fix(blocklist): validate _v6_auth session JSON, add auth-failure test

2026-05-15 21:03:03 -07:00 · 2026-05-15 21:03:03 -07:00 · 7d213b8aca
commit 7d213b8aca
parent d797a38871
2 changed files with 16 additions and 1 deletions
--- a/app/services/pihole.py
+++ b/app/services/pihole.py
@ -64,7 +64,12 @@ class PiholeClient:
        with httpx.Client(timeout=10) as c:
            r = c.post(f"{self.url}/api/auth", json={"password": self.api_key})
            r.raise_for_status()
-        return r.json()["session"]["sid"]
+            data = r.json()
+        sid = data.get("session", {}).get("sid")
+        if not sid:
+            msg = data.get("session", {}).get("message", "no sid returned")
+            raise ValueError(f"Pi-hole v6 auth failed: {msg}")
+        return sid

    def _v6_post_domain(self, sid: str, domain: str, comment: str) -> None:
        body = [{"domain": domain, "comment": comment, "enabled": True}]
--- a/tests/test_service_pihole.py
+++ b/tests/test_service_pihole.py
@ -78,3 +78,13 @@ class TestV6Client:
            client.block("samsungads.com")
            _, _, comment = mock_post.call_args.args
            assert comment == "Turnstone block"
+
+    def test_auth_raises_on_invalid_session(self):
+        client = self._client()
+        invalid_resp = {"session": {"valid": False, "message": "wrong password"}}
+        with patch("httpx.Client") as mock_cls:
+            mock_c = mock_cls.return_value.__enter__.return_value
+            mock_c.post.return_value.raise_for_status.return_value = None
+            mock_c.post.return_value.json.return_value = invalid_resp
+            with pytest.raises(ValueError, match="Pi-hole v6 auth failed"):
+                client._v6_auth()