gitea-mirror/Pulse
1
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-02-18 00:17:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
895a7e07e2fa6474dbd30c70062e25f03bbbfd9b
Pulse/internal/api/security_status_additional_test.go
rcourtman cb788f18b9 Ignore bearer token in security status
2026-02-04 14:01:57 +00:00

63 lines
2.0 KiB
Go
Raw Blame History

package api
import (
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
)
func TestSecurityStatusIgnoresInvalidTokenHeader(t *testing.T) {
rawToken := "status-valid-token-123.12345678"
record := newTokenRecord(t, rawToken, nil, nil)
cfg := newTestConfigWithTokens(t, record)
router := NewRouter(cfg, nil, nil, nil, nil, "1.0.0")
req := httptest.NewRequest(http.MethodGet, "/api/security/status", nil)
req.Header.Set("X-API-Token", "invalid-token")
rec := httptest.NewRecorder()
router.Handler().ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("expected 200 for security status, got %d", rec.Code)
}
var payload map[string]interface{}
if err := json.Unmarshal(rec.Body.Bytes(), &payload); err != nil {
t.Fatalf("decode response: %v", err)
}
if hint, ok := payload["apiTokenHint"].(string); ok && hint != "" {
t.Fatalf("expected apiTokenHint to be empty for invalid token, got %q", hint)
}
if _, ok := payload["tokenScopes"]; ok {
t.Fatalf("expected tokenScopes to be omitted for invalid token")
}
}
func TestSecurityStatusIgnoresBearerTokenHeader(t *testing.T) {
rawToken := "status-bearer-token-123.12345678"
record := newTokenRecord(t, rawToken, nil, nil)
cfg := newTestConfigWithTokens(t, record)
router := NewRouter(cfg, nil, nil, nil, nil, "1.0.0")
req := httptest.NewRequest(http.MethodGet, "/api/security/status", nil)
req.Header.Set("Authorization", "Bearer "+rawToken)
rec := httptest.NewRecorder()
router.Handler().ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("expected 200 for security status, got %d", rec.Code)
}
var payload map[string]interface{}
if err := json.Unmarshal(rec.Body.Bytes(), &payload); err != nil {
t.Fatalf("decode response: %v", err)
}
if hint, ok := payload["apiTokenHint"].(string); ok && hint != "" {
t.Fatalf("expected apiTokenHint to be empty for bearer token, got %q", hint)
}
if _, ok := payload["tokenScopes"]; ok {
t.Fatalf("expected tokenScopes to be omitted for bearer token")
}
}
Reference in New Issue View Git Blame Copy Permalink