22 lines
592 B
Go
22 lines
592 B
Go
package httpapi
|
|
|
|
import (
|
|
"encoding/json"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/vasyansk/imap-copier/internal/store"
|
|
)
|
|
|
|
func TestAccountDTOHidesPasswords(t *testing.T) {
|
|
a := store.Account{ID: 1, SrcLogin: "u", SrcPassEnc: "SECRET_ENC", DstLogin: "v", DstPassEnc: "SECRET2"}
|
|
b, _ := json.Marshal(accountDTO(a))
|
|
s := string(b)
|
|
if strings.Contains(s, "SECRET_ENC") || strings.Contains(s, "SECRET2") || strings.Contains(strings.ToLower(s), "pass") {
|
|
t.Fatalf("DTO leaks password material: %s", s)
|
|
}
|
|
if !strings.Contains(s, `"src_login":"u"`) {
|
|
t.Fatalf("DTO missing login: %s", s)
|
|
}
|
|
}
|