From 1f2aef776ccdd0ac1405fc8bcbb47084091d42eb Mon Sep 17 00:00:00 2001 From: kolaente Date: Fri, 20 Mar 2026 11:34:29 +0100 Subject: [PATCH] test: verify CalDAV token auth bypasses TOTP check Add a CalDAV token fixture (kind=4) for user10 who has TOTP enabled, and implement the previously-skipped test proving token-based auth still works when TOTP is active. --- pkg/db/fixtures/user_tokens.yml | 6 ++++++ pkg/webtests/caldav_test.go | 13 +++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/pkg/db/fixtures/user_tokens.yml b/pkg/db/fixtures/user_tokens.yml index 1ef299e80..63362c632 100644 --- a/pkg/db/fixtures/user_tokens.yml +++ b/pkg/db/fixtures/user_tokens.yml @@ -28,3 +28,9 @@ token: 'disableduserpasswordresettoken' kind: 1 created: 2024-01-01 00:00:00 +- + id: 6 + user_id: 10 + token: '$2a$04$DT./vBYVmwfc8KlWOyLmNOF4KJLahG31L1eSzg45RRZKPhfjojSDa' + kind: 4 + created: 2024-01-01 00:00:00 diff --git a/pkg/webtests/caldav_test.go b/pkg/webtests/caldav_test.go index 2a3a641b9..6e0484f37 100644 --- a/pkg/webtests/caldav_test.go +++ b/pkg/webtests/caldav_test.go @@ -748,9 +748,14 @@ func TestCaldavTOTPBlocksBasicAuth(t *testing.T) { }) t.Run("Basic auth with caldav token still works when TOTP is enabled", func(t *testing.T) { - // This test ensures CalDAV tokens are NOT affected by the TOTP check. - // It requires a CalDAV token fixture for user1. - // If no CalDAV token fixture exists for user1, skip this test for now. - t.Skip("Requires CalDAV token fixture for user1 — add if needed") + e, _ := setupTestEnv() + c, _ := createRequest(e, http.MethodGet, "", nil, nil) + + // testuser10 has TOTP enabled AND a CalDAV token (kind=4) in fixtures. + // "caldavtesttoken" is the plaintext of the bcrypt hash in user_tokens.yml. + // CalDAV token auth should bypass the TOTP check. + result, err := caldav.BasicAuth(c, testuser10.Username, "caldavtesttoken") + require.NoError(t, err) + assert.True(t, result, "BasicAuth with CalDAV token should succeed even when TOTP is enabled") }) }