attune-system/attune
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9b0ff4a6d22adee5df390eb695af66b065744dfc
attune/crates/api/tests/README.md
David Culbreth 3b14c65998 re-uploading work
2026-02-04 17:46:30 -06:00

145 lines
4.4 KiB
Markdown
Raw Blame History

# API Integration Tests
This directory contains integration tests for the Attune API service.
## Test Files
- `webhook_api_tests.rs` - Basic webhook management and receiver endpoint tests (8 tests)
- `webhook_security_tests.rs` - Comprehensive webhook security feature tests (17 tests)
## Prerequisites
Before running tests, ensure:
1. **PostgreSQL is running** on `localhost:5432` (or set `DATABASE_URL`)
2. **Database migrations are applied**: `sqlx migrate run`
3. **Test user exists** (username: `test_user`, password: `test_password`)
### Quick Setup
```bash
# Set database URL
export DATABASE_URL="postgresql://postgres:postgres@localhost:5432/attune"
# Run migrations
sqlx migrate run
# Create test user (run from psql or create via API)
# The test user is created automatically when you run the API for the first time
# Or create manually:
psql $DATABASE_URL -c "
INSERT INTO attune.identity (username, email, password_hash, enabled)
VALUES ('test_user', 'test@example.com',
crypt('test_password', gen_salt('bf')), true)
ON CONFLICT (username) DO NOTHING;
"
```
## Running Tests
All tests are marked with `#[ignore]` because they require a database connection.
### Run all API integration tests
```bash
cargo test -p attune-api --test '*' -- --ignored
```
### Run webhook API tests only
```bash
cargo test -p attune-api --test webhook_api_tests -- --ignored
```
### Run webhook security tests only
```bash
cargo test -p attune-api --test webhook_security_tests -- --ignored
```
### Run a specific test
```bash
cargo test -p attune-api --test webhook_security_tests test_webhook_hmac_sha256_valid -- --ignored --nocapture
```
### Run tests with output
```bash
cargo test -p attune-api --test webhook_security_tests -- --ignored --nocapture
```
## Test Categories
### Basic Webhook Tests (`webhook_api_tests.rs`)
- Webhook enable/disable/regenerate operations
- Webhook receiver with valid/invalid keys
- Authentication enforcement
- Disabled webhook handling
### Security Feature Tests (`webhook_security_tests.rs`)
#### HMAC Signature Tests
- `test_webhook_hmac_sha256_valid` - SHA256 signature validation
- `test_webhook_hmac_sha512_valid` - SHA512 signature validation
- `test_webhook_hmac_invalid_signature` - Invalid signature rejection
- `test_webhook_hmac_missing_signature` - Missing signature rejection
- `test_webhook_hmac_wrong_secret` - Wrong secret rejection
#### Rate Limiting Tests
- `test_webhook_rate_limit_enforced` - Rate limit enforcement
- `test_webhook_rate_limit_disabled` - No rate limit when disabled
#### IP Whitelisting Tests
- `test_webhook_ip_whitelist_allowed` - Allowed IPs pass
- `test_webhook_ip_whitelist_blocked` - Blocked IPs rejected
#### Payload Size Tests
- `test_webhook_payload_size_limit_enforced` - Size limit enforcement
- `test_webhook_payload_size_within_limit` - Valid size acceptance
#### Event Logging Tests
- `test_webhook_event_logging_success` - Success logging
- `test_webhook_event_logging_failure` - Failure logging
#### Combined Security Tests
- `test_webhook_all_security_features_pass` - All features enabled
- `test_webhook_multiple_security_failures` - Multiple failures
#### Error Scenarios
- `test_webhook_malformed_json` - Invalid JSON handling
- `test_webhook_empty_payload` - Empty payload handling
## Troubleshooting
### "Failed to connect to database"
- Ensure PostgreSQL is running: `pg_isready -h localhost -p 5432`
- Check `DATABASE_URL` is set correctly
- Test connection: `psql $DATABASE_URL -c "SELECT 1"`
### "Trigger not found" or table errors
- Run migrations: `sqlx migrate run`
- Check schema exists: `psql $DATABASE_URL -c "\dn"`
### "Authentication required" errors
- Ensure test user exists with correct credentials
- Check `JWT_SECRET` environment variable is set
### Tests timeout
- Increase timeout with: `cargo test -- --ignored --test-threads=1`
- Check database performance
- Reduce concurrent test execution
### Rate limit tests fail
- Clear webhook event logs between runs
- Ensure tests run in isolation: `cargo test -- --ignored --test-threads=1`
## Documentation
For comprehensive test documentation, see:
- `docs/webhook-testing.md` - Full test suite documentation
- `docs/webhook-manual-testing.md` - Manual testing guide
- `docs/webhook-system-architecture.md` - Webhook system architecture
## CI/CD
These tests are designed to run in CI with:
- PostgreSQL service container
- Automatic migration application
- Test user creation script
- Parallel test execution (where safe)
Reference in New Issue View Git Blame Copy Permalink