b14f6f040f
- Implement tests for feature flags coverage in `feature_flags_coverage_v2_test.go` to validate behavior with invalid persisted and environment values, as well as default settings. - Create tests in `notification_provider_patch_coverage_test.go` to ensure correct handling of notification provider updates, including blocking type mutations for non-Discord providers. - Add tests in `security_notifications_patch_coverage_test.go` to verify deprecated headers, handle invalid CIDR warnings, and ensure correct severity handling for security events. - Introduce migration error handling tests in `routes_coverage_test.go` to ensure graceful handling of migration errors during registration. - Enhance `cerberus_blockers_test.go` with tests for disabled security event notifications and error handling for dispatch failures. - Update `router_test.go` to validate notify routing based on feature flags. - Refactor `mail_service.go` to normalize base URLs for invites, ensuring proper handling of trailing slashes. - Modify `notification_service_json_test.go` and `notification_service_test.go` to mock Discord validation and improve webhook testing. - Update `proxyhost_service.go` to enhance hostname validation by parsing URLs. - Refine `uptime_service.go` to extract ports correctly from URLs, including handling edge cases. - Enhance frontend tests in `notifications.test.ts` and `Notifications.test.tsx` to ensure correct behavior for Discord notification providers and enforce type constraints.
184 lines
5.3 KiB
Go
184 lines
5.3 KiB
Go
package handlers
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/Wikid82/charon/backend/internal/models"
|
|
"github.com/Wikid82/charon/backend/internal/services"
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"gorm.io/driver/sqlite"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
// TestDeprecatedGetSettings_HeadersSet covers lines 64-68
|
|
func TestDeprecatedGetSettings_HeadersSet(t *testing.T) {
|
|
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, db.AutoMigrate(&models.NotificationProvider{}, &models.NotificationConfig{}, &models.Setting{}))
|
|
|
|
service := services.NewEnhancedSecurityNotificationService(db)
|
|
handler := NewSecurityNotificationHandler(service)
|
|
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/legacy/security", http.NoBody)
|
|
|
|
handler.DeprecatedGetSettings(c)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
// Lines 64-68: deprecated headers should be set
|
|
assert.Equal(t, "true", w.Header().Get("X-Charon-Deprecated"))
|
|
assert.Equal(t, "/api/v1/notifications/settings/security", w.Header().Get("X-Charon-Canonical-Endpoint"))
|
|
}
|
|
|
|
// TestHandleSecurityEvent_InvalidCIDRWarning covers lines 119-120
|
|
func TestHandleSecurityEvent_InvalidCIDRWarning(t *testing.T) {
|
|
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, db.AutoMigrate(&models.NotificationProvider{}, &models.NotificationConfig{}, &models.Setting{}))
|
|
|
|
service := services.NewEnhancedSecurityNotificationService(db)
|
|
|
|
// Invalid CIDR that will trigger warning
|
|
invalidCIDRs := []string{"invalid-cidr", "192.168.1.1/33"}
|
|
handler := NewSecurityNotificationHandlerWithDeps(
|
|
service,
|
|
nil,
|
|
"/tmp",
|
|
nil,
|
|
invalidCIDRs,
|
|
)
|
|
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
|
|
event := models.SecurityEvent{
|
|
EventType: "waf_block",
|
|
Severity: "warn",
|
|
Message: "Test",
|
|
ClientIP: "192.168.1.1",
|
|
Path: "/test",
|
|
Timestamp: time.Now(),
|
|
}
|
|
body, _ := json.Marshal(event)
|
|
c.Request = httptest.NewRequest("POST", "/api/v1/security/events", bytes.NewReader(body))
|
|
c.Request.Header.Set("Content-Type", "application/json")
|
|
c.Request.RemoteAddr = "127.0.0.1:12345"
|
|
|
|
handler.HandleSecurityEvent(c)
|
|
|
|
// Should still accept (line 119-120 logs warning but continues)
|
|
assert.Equal(t, http.StatusAccepted, w.Code)
|
|
}
|
|
|
|
// TestHandleSecurityEvent_SeveritySet covers line 146
|
|
func TestHandleSecurityEvent_SeveritySet(t *testing.T) {
|
|
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, db.AutoMigrate(&models.NotificationProvider{}, &models.NotificationConfig{}, &models.Setting{}))
|
|
|
|
service := services.NewEnhancedSecurityNotificationService(db)
|
|
handler := NewSecurityNotificationHandlerWithDeps(
|
|
service,
|
|
nil,
|
|
"/tmp",
|
|
nil,
|
|
[]string{},
|
|
)
|
|
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
|
|
event := models.SecurityEvent{
|
|
EventType: "waf_block",
|
|
Severity: "critical",
|
|
Message: "Test",
|
|
ClientIP: "192.168.1.1",
|
|
Path: "/test",
|
|
Timestamp: time.Now(),
|
|
}
|
|
body, _ := json.Marshal(event)
|
|
c.Request = httptest.NewRequest("POST", "/api/v1/security/events", bytes.NewReader(body))
|
|
c.Request.Header.Set("Content-Type", "application/json")
|
|
c.Request.RemoteAddr = "127.0.0.1:12345"
|
|
|
|
handler.HandleSecurityEvent(c)
|
|
|
|
assert.Equal(t, http.StatusAccepted, w.Code)
|
|
|
|
// Line 146: severity should be set in context
|
|
severity, exists := c.Get("security_event_severity")
|
|
assert.True(t, exists)
|
|
assert.Equal(t, "critical", severity)
|
|
}
|
|
|
|
// TestHandleSecurityEvent_DispatchError covers lines 163-164
|
|
func TestHandleSecurityEvent_DispatchError(t *testing.T) {
|
|
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, db.AutoMigrate(&models.NotificationProvider{}, &models.NotificationConfig{}, &models.Setting{}))
|
|
|
|
// Enable feature flag
|
|
db.Create(&models.Setting{
|
|
Key: "feature.notifications.security_provider_events.enabled",
|
|
Value: "true",
|
|
Type: "bool",
|
|
Category: "feature",
|
|
})
|
|
|
|
// Create provider with invalid URL to trigger dispatch error
|
|
db.Create(&models.NotificationProvider{
|
|
ID: "test",
|
|
Name: "Test",
|
|
Type: "discord",
|
|
URL: "http://invalid-url-that-will-fail",
|
|
Enabled: true,
|
|
NotifySecurityWAFBlocks: true,
|
|
})
|
|
|
|
service := services.NewEnhancedSecurityNotificationService(db)
|
|
handler := NewSecurityNotificationHandlerWithDeps(
|
|
service,
|
|
nil,
|
|
"/tmp",
|
|
nil,
|
|
[]string{},
|
|
)
|
|
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
|
|
event := models.SecurityEvent{
|
|
EventType: "waf_block",
|
|
Severity: "warn",
|
|
Message: "Test",
|
|
ClientIP: "192.168.1.1",
|
|
Path: "/test",
|
|
Timestamp: time.Now(),
|
|
}
|
|
body, _ := json.Marshal(event)
|
|
c.Request = httptest.NewRequest("POST", "/api/v1/security/events", bytes.NewReader(body))
|
|
c.Request.Header.Set("Content-Type", "application/json")
|
|
c.Request.RemoteAddr = "127.0.0.1:12345"
|
|
|
|
handler.HandleSecurityEvent(c)
|
|
|
|
// Should still return 202 even if dispatch fails (lines 163-164 log error)
|
|
assert.Equal(t, http.StatusAccepted, w.Code)
|
|
}
|