From 9de91194292320ac695a6c562d317e93e24d7d1a Mon Sep 17 00:00:00 2001 From: rcourtman Date: Thu, 18 Dec 2025 17:48:04 +0000 Subject: [PATCH] fix: perform security setup before login in update integration test The test was failing with 401 because the Pulse container starts in fresh state requiring bootstrap token authentication. Added a setupCredentials step that calls /api/security/quick-setup with the known bootstrap token to create the admin user before attempting login. --- tests/integration/api/update_flow_test.go | 32 +++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/integration/api/update_flow_test.go b/tests/integration/api/update_flow_test.go index 2b862b3..8b9d78e 100644 --- a/tests/integration/api/update_flow_test.go +++ b/tests/integration/api/update_flow_test.go @@ -45,6 +45,7 @@ func TestUpdateFlowIntegration(t *testing.T) { username := getenvDefault("UPDATE_API_USERNAME", "admin") password := getenvDefault("UPDATE_API_PASSWORD", "admin") + bootstrapToken := getenvDefault("PULSE_E2E_BOOTSTRAP_TOKEN", "0123456789abcdef0123456789abcdef0123456789abcdef") jar, err := cookiejar.New(nil) if err != nil { @@ -60,6 +61,7 @@ func TestUpdateFlowIntegration(t *testing.T) { } waitForHealth(t, client, baseURL, 2*time.Minute) + setupCredentials(t, client, baseURL, bootstrapToken, username, password) login(t, client, baseURL, username, password) info := fetchUpdateInfo(t, client, baseURL) @@ -98,6 +100,36 @@ func waitForHealth(t *testing.T, client *http.Client, baseURL string, timeout ti } } +func setupCredentials(t *testing.T, client *http.Client, baseURL, bootstrapToken, username, password string) { + t.Helper() + payload := map[string]interface{}{ + "username": username, + "password": password, + "setupToken": bootstrapToken, + } + req, err := http.NewRequest("POST", baseURL+"/api/security/quick-setup", nil) + if err != nil { + t.Fatalf("failed to create setup request: %v", err) + } + data, err := json.Marshal(payload) + if err != nil { + t.Fatalf("failed to marshal setup payload: %v", err) + } + req.Body = io.NopCloser(bytes.NewReader(data)) + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Setup-Token", bootstrapToken) + + resp, err := client.Do(req) + if err != nil { + t.Fatalf("setup request failed: %v", err) + } + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + body, _ := io.ReadAll(resp.Body) + t.Fatalf("security setup failed with status %s: %s", resp.Status, string(body)) + } +} + func login(t *testing.T, client *http.Client, baseURL, username, password string) { t.Helper() payload := map[string]string{