akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

fix: clear block security decisions during emergency reset

Browse Source
This commit is contained in:
GitHub Actions
2026-02-13 07:43:45 +00:00
parent 5db0e9453a
commit cd6ad51ae7
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/internal/api/handlers/emergency_handler.go
+4
View File
@@ -272,6 +272,10 @@ func (h *EmergencyHandler) disableAllSecurityModules() ([]string, error) {
}
}
if err := h.db.Where("action = ?", "block").Delete(&models.SecurityDecision{}).Error; err != nil {
log.WithError(err).Warn("Failed to clear block security decisions during emergency reset")
}
return disabledModules, nil
}
backend/internal/api/handlers/emergency_handler_test.go
+26
View File
@@ -35,6 +35,7 @@ func setupEmergencyTestDB(t *testing.T) *gorm.DB {
&models.Setting{},
&models.SecurityConfig{},
&models.SecurityAudit{},
&models.SecurityDecision{},
&models.EmergencyToken{},
)
require.NoError(t, err)
@@ -312,6 +313,31 @@ func TestEmergencySecurityReset_TriggersReloadAndCacheInvalidate(t *testing.T) {
assert.Equal(t, 1, mockCache.calls)
}
func TestEmergencySecurityReset_ClearsBlockDecisions(t *testing.T) {
db := setupEmergencyTestDB(t)
handler := NewEmergencyHandler(db)
router := setupEmergencyRouter(handler)
validToken := "this-is-a-valid-emergency-token-with-32-chars-minimum"
require.NoError(t, os.Setenv(EmergencyTokenEnvVar, validToken))
defer func() { require.NoError(t, os.Unsetenv(EmergencyTokenEnvVar)) }()
require.NoError(t, db.Create(&models.SecurityDecision{UUID: "dec-1", Source: "manual", Action: "block", IP: "127.0.0.1", CreatedAt: time.Now()}).Error)
require.NoError(t, db.Create(&models.SecurityDecision{UUID: "dec-2", Source: "manual", Action: "allow", IP: "127.0.0.2", CreatedAt: time.Now()}).Error)
req := httptest.NewRequest(http.MethodPost, "/api/v1/emergency/security-reset", nil)
req.Header.Set(EmergencyTokenHeader, validToken)
w := httptest.NewRecorder()
router.ServeHTTP(w, req)
require.Equal(t, http.StatusOK, w.Code)
var remaining []models.SecurityDecision
require.NoError(t, db.Find(&remaining).Error)
require.Len(t, remaining, 1)
assert.Equal(t, "allow", remaining[0].Action)
}
func TestLogEnhancedAudit(t *testing.T) {
// Setup
db := setupEmergencyTestDB(t)