Skip to content

test(icaptcha): assert obtain_proof consumes the mocked service#184

Open
beardthelion wants to merge 2 commits into
mainfrom
test/icaptcha-mock-consumed
Open

test(icaptcha): assert obtain_proof consumes the mocked service#184
beardthelion wants to merge 2 commits into
mainfrom
test/icaptcha-mock-consumed

Conversation

@beardthelion

@beardthelion beardthelion commented Jul 11, 2026

Copy link
Copy Markdown
Collaborator

Adds an integration test that runs obtain_proof against a mockito server and asserts both /v1/challenge and /v1/answer are consumed. This proves the iCaptcha client actually calls the service rather than short-circuiting or making a live call: a regression that skipped the network would fail the test, since the mock-consumed assertions go red when the endpoints are not hit.

Adds mockito as a dev-dependency.

Verified: the test is load-bearing (red when the mock is under-consumed or the client points elsewhere, green when the service is consumed), and cargo build --workspace, fmt --check, and clippy -D warnings are clean.

Summary by CodeRabbit

  • Tests
    • Added integration coverage validating that CAPTCHA challenge and answer requests are sent to the configured service.
    • Confirmed mocked endpoints are each consumed exactly once and that the returned proof matches the mocked answer response.
    • Hardened the test to prevent unintended live network calls by forcing non-mock traffic to fail.

Add an integration test that runs obtain_proof against a mockito server and
asserts both /v1/challenge and /v1/answer were consumed, so the flow is proven
to call the service rather than short-circuit or make a live call. Adds mockito
as a dev-dependency.
@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 99e0f800-0b38-45c5-8a3b-c6735de6dff4

📥 Commits

Reviewing files that changed from the base of the PR and between 99f0845 and 8c25af6.

📒 Files selected for processing (1)
  • crates/icaptcha-client/tests/icaptcha_mock_consumed.rs
🚧 Files skipped from review as they are similar to previous changes (1)
  • crates/icaptcha-client/tests/icaptcha_mock_consumed.rs

📝 Walkthrough

Walkthrough

Adds mockito as a development dependency and introduces an integration test verifying that obtain_proof calls mocked challenge and answer endpoints exactly once and returns the expected proof.

Changes

iCaptcha mock coverage

Layer / File(s) Summary
Mocked proof acquisition test
crates/icaptcha-client/Cargo.toml, crates/icaptcha-client/tests/icaptcha_mock_consumed.rs
Adds the mockito test dependency and validates mocked challenge/answer requests, solver integration, returned proof, and endpoint consumption.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description covers the change and verification, but it does not follow the required template sections or include the required checklist details. Add the template sections (Summary, Motivation & context, Kind of change, What changed, How to verify, Notes) and fill them with concise details.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly names the iCaptcha test addition and the mocked-service assertion, matching the main change.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch test/icaptcha-mock-consumed

Comment @coderabbitai help to get the list of available commands.

@beardthelion beardthelion added the kind:test Test coverage or harness label Jul 11, 2026

@jatmn jatmn left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These assertions only verify that the local mock received one request for each route. A regression can make those two requests and also send the challenge, answer, or configured API key to DEFAULT_URL (or another origin), while this test still passes. That leaves the stated guard against unintended live iCaptcha traffic and token exposure untested. Please either constrain the test's HTTP transport so every non-mock destination fails, or narrow the test name/comments and PR claim to endpoint consumption only.

…al (#184)

The mock-consumed assertions only prove the two mock endpoints were hit; they
cannot see a request that also leaks the DID, answer, or API key to DEFAULT_URL
or any other origin, so the test's stated "no live call" guarantee was untested.

Blackhole every non-loopback destination for the flow: NO_PROXY lets the
loopback mock through while ALL_PROXY routes any other host to a closed port, so
the client contacting anything but the injected mock fails the request. Verified
load-bearing: pointing cfg.url at DEFAULT_URL makes obtain_proof fail with a
proxy tunnel error (RED), and the loopback-mock path still passes (GREEN).
@beardthelion

Copy link
Copy Markdown
Collaborator Author

Addressed via your option (a) on 8c25af6. The test now blackholes every non-loopback origin: NO_PROXY lets the loopback mock through, ALL_PROXY routes any other host to a closed port, so the client contacting anything but the injected mock fails the request. Verified load-bearing: pointing cfg.url at DEFAULT_URL makes obtain_proof fail with a proxy tunnel error, and the loopback-mock path still passes.

@beardthelion beardthelion requested a review from jatmn July 13, 2026 21:40

@jatmn jatmn left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found issues that need to be addressed before this is ready.

Findings

  • [P2] Make the non-mock egress block override scheme-specific proxies
    crates/icaptcha-client/tests/icaptcha_mock_consumed.rs:26
    This still does not guarantee the requested no-live-call behavior on a proxied runner. obtain_proof uses reqwest's default system-proxy configuration, and its HTTPS_PROXY/https_proxy (or HTTP equivalents) take precedence over the ALL_PROXY set here. Therefore an environment with a working HTTPS proxy can let a regression additionally send the DID, answer, or API key to DEFAULT_URL while both loopback mock requests are consumed and this test remains green. Override or clear the scheme-specific proxy variables too (restoring the prior environment safely), or enforce the transport policy directly, so the test actually detects that egress.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

kind:test Test coverage or harness

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants