- Deleted redundant unit test file tests/unit/dashboard.test.js
- Enabled skipped frontend DOM state and API tests in tests/frontend/state.test.js
- Fixed Supertest client socket abort exception in SSE stream integration tests using new graceful testClose parameter
- Consolidated duplicate helpers in server/routes/history.js and server/utils/arrRetrievers.js to unified services TagMatcher and DownloadAssembler
- Added comprehensive unit tests for loadSecrets.js, PollingSonarrRetriever.js, PollingRadarrRetriever.js, and ombiHelpers.js
- Achieved a 100% Vitest pass rate (834/834 tests) with robust code coverage
- Add requireAuth to GET /api/webhook/config to enforce authentication
- Add SOFARR_BASE_URL and SOFARR_WEBHOOK_SECRET validation to POST /api/ombi/webhook/enable and /test
- Return 400 with descriptive errors when webhook config is missing on Ombi routes
- Clean up test environment in webhook.test.js afterEach
- Add regression tests for all new validation logic
- Update CHANGELOG.md with security fixes
The Ombi API returns requestedUser as an OmbiUser object instead of a string.
Add extractRequestedUser helper to extract username from various fields
(alias, userAlias, userName, normalizedUserName) with fallback to legacy string format.
Update client and server routes to use the helper for consistent username extraction.
This commit addresses code review findings and completes the test coverage
plan for the new Ombi webhook functionality introduced in recent commits.
Changes:
- Removed obsolete tests for getOmbiLink and getOmbiSearchLink functions
(replaced by getOmbiDetailsLink in commit "Fix: Generate Ombi links directly
from TMDB ID")
- Simplified DownloadMatcher.addOmbiMatching tests to match new synchronous
implementation (no longer makes API calls, generates links from TMDB IDs)
- Added comprehensive integration tests for Ombi webhook endpoints:
* GET /api/ombi/webhook/status (6 tests)
* POST /api/ombi/webhook/enable (4 tests)
* POST /api/ombi/webhook/test (3 tests)
- Added frontend state object tests for Ombi fields (7 tests)
- Added skipped SSE endpoint tests with documentation (2 tests)
- Added skipped frontend API/UI tests with documentation (5 tests)
Code review fixes:
- Fixed variable shadowing in ombi.test.js (reused outer scope variable)
- Removed redundant network error test (duplicate of previous test)
- Updated outdated documentation comment for skipped tests
Test results: 764 passing, 15 skipped, 34 test files
Skipped tests are documented with clear justifications:
- SSE endpoint: requires EventSource or manual SSE handling
- Frontend API functions: require complex mocking, covered by integration tests
- Frontend UI functions: tightly coupled to DOM, better suited for E2E testing
- GET /api/ombi/requests: requires complex arrRetrieverRegistry mocking
Generated with [Devin](https://cli.devin.ai/docs)
Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
gronod