akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
Files
fa42e79af3fd1c2da42e70fc039785cfda376d34
Charon/backend/internal/api/handlers/notification_provider_patch_coverage_test.go
GitHub Actions ed89295012 feat: wire MailService into notification dispatch pipeline (Stage 3) 
Unifies the two previously independent email subsystems — MailService
(net/smtp transport) and NotificationService (HTTP-based providers) —
so email can participate in the notification dispatch pipeline.

Key changes:
- SendEmail signature updated to accept context.Context and []string
  recipients to enable timeout propagation and multi-recipient dispatch
- NotificationService.dispatchEmail() wires MailService as a first-class
  provider type with IsConfigured() guard and 30s context timeout
- 'email' added to isSupportedNotificationProviderType() and
  supportsJSONTemplates() returns false for email (plain/HTML only)
- settings_handler.go test-email endpoint updated to new SendEmail API
- Frontend: 'email' added to provider type union in notifications.ts,
  Notifications.tsx shows recipient field and hides URL/token fields for
  email providers
- All existing tests updated to match new SendEmail signature
- New tests added covering dispatchEmail paths, IsConfigured guards,
  recipient validation, and context timeout behaviour

Also fixes confirmed false-positive CodeQL go/email-injection alerts:
- smtp.SendMail, sendSSL w.Write, and sendSTARTTLS w.Write sites now
  carry inline codeql[go/email-injection] annotations as required by the
  CodeQL same-line suppression spec; preceding-line annotations silently
  no-op in current CodeQL versions
- auth_handler.go c.SetCookie annotated for intentional Secure=false on
  local non-HTTPS loopback (go/cookie-secure-not-set warning only)

Closes part of #800
2026-03-06 02:06:49 +00:00

116 lines
3.4 KiB
Go
Raw Blame History

package handlers
import (
"bytes"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"github.com/Wikid82/charon/backend/internal/models"
"github.com/Wikid82/charon/backend/internal/services"
"github.com/gin-gonic/gin"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
)
// TestUpdate_BlockTypeMutationForNonDiscord covers lines 137-139
func TestUpdate_BlockTypeMutationForNonDiscord(t *testing.T) {
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
require.NoError(t, err)
require.NoError(t, db.AutoMigrate(&models.NotificationProvider{}, &models.Notification{}))
// Create existing non-Discord provider
existing := &models.NotificationProvider{
ID: "test-provider",
Name: "Test Webhook",
Type: "webhook",
URL: "https://example.com/webhook",
Enabled: true,
}
require.NoError(t, db.Create(existing).Error)
service := services.NewNotificationService(db, nil)
handler := NewNotificationProviderHandler(service)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
c.Set("userID", uint(1))
c.Next()
})
r.PUT("/api/v1/notifications/providers/:id", handler.Update)
// Try to mutate type from webhook to discord (should be blocked)
req := map[string]interface{}{
"name": "Updated Name",
"type": "discord", // Trying to change type
"url": "https://discord.com/api/webhooks/123/abc",
}
body, _ := json.Marshal(req)
w := httptest.NewRecorder()
httpReq := httptest.NewRequest(http.MethodPut, "/api/v1/notifications/providers/test-provider", bytes.NewReader(body))
httpReq.Header.Set("Content-Type", "application/json")
r.ServeHTTP(w, httpReq)
// Should block type mutation (lines 137-139)
assert.Equal(t, http.StatusBadRequest, w.Code)
var response map[string]interface{}
err = json.Unmarshal(w.Body.Bytes(), &response)
require.NoError(t, err)
assert.Equal(t, "PROVIDER_TYPE_IMMUTABLE", response["code"])
}
// TestUpdate_AllowTypeMutationForDiscord verifies Discord can be updated
func TestUpdate_AllowTypeMutationForDiscord(t *testing.T) {
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
require.NoError(t, err)
require.NoError(t, db.AutoMigrate(&models.NotificationProvider{}, &models.Notification{}))
// Create existing Discord provider
existing := &models.NotificationProvider{
ID: "test-provider",
Name: "Test Discord",
Type: "discord",
URL: "https://discord.com/api/webhooks/123/abc",
Enabled: true,
}
require.NoError(t, db.Create(existing).Error)
service := services.NewNotificationService(db, nil)
handler := NewNotificationProviderHandler(service)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
c.Set("userID", uint(1))
c.Next()
})
r.PUT("/api/v1/notifications/providers/:id", handler.Update)
// Try to update Discord (type remains discord - should be allowed)
req := map[string]interface{}{
"name": "Updated Discord",
"type": "discord",
"url": "https://discord.com/api/webhooks/456/def",
}
body, _ := json.Marshal(req)
w := httptest.NewRecorder()
httpReq := httptest.NewRequest(http.MethodPut, "/api/v1/notifications/providers/test-provider", bytes.NewReader(body))
httpReq.Header.Set("Content-Type", "application/json")
r.ServeHTTP(w, httpReq)
// Should succeed
assert.Equal(t, http.StatusOK, w.Code)
}
Reference in New Issue View Git Blame Copy Permalink