chore: clean .gitignore cache
This commit is contained in:
GitHub Actions
147
tests/fixtures/security.ts
vendored
147
tests/fixtures/security.ts
vendored
@@ -1,147 +0,0 @@
|
||||
/**
|
||||
* Security Test Fixtures
|
||||
*
|
||||
* Provides helper functions for enabling/disabling security modules
|
||||
* and testing emergency access during E2E tests.
|
||||
*/
|
||||
|
||||
import { APIRequestContext } from '@playwright/test';
|
||||
|
||||
/**
|
||||
* Emergency token for E2E tests - must match docker-compose.e2e.yml
|
||||
*/
|
||||
export const EMERGENCY_TOKEN =
|
||||
process.env.CHARON_EMERGENCY_TOKEN || 'test-emergency-token-for-e2e-32chars';
|
||||
|
||||
/**
|
||||
* Emergency server configuration for E2E tests
|
||||
*/
|
||||
export const EMERGENCY_SERVER = {
|
||||
baseURL: 'http://localhost:2019',
|
||||
username: 'admin',
|
||||
password: 'changeme',
|
||||
};
|
||||
|
||||
/**
|
||||
* Enable all security modules for testing.
|
||||
* This simulates a production environment with full security enabled.
|
||||
*
|
||||
* @param request - Playwright APIRequestContext
|
||||
*/
|
||||
export async function enableSecurity(request: APIRequestContext): Promise<void> {
|
||||
console.log('🔒 Enabling all security modules...');
|
||||
|
||||
const modules = [
|
||||
{ key: 'security.acl.enabled', value: 'true' },
|
||||
{ key: 'security.waf.enabled', value: 'true' },
|
||||
{ key: 'security.rate_limit.enabled', value: 'true' },
|
||||
{ key: 'feature.cerberus.enabled', value: 'true' },
|
||||
];
|
||||
|
||||
for (const { key, value } of modules) {
|
||||
await request.post('/api/v1/settings', {
|
||||
data: { key, value },
|
||||
});
|
||||
console.log(` ✓ Enabled: ${key}`);
|
||||
}
|
||||
|
||||
// Wait for settings to propagate
|
||||
console.log(' ⏳ Waiting for security settings to propagate...');
|
||||
await new Promise(resolve => setTimeout(resolve, 2000));
|
||||
|
||||
console.log(' ✅ Security enabled');
|
||||
}
|
||||
|
||||
/**
|
||||
* Disable all security modules using the emergency token.
|
||||
* This is the proper way to recover from security lockouts.
|
||||
*
|
||||
* @param request - Playwright APIRequestContext
|
||||
* @throws Error if emergency reset fails
|
||||
*/
|
||||
export async function disableSecurity(request: APIRequestContext): Promise<void> {
|
||||
console.log('🔓 Disabling security using emergency token...');
|
||||
|
||||
const response = await request.post('/api/v1/emergency/security-reset', {
|
||||
headers: {
|
||||
'X-Emergency-Token': EMERGENCY_TOKEN,
|
||||
},
|
||||
});
|
||||
|
||||
if (!response.ok()) {
|
||||
const body = await response.text();
|
||||
throw new Error(`Emergency reset failed: ${response.status()} ${body}`);
|
||||
}
|
||||
|
||||
const result = await response.json();
|
||||
console.log(` ✅ Disabled modules: ${result.disabled_modules?.join(', ')}`);
|
||||
|
||||
// Wait for settings to propagate
|
||||
console.log(' ⏳ Waiting for security reset to propagate...');
|
||||
await new Promise(resolve => setTimeout(resolve, 2000));
|
||||
|
||||
console.log(' ✅ Security disabled');
|
||||
}
|
||||
|
||||
/**
|
||||
* Test if emergency token access is functional.
|
||||
* This is useful for verifying the emergency bypass system is working.
|
||||
*
|
||||
* @param request - Playwright APIRequestContext
|
||||
* @returns true if emergency token works, false otherwise
|
||||
*/
|
||||
export async function testEmergencyAccess(request: APIRequestContext): Promise<boolean> {
|
||||
try {
|
||||
const response = await request.post('/api/v1/emergency/security-reset', {
|
||||
headers: {
|
||||
'X-Emergency-Token': EMERGENCY_TOKEN,
|
||||
},
|
||||
});
|
||||
|
||||
return response.ok();
|
||||
} catch (e) {
|
||||
console.error(`Emergency access test failed: ${e}`);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test emergency server access (Tier 2 break glass).
|
||||
* This tests the separate emergency server on port 2019.
|
||||
*
|
||||
* @param request - Playwright APIRequestContext
|
||||
* @returns true if emergency server is accessible, false otherwise
|
||||
*/
|
||||
export async function testEmergencyServerAccess(
|
||||
request: APIRequestContext
|
||||
): Promise<boolean> {
|
||||
try {
|
||||
// Create Basic Auth header
|
||||
const authHeader =
|
||||
'Basic ' +
|
||||
Buffer.from(`${EMERGENCY_SERVER.username}:${EMERGENCY_SERVER.password}`).toString('base64');
|
||||
|
||||
const response = await request.post(`${EMERGENCY_SERVER.baseURL}/emergency/security-reset`, {
|
||||
headers: {
|
||||
Authorization: authHeader,
|
||||
'X-Emergency-Token': EMERGENCY_TOKEN,
|
||||
},
|
||||
});
|
||||
|
||||
return response.ok();
|
||||
} catch (e) {
|
||||
console.error(`Emergency server access test failed: ${e}`);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Wait for security settings to propagate through the system.
|
||||
* Some security changes take time to apply due to caching and module loading.
|
||||
*
|
||||
* @param durationMs - Duration to wait in milliseconds (default: 2000)
|
||||
*/
|
||||
export async function waitForSecurityPropagation(durationMs: number = 2000): Promise<void> {
|
||||
console.log(` ⏳ Waiting ${durationMs}ms for security changes to propagate...`);
|
||||
await new Promise(resolve => setTimeout(resolve, durationMs));
|
||||
}
|
||||
Reference in New Issue
Block a user