use crate::harness::{self, SiteBuilder, TestServer}; /// Tier 1: env-var token resolves and auth works #[tokio::test] async fn env_var_token_auth() { let var_name = "WITRYNA_INTEG_SECRET_01"; let token_value = "env-resolved-secret-token"; // SAFETY: test-only, called before spawning server unsafe { std::env::set_var(var_name, token_value) }; let dir = tempfile::tempdir().unwrap().keep(); let site = SiteBuilder::new( "secret-site", "https://example.com/repo.git", &format!("${{{var_name}}}"), ) .build(); let config = harness::test_config_with_site(dir, site); let server = TestServer::start(config).await; // Valid token → 404 (site exists but no real repo) let resp = TestServer::client() .post(server.url("secret-site")) .header("Authorization", format!("Bearer {token_value}")) .send() .await .unwrap(); assert_eq!(resp.status(), 202); // Wrong token → 401 let resp = TestServer::client() .post(server.url("secret-site")) .header("Authorization", "Bearer wrong-token") .send() .await .unwrap(); assert_eq!(resp.status(), 401); // SAFETY: test-only cleanup unsafe { std::env::remove_var(var_name) }; } /// Tier 1: file-based token resolves and auth works #[tokio::test] async fn file_token_auth() { let token_value = "file-resolved-secret-token"; let dir = tempfile::tempdir().unwrap().keep(); let token_path = std::path::PathBuf::from(&dir).join("webhook_token"); std::fs::write(&token_path, format!(" {token_value} \n")).unwrap(); let site = SiteBuilder::new("file-site", "https://example.com/repo.git", "") .webhook_token_file(token_path) .build(); let config = harness::test_config_with_site(dir, site); let server = TestServer::start(config).await; // Valid token → 202 let resp = TestServer::client() .post(server.url("file-site")) .header("Authorization", format!("Bearer {token_value}")) .send() .await .unwrap(); assert_eq!(resp.status(), 202); // Wrong token → 401 let resp = TestServer::client() .post(server.url("file-site")) .header("Authorization", "Bearer wrong-token") .send() .await .unwrap(); assert_eq!(resp.status(), 401); }