e6c4e46dd8
- Removed redundant `gin.SetMode(gin.TestMode)` calls from individual test files. - Introduced a centralized `TestMain` function in `testmain_test.go` to set the Gin mode for all tests. - Ensured consistent test environment setup across various handler test files.
962 lines
32 KiB
Go
962 lines
32 KiB
Go
package handlers_test
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/Wikid82/charon/backend/internal/api/handlers"
|
|
"github.com/Wikid82/charon/backend/internal/crypto"
|
|
"github.com/Wikid82/charon/backend/internal/models"
|
|
"github.com/Wikid82/charon/backend/internal/services"
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/google/uuid"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"gorm.io/driver/sqlite"
|
|
"gorm.io/gorm"
|
|
|
|
_ "github.com/Wikid82/charon/backend/pkg/dnsprovider/builtin" // Auto-register DNS providers
|
|
)
|
|
|
|
func setupCredentialHandlerTest(t *testing.T) (*gin.Engine, *gorm.DB, *models.DNSProvider) {
|
|
// Set encryption key for test - must be done before any service initialization
|
|
_ = os.Setenv("CHARON_ENCRYPTION_KEY", "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY=")
|
|
t.Cleanup(func() {
|
|
_ = os.Unsetenv("CHARON_ENCRYPTION_KEY")
|
|
})
|
|
|
|
router := gin.New()
|
|
|
|
// Use test name for unique database with WAL mode to avoid locking issues
|
|
dbName := fmt.Sprintf("file:%s?mode=memory&cache=shared&_journal_mode=WAL", t.Name())
|
|
db, err := gorm.Open(sqlite.Open(dbName), &gorm.Config{})
|
|
require.NoError(t, err)
|
|
|
|
// Close database connection when test completes
|
|
t.Cleanup(func() {
|
|
sqlDB, _ := db.DB()
|
|
_ = sqlDB.Close()
|
|
})
|
|
|
|
err = db.AutoMigrate(
|
|
&models.DNSProvider{},
|
|
&models.DNSProviderCredential{},
|
|
&models.SecurityAudit{},
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY=" // "0123456789abcdef0123456789abcdef" base64 encoded
|
|
encryptor, err := crypto.NewEncryptionService(testKey)
|
|
require.NoError(t, err)
|
|
|
|
// Create test provider with multi-credential enabled
|
|
creds := map[string]string{"api_token": "test-token"}
|
|
credsJSON, _ := json.Marshal(creds)
|
|
encrypted, _ := encryptor.Encrypt(credsJSON)
|
|
|
|
provider := &models.DNSProvider{
|
|
UUID: uuid.New().String(),
|
|
Name: "Test Provider",
|
|
ProviderType: "cloudflare",
|
|
Enabled: true,
|
|
UseMultiCredentials: true,
|
|
CredentialsEncrypted: encrypted,
|
|
KeyVersion: 1,
|
|
PropagationTimeout: 120,
|
|
PollingInterval: 5,
|
|
}
|
|
err = db.Create(provider).Error
|
|
require.NoError(t, err)
|
|
|
|
credService := services.NewCredentialService(db, encryptor)
|
|
credHandler := handlers.NewCredentialHandler(credService)
|
|
|
|
router.GET("/api/v1/dns-providers/:id/credentials", credHandler.List)
|
|
router.POST("/api/v1/dns-providers/:id/credentials", credHandler.Create)
|
|
router.GET("/api/v1/dns-providers/:id/credentials/:cred_id", credHandler.Get)
|
|
router.PUT("/api/v1/dns-providers/:id/credentials/:cred_id", credHandler.Update)
|
|
router.DELETE("/api/v1/dns-providers/:id/credentials/:cred_id", credHandler.Delete)
|
|
router.POST("/api/v1/dns-providers/:id/credentials/:cred_id/test", credHandler.Test)
|
|
router.POST("/api/v1/dns-providers/:id/enable-multi-credentials", credHandler.EnableMultiCredentials)
|
|
|
|
return router, db, provider
|
|
}
|
|
|
|
func TestCredentialHandler_Create(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
reqBody := map[string]interface{}{
|
|
"label": "Test Credential",
|
|
"zone_filter": "example.com",
|
|
"credentials": map[string]string{
|
|
"api_token": "test-token-123",
|
|
},
|
|
"propagation_timeout": 180,
|
|
"polling_interval": 10,
|
|
"enabled": true,
|
|
}
|
|
body, _ := json.Marshal(reqBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials", provider.ID)
|
|
req, _ := http.NewRequest("POST", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusCreated, w.Code)
|
|
|
|
var response models.DNSProviderCredential
|
|
err := json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, "Test Credential", response.Label)
|
|
assert.Equal(t, "example.com", response.ZoneFilter)
|
|
