fix(settings): resolve issue #76 — unable to save settings (HTTP 500)

fabriziosalmi · fabriziosalmi · commit e185f60d807f · 2026-03-04T12:07:06.000+01:00
Root cause: masked api_bearer_token ('********') from GET was sent back in POST, overwriting the real token. Validation then failed on the 8-char masked value (min 32 chars required). Fix: - routes.py: strip masked/empty api_bearer_token before merge - settings.py: defense-in-depth guard for masked/empty tokens Closes #76 Bump version to 2.1.0
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -1,3 +1,36 @@
+# Release v2.1.0
+
+## Bug Fixes
+
+### Issue #76 — Unable to save settings (HTTP 500)
+
+**Root cause:** The web UI GET endpoint masks `api_bearer_token` as `'********'`
+before returning settings. When the user saves settings, this 8-character masked
+value is sent back in the POST payload and overwrites the real token during the
+settings merge. `save_settings()` then validates the masked string against a
+32-character minimum length requirement, causing the validation to fail and
+returning HTTP 500.
+
+**Fix (defense-in-depth, two layers):**
+- **`modules/web/routes.py`**: Strip masked or empty `api_bearer_token` from
+  incoming POST data before merging with current settings, preserving the real
+  token already stored on disk.
+- **`modules/core/settings.py`**: Safety net in `save_settings()` — if the
+  token is empty or the `'********'` placeholder, remove it from the dict
+  instead of failing validation. The real token on disk remains untouched.
+
+**Files changed:** `modules/web/routes.py`, `modules/core/settings.py`
+
+## Test Suite
+
+- 4 new unit tests in `tests/test_issue76_masked_token.py`:
+  - Masked token (`'********'`) → save succeeds, placeholder NOT persisted
+  - Empty token → save succeeds
+  - Valid token → validated and persisted correctly
+  - Invalid short token → still properly rejected
+
+---
+
 # Release v2.0.3
 
 ## Bug Fixes
diff --git a/app.py b/app.py
@@ -2,7 +2,7 @@
 CertMate - Modular SSL Certificate Management Application
 Main application entry point with modular architecture
 """
-__version__ = '2.0.4'
+__version__ = '2.1.0'
 import os
 import sys
 import tempfile
diff --git a/modules/core/file_operations.py b/modules/core/file_operations.py
@@ -140,7 +140,7 @@ def create_unified_backup(self, settings_data, backup_reason="manual"):
                 "backup_id": backup_id,
                 "timestamp": datetime.now().isoformat(),
                 "backup_reason": backup_reason,
-                "version": "2.0.4",  # New unified format
+                "version": "2.1.0",  # New unified format
                 "type": "unified",
                 "domains": domains,
                 "settings_domains": [d.get('domain') if isinstance(d, dict) else d for d in settings_data.get('domains', [])],
diff --git a/modules/core/settings.py b/modules/core/settings.py
@@ -241,21 +241,29 @@ def save_settings(self, settings, backup_reason="auto_save"):
                 settings['email'] = email_or_error
                 
             if 'api_bearer_token' in settings:
-                # Use compatibility layer for validation
-                try:
-                    import app
-                    if hasattr(app, 'validate_api_token'):
-                        is_valid, token_or_error = app.validate_api_token(settings['api_bearer_token'])
-                    else:
+                token = settings['api_bearer_token']
+                # Skip validation for masked/placeholder tokens — the real
+                # token is preserved in the file; callers should strip these
+                # before calling save_settings, but this is a safety net.
+                if not token or token == '********':
+                    settings.pop('api_bearer_token')
+                    logger.info("Stripped masked/empty api_bearer_token from settings before save")
+                else:
+                    # Use compatibility layer for validation
+                    try:
+                        import app
+                        if hasattr(app, 'validate_api_token'):
+                            is_valid, token_or_error = app.validate_api_token(token)
+                        else:
+                            from modules.core.utils import validate_api_token
+                            is_valid, token_or_error = validate_api_token(token)
+                    except ImportError:
                         from modules.core.utils import validate_api_token
-                        is_valid, token_or_error = validate_api_token(settings['api_bearer_token'])
-                except ImportError:
-                    from modules.core.utils import validate_api_token
-                    is_valid, token_or_error = validate_api_token(settings['api_bearer_token'])
-                    
-                if not is_valid:
-                    logger.error(f"Invalid API token: {token_or_error}")
-                    return False
+                        is_valid, token_or_error = validate_api_token(token)
+                        
+                    if not is_valid:
+                        logger.error(f"Invalid API token: {token_or_error}")
+                        return False
                     
             # Validate dns_provider against supported set
             supported_providers = {'cloudflare','route53','azure','google','powerdns','digitalocean','linode','gandi','ovh','namecheap','vultr','dnsmadeeasy','nsone','rfc2136','hetzner','porkbun','godaddy','he-ddns','dynudns','arvancloud','infomaniak','acme-dns'}
@@ -594,7 +602,7 @@ def _ensure_certificate_metadata(self):
                             "domain": domain,
                             "dns_provider": dns_provider,
                             "created_at": "unknown",
-                            "version": "2.0.4",
+                            "version": "2.1.0",
                             "migrated": True
                         }
                         
diff --git a/modules/web/routes.py b/modules/web/routes.py
@@ -928,6 +928,13 @@ def web_settings():
                             logger.warning(f"Setup attempt from non-local IP: {client_ip}")
                             return jsonify({'error': 'Initial setup only allowed from localhost'}), 403
                 
