test(docker): admin save persists across container restart (#7819) (#7821)

* test(docker): admin save persists across container restart (#7819)

The OP reports the symptom on the official Docker image specifically.
Adds two layers of coverage to docker.yml's build-test job, driven from
inside a container started against the same TEST_TAG the existing
test-container step uses:

1. New mocha spec adminSettings_7819.ts under tests/container/specs/api
   — authenticates against /admin, opens the /settings socket, saves an
   augmented JSON with an ep_oauth-shaped top-level block, and asserts
   the next load reply contains the marker. Intentionally leaves the
   marker on disk so the workflow can inspect it.

2. docker.yml now `docker exec test grep`s for the marker after
   test-container, then `docker restart`s the container, waits for the
   health probe, and re-greps. Both checks must pass — the first proves
   the socket-driven save actually touched the file inside the
   container layer; the second proves an in-place restart doesn't reset
   it. A recreate (docker rm + docker run) would wipe the file, but
   that's expected (image layer) and out of scope.

Container is started with `-e ADMIN_PASSWORD=changeme1` so the existing
settings.json.docker provisions the admin user; pad.js doesn't touch
/admin so the existing API specs are unaffected. test-container timeout
bumped 5s → 30s to cover socket connect + save round-trip, and the
mocha discovery extension list now includes `ts` so the new spec is
picked up.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test(docker): authenticate via /admin-auth/ POST, surface auth/load failures fast (#7819)

CI failed on #7821 with a generic 20s mocha timeout because the spec
hit GET /admin/ to grab a session cookie. webaccess.ts only treats
paths starting with /admin-auth as requireAdmin — and the container
runs with REQUIRE_AUTHENTICATION=false (default), so GET /admin/ never
issued a Basic challenge and Set-Cookie was empty. The socket then
connected unauthenticated, adminsettings.ts's connection handler
returned early without binding any listeners, and the load() promise
hung until mocha killed the test with no useful diagnostic.

Switch to POST /admin-auth/ (always-requireAdmin, regardless of
settings.requireAuthentication). Assert a 2xx with at least one
Set-Cookie before proceeding. Add an 8s timeout + meaningful error
message to load() so the "session was not admin" failure mode reports
immediately instead of burning the suite budget.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test(docker): replace splice with hand-built payload (#7819)

Last CI failed because the splice-after-last-} approach landed a comma
between an existing trailing-comma-before-comment and the close brace
of settings.json.docker, producing `, /* … */, "ep_oauth"` — invalid
JSON.

settings.json.docker uses jsonc `/* */` and `//` comments and a
trailing-comma-before-comment-before-close shape that's annoying to
patch from the test side, and the existing isJSONClean has zero
backend coverage so the splice is going through Etherpad's lenient
write path anyway.

Switch to a hand-built minimal-but-viable settings document containing
the ep_oauth block. Three properties hold:
  - We're testing the WRITE path, not the synthesis path. Whatever
    bytes we send, the next `load` must return verbatim.
  - The post-save document must survive `docker restart` (the next
    step in docker.yml) — minimal-but-viable means port/users/dbType
    are present so Etherpad boots back up and HEALTHCHECK passes.
  - The next `load` reply must equal the bytes we saved
    (`reply.results === augmented`) — stronger than `.includes()`.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
John McLear 2026-05-19 17:17:12 +01:00 committed by GitHub
parent 49111f2fc9
commit abda0485d3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 193 additions and 2 deletions

View file

@ -66,7 +66,13 @@ jobs:
name: Test
working-directory: etherpad
run: |
docker run --rm -d -p 9001:9001 --name test ${{ env.TEST_TAG }}
# ADMIN_PASSWORD provisions settings.json.docker's admin user so
# the adminSettings_7819 container spec can authenticate against
# /admin and the /settings socket. pad.js doesn't touch /admin
# so the existing API specs are unaffected.
docker run --rm -d -p 9001:9001 \
-e ADMIN_PASSWORD=changeme1 \
--name test ${{ env.TEST_TAG }}
./bin/installDeps.sh
docker logs -f test &
while true; do
@ -79,6 +85,34 @@ jobs:
esac
done
(cd src && pnpm run test-container)
# Regression for #7819. adminSettings_7819.ts saves a marker via
# the admin /settings socket and intentionally leaves it on
# disk. We assert here that the save actually hit the file
# (mocha only sees the next `load` reply — this catches a
# scenario where the load is served from cache and the file
# never actually changed).
docker exec test grep -q persist-marker-7819 /opt/etherpad-lite/settings.json || {
echo "[#7819] socket-driven save did NOT reach /opt/etherpad-lite/settings.json on disk"
docker exec test cat /opt/etherpad-lite/settings.json | head -50
exit 1
}
# Now prove the on-disk file survives an in-place container
# restart. This is the scenario a docker-compose user with
# `restart: always` hits on every host reboot.
docker restart test >/dev/null
for i in $(seq 1 60); do
status=$(docker container inspect -f '{{.State.Health.Status}}' test 2>/dev/null) || { docker logs test; exit 1; }
case ${status} in
healthy) break;;
starting) sleep 2;;
*) docker logs test; exit 1;;
esac
done
docker exec test grep -q persist-marker-7819 /opt/etherpad-lite/settings.json || {
echo "[#7819 REGRESSION] settings.json was reset on docker restart — ep_oauth block vanished"
docker logs test
exit 1
}
docker rm -f test
git clean -dxf .
-