"""Unit tests for application configuration and validation.""" import pytest from pydantic import ValidationError from app.config import Settings def test_fail2ban_start_command_validates_simple_command() -> None: """Simple fail2ban commands without special characters are accepted.""" settings = Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret="test-secret-key-do-not-use-in-production", fail2ban_start_command="fail2ban-client start", ) assert settings.fail2ban_start_command == "fail2ban-client start" def test_fail2ban_start_command_validates_systemctl_command() -> None: """systemctl commands are accepted.""" settings = Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret="test-secret-key-do-not-use-in-production", fail2ban_start_command="systemctl start fail2ban", ) assert settings.fail2ban_start_command == "systemctl start fail2ban" def test_fail2ban_start_command_accepts_quoted_paths() -> None: """Commands with quoted paths containing spaces are accepted.""" settings = Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret="test-secret-key-do-not-use-in-production", fail2ban_start_command='"/opt/my tools/fail2ban-client" start', ) assert settings.fail2ban_start_command == '"/opt/my tools/fail2ban-client" start' def test_fail2ban_start_command_rejects_mismatched_quotes() -> None: """Commands with mismatched quotes raise ValidationError.""" with pytest.raises(ValidationError) as exc_info: Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret="test-secret-key-do-not-use-in-production", fail2ban_start_command='"/opt/my tools/fail2ban-client start', ) error_msg = str(exc_info.value) assert "fail2ban_start_command" in error_msg assert "mismatched quotes" in error_msg or "No closing quotation" in error_msg def test_fail2ban_start_command_error_includes_problematic_value() -> None: """Validation errors include the problematic command value.""" problematic_command = '"/opt/broken start' with pytest.raises(ValidationError) as exc_info: Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret="test-secret-key-do-not-use-in-production", fail2ban_start_command=problematic_command, ) error_msg = str(exc_info.value) assert problematic_command in error_msg def test_fail2ban_start_command_default_value_is_valid() -> None: """The default fail2ban_start_command value is valid and parseable.""" settings = Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret="test-secret-key-do-not-use-in-production", ) assert settings.fail2ban_start_command == "fail2ban-client start" def test_fail2ban_start_command_single_quoted() -> None: """Commands with single quotes are accepted.""" settings = Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret="test-secret-key-do-not-use-in-production", fail2ban_start_command="'/usr/bin/fail2ban-client' start", ) assert settings.fail2ban_start_command == "'/usr/bin/fail2ban-client' start" def test_fail2ban_start_command_multiple_arguments() -> None: """Commands with multiple arguments are accepted.""" settings = Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret="test-secret-key-do-not-use-in-production", fail2ban_start_command="fail2ban-client -c /etc/fail2ban start", ) assert settings.fail2ban_start_command == "fail2ban-client -c /etc/fail2ban start" def test_session_secret_enforces_minimum_length() -> None: """session_secret must be at least 32 characters.""" # Test with a secret shorter than 32 characters with pytest.raises(ValidationError) as exc_info: Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret="short-secret", ) error_msg = str(exc_info.value) assert "session_secret" in error_msg assert "32" in error_msg or "at least" in error_msg def test_session_secret_accepts_32_characters() -> None: """session_secret with exactly 32 characters is accepted.""" secret_32 = "a" * 32 # Exactly 32 characters settings = Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret=secret_32, ) assert settings.session_secret == secret_32 def test_session_secret_accepts_longer_than_32() -> None: """session_secret with more than 32 characters is accepted.""" secret_64 = "b" * 64 # 64 characters settings = Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret=secret_64, ) assert settings.session_secret == secret_64 def test_session_secret_error_message_includes_guidance() -> None: """Validation error for short session_secret includes secret generation guidance.""" with pytest.raises(ValidationError) as exc_info: Settings( database_path="/tmp/test.db", fail2ban_socket="/tmp/fake_fail2ban.sock", fail2ban_config_dir="/tmp/fail2ban", session_secret="too-short", ) error_msg = str(exc_info.value) # Verify the error mentions the constraint assert "session_secret" in error_msg