devpi-admin 1.4.0__tar.gz → 1.4.2__tar.gz

{devpi_admin-1.4.0 → devpi_admin-1.4.2}/.github/workflows/publish.yml

@@ -12,12 +12,12 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0  # needed for setuptools-scm to derive version from tag
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "3.14"
 

{devpi_admin-1.4.0 → devpi_admin-1.4.2}/.github/workflows/tests.yml

@@ -14,12 +14,12 @@ jobs:
         python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0  # needed for setuptools-scm to read git tags
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: ${{ matrix.python-version }}
 

{devpi_admin-1.4.0 → devpi_admin-1.4.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devpi-admin
-Version: 1.4.0
+Version: 1.4.2
 Summary: Modern web UI plugin for devpi-server — drop-in replacement for devpi-web
 Author-email: Pavel Revak <pavelrevak@gmail.com>
 License: MIT
@@ -122,6 +122,12 @@ talks to the standard devpi JSON API directly.
   `DELETE` is **never** granted, even with `upload` scope - package removal must use
   password auth. Anything outside the bound index path returns 403, including the SPA,
   `/+admin-api/*` (so a token cannot mint further tokens), `/+login`, `/`, and `/<user>`.
+  **Bases exception**: `GET /<base>/<idx>/+f/<...>` is also allowed when `<base>/<idx>`
+  is in the bound stage's SRO (bases inheritance). devpi's `+simple/` view on a stage
+  emits file links pointing directly at the base index (e.g. mirror-fed packages on
+  `villapro/staging` link to `/root/pypi/+f/...`); without this exception pip would
+  follow the link with the bound token and get 403. Limited to `GET` on `+f/` —
+  cross-index `+simple/` and writes remain blocked.
 - **Issuance rules**: regular users may issue for themselves; root may issue for *other*
   users (admin delegation) but not for itself. Admin-token-authenticated requests cannot
   issue further tokens. Issuance verifies the target user is in `acl_read` /

{devpi_admin-1.4.0 → devpi_admin-1.4.2}/README.md

@@ -98,6 +98,12 @@ talks to the standard devpi JSON API directly.
   `DELETE` is **never** granted, even with `upload` scope - package removal must use
   password auth. Anything outside the bound index path returns 403, including the SPA,
   `/+admin-api/*` (so a token cannot mint further tokens), `/+login`, `/`, and `/<user>`.
+  **Bases exception**: `GET /<base>/<idx>/+f/<...>` is also allowed when `<base>/<idx>`
+  is in the bound stage's SRO (bases inheritance). devpi's `+simple/` view on a stage
+  emits file links pointing directly at the base index (e.g. mirror-fed packages on
+  `villapro/staging` link to `/root/pypi/+f/...`); without this exception pip would
+  follow the link with the bound token and get 403. Limited to `GET` on `+f/` —
+  cross-index `+simple/` and writes remain blocked.
 - **Issuance rules**: regular users may issue for themselves; root may issue for *other*
   users (admin delegation) but not for itself. Admin-token-authenticated requests cannot
   issue further tokens. Issuance verifies the target user is in `acl_read` /

{devpi_admin-1.4.0 → devpi_admin-1.4.2}/devpi_admin/_version.py

@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
 commit_id: str | None
 __commit_id__: str | None
 
-__version__ = version = '1.4.0'
-__version_tuple__ = version_tuple = (1, 4, 0)
+__version__ = version = '1.4.2'
+__version_tuple__ = version_tuple = (1, 4, 2)
 
-__commit_id__ = commit_id = 'gc695723cf'
+__commit_id__ = commit_id = 'g1bf2e00e1'

{devpi_admin-1.4.0 → devpi_admin-1.4.2}/devpi_admin/main.py

@@ -444,7 +444,7 @@ def devpi_admin_tween_factory(handler, registry):
                 # Cache for the identity hook so it doesn't re-read keyfs.
                 request.environ["adm.token_meta"] = meta
                 request.environ["adm.is_admin_token"] = True
-                denied = _admin_token_check(request, meta)
+                denied = _admin_token_check(request, meta, xom)
                 if denied is not None:
                     return denied
             # Invalid/expired token: let the identity hook return None and
@@ -510,7 +510,7 @@ def _request_carries_admin_token(request):
     return _extract_admin_token_secret(request) is not None
 
 
-def _admin_token_check(request, token_meta):
+def _admin_token_check(request, token_meta, xom):
     """Restrict admin-token requests by scope and bound index.
 
