Files

22 lines
592 B
Go

package httpapi
import (
"encoding/json"
"strings"
"testing"
"github.com/vasyansk/imap-copier/internal/store"
)
func TestAccountDTOHidesPasswords(t *testing.T) {
a := store.Account{ID: 1, SrcLogin: "u", SrcPassEnc: "SECRET_ENC", DstLogin: "v", DstPassEnc: "SECRET2"}
b, _ := json.Marshal(accountDTO(a))
s := string(b)
if strings.Contains(s, "SECRET_ENC") || strings.Contains(s, "SECRET2") || strings.Contains(strings.ToLower(s), "pass") {
t.Fatalf("DTO leaks password material: %s", s)
}
if !strings.Contains(s, `"src_login":"u"`) {
t.Fatalf("DTO missing login: %s", s)
}
}