}
|
|
|
|
func TestCredentialHandler_Create_InvalidProviderID(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
reqBody := map[string]interface{}{
|
|
"label": "Test",
|
|
"credentials": map[string]string{"api_token": "token"},
|
|
}
|
|
body, _ := json.Marshal(reqBody)
|
|
|
|
req, _ := http.NewRequest("POST", "/api/v1/dns-providers/invalid/credentials", bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
}
|
|
|
|
func TestCredentialHandler_List(t *testing.T) {
|
|
router, db, provider := setupCredentialHandlerTest(t)
|
|
|
|
// Create test credentials
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
credService := services.NewCredentialService(db, encryptor)
|
|
|
|
for i := 0; i < 3; i++ {
|
|
req := services.CreateCredentialRequest{
|
|
Label: "Credential " + string(rune('A'+i)),
|
|
Credentials: map[string]string{"api_token": "token"},
|
|
}
|
|
_, err := credService.Create(testContext(), provider.ID, req)
|
|
require.NoError(t, err)
|
|
// Give SQLite time to release locks between operations
|
|
time.Sleep(10 * time.Millisecond)
|
|
}
|
|
|
|
// Give SQLite additional time to ensure all writes are complete
|
|
time.Sleep(20 * time.Millisecond)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials", provider.ID)
|
|
req, _ := http.NewRequest("GET", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
|
|
var response []models.DNSProviderCredential
|
|
err := json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Len(t, response, 3)
|
|
}
|
|
|
|
func TestCredentialHandler_Get(t *testing.T) {
|
|
router, db, provider := setupCredentialHandlerTest(t)
|
|
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
credService := services.NewCredentialService(db, encryptor)
|
|
|
|
createReq := services.CreateCredentialRequest{
|
|
Label: "Test Credential",
|
|
Credentials: map[string]string{"api_token": "token"},
|
|
}
|
|
created, err := credService.Create(testContext(), provider.ID, createReq)
|
|
require.NoError(t, err)
|
|
|
|
// Give SQLite time to release locks
|
|
time.Sleep(10 * time.Millisecond)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/%d", provider.ID, created.ID)
|
|
req, _ := http.NewRequest("GET", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
|
|
var response models.DNSProviderCredential
|
|
err = json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
// ID is not exposed in JSON (json:"-" tag), use UUID for comparison
|
|
assert.Equal(t, created.UUID, response.UUID)
|
|
}
|
|
|
|
func TestCredentialHandler_Get_NotFound(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/9999", provider.ID)
|
|
req, _ := http.NewRequest("GET", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
}
|
|
|
|
func TestCredentialHandler_Update(t *testing.T) {
|
|
router, db, provider := setupCredentialHandlerTest(t)
|
|
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
credService := services.NewCredentialService(db, encryptor)
|
|
|
|
createReq := services.CreateCredentialRequest{
|
|
Label: "Original",
|
|
Credentials: map[string]string{"api_token": "token"},
|
|
}
|
|
created, err := credService.Create(testContext(), provider.ID, createReq)
|
|
require.NoError(t, err)
|
|
|
|
// Give SQLite time to release locks
|
|
time.Sleep(10 * time.Millisecond)
|
|
|
|
updateBody := map[string]interface{}{
|
|
"label": "Updated Label",
|
|
"zone_filter": "*.example.com",
|
|
"enabled": false,
|
|
}
|
|
body, _ := json.Marshal(updateBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/%d", provider.ID, created.ID)
|
|
req, _ := http.NewRequest("PUT", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
|
|
var response models.DNSProviderCredential
|
|
err = json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, "Updated Label", response.Label)
|
|
assert.Equal(t, "*.example.com", response.ZoneFilter)
|
|
assert.False(t, response.Enabled)
|
|
}
|
|
|
|
func TestCredentialHandler_Delete(t *testing.T) {
|
|
router, db, provider := setupCredentialHandlerTest(t)
|
|
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
credService := services.NewCredentialService(db, encryptor)
|
|
|
|
createReq := services.CreateCredentialRequest{