     A token carries a ``scope`` (``read`` / ``upload``) and is bound to a
@@ -523,6 +523,13 @@ def _admin_token_check(request, token_meta):
       ``/<user>/<index>/...``. A token bound to ``alice/dev`` cannot
       reach ``/bob/prod`` or any management endpoint (``/+admin*``,
       ``/+admin-api/*``, ``/+login``, ``/+status``, ``/<user>``).
+    * Cross-base file downloads (``GET /<base>/<idx>/+f/...``) are
+      allowed when the target index is reachable through the bound
+      stage's SRO (bases inheritance). devpi's ``+simple/`` on a stage
+      returns links pointing to the base index hosting the file (e.g.
+      ``/root/pypi/+f/...`` for a mirror-fed package on
+      ``villapro/staging``); without this exception pip would follow
+      the link with the bound token and get 403.
 
     Returns ``None`` to allow, or an HTTPForbidden response to deny.
     """
@@ -553,11 +560,45 @@ def _admin_token_check(request, token_meta):
     prefix = "/" + bound
     if path == prefix or path.startswith(prefix + "/"):
         return None
+    # Bases inheritance for file downloads: a stage's +simple/ surfaces
+    # links into the base index (e.g. mirror) rather than rewriting them
+    # under the stage URL. Allow the resulting cross-index GET as long
+    # as the target is part of the bound stage's SRO.
+    if request.method == "GET":
+        file_match = _PKG_FILE_RE.match(path)
+        if file_match is not None:
+            other_user, other_index = file_match.group(1), file_match.group(2)
+            if _index_in_bound_sro(xom, bound, other_user, other_index):
+                return None
     return HTTPForbidden(json_body={
         "error": f"admin token bound to {bound} cannot access {path}",
     })
 
 
+def _index_in_bound_sro(xom, bound, other_user, other_index):
+    """Return True iff ``other_user/other_index`` is in bound stage's SRO.
+
+    SRO (Stage Resolution Order) is devpi's transitive bases traversal —
+    the same chain its ``+simple/`` view follows when emitting links.
+    Best-effort: missing stage or any error returns False (deny). Runs
+    inside a read transaction because ``sro()`` touches each base's
+    ``ixconfig`` in keyfs.
+    """
+    bound_user, bound_idx = bound.split("/", 1)
+    try:
+        with xom.keyfs.read_transaction(allow_reuse=True):
+            bound_stage = xom.model.getstage(bound_user, bound_idx)
+            if bound_stage is None:
+                return False
+            target_name = f"{other_user}/{other_index}"
+            for stage in bound_stage.sro():
+                if stage.name == target_name:
+                    return True
+    except Exception:
+        return False
+    return False
+
+
 def _user_listing_check(request):
     """Restrict ``GET /<user>/`` to that user or root.
 

{devpi_admin-1.4.0 → devpi_admin-1.4.2}/devpi_admin/static/css/style.css

@@ -1588,15 +1588,18 @@ body {
     align-items: center;
     justify-content: space-between;
     padding: 2px 0;
+    gap: 4px;
 }
 
 .pkg-version-link {
-    flex: 1;
+    flex: 1 1 auto;
+    min-width: 0;
     padding: 5px 8px;
     border-radius: 4px;
     font-size: 13px;
     color: var(--text-muted);
     text-decoration: none;
+    overflow-wrap: anywhere;
 }
 
 .pkg-version-link:hover {
@@ -1619,6 +1622,7 @@ body {
     font-size: 16px;
     line-height: 1;
     border-radius: 4px;
+    flex-shrink: 0;
 }
 
 .pkg-version-del:hover {

{devpi_admin-1.4.0 → devpi_admin-1.4.2}/devpi_admin/static/js/app.js

@@ -1242,10 +1242,65 @@
     // Token types supported by the unified Issue modal. The selector at the
     // top of the modal switches the form between Devpi tokens (multi-index,
     // permission checkboxes) and Admin tokens (single index, scope select).
-    // Devpi is the default unless the plugin isn't installed.
+    // When the caller doesn't pin a type, the modal defaults to whichever
+    // backend the user *most recently* issued against — saves picking the
+    // same radio every time. Falls back to Devpi (or Admin if the plugin
+    // isn't installed) for users with no tokens yet.
     var TOKEN_TYPE_DEVPI = 'devpi';
     var TOKEN_TYPE_ADMIN = 'admin';
 
