package httpapi import ( "encoding/json" "strings" "testing" "github.com/vasyansk/imap-copier/internal/store" ) func TestAccountDTOHidesPasswords(t *testing.T) { a := store.Account{ID: 1, SrcLogin: "u", SrcPassEnc: "SECRET_ENC", DstLogin: "v", DstPassEnc: "SECRET2"} b, _ := json.Marshal(accountDTO(a)) s := string(b) if strings.Contains(s, "SECRET_ENC") || strings.Contains(s, "SECRET2") || strings.Contains(strings.ToLower(s), "pass") { t.Fatalf("DTO leaks password material: %s", s) } if !strings.Contains(s, `"src_login":"u"`) { t.Fatalf("DTO missing login: %s", s) } }