|
|
Label: "To Delete",
|
|
Credentials: map[string]string{"api_token": "token"},
|
|
}
|
|
created, err := credService.Create(testContext(), provider.ID, createReq)
|
|
require.NoError(t, err)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/%d", provider.ID, created.ID)
|
|
req, _ := http.NewRequest("DELETE", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNoContent, w.Code)
|
|
|
|
// Verify deletion
|
|
_, err = credService.Get(testContext(), provider.ID, created.ID)
|
|
assert.ErrorIs(t, err, services.ErrCredentialNotFound)
|
|
}
|
|
|
|
func TestCredentialHandler_Test(t *testing.T) {
|
|
router, db, provider := setupCredentialHandlerTest(t)
|
|
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
credService := services.NewCredentialService(db, encryptor)
|
|
|
|
createReq := services.CreateCredentialRequest{
|
|
Label: "Test",
|
|
Credentials: map[string]string{"api_token": "token"},
|
|
}
|
|
created, err := credService.Create(testContext(), provider.ID, createReq)
|
|
require.NoError(t, err)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/%d/test", provider.ID, created.ID)
|
|
req, _ := http.NewRequest("POST", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
|
|
var response services.TestResult
|
|
err = json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func TestCredentialHandler_EnableMultiCredentials(t *testing.T) {
|
|
router, db, _ := setupCredentialHandlerTest(t)
|
|
|
|
// Create provider without multi-credential enabled
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
creds := map[string]string{"api_token": "test-token"}
|
|
credsJSON, _ := json.Marshal(creds)
|
|
encrypted, _ := encryptor.Encrypt(credsJSON)
|
|
|
|
provider := &models.DNSProvider{
|
|
UUID: uuid.New().String(),
|
|
Name: "Provider to Enable",
|
|
ProviderType: "cloudflare",
|
|
Enabled: true,
|
|
UseMultiCredentials: false,
|
|
CredentialsEncrypted: encrypted,
|
|
KeyVersion: 1,
|
|
}
|
|
err := db.Create(provider).Error
|
|
require.NoError(t, err)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/enable-multi-credentials", provider.ID)
|
|
req, _ := http.NewRequest("POST", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
|
|
// Verify provider was updated
|
|
var updatedProvider models.DNSProvider
|
|
err = db.First(&updatedProvider, provider.ID).Error
|
|
require.NoError(t, err)
|
|
assert.True(t, updatedProvider.UseMultiCredentials)
|
|
}
|
|
|
|
func testContext() *gin.Context {
|
|
c, _ := gin.CreateTestContext(httptest.NewRecorder())
|
|
return c
|
|
}
|
|
|
|
// ===========================
|
|
// ERROR PATH TESTS
|
|
// ===========================
|
|
|
|
func TestCredentialHandler_List_InvalidProviderID(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
req, _ := http.NewRequest("GET", "/api/v1/dns-providers/invalid/credentials", nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Invalid provider ID")
|
|
}
|
|
|
|
func TestCredentialHandler_List_ProviderNotFound(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
req, _ := http.NewRequest("GET", "/api/v1/dns-providers/9999/credentials", nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
assert.Contains(t, w.Body.String(), "DNS provider not found")
|
|
}
|
|
|
|
func TestCredentialHandler_List_MultiCredentialNotEnabled(t *testing.T) {
|
|
router, db, _ := setupCredentialHandlerTest(t)
|
|
|
|
// Create provider without multi-credential mode
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
creds := map[string]string{"api_token": "test-token"}
|
|
credsJSON, _ := json.Marshal(creds)
|
|
encrypted, _ := encryptor.Encrypt(credsJSON)
|
|
|
|
provider := &models.DNSProvider{
|
|
UUID: uuid.New().String(),
|
|
Name: "Single Cred Provider",
|
|
ProviderType: "cloudflare",
|
|
Enabled: true,
|
|
UseMultiCredentials: false,
|
|
CredentialsEncrypted: encrypted,
|
|
KeyVersion: 1,
|
|
}
|
|
require.NoError(t, db.Create(provider).Error)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials", provider.ID)
|
|
req, _ := http.NewRequest("GET", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Multi-credential mode not enabled")
|
|
}
|
|
|
|
