mirror of
https://github.com/infiniflow/ragflow.git
synced 2026-06-29 15:31:05 +08:00
43a9d53c72
### What problem does this PR solve? Fixes #15456. The SDK agent-bot routes `POST /api/v1/agentbots/<agent_id>/completions` and `GET /api/v1/agentbots/<agent_id>/inputs` (`api/apps/restful_apis/bot_api.py`) authenticate the caller with a beta API token — which only yields the caller's `tenant_id` — but then load and run the agent named in the URL **without verifying the agent belongs to the caller's tenant**. `UserCanvasService.get_agent_dsl_with_release` even accepts a `tenant_id` it never uses, and `begin_inputs` calls `get_by_id` directly. Any holder of a single valid beta token could therefore run another tenant's agent (leaking its DSL/prompts/tool config) or read another tenant's agent metadata and begin input form, just by substituting a victim `agent_id`. This PR adds the project's existing ownership gate, `UserCanvasService.accessible(agent_id, tenant_id)`, to both endpoints right after token authentication — mirroring the checks already enforced on the equivalent first-party routes in `api/apps/restful_apis/agent_api.py` (lines 75/578/775) and on the sibling `chatbot_completions` / `create_agent_session` / `delete_agent_session` handlers in the same file. On failure it returns the same `Can't find agent by ID: <id>` message already used by `begin_inputs`, so it does not reveal whether an `agent_id` exists in another tenant. Added a regression test (`test/unit_test/api/apps/restful_apis/test_agentbots_access_control.py`, following the existing stubbed-loader pattern from `test_get_agent_session.py`) asserting that an inaccessible `agent_id` is rejected before the agent is loaded (`begin_inputs`) or executed (`completions`), and that an accessible agent still proceeds. ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) - [ ] New Feature (non-breaking change which adds functionality) - [ ] Documentation Update - [ ] Refactoring - [ ] Performance Improvement - [ ] Other (please describe): --------- Co-authored-by: Zhichang Yu <yuzhichang@gmail.com>
(1). Deploy RAGFlow services and images
https://ragflow.io/docs/build_docker_image
(2). Configure the required environment for testing
Install Python dependencies (including test dependencies):
uv sync --python 3.13 --only-group test --no-default-groups --frozen
Activate the environment:
source .venv/bin/activate
Install SDK:
uv pip install sdk/python
Modify the .env file: Add the following code:
COMPOSE_PROFILES=${COMPOSE_PROFILES},tei-cpu
TEI_MODEL=BAAI/bge-small-en-v1.5
RAGFLOW_IMAGE=infiniflow/ragflow:v0.26.2 #Replace with the image you are using
Start the container(wait two minutes):
docker compose -f docker/docker-compose.yml up -d
(3). Test Elasticsearch
a) Run sdk tests against Elasticsearch:
export HTTP_API_TEST_LEVEL=p2
export HOST_ADDRESS=http://127.0.0.1:9380 # Ensure that this port is the API port mapped to your localhost
pytest -s --tb=short --level=${HTTP_API_TEST_LEVEL} test/testcases/test_sdk_api
b) Run http api tests against Elasticsearch:
pytest -s --tb=short --level=${HTTP_API_TEST_LEVEL} test/testcases/test_http_api
(4). Test Infinity
Modify the .env file:
DOC_ENGINE=${DOC_ENGINE:-infinity}
Start the container:
docker compose -f docker/docker-compose.yml down -v
docker compose -f docker/docker-compose.yml up -d
a) Run sdk tests against Infinity:
DOC_ENGINE=infinity pytest -s --tb=short --level=${HTTP_API_TEST_LEVEL} test/testcases/test_sdk_api
b) Run http api tests against Infinity:
DOC_ENGINE=infinity pytest -s --tb=short --level=${HTTP_API_TEST_LEVEL} test/testcases/test_http_api