vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-01 21:10:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Clarify download checksum auth

Browse source
This commit is contained in:
rcourtman 2026-02-04 13:23:55 +00:00
parent ce9481e7bf
commit 0d564bfd8f
1 changed files with 16 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
internal/api/security_regression_test.go
View file

@ -3104,6 +3104,22 @@ func TestPublicDownloadEndpointsBypassAuth(t *testing.T) {
}
}
func TestHostAgentChecksumRequiresAuth(t *testing.T) {
cfg := newTestConfigWithTokens(t)
cfg.AuthUser = "admin"
cfg.AuthPass = "hashed"
router := NewRouter(cfg, nil, nil, nil, nil, "1.0.0")
ResetRateLimitForIP("203.0.113.90")
req := httptest.NewRequest(http.MethodPost, "/download/pulse-host-agent.sha256", nil)
req.RemoteAddr = "203.0.113.90:1234"
rec := httptest.NewRecorder()
router.Handler().ServeHTTP(rec, req)
if rec.Code != http.StatusUnauthorized {
t.Fatalf("expected 401 for protected checksum, got %d", rec.Code)
}
}
func TestPublicEndpointsBypassAuthInAPIMode(t *testing.T) {
record := newTokenRecord(t, "public-api-token-123.12345678", []string{config.ScopeMonitoringRead}, nil)
cfg := newTestConfigWithTokens(t, record)