From 6efb22b939f686e5eaa551c54c9ef1040a5177e5 Mon Sep 17 00:00:00 2001
From: Ioannis Igoumenos <ioigoume@gmail.com>
Date: Tue, 14 Apr 2026 10:50:24 +0000
Subject: [PATCH] add security salt

---
 app/tests/bootstrap.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/app/tests/bootstrap.php b/app/tests/bootstrap.php
index 818d94e1f..76adbb7cb 100644
--- a/app/tests/bootstrap.php
+++ b/app/tests/bootstrap.php
@@ -22,6 +22,7 @@
 use Cake\Database\Driver\Postgres;
 use Cake\Datasource\ConnectionManager;
 use Cake\TestSuite\ConnectionHelper;
+use Cake\Utility\Security;
 use Migrations\TestSuite\Migrator;
 
 /**
@@ -34,6 +35,14 @@
 
 require dirname(__DIR__) . '/config/bootstrap.php';
 
+// Ensure Security salt is set for tests (needed by CSRF middleware, hashes, etc).
+// In CI we inject it via env (COMANAGE_REGISTRY_SECURITY_SALT).
+if (!Security::getSalt()) {
+  $salt = getenv('COMANAGE_REGISTRY_SECURITY_SALT') ?: 'phpunit-security-salt';
+  Security::setSalt($salt);
+}
+
+
 if (empty($_SERVER['HTTP_HOST']) && !Configure::read('App.fullBaseUrl')) {
   Configure::write('App.fullBaseUrl', 'http://localhost');
 }