Fix restart/reload endpoint correctness and safety

- jail_service.restart(): replace invalid ["restart"] socket command with ["stop"], matching fail2ban transmitter protocol. The daemon is now stopped via socket; the caller starts it via subprocess. - config_file_service: expose _start_daemon and _wait_for_fail2ban as public start_daemon / wait_for_fail2ban functions. - restart_fail2ban router: orchestrate stop (socket) → start (subprocess) → probe (socket). Returns 204 on success, 503 when fail2ban does not come back within 10 s. Catches JailOperationError → 409. - reload_fail2ban router: add JailOperationError catch → 409 Conflict, consistent with other jail control endpoints. - Tests: add TestJailControls.test_restart_* (3 cases), TestReloadFail2ban 502/409 cases, TestRestartFail2ban (5 cases), TestRollbackJail (6 integration tests verifying file-write, subprocess invocation, socket- probe truthiness, active_jails count, and offline-at-call-time).
2026-03-15 12:59:17 +01:00
parent 61daa8bbc0
commit 93dc699825
7 changed files with 487 additions and 135 deletions
--- a/backend/tests/test_services/test_jail_service.py
+++ b/backend/tests/test_services/test_jail_service.py
@@ -441,6 +441,33 @@ class TestJailControls:
            )
        assert exc_info.value.name == "airsonic-auth"

+    async def test_restart_sends_stop_command(self) -> None:
+        """restart() sends the ['stop'] command to the fail2ban socket."""
+        with _patch_client({"stop": (0, None)}):
+            await jail_service.restart(_SOCKET)  # should not raise
+
+    async def test_restart_operation_error_raises(self) -> None:
+        """restart() raises JailOperationError when fail2ban rejects the stop."""
+        with _patch_client({"stop": (1, Exception("cannot stop"))}), pytest.raises(
+            JailOperationError
+        ):
+            await jail_service.restart(_SOCKET)
+
+    async def test_restart_connection_error_propagates(self) -> None:
+        """restart() propagates Fail2BanConnectionError when socket is unreachable."""
+
+        class _FailClient:
+            def __init__(self, **_kw: Any) -> None:
+                self.send = AsyncMock(
+                    side_effect=Fail2BanConnectionError("no socket", _SOCKET)
+                )
+
+        with (
+            patch("app.services.jail_service.Fail2BanClient", _FailClient),
+            pytest.raises(Fail2BanConnectionError),
+        ):
+            await jail_service.restart(_SOCKET)
+
    async def test_start_not_found_raises(self) -> None:
        """start_jail raises JailNotFoundError for unknown jail."""
        with _patch_client({"start|ghost": (1, Exception("Unknown jail: 'ghost'"))}), pytest.raises(JailNotFoundError):