Sabo/webui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(onboarding): remove CLI fast path from _provider_oauth_authenticated — fixes 4 test failures

Browse Source 
The hermes_cli fast path ignored hermes_home, returning True from real system auth for OAuth providers. Removed — auth now scoped to hermes_home/auth.json only. 1423 passed, 0 failed.
This commit is contained in:
nesquena-hermes
2026-04-18 00:23:16 -07:00
committed by GitHub
parent 75e6595e06
commit 5c2840e2da
3 changed files with 11 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@@ -1,5 +1,10 @@
# Hermes Web UI -- Changelog # Hermes Web UI -- Changelog
## [v0.50.85] — 2026-04-18
### Fixed
- **`_provider_oauth_authenticated()` now respects the `hermes_home` parameter** — the function had a CLI fast path (`hermes_cli.auth.get_auth_status()`) that ignored the caller-supplied `hermes_home` and read from the real system home. On machines where `openai-codex` (or another OAuth provider) was genuinely authenticated, this caused three test assertions to return `True` instead of `False`, regardless of the isolated `tmp_path` the test passed in. Removed the CLI fast path; the function now reads exclusively from `hermes_home/auth.json`, which is both the correct scoped behavior and what the docstring described. No functional change for production (the auth.json path was already the complete fallback). (Fixes pre-existing test_sprint34 failures)
## [v0.50.84] — 2026-04-18 ## [v0.50.84] — 2026-04-18
### Fixed ### Fixed

18
api/onboarding.py
View File

@@ -245,19 +245,11 @@ def _provider_oauth_authenticated(provider: str, hermes_home: "Path") -> bool:
if not provider: if not provider:
return False return False
# Fast path: ask hermes_cli directly — the authoritative source # Check auth.json for known OAuth provider IDs.
try: # hermes_home scopes the check — callers must pass the correct home directory.
from hermes_cli.auth import get_auth_status as _gas # (A prior CLI fast path via hermes_cli.auth.get_auth_status() was removed
# because it ignored hermes_home and read from the real system home, breaking
status = _gas(provider) # both test isolation and deployments with multiple profiles.)
if isinstance(status, dict) and status.get("logged_in"):
return True
except Exception:
logger.debug("Failed to get auth status for provider %s", provider)
# Fallback: parse auth.json ourselves for known OAuth provider IDs.
# Covers deployments where hermes_cli is installed but the import above
# fails for an unexpected reason (version mismatch, import cycle, etc.).
_known_oauth_providers = {"openai-codex", "copilot", "copilot-acp", "qwen-oauth", "nous"} _known_oauth_providers = {"openai-codex", "copilot", "copilot-acp", "qwen-oauth", "nous"}
if provider not in _known_oauth_providers: if provider not in _known_oauth_providers:
return False return False

2
static/index.html
View File

@@ -592,7 +592,7 @@
<div class="settings-section-title">System</div> <div class="settings-section-title">System</div>
<div class="settings-section-meta">Instance version and access controls.</div> <div class="settings-section-meta">Instance version and access controls.</div>
</div> </div>
<span class="settings-version-badge">v0.50.84</span> <span class="settings-version-badge">v0.50.85</span>
</div> </div>
<div class="settings-field" style="border-top:1px solid var(--border);padding-top:12px;margin-top:8px"> <div class="settings-field" style="border-top:1px solid var(--border);padding-top:12px;margin-top:8px">
<label for="settingsPassword" data-i18n="settings_label_password">Access Password</label> <label for="settingsPassword" data-i18n="settings_label_password">Access Password</label>