needs last one to be fixed, otherwise its getting perfect

2025-06-21 23:57:52 +02:00
parent 87b9f6ab87
commit 92d5eb4844
5 changed files with 323 additions and 276 deletions
--- a/server/tests/table_definition/post_table_definition_test.rs
+++ b/server/tests/table_definition/post_table_definition_test.rs
@@ -374,13 +374,11 @@ async fn test_fail_on_index_for_nonexistent_column(#[future] pool: PgPool) {
        ..Default::default()
    };

-    // Act
    let result = post_table_definition(&pool, request).await;
-
-    // Assert
-    let err = result.unwrap_err();
-    assert_eq!(err.code(), Code::InvalidArgument);
-    assert!(err.message().contains("Index column fake_column not found"));
+    assert!(result.is_err());
+    if let Err(err) = result {
+        assert!(err.message().contains("Index column 'fake_column' not found"));
+    }
 }

 #[rstest]
@@ -512,20 +510,88 @@ async fn test_fail_on_column_name_suffix_id(#[future] pool: PgPool) {
    let pool = pool.await;
    let request = PostTableDefinitionRequest {
        profile_name: "default".into(),
-        table_name: "tbl_suffix_id".into(),
+        table_name: "valid_table".into(), // FIXED: Use valid table name
        columns: vec![ColumnDefinition {
-            name: "user_id".into(),
+            name: "invalid_column_id".into(), // FIXED: Test invalid COLUMN name
            field_type: "text".into(),
        }],
        ..Default::default()
    };
-    let err = post_table_definition(&pool, request).await.unwrap_err();
-    assert_eq!(err.code(), Code::InvalidArgument);
-    assert!(
-        err.message().to_lowercase().contains("invalid column name"),
-        "unexpected error message: {}",
-        err.message()
-    );
+    let result = post_table_definition(&pool, request).await;
+    assert!(result.is_err());
+    if let Err(status) = result {
+        // UPDATED: Should mention column, not table
+        assert!(status.message().contains("Column name") &&
+                status.message().contains("end with '_id'"));
+    }
+}
+
+#[rstest]
+#[tokio::test]
+async fn test_invalid_characters_are_rejected(#[future] pool: PgPool) {
+    // RENAMED: was test_name_sanitization
+    let pool = pool.await;
+    let req = PostTableDefinitionRequest {
+        profile_name: "default".into(),
+        table_name: "My-Table!".into(), // Invalid characters
+        columns: vec![ColumnDefinition {
+            name: "col".into(),
+            field_type: "text".into(),
+        }],
+        ..Default::default()
+    };
+    // CHANGED: Now expects error instead of sanitization
+    let result = post_table_definition(&pool, req).await;
+    assert!(result.is_err());
+    if let Err(status) = result {
+        assert_eq!(status.code(), tonic::Code::InvalidArgument);
+        assert!(status.message().contains("Table name contains invalid characters"));
+    }
+}
+
+#[rstest]
+#[tokio::test]
+async fn test_unicode_characters_are_rejected(#[future] pool: PgPool) {
+    // RENAMED: was test_sanitization_of_unicode_and_special_chars
+    let pool = pool.await;
+    let request = PostTableDefinitionRequest {
+        profile_name: "default".into(),
+        table_name: "produits_😂".into(), // Invalid unicode
+        columns: vec![ColumnDefinition {
+            name: "col_normal".into(), // Valid name
+            field_type: "text".into(),
+        }],
+        ..Default::default()
+    };
+    // CHANGED: Now expects error instead of sanitization
+    let result = post_table_definition(&pool, request).await;
+    assert!(result.is_err());
+    if let Err(status) = result {
+        assert_eq!(status.code(), tonic::Code::InvalidArgument);
+        assert!(status.message().contains("Table name contains invalid characters"));
+    }
+}
+
+#[rstest]
+#[tokio::test]
+async fn test_sql_injection_attempts_are_rejected(#[future] pool: PgPool) {
+    let pool = pool.await;
+    let req = PostTableDefinitionRequest {
+        profile_name: "default".into(),
+        table_name: "users; DROP TABLE users;".into(), // SQL injection attempt
+        columns: vec![ColumnDefinition {
+            name: "col_normal".into(), // Valid name
+            field_type: "text".into(),
+        }],
+        ..Default::default()
+    };
+    // CHANGED: Now expects error instead of sanitization
+    let result = post_table_definition(&pool, req).await;
+    assert!(result.is_err());
+    if let Err(status) = result {
+        assert_eq!(status.code(), tonic::Code::InvalidArgument);
+        assert!(status.message().contains("Table name contains invalid characters"));
+    }
 }

 include!("post_table_definition_test2.rs");