arcodange/dance-lessons-coach
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

🧪 test(bdd): admin metadata endpoint security property — no secret leak

Browse Source 
Activates a new @critical @admin-introspection scenario in
features/jwt/jwt_secret_retention.feature that exercises the GET
/api/v1/admin/jwt/secrets endpoint added in PR #51.

The scenario asserts the SECURITY-CRITICAL property: the metadata
endpoint exposes structure (count + per-secret is_primary, age,
fingerprint) WITHOUT leaking secret values. If a future change
accidentally adds the secret value to the response, this test fails
loud:
  SECURITY: response leaked the secret value "test-secret-do-not-leak..."

Specifically, the BDD asserts:
- After adding a secondary secret with a known value, GET returns 200
- The response contains 2 secrets in count
- The response does NOT contain the secret value anywhere
- Every entry has a non-empty SHA-256 fingerprint

4 new step definitions added to pkg/bdd/steps/jwt_retention_steps.go:
- iAddASecondaryJWTSecretNamed (parameterised by secret value)
- iRequestTheJWTSecretsMetadataEndpoint
- theMetadataShouldContainNSecrets
- theMetadataShouldNotContainTheSecretValue (the security check)
- everySecretInTheMetadataShouldHaveASHA256Fingerprint

Tests:
- Scenario passes via @admin-introspection tag filter.
- Full BDD suite (auth/config/greet/health/info/jwt) green.

The pre-existing @todo scenarios (Multiple secrets with different ages,
Cleanup frequency configuration, etc.) remain @todo — they require
arbitrary timestamp setup or manual cleanup triggers that aren't
exposed via API, by design. Documented as future test-infrastructure
work.
This commit is contained in:
Gabriel Radureau
2026-05-05 09:55:52 +02:00
parent f71495b6fc
commit 418aaeaf95
3 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
features/jwt/jwt_secret_retention.feature
View File

@@ -40,6 +40,16 @@ Feature: JWT Secret Retention Policy
Then the primary secret should not be removed
And the primary secret should remain active
@critical @admin-introspection
Scenario: Admin metadata endpoint exposes structure without leaking secret values
Given a primary JWT secret exists
And I add a secondary JWT secret "test-secret-do-not-leak-please-12345"
When I request the JWT secrets metadata endpoint
Then the status code should be 200
And the metadata should contain 2 secrets
And the metadata should NOT contain the secret value "test-secret-do-not-leak-please-12345"
And every secret in the metadata should have a SHA-256 fingerprint
@todo
Scenario: Multiple secrets with different ages
Given I have 3 JWT secrets of different ages