* fix: Return 200 OK with empty array for HIBP breach endpoint when no breaches found
Changes the HIBP breach check endpoint to return HTTP 200 OK with an empty
JSON array `[]` instead of 404 Not Found when no breaches are found. This
follows proper REST API semantics where 404 should indicate the endpoint
doesn't exist, not that a query returned no results.
Changes:
- src/Api/Dirt/Controllers/HibpController.cs: Lines 67-71
- Changed: return new NotFoundResult(); → return Content("[]", "application/json");
Backward Compatible:
- Clients handle both 200 with [] (new) and 404 (old)
- No breaking changes
- Safe to deploy independently
API Response Changes:
- Before: GET /api/hibp/breach?username=safe@example.com → 404 Not Found
- After: GET /api/hibp/breach?username=safe@example.com → 200 OK, Body: []
Impact:
- No user-facing changes
- Correct REST semantics
- Industry-standard API response pattern
* Address PR feedback: enhance comment and add comprehensive unit tests
Addresses feedback from PR #6661:
1. Enhanced comment per @prograhamming's feedback (lines 69-71):
- Added date stamp (12/1/2025)
- Explained HIBP API behavior: returns 404 when no breaches found
- Clarified HIBP API specification about 404 meaning
- Maintained REST semantics justification
2. Created comprehensive unit tests per Claude bot's Finding 1:
- New file: test/Api.Test/Dirt/HibpControllerTests.cs
- 9 test cases covering all critical scenarios:
* Missing API key validation
* No breaches found (404 → 200 with []) - KEY TEST FOR PR CHANGE
* Breaches found (200 with data)
* Rate limiting with retry logic
* Server error handling (500, 400)
* URL encoding of special characters
* Required headers validation
* Self-hosted vs cloud User-Agent differences
Test Coverage:
- Before: 0% coverage for HibpController
- After: ~90% coverage (all public methods and major paths)
- Uses xUnit, NSubstitute, BitAutoData patterns
- Matches existing Dirt controller test conventions
Changes:
- src/Api/Dirt/Controllers/HibpController.cs: Enhanced comment (+3 lines)
- test/Api.Test/Dirt/HibpControllerTests.cs: New test file (327 lines, 9 tests)
Addresses:
- @prograhamming's comment about enhancing the code comment
- Claude bot's Finding 1: Missing unit tests for HibpController
Related: PM-6979
* fix test/formating errors
* PM-23754 initial commit
* pm-23754 fixing controller tests
* pm-23754 adding commands and queries
* pm-23754 adding endpoints, command/queries, repositories, and sql migrations
* pm-23754 add new sql scripts
* PM-23754 adding sql scripts
* pm-23754
* PM-23754 fixing migration script
* PM-23754 fixing migration script again
* PM-23754 fixing migration script validation
* PM-23754 fixing db validation script issue
* PM-23754 fixing endpoint and db validation
* PM-23754 fixing unit tests
* PM-23754 fixing implementation based on comments and tests
* PM-23754 updating logging statements
* PM-23754 making changes based on PR comments.
* updating migration scripts
* removing old migration files
* update code based testing for whole data object for OrganizationReport and add a stored procedure.
* updating services, unit tests, repository tests
* fixing unit tests
* fixing migration script
* fixing migration script again
* fixing migration script
* another fix
* fixing sql file, updating controller to account for different orgIds in the url and body.
* updating error message in controllers without a body
* making a change to the command
* Refactor ReportsController by removing organization reports
The IDropOrganizationReportCommand is no longer needed
* will code based on PR comments.
* fixing unit test
* fixing migration script based on last changes.
* adding another check in endpoint and adding unit tests
* fixing route parameter.
* PM-23754 updating data fields to return just the column
* PM-23754 fixing repository method signatures
* PM-23754 making change to orgId parameter through out code to align with api naming
---------
Co-authored-by: Tom <144813356+ttalty@users.noreply.github.com>
* PM-20574 fixing namespaces on reporting work that got moved over from tools
* PM-20574 adding tables, stored procedures, and migration files
* PM-20574 adding dapper and ef repos and migrations
* PM-20574 changing table and repo names as requested
* PM-20574 updating sql scripts to new names
* PM-20574 updating sql scripts
* PM-20574 updating migration script for org delete by id
* PM-20574 adding mysql migration
* PM-20574 updating sql migration to fix database test
* PM-20574 fixing migration script
* PM-20574 fixing migration script
* PM-20574 fixing table scripts
* PM-20574 fixing table scripts
* PM-20574 fixing migration script formatting
* PM-20574 fixing syntax in migration script
* PM-20574 fixing file names and extensions
* PM-20574 fixing sql file
* PM-20574 fixing sql
* PM-20574 fixing directory for entities and removing scripts from other databases
* PM-20574 generating new migration scripts
* PM-20574 fixed reference to a stored proc
* PM-20574 adding index in scripts and missing table
* PM-20574 fixing merge conflicts
* PM-20574 set OUTPUT param for Id property in create and update proc
* PM-20574 add CreateDate to the update proc
* PM-20574 amend update proc for OrganizationApplication by adding createDate
* PM-20576 Created OrganizationReportRepo and unit tests
* PM-20576 Commands and Query for OrganizationReport
* PM-20576 added additional unit tests to fix CodeCoverage report
* PM-20574 formatted sql and updated as per PR comments
* PM-20574 updated script to fix build error
* PM-20574 fixed inconsistency in db script
* PM-20577 organization-reports endpoints
* PM-20574 removed revisionDate, update procedures and used views
* PM-20574 removed RevisionDate from designer files
* PM-20574 removed revisionDate column that was missed previously
* PM-20574 added revision date back into the mix
* PM-20574 updated database script to fix build error
* PM-20574 fixed a procedure issue
* PM-20574 fix dB build error
* PM-020574 fixed additional PR comments - files cleaned up
* PM-20574 updated procedure was inconsistent
* PM-20576 added logs and updated errors as per PR comments
* PM-20576 fixed a build error
* PM-20576 removed RevisionDate from Repo and tests
* PM-20576 added dependency
* PM-20576 removed unwanted line from csproj file
---------
Co-authored-by: Graham Walker <gwalker@bitwarden.com>
Co-authored-by: Tom <144813356+ttalty@users.noreply.github.com>
