mirror of
https://github.com/we-promise/sure.git
synced 2026-04-07 22:34:47 +00:00
ba6e286b41
* feat: add SSL_CA_FILE and SSL_VERIFY environment variables to support self-signed certificates in self-hosted environments * fix: NoMethodError by defining SSL helper methods before configure block executes * refactor: Refactor SessionsController to use shared SslConfigurable module and simplify SSL initializer redundant checks * refactor: improve SSL configuration robustness and error detection accuracy * fix:HTTParty SSL options, add file validation guards, prevent Tempfile GC, and redact URLs in error logs * fix: Fix SSL concern indentation and stub Simplefin POST correctly in tests * fix: normalize ssl_verify to always return boolean instead of nil * fix: solve failing SimpleFin test * refactor: trim unused error-handling code from SslConfigurable, replace Tempfile with fixed-path CA bundle, fix namespace pollution in initializers, and add unit tests for core SSL configuration and Langfuse CRL callback. * fix: added require ileutils in the initializer and require ostruct in the test file. * fix: solve autoload conflict that broke provider loading, validate all certs in PEM bundles, and add missing requires.
166 lines
5.0 KiB
Ruby
166 lines
5.0 KiB
Ruby
require "test_helper"
|
|
|
|
class SslConfigurableTest < ActiveSupport::TestCase
|
|
# Create a simple test host that extends SslConfigurable, mirroring how
|
|
# providers use it in the actual codebase.
|
|
class SslTestHost
|
|
extend SslConfigurable
|
|
end
|
|
|
|
setup do
|
|
# Snapshot original config so we can restore it in teardown
|
|
@original_verify = Rails.configuration.x.ssl.verify
|
|
@original_ca_file = Rails.configuration.x.ssl.ca_file
|
|
@original_debug = Rails.configuration.x.ssl.debug
|
|
end
|
|
|
|
teardown do
|
|
Rails.configuration.x.ssl.verify = @original_verify
|
|
Rails.configuration.x.ssl.ca_file = @original_ca_file
|
|
Rails.configuration.x.ssl.debug = @original_debug
|
|
end
|
|
|
|
# -- ssl_verify? --
|
|
|
|
test "ssl_verify? returns true when verify is nil (default)" do
|
|
Rails.configuration.x.ssl.verify = nil
|
|
assert SslTestHost.ssl_verify?
|
|
end
|
|
|
|
test "ssl_verify? returns true when verify is true" do
|
|
Rails.configuration.x.ssl.verify = true
|
|
assert SslTestHost.ssl_verify?
|
|
end
|
|
|
|
test "ssl_verify? returns false when verify is explicitly false" do
|
|
Rails.configuration.x.ssl.verify = false
|
|
refute SslTestHost.ssl_verify?
|
|
end
|
|
|
|
# -- ssl_ca_file --
|
|
|
|
test "ssl_ca_file returns nil when no CA file is configured" do
|
|
Rails.configuration.x.ssl.ca_file = nil
|
|
assert_nil SslTestHost.ssl_ca_file
|
|
end
|
|
|
|
test "ssl_ca_file returns the configured path" do
|
|
Rails.configuration.x.ssl.ca_file = "/certs/my-ca.crt"
|
|
assert_equal "/certs/my-ca.crt", SslTestHost.ssl_ca_file
|
|
end
|
|
|
|
# -- ssl_debug? --
|
|
|
|
test "ssl_debug? returns false when debug is nil" do
|
|
Rails.configuration.x.ssl.debug = nil
|
|
refute SslTestHost.ssl_debug?
|
|
end
|
|
|
|
test "ssl_debug? returns true when debug is true" do
|
|
Rails.configuration.x.ssl.debug = true
|
|
assert SslTestHost.ssl_debug?
