(ctx context.Context, t *testing.T, db database.Store, c dbcrypt.Cipher, userID uuid.UUID)
| 300 | } |
| 301 | |
| 302 | func requireEncryptedWithCipher(ctx context.Context, t *testing.T, db database.Store, c dbcrypt.Cipher, userID uuid.UUID) { |
| 303 | t.Helper() |
| 304 | userLinks, err := db.GetUserLinksByUserID(ctx, userID) |
| 305 | require.NoError(t, err, "failed to get user links for user %s", userID) |
| 306 | for _, ul := range userLinks { |
| 307 | requireEncryptedEquals(t, c, "access-"+userID.String(), ul.OAuthAccessToken) |
| 308 | requireEncryptedEquals(t, c, "refresh-"+userID.String(), ul.OAuthRefreshToken) |
| 309 | require.Equal(t, c.HexDigest(), ul.OAuthAccessTokenKeyID.String) |
| 310 | require.Equal(t, c.HexDigest(), ul.OAuthRefreshTokenKeyID.String) |
| 311 | } |
| 312 | gitAuthLinks, err := db.GetExternalAuthLinksByUserID(ctx, userID) |
| 313 | require.NoError(t, err, "failed to get git auth links for user %s", userID) |
| 314 | for _, gal := range gitAuthLinks { |
| 315 | requireEncryptedEquals(t, c, "access-"+userID.String(), gal.OAuthAccessToken) |
| 316 | requireEncryptedEquals(t, c, "refresh-"+userID.String(), gal.OAuthRefreshToken) |
| 317 | require.Equal(t, c.HexDigest(), gal.OAuthAccessTokenKeyID.String) |
| 318 | require.Equal(t, c.HexDigest(), gal.OAuthRefreshTokenKeyID.String) |
| 319 | } |
| 320 | |
| 321 | userSecrets, err := db.ListUserSecretsWithValues(ctx, userID) |
| 322 | require.NoError(t, err, "failed to get user secrets for user %s", userID) |
| 323 | for _, s := range userSecrets { |
| 324 | requireEncryptedEquals(t, c, "value-"+userID.String(), s.Value) |
| 325 | require.Equal(t, c.HexDigest(), s.ValueKeyID.String) |
| 326 | } |
| 327 | |
| 328 | providers, err := db.GetAIProviders(ctx, database.GetAIProvidersParams{ |
| 329 | IncludeDeleted: true, |
| 330 | IncludeDisabled: true, |
| 331 | }) |
| 332 | require.NoError(t, err, "failed to get ai providers") |
| 333 | providerName := "ai-provider-" + userID.String() |
| 334 | var provider database.AIProvider |
| 335 | for _, p := range providers { |
| 336 | if p.Name == providerName { |
| 337 | provider = p |
| 338 | break |
| 339 | } |
| 340 | } |
| 341 | require.NotEqual(t, uuid.Nil, provider.ID, "expected ai provider for user %s", userID) |
| 342 | require.True(t, provider.Settings.Valid) |
| 343 | requireEncryptedEquals(t, c, "settings-"+userID.String(), provider.Settings.String) |
| 344 | require.Equal(t, c.HexDigest(), provider.SettingsKeyID.String) |
| 345 | |
| 346 | providerKeys, err := db.GetAIProviderKeysByProviderID(ctx, provider.ID) |
| 347 | require.NoError(t, err, "failed to get ai provider keys for provider %s", provider.ID) |
| 348 | require.Len(t, providerKeys, 1) |
| 349 | requireEncryptedEquals(t, c, "provider-key-"+userID.String(), providerKeys[0].APIKey) |
| 350 | require.Equal(t, c.HexDigest(), providerKeys[0].ApiKeyKeyID.String) |
| 351 | |
| 352 | userAIProviderKeys, err := db.GetUserAIProviderKeysByUserID(ctx, userID) |
| 353 | require.NoError(t, err, "failed to get user ai provider keys for user %s", userID) |
| 354 | require.Len(t, userAIProviderKeys, 1) |
| 355 | requireEncryptedEquals(t, c, "user-ai-provider-key-"+userID.String(), userAIProviderKeys[0].APIKey) |
| 356 | require.Equal(t, c.HexDigest(), userAIProviderKeys[0].ApiKeyKeyID.String) |
| 357 | } |
| 358 | |
| 359 | // TestServerAIProviderKeysEncryptedWithDBCrypt starts a real enterprise server |
no test coverage detected