func TestCredentialHandler_Create_ProviderNotFound(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
reqBody := map[string]interface{}{
|
|
"label": "Test",
|
|
"credentials": map[string]string{"api_token": "token"},
|
|
}
|
|
body, _ := json.Marshal(reqBody)
|
|
|
|
req, _ := http.NewRequest("POST", "/api/v1/dns-providers/9999/credentials", bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
assert.Contains(t, w.Body.String(), "DNS provider not found")
|
|
}
|
|
|
|
func TestCredentialHandler_Create_MultiCredentialNotEnabled(t *testing.T) {
|
|
router, db, _ := setupCredentialHandlerTest(t)
|
|
|
|
// Create provider without multi-credential mode
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
creds := map[string]string{"api_token": "test-token"}
|
|
credsJSON, _ := json.Marshal(creds)
|
|
encrypted, _ := encryptor.Encrypt(credsJSON)
|
|
|
|
provider := &models.DNSProvider{
|
|
UUID: uuid.New().String(),
|
|
Name: "Single Cred Provider",
|
|
ProviderType: "cloudflare",
|
|
Enabled: true,
|
|
UseMultiCredentials: false,
|
|
CredentialsEncrypted: encrypted,
|
|
KeyVersion: 1,
|
|
}
|
|
require.NoError(t, db.Create(provider).Error)
|
|
|
|
reqBody := map[string]interface{}{
|
|
"label": "Test",
|
|
"credentials": map[string]string{"api_token": "token"},
|
|
}
|
|
body, _ := json.Marshal(reqBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials", provider.ID)
|
|
req, _ := http.NewRequest("POST", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Multi-credential mode not enabled")
|
|
}
|
|
|
|
func TestCredentialHandler_Create_InvalidJSON(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials", provider.ID)
|
|
req, _ := http.NewRequest("POST", url, bytes.NewBufferString("{invalid json"))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
}
|
|
|
|
func TestCredentialHandler_Create_MissingRequiredFields(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
// Missing credentials field
|
|
reqBody := map[string]interface{}{
|
|
"label": "Test",
|
|
}
|
|
body, _ := json.Marshal(reqBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials", provider.ID)
|
|
req, _ := http.NewRequest("POST", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
}
|
|
|
|
func TestCredentialHandler_Create_InvalidProviderType(t *testing.T) {
|
|
router, db, _ := setupCredentialHandlerTest(t)
|
|
|
|
// Create provider with invalid provider type
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
creds := map[string]string{"api_token": "test-token"}
|
|
credsJSON, _ := json.Marshal(creds)
|
|
encrypted, _ := encryptor.Encrypt(credsJSON)
|
|
|
|
provider := &models.DNSProvider{
|
|
UUID: uuid.New().String(),
|
|
Name: "Invalid Provider",
|
|
ProviderType: "nonexistent-provider",
|
|
Enabled: true,
|
|
UseMultiCredentials: true,
|
|
CredentialsEncrypted: encrypted,
|
|
KeyVersion: 1,
|
|
}
|
|
require.NoError(t, db.Create(provider).Error)
|
|
|
|
reqBody := map[string]interface{}{
|
|
"label": "Test",
|
|
"credentials": map[string]string{"api_token": "token"},
|
|
}
|
|
body, _ := json.Marshal(reqBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials", provider.ID)
|
|
req, _ := http.NewRequest("POST", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
}
|
|
|
|
func TestCredentialHandler_Get_InvalidProviderID(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
req, _ := http.NewRequest("GET", "/api/v1/dns-providers/invalid/credentials/1", nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Invalid provider ID")
|
|
}
|
|
|
|
func TestCredentialHandler_Get_InvalidCredentialID(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/invalid", provider.ID)
|
|
req, _ := http.NewRequest("GET", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Invalid credential ID")
|
|
}
|
|
|
|
func TestCredentialHandler_Update_InvalidProviderID(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
reqBody := map[string]interface{}{"label": "Updated"}
|
|
body, _ := json.Marshal(reqBody)
|
|
|
|
req, _ := http.NewRequest("PUT", "/api/v1/dns-providers/invalid/credentials/1", bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Invalid provider ID")
|
|
}
|
|
|
|
