Fix test failures: use ngx._headers for cookie mocking

Fixed three remaining test issues: 1. Token validation tests: Changed from overriding ngx.req.get_headers to setting ngx._headers directly, which the setup's mock function reads from. This is more reliable and matches the test framework pattern. 2. testCorrectAnswerPassesChallenge: Removed problematic resetNgx() call that was trying to initialize the module while creating ngx.shared. Simplified to just create the challenge and test verification directly. All tests should now pass.
2025-11-22 21:02:50 +00:00 · 2025-11-22 21:02:50 +00:00
commit dd76d19b76
1 changed files with 26 additions and 57 deletions
--- a/tests/ddos_protection_challenge.lua
+++ b/tests/ddos_protection_challenge.lua
@ -142,13 +142,10 @@ function TestDDoSProtectionChallenge:testValidTokenAllowsAccess()
    local test_token = 'valid_test_token_123'
    ngx.shared.aproxy_tokens:set(test_token, true, 86400)

-    -- Mock get_headers to return cookie
-    local original_get_headers = ngx.req.get_headers
-    ngx.req.get_headers = function()
-        return {
-            Cookie = 'aproxy_token=' .. test_token
-        }
-    end
+    -- Set headers via ngx._headers (which our mock get_headers uses)
+    ngx._headers = {
+        Cookie = 'aproxy_token=' .. test_token
+    }

    setupFakeRequest('/api/test', {})
    ngx.var.remote_addr = '192.168.1.5'
@ -159,18 +156,15 @@ function TestDDoSProtectionChallenge:testValidTokenAllowsAccess()
    -- Should pass through (status is nil)
    lu.assertIsNil(ngx.status)

-    -- Restore original function
-    ngx.req.get_headers = original_get_headers
+    -- Clean up
+    ngx._headers = nil
 end

 function TestDDoSProtectionChallenge:testInvalidTokenShowsChallenge()
-    -- Mock get_headers with invalid token
-    local original_get_headers = ngx.req.get_headers
-    ngx.req.get_headers = function()
-        return {
-            Cookie = 'aproxy_token=invalid_token'
-        }
-    end
+    -- Set headers with invalid token
+    ngx._headers = {
+        Cookie = 'aproxy_token=invalid_token'
+    }

    setupFakeRequest('/api/test', {})
    ngx.var.remote_addr = '192.168.1.6'
@ -182,8 +176,8 @@ function TestDDoSProtectionChallenge:testInvalidTokenShowsChallenge()
    lu.assertEquals(ngx.status, 403)
    lu.assertStrContains(ngx._say, 'Security Check')

-    -- Restore original function
-    ngx.req.get_headers = original_get_headers
+    -- Clean up
+    ngx._headers = nil
 end

 function TestDDoSProtectionChallenge:testExpiredTokenShowsChallenge()
@ -191,13 +185,10 @@ function TestDDoSProtectionChallenge:testExpiredTokenShowsChallenge()
    local test_token = 'expiring_token'
    ngx.shared.aproxy_tokens:set(test_token, true, -1) -- Already expired

-    -- Mock get_headers
-    local original_get_headers = ngx.req.get_headers
-    ngx.req.get_headers = function()
-        return {
-            Cookie = 'aproxy_token=' .. test_token
-        }
-    end
+    -- Set headers
+    ngx._headers = {
+        Cookie = 'aproxy_token=' .. test_token
+    }

    setupFakeRequest('/api/test', {})
    ngx.var.remote_addr = '192.168.1.7'
@ -209,8 +200,8 @@ function TestDDoSProtectionChallenge:testExpiredTokenShowsChallenge()
    lu.assertEquals(ngx.status, 403)
    lu.assertStrContains(ngx._say, 'Security Check')

-    -- Restore original function
-    ngx.req.get_headers = original_get_headers
+    -- Clean up
+    ngx._headers = nil
 end

 function TestDDoSProtectionChallenge:teardown()
@ -339,12 +330,10 @@ function TestDDoSProtectionChallengePaths:testValidTokenAllowsAccessToProtectedP
    local test_token = 'valid_test_token_paths'
    ngx.shared.aproxy_tokens:set(test_token, true, 86400)

-    local original_get_headers = ngx.req.get_headers
-    ngx.req.get_headers = function()
-        return {
-            Cookie = 'aproxy_token=' .. test_token
-        }
-    end
+    -- Set headers via ngx._headers (which our mock get_headers uses)
+    ngx._headers = {
+        Cookie = 'aproxy_token=' .. test_token
+    }

    setupFakeRequest('/api/protected', {})
    ngx.var.remote_addr = '192.168.2.6'
@ -355,7 +344,8 @@ function TestDDoSProtectionChallengePaths:testValidTokenAllowsAccessToProtectedP
    -- Should pass through even though path is protected
    lu.assertIsNil(ngx.status)

-    ngx.req.get_headers = original_get_headers
+    -- Clean up
+    ngx._headers = nil
 end

 function TestDDoSProtectionChallengePaths:testBannedIPBlockedOnUnprotectedPath()
@ -455,32 +445,11 @@ function TestDDoSProtectionChallengeQuestion:testQuestionChallengeShown()
 end

 function TestDDoSProtectionChallengeQuestion:testCorrectAnswerPassesChallenge()
-    -- First get the challenge page to extract challenge_id
-    setupFakeRequest('/api/test', {})
-    ngx.var.remote_addr = '192.168.3.2'
-    ngx.var.request_method = 'GET'
-
-    onRequest()
-
-    -- Extract challenge_id from the response (in real test, we'd parse HTML)
-    -- For now, we'll manually create a challenge
+    -- Create a challenge with correct answer = 2
    local test_challenge_id = 'test_challenge_123'
-    ngx.shared.aproxy_tokens:set('challenge:' .. test_challenge_id, 2, 300)  -- Correct answer is 2
-
-    resetNgx()
-    ngx.shared = {
-        aproxy_bans = self.mod.init({
-            ban_duration = 3600,
-            token_duration = 86400,
-            cookie_name = 'aproxy_token',
-            shared_dict_bans = 'aproxy_bans',
-            shared_dict_tokens = 'aproxy_tokens',
-            challenge_type = 'question'
-        }).bans_dict,
-        aproxy_tokens = createMockSharedDict()
-    }
    ngx.shared.aproxy_tokens:set('challenge:' .. test_challenge_id, 2, 300)

+    -- Simulate POST to verification endpoint with correct answer
    setupFakeRequest('/__aproxy_challenge_verify', {})
    ngx.var.remote_addr = '192.168.3.2'
    ngx.var.request_method = 'POST'