Appwrite/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite.git synced 2026-05-26 13:51:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix password visibility test

Browse Source
This commit is contained in:
Matej Bačo
2026-04-20 16:57:23 +02:00
parent dfec2b3cb7
commit 8ea69e0321
3 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Appwrite/Utopia/Response/Model/Project.php
+3 -6
View File
@@ -277,15 +277,12 @@ class Project extends Model
'default' => '',
'example' => 'emailuser',
])
/*
We intentionally do not expose SMTP password - it's write-only property.
->addRule('smtpPassword', [
'type' => self::TYPE_STRING,
'description' => 'SMTP server password',
'description' => 'SMTP server password. This property is write-only and always returned empty.',
'default' => '',
'example' => 'securepassword',
'example' => '',
])
*/
->addRule('smtpSecure', [
'type' => self::TYPE_STRING,
'description' => 'SMTP server secure protocol',
@@ -423,7 +420,7 @@ class Project extends Model
$document->setAttribute('smtpHost', $smtp['host'] ?? '');
$document->setAttribute('smtpPort', $smtp['port'] ?? '');
$document->setAttribute('smtpUsername', $smtp['username'] ?? '');
$document->setAttribute('smtpPassword', $smtp['password'] ?? '');
$document->setAttribute('smtpPassword', ''); // Write-only: never expose the stored value
$document->setAttribute('smtpSecure', $smtp['secure'] ?? '');
}
tests/e2e/Services/Project/SMTPBase.php
+12 -2
View File
@@ -88,6 +88,8 @@ trait SMTPBase
senderEmail: 'sender@example.com',
host: 'maildev',
port: 1025,
username: 'user',
password: 'password',
enabled: true,
);
@@ -103,6 +105,8 @@ trait SMTPBase
$this->assertArrayHasKey('smtpPort', $response['body']);
$this->assertArrayHasKey('smtpUsername', $response['body']);
$this->assertArrayHasKey('smtpPassword', $response['body']);
// smtpPassword is write-only: the stored password must never leak in responses
$this->assertSame('', $response['body']['smtpPassword']);
$this->assertArrayHasKey('smtpSecure', $response['body']);
// Cleanup
@@ -219,6 +223,8 @@ trait SMTPBase
senderEmail: 'sender@example.com',
host: 'maildev',
port: 1025,
username: 'user',
password: 'password',
);
$this->assertSame(200, $response['headers']['status-code']);
@@ -233,6 +239,8 @@ trait SMTPBase
$this->assertArrayHasKey('smtpPort', $response['body']);
$this->assertArrayHasKey('smtpUsername', $response['body']);
$this->assertArrayHasKey('smtpPassword', $response['body']);
// smtpPassword is write-only: the stored password must never leak in responses
$this->assertSame('', $response['body']['smtpPassword']);
$this->assertArrayHasKey('smtpSecure', $response['body']);
// Cleanup
@@ -455,7 +463,8 @@ trait SMTPBase
);
$this->assertSame(200, $response['headers']['status-code']);
$this->assertSame('p', $response['body']['smtpPassword']);
// smtpPassword is write-only: the accepted password must not be echoed back
$this->assertSame('', $response['body']['smtpPassword']);
// Cleanup
$this->updateSMTP(enabled: false);
@@ -473,7 +482,8 @@ trait SMTPBase
);
$this->assertSame(200, $response['headers']['status-code']);
$this->assertSame($password, $response['body']['smtpPassword']);
// smtpPassword is write-only: the accepted password must not be echoed back
$this->assertSame('', $response['body']['smtpPassword']);
// Cleanup
$this->updateSMTP(enabled: false);
tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
+4 -2
View File
@@ -971,7 +971,8 @@ class ProjectsConsoleClientTest extends Scope
$this->assertEquals($smtpHost, $response['body']['smtpHost']);
$this->assertEquals($smtpPort, $response['body']['smtpPort']);
$this->assertEquals($smtpUsername, $response['body']['smtpUsername']);
$this->assertEquals($smtpPassword, $response['body']['smtpPassword']);
// smtpPassword is write-only: the stored password must never leak in responses
$this->assertEquals('', $response['body']['smtpPassword']);
$this->assertEquals('', $response['body']['smtpSecure']);
// Check the project
@@ -987,7 +988,8 @@ class ProjectsConsoleClientTest extends Scope
$this->assertEquals($smtpHost, $response['body']['smtpHost']);
$this->assertEquals($smtpPort, $response['body']['smtpPort']);
$this->assertEquals($smtpUsername, $response['body']['smtpUsername']);
$this->assertEquals($smtpPassword, $response['body']['smtpPassword']);
// smtpPassword is write-only: the stored password must never leak in responses
$this->assertEquals('', $response['body']['smtpPassword']);
$this->assertEquals('', $response['body']['smtpSecure']);
/**