Complete tasks 1-5: UI cleanup, pie chart fix, log path allowlist, activation hardening

Task 1: Remove ActiveBansSection from JailsPage - Delete buildBanColumns, fmtTimestamp, ActiveBansSection - Remove Dialog/Delete/Dismiss imports, ActiveBan type - Update JSDoc to reflect three sections Task 2: Remove JailDistributionChart from Dashboard - Delete import and JSX block from DashboardPage.tsx Task 3: Fix transparent pie chart (TopCountriesPieChart) - Add Cell import and per-slice <Cell fill={slice.fill}> children inside <Pie> - Suppress @typescript-eslint/no-deprecated (recharts v3 types) Task 4: Allow /config/log as safe log prefix - Add '/config/log' to _SAFE_LOG_PREFIXES in config_service.py - Update error message to list both allowed directories Task 5: Block jail activation on missing filter/logpath - activate_jail refuses to proceed when filter/logpath issues found - ActivateJailDialog treats all validation issues as blocking - Trigger immediate _run_probe after activation in config router - /api/health now reports fail2ban online/offline from cached probe - Add TestActivateJailBlocking tests; fix existing tests to mock validation
2026-03-14 18:57:01 +01:00
parent 68d8056d2e
commit ee7412442a
11 changed files with 425 additions and 656 deletions
--- a/backend/tests/test_routers/test_config.py
+++ b/backend/tests/test_routers/test_config.py
@@ -742,6 +742,32 @@ class TestActivateJail:
        ).post("/api/config/jails/sshd/activate", json={})
        assert resp.status_code == 401

+    async def test_200_with_active_false_on_missing_logpath(self, config_client: AsyncClient) -> None:
+        """POST .../activate returns 200 with active=False when the service blocks due to missing logpath."""
+        from app.models.config import JailActivationResponse
+
+        blocked_response = JailActivationResponse(
+            name="airsonic-auth",
+            active=False,
+            fail2ban_running=True,
+            validation_warnings=["logpath: log file '/var/log/airsonic/airsonic.log' not found"],
+            message="Jail 'airsonic-auth' cannot be activated: log file '/var/log/airsonic/airsonic.log' not found",
+        )
+        with patch(
+            "app.routers.config.config_file_service.activate_jail",
+            AsyncMock(return_value=blocked_response),
+        ):
+            resp = await config_client.post(
+                "/api/config/jails/airsonic-auth/activate", json={}
+            )
+
+        assert resp.status_code == 200
+        data = resp.json()
+        assert data["active"] is False
+        assert data["fail2ban_running"] is True
+        assert "cannot be activated" in data["message"]
+        assert len(data["validation_warnings"]) == 1
+

 # ---------------------------------------------------------------------------
 # POST /api/config/jails/{name}/deactivate