apigw-manager/src/apigw_manager/apigw/authentication.py b/sdks/apigw-manager/src/apigw_manager/apigw/authentication.py
@@ -1,13 +1,14 @@
 # -*- coding: utf-8 -*-
 """
- * TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-蓝鲸 PaaS 平台(BlueKing-PaaS) available.
- * Copyright (C) 2017-2021 THL A29 Limited, a Tencent company. All rights reserved.
- * Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at http://opensource.org/licenses/MIT
- * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
- * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations under the License.
+* TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-蓝鲸 PaaS 平台(BlueKing-PaaS) available.
+* Copyright (C) 2017-2021 THL A29 Limited, a Tencent company. All rights reserved.
+* Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at http://opensource.org/licenses/MIT
+* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations under the License.
 """
+
 import logging
 from collections import namedtuple
 from typing import ClassVar, Type
@@ -162,7 +163,7 @@ def make_anonymous_user(self, bk_username=None):
         user.tenant_id = ""  # type: ignore
         return user
 
-    def authenticate(self, request, gateway_name, bk_username, tenant_id, verified, **credentials):
+    def authenticate(self, request, gateway_name, bk_username, verified, tenant_id="", **credentials):
         if not verified:
             return self.make_anonymous_user(bk_username=bk_username)
 
diff --git a/sdks/apigw-manager/tests/apigw_manager/apigw/test_authentication.py b/sdks/apigw-manager/tests/apigw_manager/apigw/test_authentication.py
@@ -1,13 +1,14 @@
 # -*- coding: utf-8 -*-
 """
- * TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-蓝鲸 PaaS 平台(BlueKing-PaaS) available.
- * Copyright (C) 2017-2021 THL A29 Limited, a Tencent company. All rights reserved.
- * Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at http://opensource.org/licenses/MIT
- * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
- * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations under the License.
+* TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-蓝鲸 PaaS 平台(BlueKing-PaaS) available.
+* Copyright (C) 2017-2021 THL A29 Limited, a Tencent company. All rights reserved.
+* Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at http://opensource.org/licenses/MIT
+* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations under the License.
 """
+
 import pytest
 from django.contrib.auth.models import AnonymousUser
 from django.core.cache import caches
@@ -16,6 +17,7 @@
 from apigw_manager.apigw import authentication, providers
 from apigw_manager.apigw.providers import CachePublicKeyProvider, DefaultJWTProvider, SettingsPublicKeyProvider
 
+
 @pytest.fixture()
 def mock_response(mocker):
     return mocker.MagicMock()
@@ -70,9 +72,9 @@ def jwt_request(fake_gateway_name, jwt_decoded, mock_request):
 
 @pytest.fixture()
 def invalid_apigw_request(mock_request):
-    mock_request.META[
-        "HTTP_X_BKAPI_JWT"
-    ] = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoibHljIn0.iHy-g0R-q3sVnO16gTHV0FAIViEuKMGCtNLNVYSJX5c"
+    mock_request.META["HTTP_X_BKAPI_JWT"] = (
+        "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoibHljIn0.iHy-g0R-q3sVnO16gTHV0FAIViEuKMGCtNLNVYSJX5c"
+    )
 
     return mock_request
 
@@ -243,16 +245,38 @@ def _setup_backend(self):
 
     def test_authenticate_user(self, mock_request):
         user = self.backend.authenticate(
-            mock_request, gateway_name="test", bk_username="admin", tenant_id="system", verified=True
+            mock_request,
+            gateway_name="test",
+            bk_username="admin",
+            verified=True,
+            tenant_id="system",
+        )
+        assert not isinstance(user, AnonymousUser)
+        assert user.username == "admin"
+        assert user.is_authenticated is True
+        assert user.tenant_id == "system"
+
+    def test_authenticate_user_no_tenant_id(self, mock_request):
+        user = self.backend.authenticate(
+            mock_request,
+            gateway_name="test",
+            bk_username="admin",
+            verified=True,
         )
         assert not isinstance(user, AnonymousUser)
         assert user.username == "admin"
         assert user.is_authenticated is True
+        assert user.tenant_id == ""
 
     def test_authenticate_anonymous_user(self, mock_request):
         user = self.backend.authenticate(
-            mock_request, gateway_name="test", bk_username="admin", tenant_id="system", verified=False
+            mock_request,
+            gateway_name="test",
+            bk_username="admin",
+            verified=False,
+            tenant_id="system",
         )
         assert isinstance(user, AnonymousUser)
         assert user.username == "admin"
         assert user.is_authenticated is False
+        assert user.tenant_id == ""