+    function _detectRecentTokenType(username) {
+        // Returns Promise<TOKEN_TYPE_*|null>. ``null`` means the user has
+        // no tokens (or detection failed) — caller picks a static default.
+        //
+        // Admin tokens carry ``issued_at`` (epoch). Macaroon tokens have
+        // no first-class issuance timestamp; we use ``not_before`` when
+        // present (it tracks the issue moment for the typical "starts
+        // now" flow) and fall back to ``expires`` so a freshly-issued
+        // long-TTL token still wins over an older short-TTL one.
+        var pAdmin = Api.get(
+            '/+admin-api/users/' + encodeURIComponent(username) + '/tokens')
+            .then(function (data) {
+                var tokens = (data && data.result) || [];
+                var max = 0;
+                for (var i = 0; i < tokens.length; i++) {
+                    var t = tokens[i].issued_at || 0;
+                    if (t > max) max = t;
+                }
+                return max || null;
+            })
+            .catch(function () { return null; });
+
+        var pDevpi = hasDevpiTokens()
+            ? Api.get('/' + encodeURIComponent(username) + '/+tokens')
+                .then(function (data) {
+                    var tokens = (data && data.result
+                        && data.result.tokens) || {};
+                    var max = 0;
+                    for (var id in tokens) {
+                        if (!Object.prototype.hasOwnProperty.call(
+                                tokens, id)) continue;
+                        var parsed = parseMacaroonRestrictions(
+                            tokens[id].restrictions);
+                        var t = parsed.not_before
+                            || parsed.expires || 0;
+                        if (t > max) max = t;
+                    }
+                    return max || null;
+                })
+                .catch(function () { return null; })
+            : Promise.resolve(null);
+
+        return Promise.all([pAdmin, pDevpi]).then(function (results) {
+            var adminTs = results[0];
+            var devpiTs = results[1];
+            if (!adminTs && !devpiTs) return null;
+            if (!adminTs) return TOKEN_TYPE_DEVPI;
+            if (!devpiTs) return TOKEN_TYPE_ADMIN;
+            return adminTs >= devpiTs ? TOKEN_TYPE_ADMIN : TOKEN_TYPE_DEVPI;
+        });
+    }
+
     // Public entry point. `options` may include:
     //  • `preselectType` — 'devpi' or 'admin'
     //  • `preselectIndexes` — list of 'user/index' strings
@@ -1259,18 +1314,25 @@
     function showIssueTokenModal(username, options) {
         options = options || {};
         var presel = (options.preselectIndexes || []).slice();
-        var preselType = options.preselectType || TOKEN_TYPE_DEVPI;
+        var explicitType = options.preselectType || null;
         _issueReturnTo = options.returnTo || function () {
             showTokensModal(username);
         };
         _issueLockedIndex = (options.lockIndex && presel.length)
             ? presel[0] : null;
-        // If the user asked for Devpi but the plugin isn't installed, silently
-        // fall back to Admin — saves them a trip back through the kebab.
-        if (preselType === TOKEN_TYPE_DEVPI && !hasDevpiTokens()) {
-            preselType = TOKEN_TYPE_ADMIN;
-        }
-        fetchRoot().then(function (rootResult) {
+        // Caller pinned the type → honour it; otherwise detect from the
+        // user's existing tokens (most-recently-issued backend wins).
+        // Detection failure falls back to Devpi (or Admin if the plugin
+        // isn't installed).
+        var pType = explicitType
+            ? Promise.resolve(explicitType)
+            : _detectRecentTokenType(username);
+        Promise.all([fetchRoot(), pType]).then(function (results) {
+            var rootResult = results[0];
+            var preselType = results[1] || TOKEN_TYPE_DEVPI;
+            if (preselType === TOKEN_TYPE_DEVPI && !hasDevpiTokens()) {
+                preselType = TOKEN_TYPE_ADMIN;
+            }
             var indexInfos = getAllIndexes(rootResult);
             var aclByIndex = {};
             // Indexes accessible to the bound user: ones they own, ones
@@ -1304,11 +1366,13 @@
             };
             _renderIssueTokenModal(username, presel, preselType);
         }).catch(function () {
+            var fallbackType = explicitType
+                || (hasDevpiTokens() ? TOKEN_TYPE_DEVPI : TOKEN_TYPE_ADMIN);
             _issueContext = {
                 accessibleIndexes: presel.slice(),
                 aclByIndex: {},
             };
-            _renderIssueTokenModal(username, presel, preselType);
+            _renderIssueTokenModal(username, presel, fallbackType);
         });
     }
 