func TestCredentialHandler_Update_InvalidCredentialID(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
reqBody := map[string]interface{}{"label": "Updated"}
|
|
body, _ := json.Marshal(reqBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/invalid", provider.ID)
|
|
req, _ := http.NewRequest("PUT", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Invalid credential ID")
|
|
}
|
|
|
|
func TestCredentialHandler_Update_NotFound(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
reqBody := map[string]interface{}{"label": "Updated"}
|
|
body, _ := json.Marshal(reqBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/9999", provider.ID)
|
|
req, _ := http.NewRequest("PUT", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Credential not found")
|
|
}
|
|
|
|
func TestCredentialHandler_Update_InvalidJSON(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/1", provider.ID)
|
|
req, _ := http.NewRequest("PUT", url, bytes.NewBufferString("{invalid json"))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
}
|
|
|
|
func TestCredentialHandler_Delete_InvalidProviderID(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
req, _ := http.NewRequest("DELETE", "/api/v1/dns-providers/invalid/credentials/1", nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Invalid provider ID")
|
|
}
|
|
|
|
func TestCredentialHandler_Delete_InvalidCredentialID(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/invalid", provider.ID)
|
|
req, _ := http.NewRequest("DELETE", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Invalid credential ID")
|
|
}
|
|
|
|
func TestCredentialHandler_Delete_NotFound(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/9999", provider.ID)
|
|
req, _ := http.NewRequest("DELETE", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Credential not found")
|
|
}
|
|
|
|
func TestCredentialHandler_Test_InvalidProviderID(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
req, _ := http.NewRequest("POST", "/api/v1/dns-providers/invalid/credentials/1/test", nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Invalid provider ID")
|
|
}
|
|
|
|
func TestCredentialHandler_Test_InvalidCredentialID(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/invalid/test", provider.ID)
|
|
req, _ := http.NewRequest("POST", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Invalid credential ID")
|
|
}
|
|
|
|
func TestCredentialHandler_Test_NotFound(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/9999/test", provider.ID)
|
|
req, _ := http.NewRequest("POST", url, nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Credential not found")
|
|
}
|
|
|
|
func TestCredentialHandler_EnableMultiCredentials_InvalidProviderID(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
req, _ := http.NewRequest("POST", "/api/v1/dns-providers/invalid/enable-multi-credentials", nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Invalid provider ID")
|
|
}
|
|
|
|
func TestCredentialHandler_EnableMultiCredentials_ProviderNotFound(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
req, _ := http.NewRequest("POST", "/api/v1/dns-providers/9999/enable-multi-credentials", nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
assert.Contains(t, w.Body.String(), "DNS provider not found")
|
|
}
|
|
|
|
// TestCredentialHandler_Create_EncryptionError tests encryption failure during credential creation
|
|
func TestCredentialHandler_Create_EncryptionError(t *testing.T) {
|
|
router, db, _ := setupCredentialHandlerTest(t)
|
|
|
|
// Create a provider with invalid encrypted credentials to trigger encryption error
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
creds := map[string]string{"api_token": "test-token"}
|
|
credsJSON, _ := json.Marshal(creds)
|
|
encrypted, _ := encryptor.Encrypt(credsJSON)
|
|
|
|
provider := &models.DNSProvider{
|
|
UUID: uuid.New().String(),
|
|
Name: "Encryption Error Provider",
|
|
ProviderType: "cloudflare",
|
|
Enabled: true,
|
|
UseMultiCredentials: true,
|
|
CredentialsEncrypted: encrypted,
|
|
KeyVersion: 1,
|
|
}
|
|
require.NoError(t, db.Create(provider).Error)
|
|
|
|
