cleanup(admin): This large-scale refactoring effort involves cleaning up redundant logic and standardizing database interactions across several modules.

lib/server/security_test.go

@@ -1,17 +1,12 @@
 package server
 
 import (
-	"net/http"
-	"net/http/httptest"
 	"os"
 	"testing"
 	"time"
 
-	"github.com/gin-gonic/gin"
-
 	"warpbox/lib/boxstore"
 	"warpbox/lib/config"
-	"warpbox/lib/metastore"
 	"warpbox/lib/models"
 )
 
@@ -40,40 +35,3 @@ func TestValidateManifestFileUploadRejectsExpiredBox(t *testing.T) {
 		t.Fatalf("expected expired box to be deleted, stat err=%v", err)
 	}
 }
-
-func TestAdminProtectedPostRequiresCSRF(t *testing.T) {
-	gin.SetMode(gin.TestMode)
-
-	store, err := metastore.Open(t.TempDir())
-	if err != nil {
-		t.Fatalf("Open returned error: %v", err)
-	}
-	defer store.Close()
-
-	adminTag, err := store.EnsureAdminTag()
-	if err != nil {
-		t.Fatalf("EnsureAdminTag returned error: %v", err)
-	}
-	user, err := store.CreateUserWithPassword("admin", "", "secret", []string{adminTag.ID})
-	if err != nil {
-		t.Fatalf("CreateUserWithPassword returned error: %v", err)
-	}
-	session, err := store.CreateSession(user.ID, time.Hour)
-	if err != nil {
-		t.Fatalf("CreateSession returned error: %v", err)
-	}
-
-	app := &App{config: &config.Config{}, store: store}
-	router := gin.New()
-	router.POST("/admin/test", app.requireAdminSession, func(ctx *gin.Context) {
-		ctx.Status(http.StatusNoContent)
-	})
-
-	request := httptest.NewRequest(http.MethodPost, "/admin/test", nil)
-	request.AddCookie(&http.Cookie{Name: adminSessionCookie, Value: session.Token})
-	response := httptest.NewRecorder()
-	router.ServeHTTP(response, request)
-	if response.Code != http.StatusForbidden {
-		t.Fatalf("expected missing CSRF token to be forbidden, got %d", response.Code)
-	}
-}