{devpi_admin-1.4.0 → devpi_admin-1.4.2}/devpi_admin.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devpi-admin
-Version: 1.4.0
+Version: 1.4.2
 Summary: Modern web UI plugin for devpi-server — drop-in replacement for devpi-web
 Author-email: Pavel Revak <pavelrevak@gmail.com>
 License: MIT
@@ -122,6 +122,12 @@ talks to the standard devpi JSON API directly.
   `DELETE` is **never** granted, even with `upload` scope - package removal must use
   password auth. Anything outside the bound index path returns 403, including the SPA,
   `/+admin-api/*` (so a token cannot mint further tokens), `/+login`, `/`, and `/<user>`.
+  **Bases exception**: `GET /<base>/<idx>/+f/<...>` is also allowed when `<base>/<idx>`
+  is in the bound stage's SRO (bases inheritance). devpi's `+simple/` view on a stage
+  emits file links pointing directly at the base index (e.g. mirror-fed packages on
+  `villapro/staging` link to `/root/pypi/+f/...`); without this exception pip would
+  follow the link with the bound token and get 403. Limited to `GET` on `+f/` —
+  cross-index `+simple/` and writes remain blocked.
 - **Issuance rules**: regular users may issue for themselves; root may issue for *other*
   users (admin delegation) but not for itself. Admin-token-authenticated requests cannot
   issue further tokens. Issuance verifies the target user is in `acl_read` /

{devpi_admin-1.4.0 → devpi_admin-1.4.2}/tests/test_acl_read.py

@@ -150,7 +150,7 @@ class AdminTokenCheckTests(unittest.TestCase):
                      "/alice/dev/+simple/", "/alice/dev/+f/foo.whl",
                      "/alice/dev/foo/1.0"):
             self.assertIsNone(
-                _admin_token_check(self._make("GET", path), self._meta()),
+                _admin_token_check(self._make("GET", path), self._meta(), None),
                 "GET %s should be allowed" % path)
 
     def test_read_scope_blocks_management_paths(self):
@@ -158,30 +158,31 @@ class AdminTokenCheckTests(unittest.TestCase):
                      "/+admin-api/users/alice/tokens", "/+status",
                      "/alice", "/alice/"):
             self.assertIsNotNone(
-                _admin_token_check(self._make("GET", path), self._meta()),
+                _admin_token_check(self._make("GET", path), self._meta(), None),
                 "GET %s should be blocked" % path)
 
     def test_read_scope_blocks_other_index(self):
         # Token bound to alice/dev cannot reach bob/prod.
         self.assertIsNotNone(_admin_token_check(
-            self._make("GET", "/bob/prod"), self._meta()))
+            self._make("GET", "/bob/prod"), self._meta(), None))
         self.assertIsNotNone(_admin_token_check(
-            self._make("GET", "/bob/prod/+simple/foo"), self._meta()))
+            self._make("GET", "/bob/prod/+simple/foo"), self._meta(), None))
         # Even alice's *other* index is blocked.
         self.assertIsNotNone(_admin_token_check(
-            self._make("GET", "/alice/staging"), self._meta()))
+            self._make("GET", "/alice/staging"), self._meta(), None))
 
     def test_head_treated_like_get(self):
         self.assertIsNone(_admin_token_check(
-            self._make("HEAD", "/alice/dev"), self._meta()))
+            self._make("HEAD", "/alice/dev"), self._meta(), None))
         self.assertIsNotNone(_admin_token_check(
-            self._make("HEAD", "/+login"), self._meta()))
+            self._make("HEAD", "/+login"), self._meta(), None))
 
     def test_read_scope_blocks_writes_everywhere(self):
         for method in ("POST", "PUT", "PATCH", "DELETE"):
             for path in ("/alice/dev", "/alice/dev/foo", "/+login"):
                 self.assertIsNotNone(
-                    _admin_token_check(self._make(method, path), self._meta()),
+                    _admin_token_check(
+                        self._make(method, path), self._meta(), None),
                     "%s %s must be blocked for read-scope token"
                     % (method, path))
 
