test: verify CalDAV token auth bypasses TOTP check

Add a CalDAV token fixture (kind=4) for user10 who has TOTP enabled,
and implement the previously-skipped test proving token-based auth
still works when TOTP is active.
This commit is contained in:
kolaente 2026-03-20 11:34:29 +01:00 committed by kolaente
parent 1ed813caf0
commit 1f2aef776c
2 changed files with 15 additions and 4 deletions

View File

@ -28,3 +28,9 @@
token: 'disableduserpasswordresettoken'
kind: 1
created: 2024-01-01 00:00:00
-
id: 6
user_id: 10
token: '$2a$04$DT./vBYVmwfc8KlWOyLmNOF4KJLahG31L1eSzg45RRZKPhfjojSDa'
kind: 4
created: 2024-01-01 00:00:00

View File

@ -748,9 +748,14 @@ func TestCaldavTOTPBlocksBasicAuth(t *testing.T) {
})
t.Run("Basic auth with caldav token still works when TOTP is enabled", func(t *testing.T) {
// This test ensures CalDAV tokens are NOT affected by the TOTP check.
// It requires a CalDAV token fixture for user1.
// If no CalDAV token fixture exists for user1, skip this test for now.
t.Skip("Requires CalDAV token fixture for user1 — add if needed")
e, _ := setupTestEnv()
c, _ := createRequest(e, http.MethodGet, "", nil, nil)
// testuser10 has TOTP enabled AND a CalDAV token (kind=4) in fixtures.
// "caldavtesttoken" is the plaintext of the bcrypt hash in user_tokens.yml.
// CalDAV token auth should bypass the TOTP check.
result, err := caldav.BasicAuth(c, testuser10.Username, "caldavtesttoken")
require.NoError(t, err)
assert.True(t, result, "BasicAuth with CalDAV token should succeed even when TOTP is enabled")
})
}