mirror/container-census
1
0
Fork 0
mirror of https://github.com/selfhosters-cc/container-census.git synced 2026-01-18 20:56:34 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
fa367e28949dbe26094a6a611bc752aeec284e72
container-census/scripts/TESTING.md
Self Hosters 0deb72774f Add authentication migration test suite 
Prevent regression of the "authUsername is not defined" error by
adding comprehensive tests and pre-commit hooks.

New test files:
- scripts/test-auth-migration.sh: Full test suite (8 test cases)
  * Checks for obsolete auth variable references
  * Validates session management implementation
  * Verifies vulnerability functions use correct auth
  * Tests logout button and documentation

- scripts/pre-commit-hook.sh: Git pre-commit hook
  * Blocks commits containing authUsername/authPassword
  * Provides helpful error messages
  * Can be installed with symlink

- scripts/TESTING.md: Testing documentation
  * How to run tests
  * How to install pre-commit hook
  * Correct vs incorrect auth patterns
  * Troubleshooting guide

All tests currently passing (8/8). Pre-commit hook validated.

These tests ensure the session-based authentication migration
remains complete and prevent accidental reintroduction of removed
Basic Auth variables.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-23 21:37:20 -05:00

3.3 KiB
Raw Blame History

Testing Guide

Authentication Migration Tests

This directory contains automated tests to prevent authentication-related regressions after migrating from HTTP Basic Auth to session-based authentication.

Test Scripts

1. Full Test Suite: test-auth-migration.sh

Comprehensive test suite that validates:

  • No obsolete authUsername or authPassword references
  • Session management files exist
  • Session functions are implemented
  • Login/logout endpoints exist
  • Vulnerability functions use proper authentication
  • Logout button exists in UI
  • Documentation includes SESSION_SECRET
  • 401 redirect handling is implemented

Run the tests:

./scripts/test-auth-migration.sh

Exit codes:

  • 0 = All tests passed
  • 1 = One or more tests failed

Use in CI/CD:

# Example GitHub Actions workflow
- name: Run authentication tests
  run: ./scripts/test-auth-migration.sh

2. Pre-Commit Hook: pre-commit-hook.sh

Prevents commits that contain obsolete authentication variables.

Install the hook:

ln -s ../../scripts/pre-commit-hook.sh .git/hooks/pre-commit

What it does:

  • Checks staged .js and .html files for authUsername or authPassword
  • Blocks the commit if found
  • Provides helpful error message with correct pattern

Test the hook:

# Create a file with bad pattern
echo "const x = authUsername;" > web/test.js
git add web/test.js
git commit -m "test"  # This will be blocked

# Clean up
git reset web/test.js
rm web/test.js

Why These Tests Matter

After migrating to session-based authentication, we removed the authUsername and authPassword global variables. However, some functions still referenced them, causing runtime errors like:

Failed to load vulnerability details: authUsername is not defined

These tests ensure:

  1. No code references the removed variables
  2. All API calls use session cookies (sent automatically)
  3. The migration is complete and won't regress

Session-Based Auth Pattern

Correct (session cookies sent automatically):

const response = await fetch('/api/vulnerabilities/scan/123', {
    method: 'POST'
});

Incorrect (references removed variables):

const response = await fetch('/api/vulnerabilities/scan/123', {
    method: 'POST',
    headers: {
        'Authorization': 'Basic ' + btoa(authUsername + ':' + authPassword)
    }
});

Manual Verification

If you need to manually check for regressions:

# Search for authUsername or authPassword in web files
grep -rn "authUsername\|authPassword" web/ --include="*.js" --include="*.html"

# Should return no results

Troubleshooting

Tests fail with "command not found":

  • Ensure you're in the repository root: cd /path/to/container-census
  • Make scripts executable: chmod +x scripts/*.sh

Pre-commit hook not running:

  • Check it's installed: ls -la .git/hooks/pre-commit
  • Verify symlink: readlink .git/hooks/pre-commit should point to ../../scripts/pre-commit-hook.sh
  • Make it executable: chmod +x scripts/pre-commit-hook.sh

Future Improvements

Consider adding:

  • ESLint rule to catch authUsername/authPassword usage
  • TypeScript validation (if migrating to TS)
  • Integration tests for login flow
  • E2E tests with Playwright/Cypress
Reference in New Issue View Git Blame Copy Permalink