@@ -191,10 +192,10 @@ class AdminTokenCheckTests(unittest.TestCase):
         meta = self._meta(scope="upload")
         for method in ("POST", "PUT"):
             self.assertIsNone(_admin_token_check(
-                self._make(method, "/alice/dev"), meta),
+                self._make(method, "/alice/dev"), meta, None),
                 "%s should be allowed" % method)
             self.assertIsNone(_admin_token_check(
-                self._make(method, "/alice/dev/foo/1.0"), meta))
+                self._make(method, "/alice/dev/foo/1.0"), meta, None))
 
     def test_upload_scope_blocks_delete(self):
         # Even with upload scope, DELETE is never allowed — package
@@ -202,31 +203,142 @@ class AdminTokenCheckTests(unittest.TestCase):
         meta = self._meta(scope="upload")
         for path in ("/alice/dev", "/alice/dev/foo", "/alice/dev/foo/1.0"):
             self.assertIsNotNone(
-                _admin_token_check(self._make("DELETE", path), meta),
+                _admin_token_check(self._make("DELETE", path), meta, None),
                 "DELETE %s must be blocked even for upload scope" % path)
 
     def test_upload_scope_blocks_other_index(self):
         meta = self._meta(scope="upload")
         self.assertIsNotNone(_admin_token_check(
-            self._make("POST", "/bob/prod"), meta))
+            self._make("POST", "/bob/prod"), meta, None))
 
     def test_upload_scope_blocks_management_paths(self):
         meta = self._meta(scope="upload")
         for path in ("/+login", "/+admin-api/token", "/+admin/", "/"):
             self.assertIsNotNone(
-                _admin_token_check(self._make("POST", path), meta))
+                _admin_token_check(self._make("POST", path), meta, None))
 
     # --- malformed meta (defensive) ---
 
     def test_unknown_scope_blocked(self):
         meta = {"user": "alice", "index": "alice/dev", "scope": "weird"}
         self.assertIsNotNone(_admin_token_check(
-            self._make("GET", "/alice/dev"), meta))
+            self._make("GET", "/alice/dev"), meta, None))
 