+                # Strip masked/sentinel api_bearer_token from incoming data.
+                # The GET endpoint masks it as '********', so if the UI sends
+                # it back unchanged we must preserve the real token.
+                incoming_token = new_settings.get('api_bearer_token', '')
+                if not incoming_token or incoming_token == '********':
+                    new_settings.pop('api_bearer_token', None)
+
                 # Merge with existing settings
                 merged_settings = {**current_settings, **new_settings}
                 
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "private": true,
   "name": "certmate",
-  "version": "2.0.4",
+  "version": "2.1.0",
   "description": "CertMate SSL Certificate Manager - frontend assets",
   "scripts": {
     "css:build": "npx tailwindcss -i static/css/input.css -o static/css/tailwind.min.css --minify",
@@ -10,4 +10,4 @@
   "devDependencies": {
     "tailwindcss": "^3.4.17"
   }
-}
+}
diff --git a/tests/test_issue76_masked_token.py b/tests/test_issue76_masked_token.py
@@ -0,0 +1,113 @@
+"""
+Regression test for issue #76 — saving settings must not fail when the
+masked api_bearer_token placeholder '********' is present.
+
+These are fast unit tests that do NOT require Docker.
+"""
+
+import json
+from pathlib import Path
+from unittest.mock import patch
+
+import pytest
+
+pytestmark = [pytest.mark.unit]
+
+
+@pytest.fixture
+def settings_env(tmp_path):
+    """Create a minimal SettingsManager with a temp settings file,
+    bypassing the compat layer so writes go to the temp directory."""
+    from modules.core.file_operations import FileOperations
+    from modules.core.settings import SettingsManager
+
+    data_dir = tmp_path / "data"
+    data_dir.mkdir()
+    cert_dir = tmp_path / "certificates"
+    cert_dir.mkdir()
+    backup_dir = tmp_path / "backups"
+    backup_dir.mkdir()
+    logs_dir = tmp_path / "logs"
+    logs_dir.mkdir()
+
+    file_ops = FileOperations(
+        data_dir=data_dir,
+        cert_dir=cert_dir,
+        backup_dir=backup_dir,
+        logs_dir=logs_dir,
+    )
+    settings_file = data_dir / "settings.json"
+    mgr = SettingsManager(file_ops, settings_file)
+
+    # Bypass the compat wrappers so we use our local file_ops directly
+    mgr._safe_file_write_compat = file_ops.safe_file_write
+    mgr._safe_file_read_compat = file_ops.safe_file_read
+    mgr._settings_file_exists_compat = lambda: settings_file.exists()
+    mgr._save_settings_compat = lambda s, r="auto": mgr.save_settings(s, r)
+
+    return mgr, settings_file
+
+
+def _seed(settings_file):
+    """Write a valid baseline settings file and return the dict."""
+    from modules.core.utils import generate_secure_token
+    base = {
+        "email": "user@example.com",
+        "dns_provider": "cloudflare",
+        "domains": [],
+        "auto_renew": True,
+        "api_bearer_token": generate_secure_token(),
+        "setup_completed": True,
+    }
+    settings_file.write_text(json.dumps(base))
+    return base
+
+
+class TestMaskedTokenSave:
+    """Issue #76: save_settings must handle masked api_bearer_token."""
+
+    def test_save_with_masked_token_succeeds(self, settings_env):
+        """Saving settings that contain '********' must not fail."""
+        mgr, settings_file = settings_env
+        initial = _seed(settings_file)
+
+        updated = dict(initial)
+        updated["api_bearer_token"] = "********"
+        result = mgr.save_settings(updated, "test")
+        assert result is True, "save_settings should succeed with masked token"
+
+        saved = json.loads(settings_file.read_text())
+        assert saved.get("api_bearer_token") != "********", \
+            "Masked placeholder must not be persisted"
+
+    def test_save_with_empty_token_succeeds(self, settings_env):
+        """Saving settings with an empty api_bearer_token must not fail."""
+        mgr, settings_file = settings_env
+        _seed(settings_file)
+
+        updated = json.loads(settings_file.read_text())
+        updated["api_bearer_token"] = ""
+        result = mgr.save_settings(updated, "test")
+        assert result is True, "save_settings should succeed with empty token"
+
+    def test_save_with_valid_token_still_validates(self, settings_env):
+        """A real, valid token must still pass through validation."""
+        mgr, settings_file = settings_env
+        initial = _seed(settings_file)
+        real_token = initial["api_bearer_token"]
+
+        result = mgr.save_settings(dict(initial), "test")
+        assert result is True
+
+        saved = json.loads(settings_file.read_text())
+        assert saved.get("api_bearer_token") == real_token
+
+    def test_save_with_invalid_token_still_rejected(self, settings_env):
+        """A truly invalid (short, non-masked) token must still be rejected."""
+        mgr, settings_file = settings_env
+        _seed(settings_file)
+
+        bad_settings = json.loads(settings_file.read_text())
+        bad_settings["api_bearer_token"] = "tooshort"
+        result = mgr.save_settings(bad_settings, "test")
+        assert result is False, "Short invalid tokens must still be rejected"

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"private": true,`
`3`	`3`	`"name": "certmate",`
`4`		`- "version": "2.0.4",`
	`4`	`+ "version": "2.1.0",`
`5`	`5`	`"description": "CertMate SSL Certificate Manager - frontend assets",`
`6`	`6`	`"scripts": {`
`7`	`7`	`"css:build": "npx tailwindcss -i static/css/input.css -o static/css/tailwind.min.css --minify",`
`@@ -10,4 +10,4 @@`
`10`	`10`	`"devDependencies": {`
`11`	`11`	`"tailwindcss": "^3.4.17"`
`12`	`12`	`}`
`13`		`-}`
	`13`	`+}`