@@ -188,6 +188,82 @@ async def test_find_team_with_model_access_reports_passthrough_allowlist_denial(
188188 assert user_api_key_dict .team_metadata == {}
189189
190190
191+ @pytest .mark .asyncio
192+ async def test_find_team_with_model_access_uses_request_method_for_passthrough_auth ():
193+ jwt_handler = JWTHandler ()
194+ jwt_handler .litellm_jwtauth = LiteLLM_JWTAuth ()
195+ team = LiteLLM_TeamTable (
196+ team_id = "team-a" ,
197+ models = ["gpt-4" ],
198+ metadata = {},
199+ )
200+ mock_registered_routes = {
201+ "test-uuid-1:exact:/custom:GET" : {
202+ "endpoint_id" : "test-uuid-1" ,
203+ "path" : "/custom" ,
204+ "type" : "exact" ,
205+ "methods" : ["GET" ],
206+ "passthrough_params" : {"dependencies" : None },
207+ },
208+ "test-uuid-2:exact:/custom:POST" : {
209+ "endpoint_id" : "test-uuid-2" ,
210+ "path" : "/custom" ,
211+ "type" : "exact" ,
212+ "methods" : ["POST" ],
213+ "passthrough_params" : {"dependencies" : [object ()]},
214+ },
215+ }
216+
217+ with (
218+ patch (
219+ "litellm.proxy.auth.handle_jwt.get_team_object" ,
220+ new_callable = AsyncMock ,
221+ return_value = team ,
222+ ),
223+ patch (
224+ "litellm.proxy.auth.handle_jwt.allowed_routes_check" ,
225+ return_value = True ,
226+ ),
227+ patch (
228+ "litellm.proxy.pass_through_endpoints.pass_through_endpoints._registered_pass_through_routes" ,
229+ mock_registered_routes ,
230+ ),
231+ patch (
232+ "litellm.proxy.pass_through_endpoints.pass_through_endpoints.get_server_root_path" ,
233+ return_value = "/" ,
234+ ),
235+ ):
236+ team_id , team_obj = await JWTAuthManager .find_team_with_model_access (
237+ team_ids = {"team-a" },
238+ requested_model = None ,
239+ route = "/custom" ,
240+ jwt_handler = jwt_handler ,
241+ prisma_client = None ,
242+ user_api_key_cache = MagicMock (),
243+ parent_otel_span = None ,
244+ proxy_logging_obj = MagicMock (),
245+ request_method = "GET" ,
246+ )
247+ assert team_id == "team-a"
248+ assert team_obj == team
249+
250+ with pytest .raises (HTTPException ) as exc_info :
251+ await JWTAuthManager .find_team_with_model_access (
252+ team_ids = {"team-a" },
253+ requested_model = None ,
254+ route = "/custom" ,
255+ jwt_handler = jwt_handler ,
256+ prisma_client = None ,
257+ user_api_key_cache = MagicMock (),
258+ parent_otel_span = None ,
259+ proxy_logging_obj = MagicMock (),
260+ request_method = "POST" ,
261+ )
262+
263+ assert exc_info .value .status_code == 403
264+ assert "allowed_passthrough_routes" in exc_info .value .detail
265+
266+
191267@pytest .mark .asyncio
192268async def test_auth_builder_proxy_admin_user_role ():
193269 """Test that is_proxy_admin is True when user_object.user_role is PROXY_ADMIN"""
0 commit comments