     def test_missing_index_blocked(self):
         meta = {"user": "alice", "scope": "read"}
         self.assertIsNotNone(_admin_token_check(
-            self._make("GET", "/alice/dev"), meta))
+            self._make("GET", "/alice/dev"), meta, None))
+
+
+class AdminTokenBasesAwareTests(unittest.TestCase):
+    """File-download cross-index GETs are allowed when the target index
+    is reachable through the bound stage's SRO (bases inheritance).
+
+    devpi's ``+simple/`` view on a stage emits links pointing to the
+    base index that physically hosts the file (e.g. mirror-fed packages
+    on ``villapro/staging`` link to ``/root/pypi/+f/...``); pip then
+    follows them with the bound token and must not be 403'd.
+    """
+
+    def _make(self, method, path):
+        req = MagicMock()
+        req.method = method
+        req.path = path
+        return req
+
+    def _meta(self, index="villapro/staging"):
+        return {
+            "user": index.split("/")[0], "index": index, "scope": "read"}
+
+    def _xom_with_sro(self, sro_names):
+        """Build a stub xom whose bound stage's sro() yields stages with
+        the given ``user/index`` names. ``read_transaction()`` is a
+        no-op context manager.
+        """
+        stages = [MagicMock(name=n) for n in sro_names]
+        for stage, n in zip(stages, sro_names):
+            stage.name = n
+        bound_stage = MagicMock()
+        bound_stage.sro.return_value = iter(stages)
+
+        xom = MagicMock()
+        xom.model.getstage.return_value = bound_stage
+        ctx = MagicMock()
+        ctx.__enter__ = MagicMock(return_value=ctx)
+        ctx.__exit__ = MagicMock(return_value=False)
+        xom.keyfs.read_transaction.return_value = ctx
+        return xom
+
+    def test_file_download_on_base_index_allowed(self):
+        # staging → private → pypi: pip follows mirror file link.
+        xom = self._xom_with_sro(
+            ["villapro/staging", "villapro/private", "root/pypi"])
+        result = _admin_token_check(
+            self._make("GET", "/root/pypi/+f/ab/cdef/setuptools-1.0.whl"),
+            self._meta(), xom)
+        self.assertIsNone(result)
+
+    def test_file_download_on_intermediate_base_allowed(self):
+        xom = self._xom_with_sro(
+            ["villapro/staging", "villapro/private", "root/pypi"])
+        result = _admin_token_check(
+            self._make("GET", "/villapro/private/+f/ab/cdef/pkg-1.0.whl"),
+            self._meta(), xom)
+        self.assertIsNone(result)
+
+    def test_file_download_on_unrelated_index_blocked(self):
+        xom = self._xom_with_sro(
+            ["villapro/staging", "villapro/private", "root/pypi"])
+        result = _admin_token_check(
+            self._make("GET", "/charlie/secret/+f/ab/cdef/pkg-1.0.whl"),
+            self._meta(), xom)
+        self.assertIsNotNone(result)
+
+    def test_simple_listing_on_base_not_exempted(self):
+        # Bases exception is scoped to +f/ file downloads only — pip
+        # always queries +simple/ on the bound stage URL (devpi merges
+        # the views), so cross-index +simple has no legitimate flow and
+        # must remain blocked to keep token scope meaningful.
+        xom = self._xom_with_sro(
+            ["villapro/staging", "root/pypi"])
+        result = _admin_token_check(
+            self._make("GET", "/root/pypi/+simple/setuptools/"),
+            self._meta(), xom)
+        self.assertIsNotNone(result)
+
+    def test_bound_stage_missing_denies(self):
+        xom = MagicMock()
+        xom.model.getstage.return_value = None
+        ctx = MagicMock()
+        ctx.__enter__ = MagicMock(return_value=ctx)
+        ctx.__exit__ = MagicMock(return_value=False)
+        xom.keyfs.read_transaction.return_value = ctx
+        result = _admin_token_check(
+            self._make("GET", "/root/pypi/+f/ab/cdef/pkg.whl"),
+            self._meta(), xom)
+        self.assertIsNotNone(result)
+
+    def test_sro_lookup_exception_denies(self):
+        # Best-effort: any error in SRO traversal falls through to deny,
+        # rather than masking a misconfiguration as accidental access.
+        xom = MagicMock()
+        xom.keyfs.read_transaction.side_effect = RuntimeError("boom")
+        result = _admin_token_check(
+            self._make("GET", "/root/pypi/+f/ab/cdef/pkg.whl"),
+            self._meta(), xom)
+        self.assertIsNotNone(result)
+
+    def test_upload_scope_does_not_use_bases_exception(self):
+        # Upload tokens write to the bound stage; cross-base writes
+        # don't have an analogous "+f link in +simple" justification.
+        # POST /root/pypi/... must stay blocked even with SRO match.
+        xom = self._xom_with_sro(["villapro/staging", "root/pypi"])
+        meta = {"user": "villapro", "index": "villapro/staging",
+                "scope": "upload"}
+        result = _admin_token_check(
+            self._make("POST", "/root/pypi/+f/ab/cdef/pkg.whl"),
+            meta, xom)
+        self.assertIsNotNone(result)
 
 
 class UserListingCheckTests(unittest.TestCase):

{devpi_admin-1.4.0 → devpi_admin-1.4.2}/tests/test_devpi_tokens_ui.py

@@ -277,6 +277,23 @@ class UnifiedIssueModalTests(unittest.TestCase):
     def test_unified_entry_point_exists(self):
         self.assertIn("function showIssueTokenModal(username, options)", self.js)
 
+    def test_recent_token_type_detector_present(self):
+        # Auto-preselect: when caller doesn't pin a type, pick the
+        # backend the user most recently issued against.
+        self.assertIn("function _detectRecentTokenType(username)", self.js)
+        # Admin tokens compared by issued_at, macaroons by
+        # not_before / expires.
+        self.assertIn("tokens[i].issued_at", self.js)
+        self.assertIn("parsed.not_before", self.js)
+
+    def test_issue_modal_uses_detector_when_caller_is_silent(self):
+        # `options.preselectType` short-circuits detection; absence
+        # triggers _detectRecentTokenType.
+        self.assertIn("var explicitType = options.preselectType || null;",
+                      self.js)
+        self.assertIn("explicitType\n            ? Promise.resolve(explicitType)\n"
+                      "            : _detectRecentTokenType(username);", self.js)
+
     def test_unified_listing_has_issue_button(self):
         # Single Issue entry point on the unified per-user Tokens modal —
         # no preselectType so the user picks devpi/admin in the form.