From 78bd0821f989d36b8d7e885d117a0afba3e1fa63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodolphe=20Br=C3=A9ard?= <v.code.ngyvz7vf@what.tf>
Date: Tue, 24 Dec 2024 17:10:57 +0100
Subject: [PATCH] Check if groups have valid hook names

---
 src/config.rs                          | 22 ++++++++++++++++++----
 tests/config/hook_404/hook.toml        |  6 ++++++
 tests/config/override/00_initial.toml  |  4 ++++
 tests/config/override/01_override.toml |  3 +++
 4 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 tests/config/hook_404/hook.toml

diff --git a/src/config.rs b/src/config.rs
index 24c6994..dbd282b 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -54,10 +54,15 @@ impl<'de> Deserialize<'de> for AcmedConfig {
 				return Err(de::Error::custom(format!("{key}: invalid hook name")));
 			}
 		}
-		for key in unchecked.group.keys() {
+		for (key, hook_lst) in &unchecked.group {
 			if key.starts_with(crate::INTERNAL_HOOK_PREFIX) {
 				return Err(de::Error::custom(format!("{key}: invalid group name")));
 			}
+			for hook_name in hook_lst {
+				if !unchecked.hook.contains_key(hook_name) {
+					return Err(de::Error::custom(format!("{hook_name}: hook not found")));
+				}
+			}
 		}
 		Ok(unchecked)
 	}
@@ -194,7 +199,6 @@ mod tests {
 		);
 		assert!(cfg.rate_limit.is_empty());
 		assert_eq!(cfg.endpoint.len(), 2);
-		println!("Debug: cfg.endpoint: {:?}", cfg.endpoint);
 		let ac1 = cfg.endpoint.get("test ac 1").unwrap();
 		assert_eq!(ac1.url, "https://acme-v02.ac1.example.org/directory");
 		assert_eq!(ac1.tos_agreed, true);
@@ -205,8 +209,12 @@ mod tests {
 		assert_eq!(ac2.tos_agreed, false);
 		assert_eq!(ac2.random_early_renew, Some(Duration::from_secs(10)));
 		assert_eq!(ac2.root_certificates, vec![PathBuf::from("test.pem")]);
-		assert!(cfg.hook.is_empty());
-		assert!(cfg.group.is_empty());
+		assert_eq!(cfg.hook.len(), 1);
+		let h = cfg.hook.get("test-hook").unwrap();
+		assert_eq!(h.cmd, "cat");
+		assert_eq!(cfg.group.len(), 1);
+		let g = cfg.group.get("test-grp").unwrap();
+		assert_eq!(*g, vec!["test-hook".to_string()]);
 		assert_eq!(cfg.account.len(), 1);
 		let account = cfg.account.get("example").unwrap();
 		assert_eq!(account.contacts.len(), 1);
@@ -254,4 +262,10 @@ internal-grp = ["internaltest"]
 		let res = load_str::<AcmedConfig>(cfg);
 		assert!(res.is_ok());
 	}
+
+	#[test]
+	fn hook_404() {
+		let res = load("tests/config/hook_404");
+		assert!(res.is_err());
+	}
 }
diff --git a/tests/config/hook_404/hook.toml b/tests/config/hook_404/hook.toml
new file mode 100644
index 0000000..1ec41ad
--- /dev/null
+++ b/tests/config/hook_404/hook.toml
@@ -0,0 +1,6 @@
+[hook."test-hook"]
+cmd = "cat"
+type = ["file-post-edit"]
+
+[group]
+test-grp = ["test-hook", "invalid-name"]
diff --git a/tests/config/override/00_initial.toml b/tests/config/override/00_initial.toml
index 33eea64..df57bb4 100644
--- a/tests/config/override/00_initial.toml
+++ b/tests/config/override/00_initial.toml
@@ -13,3 +13,7 @@ url = "https://acme-v02.ac2.example.org/directory"
 contacts = [
     { mailto = "acme@example.org" },
 ]
+
+[hook."test-hook"]
+cmd = "cat"
+type = ["file-post-edit"]
diff --git a/tests/config/override/01_override.toml b/tests/config/override/01_override.toml
index 4f3aaf1..1e5731f 100644
--- a/tests/config/override/01_override.toml
+++ b/tests/config/override/01_override.toml
@@ -6,3 +6,6 @@ endpoint."test AC 1".tos_agreed = true
 
 [endpoint."test AC 2"]
 root_certificates = ["test.pem"]
+
+[group]
+test-grp = ["test-hook"]