|
|
end
|
|
|
|
# -- faraday_ssl_options --
|
|
|
|
test "faraday_ssl_options returns verify true with no CA file by default" do
|
|
Rails.configuration.x.ssl.verify = true
|
|
Rails.configuration.x.ssl.ca_file = nil
|
|
Rails.configuration.x.ssl.debug = false
|
|
|
|
options = SslTestHost.faraday_ssl_options
|
|
|
|
assert_equal true, options[:verify]
|
|
assert_nil options[:ca_file]
|
|
end
|
|
|
|
test "faraday_ssl_options includes ca_file when configured" do
|
|
Rails.configuration.x.ssl.verify = true
|
|
Rails.configuration.x.ssl.ca_file = "/certs/my-ca.crt"
|
|
Rails.configuration.x.ssl.debug = false
|
|
|
|
options = SslTestHost.faraday_ssl_options
|
|
|
|
assert_equal true, options[:verify]
|
|
assert_equal "/certs/my-ca.crt", options[:ca_file]
|
|
end
|
|
|
|
test "faraday_ssl_options returns verify false when verification disabled" do
|
|
Rails.configuration.x.ssl.verify = false
|
|
Rails.configuration.x.ssl.ca_file = nil
|
|
Rails.configuration.x.ssl.debug = false
|
|
|
|
options = SslTestHost.faraday_ssl_options
|
|
|
|
assert_equal false, options[:verify]
|
|
end
|
|
|
|
test "faraday_ssl_options includes both verify false and ca_file when both configured" do
|
|
Rails.configuration.x.ssl.verify = false
|
|
Rails.configuration.x.ssl.ca_file = "/certs/my-ca.crt"
|
|
Rails.configuration.x.ssl.debug = false
|
|
|
|
options = SslTestHost.faraday_ssl_options
|
|
|
|
assert_equal false, options[:verify]
|
|
assert_equal "/certs/my-ca.crt", options[:ca_file]
|
|
end
|
|
|
|
# -- httparty_ssl_options --
|
|
|
|
test "httparty_ssl_options returns verify true with no CA file by default" do
|
|
Rails.configuration.x.ssl.verify = true
|
|
Rails.configuration.x.ssl.ca_file = nil
|
|
Rails.configuration.x.ssl.debug = false
|
|
|
|
options = SslTestHost.httparty_ssl_options
|
|
|
|
assert_equal true, options[:verify]
|
|
assert_nil options[:ssl_ca_file]
|
|
end
|
|
|
|
test "httparty_ssl_options includes ssl_ca_file when configured" do
|
|
Rails.configuration.x.ssl.verify = true
|
|
Rails.configuration.x.ssl.ca_file = "/certs/my-ca.crt"
|
|
Rails.configuration.x.ssl.debug = false
|
|
|
|
options = SslTestHost.httparty_ssl_options
|
|
|
|
assert_equal true, options[:verify]
|
|
assert_equal "/certs/my-ca.crt", options[:ssl_ca_file]
|
|
end
|
|
|
|
test "httparty_ssl_options returns verify false when verification disabled" do
|
|
Rails.configuration.x.ssl.verify = false
|
|
Rails.configuration.x.ssl.ca_file = nil
|
|
Rails.configuration.x.ssl.debug = false
|
|
|
|
options = SslTestHost.httparty_ssl_options
|
|
|
|
assert_equal false, options[:verify]
|
|
end
|
|
|
|
# -- net_http_verify_mode --
|
|
|
|
test "net_http_verify_mode returns VERIFY_PEER when verification enabled" do
|
|
Rails.configuration.x.ssl.verify = true
|
|
Rails.configuration.x.ssl.debug = false
|
|
|
|
assert_equal OpenSSL::SSL::VERIFY_PEER, SslTestHost.net_http_verify_mode
|
|
end
|
|
|
|
test "net_http_verify_mode returns VERIFY_NONE when verification disabled" do
|
|
Rails.configuration.x.ssl.verify = false
|
|
Rails.configuration.x.ssl.debug = false
|
|
|
|
assert_equal OpenSSL::SSL::VERIFY_NONE, SslTestHost.net_http_verify_mode
|
|
end
|
|
|
|
test "net_http_verify_mode returns VERIFY_PEER when verify is nil" do
|
|
Rails.configuration.x.ssl.verify = nil
|
|
Rails.configuration.x.ssl.debug = false
|
|
|
|
assert_equal OpenSSL::SSL::VERIFY_PEER, SslTestHost.net_http_verify_mode
|
|
end
|
|
end
|