attune-system/attune
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b5d6bb22433c657ee81c05ef83897c48067821a4
attune/crates/api/tests
History
David Culbreth b5d6bb2243
Some checks failed
CI / Rustfmt (push) Failing after 25s
Details
CI / Clippy (push) Failing after 2m3s
Details
CI / Cargo Audit & Deny (push) Successful in 33s
Details
CI / Web Blocking Checks (push) Failing after 26s
Details
CI / Security Blocking Checks (push) Successful in 8s
Details
CI / Security Advisory Checks (push) Has been cancelled
Details
CI / Web Advisory Checks (push) Has been cancelled
Details
CI / Tests (push) Has been cancelled
Details
more polish on workflows
2026-03-11 11:21:28 -05:00
..
health_and_auth_tests.rs
[wip] cli capability parity
2026-03-06 16:58:50 -06:00
helpers.rs
more polish on workflows
2026-03-11 11:21:28 -05:00
pack_registry_tests.rs
[wip] cli capability parity
2026-03-06 16:58:50 -06:00
pack_workflow_tests.rs
more polish on workflows
2026-03-11 11:21:28 -05:00
permissions_api_tests.rs
[wip] single runtime handling
2026-03-10 09:30:57 -05:00
README.md
re-uploading work
2026-02-04 17:46:30 -06:00
sse_execution_stream_tests.rs
cancelling actions works now
2026-03-10 19:53:20 -05:00
SSE_TESTS_README.md
re-uploading work
2026-02-04 17:46:30 -06:00
webhook_api_tests.rs
[wip] cli capability parity
2026-03-06 16:58:50 -06:00
webhook_security_tests.rs
[wip] cli capability parity
2026-03-06 16:58:50 -06:00
workflow_tests.rs
more polish on workflows
2026-03-11 11:21:28 -05:00

README.md

API Integration Tests

This directory contains integration tests for the Attune API service.

Test Files

  • webhook_api_tests.rs - Basic webhook management and receiver endpoint tests (8 tests)
  • webhook_security_tests.rs - Comprehensive webhook security feature tests (17 tests)

Prerequisites

Before running tests, ensure:

  1. PostgreSQL is running on localhost:5432 (or set DATABASE_URL)
  2. Database migrations are applied: sqlx migrate run
  3. Test user exists (username: test_user, password: test_password)

Quick Setup

# Set database URL
export DATABASE_URL="postgresql://postgres:postgres@localhost:5432/attune"

# Run migrations
sqlx migrate run

# Create test user (run from psql or create via API)
# The test user is created automatically when you run the API for the first time
# Or create manually:
psql $DATABASE_URL -c "
INSERT INTO attune.identity (username, email, password_hash, enabled)
VALUES ('test_user', 'test@example.com', 
  crypt('test_password', gen_salt('bf')), true)
ON CONFLICT (username) DO NOTHING;
"

Running Tests

All tests are marked with #[ignore] because they require a database connection.

Run all API integration tests

cargo test -p attune-api --test '*' -- --ignored

Run webhook API tests only

cargo test -p attune-api --test webhook_api_tests -- --ignored

Run webhook security tests only

cargo test -p attune-api --test webhook_security_tests -- --ignored

Run a specific test

cargo test -p attune-api --test webhook_security_tests test_webhook_hmac_sha256_valid -- --ignored --nocapture

Run tests with output

cargo test -p attune-api --test webhook_security_tests -- --ignored --nocapture

Test Categories

Basic Webhook Tests (webhook_api_tests.rs)

  • Webhook enable/disable/regenerate operations
  • Webhook receiver with valid/invalid keys
  • Authentication enforcement
  • Disabled webhook handling

Security Feature Tests (webhook_security_tests.rs)

HMAC Signature Tests

  • test_webhook_hmac_sha256_valid - SHA256 signature validation
  • test_webhook_hmac_sha512_valid - SHA512 signature validation
  • test_webhook_hmac_invalid_signature - Invalid signature rejection
  • test_webhook_hmac_missing_signature - Missing signature rejection
  • test_webhook_hmac_wrong_secret - Wrong secret rejection

Rate Limiting Tests

  • test_webhook_rate_limit_enforced - Rate limit enforcement
  • test_webhook_rate_limit_disabled - No rate limit when disabled

IP Whitelisting Tests

  • test_webhook_ip_whitelist_allowed - Allowed IPs pass
  • test_webhook_ip_whitelist_blocked - Blocked IPs rejected

Payload Size Tests

  • test_webhook_payload_size_limit_enforced - Size limit enforcement
  • test_webhook_payload_size_within_limit - Valid size acceptance

Event Logging Tests

  • test_webhook_event_logging_success - Success logging
  • test_webhook_event_logging_failure - Failure logging

Combined Security Tests

  • test_webhook_all_security_features_pass - All features enabled
  • test_webhook_multiple_security_failures - Multiple failures

Error Scenarios

  • test_webhook_malformed_json - Invalid JSON handling
  • test_webhook_empty_payload - Empty payload handling

Troubleshooting

"Failed to connect to database"

  • Ensure PostgreSQL is running: pg_isready -h localhost -p 5432
  • Check DATABASE_URL is set correctly
  • Test connection: psql $DATABASE_URL -c "SELECT 1"

"Trigger not found" or table errors

  • Run migrations: sqlx migrate run
  • Check schema exists: psql $DATABASE_URL -c "\dn"

"Authentication required" errors

  • Ensure test user exists with correct credentials
  • Check JWT_SECRET environment variable is set

Tests timeout

  • Increase timeout with: cargo test -- --ignored --test-threads=1
  • Check database performance
  • Reduce concurrent test execution

Rate limit tests fail

  • Clear webhook event logs between runs
  • Ensure tests run in isolation: cargo test -- --ignored --test-threads=1

Documentation

For comprehensive test documentation, see:

  • docs/webhook-testing.md - Full test suite documentation
  • docs/webhook-manual-testing.md - Manual testing guide
  • docs/webhook-system-architecture.md - Webhook system architecture

CI/CD

These tests are designed to run in CI with:

  • PostgreSQL service container
  • Automatic migration application
  • Test user creation script
  • Parallel test execution (where safe)
Reference in New Issue View Git Blame Copy Permalink