From adf73ab1163a7b9622c20671efc4dc636e895107 Mon Sep 17 00:00:00 2001
From: Joseph Doherty <dohejw01@gmail.com>
Date: Sun, 17 May 2026 06:36:04 -0400
Subject: [PATCH] test(host): configure ApiKeyPepper in
 CentralCompositionRootTests

ConfigurationDatabase-012 made ApiKeyHasher fail fast on a missing/weak HMAC
pepper, so resolving ApiKeyValidator from the central composition root now
requires ScadaLink:InboundApi:ApiKeyPepper to be configured. The composition-
root test's in-memory config now supplies a test pepper, like JwtSigningKey.
---
 tests/ScadaLink.Host.Tests/CompositionRootTests.cs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/ScadaLink.Host.Tests/CompositionRootTests.cs b/tests/ScadaLink.Host.Tests/CompositionRootTests.cs
index 5aa5d8e..24782d6 100644
--- a/tests/ScadaLink.Host.Tests/CompositionRootTests.cs
+++ b/tests/ScadaLink.Host.Tests/CompositionRootTests.cs
@@ -106,6 +106,11 @@ public class CentralCompositionRootTests : IDisposable
                         ["ScadaLink:Security:LdapUseTls"] = "false",
                         ["ScadaLink:Security:AllowInsecureLdap"] = "true",
                         ["ScadaLink:Security:LdapSearchBase"] = "dc=scadalink,dc=local",
+                        // ConfigurationDatabase-012: inbound-API keys are hashed
+                        // with a server-side HMAC pepper; ApiKeyHasher fails fast
+                        // if it is missing or weak, so resolving ApiKeyValidator
+                        // requires a configured pepper.
+                        ["ScadaLink:InboundApi:ApiKeyPepper"] = "test-inbound-api-key-pepper-at-least-32-chars!",
                     });
                 });
                 builder.UseSetting("ScadaLink:Node:Role", "Central");