Add comprehensive direct tests for the CheckProxyAuth function covering:
- Not configured (returns false)
- Invalid secret (returns false)
- Missing secret header (returns false)
- Valid secret without user header configured (returns true, admin)
- Missing user header when configured (returns false)
- Valid auth with username (returns true with username)
- Role checking with empty roles header (defaults to admin)
- Role checking with admin role present (returns admin=true)
- Role checking without admin role (returns admin=false)
- Custom role separator (comma instead of pipe)
- Role with whitespace (trimmed correctly)
Coverage: CheckProxyAuth 89.3% → 100%
Add comprehensive tests for the ValidateSession wrapper function covering:
- Non-existent token (returns false)
- Empty token (returns false)
- Valid token (returns true)
- Expired token (returns false)
The ValidateSession function is a simple wrapper around the SessionStore's
ValidateSession method, but having direct tests ensures the wrapper is
exercised and documents its expected behavior.
Coverage: ValidateSession 0% → 100%
Add comprehensive tests for the RequireAdmin middleware covering:
- No auth configured (allows access by design)
- API-only mode (rejects requests without token)
- Basic auth with invalid credentials
- Proxy auth with admin role (allowed)
- Proxy auth with non-admin role (forbidden)
- Proxy auth with invalid secret (unauthorized)
- Proxy auth without role header (defaults to admin)
- Proxy auth with custom role separator
- Proxy auth with spaces in roles (trimmed)
- Basic auth authenticated users (allowed as admin)
- JSON vs plain text error responses based on path/Accept header
Also improves CheckProxyAuth coverage as a side effect.
Coverage: RequireAdmin 20.8% → 87.5%
Coverage: CheckProxyAuth 0.0% → 89.3%
Coverage: API package 30.9% → 31.9%
The quick-setup command for temperature monitoring was generating
--standalone --http-mode which is meant for Docker deployments. This
confused users trying to set up multi-server Proxmox monitoring.
Now uses --ctid which works for both local and remote Proxmox hosts.
The installer detects when the container doesn't exist locally and
installs in "host monitoring only" mode automatically.
If we can determine the actual CTID from the host proxy summary,
we use it; otherwise we show <PULSE_CTID> for the user to replace.
Related to #785
The test was failing after commit d6cbfc23 added security hardening
that requires authentication and trusted proxy configuration for
X-Forwarded-* headers to be read during public URL detection.
- Add API token authentication to the test request
- Configure 127.0.0.1 as trusted proxy for the test
- Add export_test.go with ResetTrustedProxyConfigForTests() to allow
external tests to reset the trusted proxy configuration
Add 5 tests to cover all branches:
- Not requested (ALLOW_ADMIN_BYPASS != "1")
- Enabled with PULSE_DEV=true
- Enabled with NODE_ENV=development
- Case-insensitive NODE_ENV check
- Declined when outside dev mode
Coverage: 40% → 100%
UpdateVMsForInstance and UpdateContainersForInstance were replacing
guest data without preserving the LastBackup field that was populated
by SyncGuestBackupTimes. This caused backup indicators to always show
"no backup found" since the LastBackup would be wiped every time
guests were polled (which happens more frequently than backup polling).
Now both functions preserve LastBackup from existing data when the
incoming guest data has a zero value.
Related to #762
Tests empty string, invalid IP, and IP not matching CIDR for
isTrustedProxyIP. Also adds tests for GetClientIP empty RemoteAddr
and X-Real-IP fallback paths.
Tests WebSocket upgrade with POST method in demo mode, ensuring the
websocket check branch is exercised after the GET/HEAD/OPTIONS check.
Coverage: 90% to 100%.
- respondMissingScope: nil writer handling (80% to 100%)
- attachAPITokenRecord: nil record handling (80% to 100%)
- getAPITokenRecordFromRequest: wrong type and missing value (87.5% to 100%)
Add test case for URL containing control character (null byte)
which triggers url.Parse error and returns path unchanged.
Coverage improved from 88.9% to 100%.
Add 6 new test cases covering previously untested branches:
- Empty host returns error
- Whitespace-only host returns error
- Unknown node type keeps host without port
- Docker node type keeps host without port
- IPv4 address gets default port
- IPv4 with custom port preserved
Coverage improved from 92.6% to 96.3%.
