fix(05-12): resolve 3 critical code review findings

curo/kite

CR-01: add `except HTTPException: raise` before broad except in
stream_document_content — prevents 503 (reconnect prompt) from being
swallowed and replaced with misleading 502

CR-02: move pre-flight credential checks BEFORE Redis setex in
oauth_initiate — no orphan state tokens written for unconfigured providers;
also adds onedrive_tenant_id to OneDrive pre-flight condition (WR-02)

CR-03: add CLOUD_CREDS_KEY to celery-worker environment in docker-compose.yml
— worker cannot decrypt cloud credentials without this key; every cloud
document task was silently failing at runtime

WR-03: assert Redis store empty after 400 pre-flight responses in both
new tests — confirms no token leak on misconfigured-provider requests

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

This commit is contained in:

curo1305

2026-05-30 18:04:09 +02:00

parent 12dd692f00

commit b1a136b5be

4 changed files with 23 additions and 9 deletions

									
										docker-compose.yml
									
		+1
		
												View File
												
				@@ -87,6 +87,7 @@ services:

				      - MINIO_SECRET_KEY=${MINIO_SECRET_KEY}

				      - MINIO_BUCKET=${MINIO_BUCKET}

				      - REDIS_URL=${REDIS_URL}

				      - CLOUD_CREDS_KEY=${CLOUD_CREDS_KEY}

				      - PYTHONDONTWRITEBYTECODE=1

				    volumes:

				      - ./backend:/app