Keith Smith
75 lines
2.7 KiB
Python
75 lines
2.7 KiB
Python
from fastapi.testclient import TestClient
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.core.secrets import decrypt_secret
|
|
from app.models import NotificationChannel
|
|
|
|
|
|
def test_notification_channel_does_not_return_saved_secret(client: TestClient, db_session: Session) -> None:
|
|
response = client.post(
|
|
"/notifications/channels",
|
|
json={
|
|
"name": "Operations Webhook",
|
|
"channel_type": "generic_webhook",
|
|
"settings": {"username": "OrbitWard"},
|
|
"secret": "https://hooks.example.test/orbitward",
|
|
"is_enabled": True,
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
body = response.json()
|
|
assert body["has_secret"] is True
|
|
assert "secret" not in body
|
|
assert "encrypted_secret" not in body
|
|
|
|
channel = db_session.get(NotificationChannel, body["id"])
|
|
assert channel is not None
|
|
assert channel.encrypted_secret != "https://hooks.example.test/orbitward"
|
|
assert decrypt_secret(channel.encrypted_secret) == "https://hooks.example.test/orbitward"
|
|
|
|
list_response = client.get("/notifications/channels")
|
|
assert list_response.status_code == 200
|
|
listed_channel = list_response.json()[0]
|
|
assert listed_channel["has_secret"] is True
|
|
assert "secret" not in listed_channel
|
|
assert "encrypted_secret" not in listed_channel
|
|
|
|
|
|
def test_notification_channel_update_without_secret_preserves_existing_secret(client: TestClient, db_session: Session) -> None:
|
|
create_response = client.post(
|
|
"/notifications/channels",
|
|
json={
|
|
"name": "Mattermost",
|
|
"channel_type": "mattermost",
|
|
"settings": {"username": "OrbitWard"},
|
|
"secret": "https://hooks.example.test/mattermost",
|
|
"is_enabled": True,
|
|
},
|
|
)
|
|
channel_id = create_response.json()["id"]
|
|
original_secret = db_session.get(NotificationChannel, channel_id).encrypted_secret
|
|
|
|
update_response = client.patch(
|
|
f"/notifications/channels/{channel_id}",
|
|
json={
|
|
"name": "Mattermost Alerts",
|
|
"settings": {"username": "OrbitWard Alerts"},
|
|
"is_enabled": False,
|
|
},
|
|
)
|
|
|
|
assert update_response.status_code == 200
|
|
body = update_response.json()
|
|
assert body["name"] == "Mattermost Alerts"
|
|
assert body["settings"]["username"] == "OrbitWard Alerts"
|
|
assert body["is_enabled"] is False
|
|
assert body["has_secret"] is True
|
|
assert "secret" not in body
|
|
assert "encrypted_secret" not in body
|
|
|
|
channel = db_session.get(NotificationChannel, channel_id)
|
|
assert channel is not None
|
|
assert channel.encrypted_secret == original_secret
|
|
assert decrypt_secret(channel.encrypted_secret) == "https://hooks.example.test/mattermost"
|