From 4b9c99b2671d4b89013e33e180e354a4d373c56f Mon Sep 17 00:00:00 2001
From: clawbot <clawbot@eeqj.de>
Date: Thu, 26 Feb 2026 02:55:37 -0800
Subject: [PATCH] test: add failing test for CSRFField in dashboard template
 with apps

The dashboard template accesses .CSRFField inside a range loop over
AppStats items, but AppStats doesn't have a CSRFField. This test
creates an app so the range loop executes, reproducing the bug from
issue #146.
---
 internal/handlers/handlers_test.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/internal/handlers/handlers_test.go b/internal/handlers/handlers_test.go
index 49da78a..84d27b8 100644
--- a/internal/handlers/handlers_test.go
+++ b/internal/handlers/handlers_test.go
@@ -404,6 +404,25 @@ func TestHandleDashboard(t *testing.T) {
 		assert.Equal(t, http.StatusOK, recorder.Code)
 		assert.Contains(t, recorder.Body.String(), "Applications")
 	})
+
+	t.Run("renders dashboard with apps without CSRFField error", func(t *testing.T) {
+		t.Parallel()
+
+		testCtx := setupTestHandlers(t)
+
+		// Create an app so the range loop in dashboard.html executes,
+		// which triggers .CSRFField access on each AppStats item.
+		createTestApp(t, testCtx, "csrf-test-app")
+
+		request := httptest.NewRequest(http.MethodGet, "/", nil)
+		recorder := httptest.NewRecorder()
+
+		handler := testCtx.handlers.HandleDashboard()
+		handler.ServeHTTP(recorder, request)
+
+		assert.Equal(t, http.StatusOK, recorder.Code, "dashboard should render without template error")
+		assert.Contains(t, recorder.Body.String(), "csrf-test-app")
+	})
 }
 
 func TestHandleAppNew(t *testing.T) {