ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
df72c4adb7
TenantAtlas/tests/Unit/OpsUx/RunFailureSanitizerTest.php
Ahmed Darrazi df72c4adb7 fix: stabilize full suite regressions
2026-03-13 02:20:09 +01:00

51 lines
2.1 KiB
PHP
Raw Blame History

<?php
use App\Support\OpsUx\RunFailureSanitizer;
use App\Support\Providers\ProviderReasonCodes;
it('normalizes provider auth and outage reason codes', function (): void {
expect(RunFailureSanitizer::normalizeReasonCode('invalid_client'))->toBe(ProviderReasonCodes::ProviderAuthFailed);
expect(RunFailureSanitizer::normalizeReasonCode('AADSTS700016'))->toBe(ProviderReasonCodes::ProviderAuthFailed);
expect(RunFailureSanitizer::normalizeReasonCode('bad_gateway'))->toBe(ProviderReasonCodes::NetworkUnreachable);
expect(RunFailureSanitizer::normalizeReasonCode('500'))->toBe(ProviderReasonCodes::NetworkUnreachable);
});
it('redacts common secret patterns and forbidden substrings', function (): void {
$message = 'Authorization: Bearer super-secret-token access_token=abc refresh_token=def client_secret=ghi password=jkl';
$sanitized = RunFailureSanitizer::sanitizeMessage($message);
expect($sanitized)
->not->toContain('Authorization')
->not->toContain('Bearer ')
->not->toContain('access_token')
->not->toContain('refresh_token')
->not->toContain('client_secret')
->not->toContain('password')
->not->toContain('super-secret-token')
->not->toContain('abc')
->not->toContain('def')
->not->toContain('ghi')
->not->toContain('jkl');
});
it('keeps safe configuration language readable in failure messages', function (): void {
$message = 'passwordMinimumLength is 12 while password=super-secret should stay hidden.';
$sanitized = RunFailureSanitizer::sanitizeMessage($message);
expect($sanitized)->toContain('passwordMinimumLength');
expect($sanitized)->not->toContain('super-secret');
});
it('redacts email domains that survive token redaction boundaries', function (): void {
$message = 'Authorization: Bearer highly-sensitive-token-for-user@example.com';
$sanitized = RunFailureSanitizer::sanitizeMessage($message);
expect($sanitized)
->not->toContain('Bearer')
->not->toContain('@example.com')
->toContain('[REDACTED_EMAIL]');
});
Reference in New Issue View Git Blame Copy Permalink