// Attempt to create credential - the service will handle encryption internally
|
|
reqBody := map[string]interface{}{
|
|
"label": "Test Credential",
|
|
"credentials": map[string]string{"api_token": "test-token"},
|
|
}
|
|
body, _ := json.Marshal(reqBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials", provider.ID)
|
|
req, _ := http.NewRequest("POST", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
// Should succeed because encryption service is properly initialized
|
|
assert.Equal(t, http.StatusCreated, w.Code)
|
|
}
|
|
|
|
// TestCredentialHandler_Update_EncryptionError tests encryption failure during credential update
|
|
func TestCredentialHandler_Update_EncryptionError(t *testing.T) {
|
|
router, db, provider := setupCredentialHandlerTest(t)
|
|
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
credService := services.NewCredentialService(db, encryptor)
|
|
|
|
createReq := services.CreateCredentialRequest{
|
|
Label: "Original",
|
|
Credentials: map[string]string{"api_token": "token"},
|
|
}
|
|
created, err := credService.Create(testContext(), provider.ID, createReq)
|
|
require.NoError(t, err)
|
|
|
|
// Give SQLite time to release locks
|
|
time.Sleep(10 * time.Millisecond)
|
|
|
|
updateBody := map[string]interface{}{
|
|
"label": "Updated Label",
|
|
"credentials": map[string]string{"api_token": "new-token"},
|
|
}
|
|
body, _ := json.Marshal(updateBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/%d", provider.ID, created.ID)
|
|
req, _ := http.NewRequest("PUT", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
// Should succeed because encryption service is properly initialized
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
}
|
|
|
|
// TestCredentialHandler_Update_InvalidProviderType tests update with invalid provider type
|
|
func TestCredentialHandler_Update_InvalidProviderType(t *testing.T) {
|
|
router, db, _ := setupCredentialHandlerTest(t)
|
|
|
|
// Create provider with invalid provider type
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
creds := map[string]string{"api_token": "test-token"}
|
|
credsJSON, _ := json.Marshal(creds)
|
|
encrypted, _ := encryptor.Encrypt(credsJSON)
|
|
|
|
provider := &models.DNSProvider{
|
|
UUID: uuid.New().String(),
|
|
Name: "Invalid Provider",
|
|
ProviderType: "nonexistent-provider",
|
|
Enabled: true,
|
|
UseMultiCredentials: true,
|
|
CredentialsEncrypted: encrypted,
|
|
KeyVersion: 1,
|
|
}
|
|
require.NoError(t, db.Create(provider).Error)
|
|
|
|
// Create a credential for this provider
|
|
credential := &models.DNSProviderCredential{
|
|
UUID: uuid.New().String(),
|
|
DNSProviderID: provider.ID,
|
|
Label: "Test Credential",
|
|
CredentialsEncrypted: encrypted,
|
|
Enabled: true,
|
|
}
|
|
require.NoError(t, db.Create(credential).Error)
|
|
|
|
// Give SQLite time to release locks
|
|
time.Sleep(10 * time.Millisecond)
|
|
|
|
updateBody := map[string]interface{}{
|
|
"label": "Updated Label",
|
|
"credentials": map[string]string{"api_token": "new-token"},
|
|
}
|
|
body, _ := json.Marshal(updateBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/%d", provider.ID, credential.ID)
|
|
req, _ := http.NewRequest("PUT", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
// Should return 400 because provider type is invalid
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "invalid provider type")
|
|
}
|
|
|
|
// TestCredentialHandler_Update_InvalidCredentials tests update with invalid credentials
|
|
func TestCredentialHandler_Update_InvalidCredentials(t *testing.T) {
|
|
router, db, _ := setupCredentialHandlerTest(t)
|
|
|
|
// Create a provider with cloudflare type
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
creds := map[string]string{"api_token": "test-token"}
|
|
credsJSON, _ := json.Marshal(creds)
|
|
encrypted, _ := encryptor.Encrypt(credsJSON)
|
|
|
|
provider := &models.DNSProvider{
|
|
UUID: uuid.New().String(),
|
|
Name: "Cloudflare Provider",
|
|
ProviderType: "cloudflare",
|
|
Enabled: true,
|
|
UseMultiCredentials: true,
|
|
CredentialsEncrypted: encrypted,
|
|
KeyVersion: 1,
|
|
}
|
|
require.NoError(t, db.Create(provider).Error)
|
|
|
|
