850c37bedd
Prevent null CA certificate access during database SSL certificate regeneration across KeyDB, MariaDB, MongoDB, MySQL, PostgreSQL, and Redis components. If no CA certificate exists, attempt to generate one and re-query; if still missing, dispatch a clear error and stop regeneration gracefully. Add `SslCertificateRegenerationTest` coverage for missing-CA and CA-query scenarios to prevent regressions.
82 lines
2.7 KiB
PHP
82 lines
2.7 KiB
PHP
<?php
|
|
|
|
use App\Models\Server;
|
|
use App\Models\SslCertificate;
|
|
use App\Models\Team;
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
beforeEach(function () {
|
|
$this->team = Team::factory()->create();
|
|
$this->user = User::factory()->create();
|
|
$this->team->members()->attach($this->user->id, ['role' => 'owner']);
|
|
$this->actingAs($this->user);
|
|
session(['currentTeam' => $this->team]);
|
|
|
|
$this->server = Server::factory()->create(['team_id' => $this->team->id]);
|
|
});
|
|
|
|
test('server with no CA certificate returns null from sslCertificates query', function () {
|
|
$caCert = $this->server->sslCertificates()
|
|
->where('is_ca_certificate', true)
|
|
->first();
|
|
|
|
expect($caCert)->toBeNull();
|
|
});
|
|
|
|
test('accessing property on null CA cert throws an error', function () {
|
|
// This test verifies the exact scenario that caused the 500 error:
|
|
// querying for a CA cert on a server that has none, then trying to access properties
|
|
$caCert = $this->server->sslCertificates()
|
|
->where('is_ca_certificate', true)
|
|
->first();
|
|
|
|
expect($caCert)->toBeNull();
|
|
|
|
// Without the fix, the code would do:
|
|
// caCert: $caCert->ssl_certificate <-- 500 error
|
|
expect(fn () => $caCert->ssl_certificate)
|
|
->toThrow(ErrorException::class);
|
|
});
|
|
|
|
test('CA certificate can be retrieved when it exists on the server', function () {
|
|
// Create a CA certificate directly (simulating what generateCaCertificate does)
|
|
SslCertificate::create([
|
|
'server_id' => $this->server->id,
|
|
'is_ca_certificate' => true,
|
|
'ssl_certificate' => 'test-ca-cert',
|
|
'ssl_private_key' => 'test-ca-key',
|
|
'common_name' => 'Coolify CA Certificate',
|
|
'valid_until' => now()->addYears(10),
|
|
]);
|
|
|
|
$caCert = $this->server->sslCertificates()
|
|
->where('is_ca_certificate', true)
|
|
->first();
|
|
|
|
expect($caCert)->not->toBeNull()
|
|
->and($caCert->is_ca_certificate)->toBeTruthy()
|
|
->and($caCert->ssl_certificate)->toBe('test-ca-cert')
|
|
->and($caCert->ssl_private_key)->toBe('test-ca-key');
|
|
});
|
|
|
|
test('non-CA certificate is not returned when querying for CA certificate', function () {
|
|
// Create only a regular (non-CA) certificate
|
|
SslCertificate::create([
|
|
'server_id' => $this->server->id,
|
|
'is_ca_certificate' => false,
|
|
'ssl_certificate' => 'test-cert',
|
|
'ssl_private_key' => 'test-key',
|
|
'common_name' => 'test-db-uuid',
|
|
'valid_until' => now()->addYear(),
|
|
]);
|
|
|
|
$caCert = $this->server->sslCertificates()
|
|
->where('is_ca_certificate', true)
|
|
->first();
|
|
|
|
// The CA cert query should return null since only a regular cert exists
|
|
expect($caCert)->toBeNull();
|
|
});
|