// Create a credential for this provider
|
|
credential := &models.DNSProviderCredential{
|
|
UUID: uuid.New().String(),
|
|
DNSProviderID: provider.ID,
|
|
Label: "Test Credential",
|
|
CredentialsEncrypted: encrypted,
|
|
Enabled: true,
|
|
}
|
|
require.NoError(t, db.Create(credential).Error)
|
|
|
|
// Give SQLite time to release locks
|
|
time.Sleep(10 * time.Millisecond)
|
|
|
|
// Update with empty credentials (invalid for cloudflare)
|
|
updateBody := map[string]interface{}{
|
|
"label": "Updated Label",
|
|
"credentials": map[string]string{},
|
|
}
|
|
body, _ := json.Marshal(updateBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/%d", provider.ID, credential.ID)
|
|
req, _ := http.NewRequest("PUT", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
// Result depends on whether validation catches empty credentials
|
|
// Either 400 Bad Request or 200 OK (if validation doesn't check for empty)
|
|
statusOK := w.Code == http.StatusOK || w.Code == http.StatusBadRequest
|
|
assert.True(t, statusOK, "Expected 200 or 400, got %d", w.Code)
|
|
}
|
|
|
|
// TestCredentialHandler_Create_EmptyLabel tests creating credential with empty label
|
|
func TestCredentialHandler_Create_EmptyLabel(t *testing.T) {
|
|
router, _, provider := setupCredentialHandlerTest(t)
|
|
|
|
reqBody := map[string]interface{}{
|
|
"label": "",
|
|
"credentials": map[string]string{"api_token": "token"},
|
|
}
|
|
body, _ := json.Marshal(reqBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials", provider.ID)
|
|
req, _ := http.NewRequest("POST", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
// Should either succeed with default label or return error
|
|
statusOK := w.Code == http.StatusCreated || w.Code == http.StatusBadRequest
|
|
assert.True(t, statusOK, "Expected 201 or 400, got %d", w.Code)
|
|
}
|
|
|
|
// TestCredentialHandler_Update_WithZoneFilter tests updating credential with zone filter
|
|
func TestCredentialHandler_Update_WithZoneFilter(t *testing.T) {
|
|
router, db, provider := setupCredentialHandlerTest(t)
|
|
|
|
testKey := "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
|
|
encryptor, _ := crypto.NewEncryptionService(testKey)
|
|
credService := services.NewCredentialService(db, encryptor)
|
|
|
|
createReq := services.CreateCredentialRequest{
|
|
Label: "Test Credential",
|
|
ZoneFilter: "example.com",
|
|
Credentials: map[string]string{"api_token": "token"},
|
|
}
|
|
created, err := credService.Create(testContext(), provider.ID, createReq)
|
|
require.NoError(t, err)
|
|
|
|
// Give SQLite time to release locks
|
|
time.Sleep(10 * time.Millisecond)
|
|
|
|
updateBody := map[string]interface{}{
|
|
"label": "Updated Label",
|
|
"zone_filter": "*.newdomain.com",
|
|
}
|
|
body, _ := json.Marshal(updateBody)
|
|
|
|
url := fmt.Sprintf("/api/v1/dns-providers/%d/credentials/%d", provider.ID, created.ID)
|
|
req, _ := http.NewRequest("PUT", url, bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
|
|
var response models.DNSProviderCredential
|
|
err = json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, "Updated Label", response.Label)
|
|
assert.Equal(t, "*.newdomain.com", response.ZoneFilter)
|
|
}
|
|
|
|
// TestCredentialHandler_Delete_ProviderNotFound tests deleting credential with nonexistent provider
|
|
func TestCredentialHandler_Delete_ProviderNotFound(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
req, _ := http.NewRequest("DELETE", "/api/v1/dns-providers/9999/credentials/1", nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
// The credential deletion may check provider or directly check credential
|
|
statusOK := w.Code == http.StatusNotFound || w.Code == http.StatusNoContent
|
|
assert.True(t, statusOK, "Expected 404 or 204, got %d", w.Code)
|
|
}
|
|
|
|
// TestCredentialHandler_Test_ProviderNotFound tests testing credential with nonexistent provider
|
|
func TestCredentialHandler_Test_ProviderNotFound(t *testing.T) {
|
|
router, _, _ := setupCredentialHandlerTest(t)
|
|
|
|
req, _ := http.NewRequest("POST", "/api/v1/dns-providers/9999/credentials/1/test", nil)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
}
|