azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-04-22 22:36:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-199] [AZ-200] [AZ-201] [AZ-202] Fix API bugs

Browse Source 
Made-with: Cursor
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-04-16 06:55:11 +03:00
parent 5286b6b8e3
commit 88c7b288df
9 changed files with 71 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
e2e/Azaion.E2E/Tests/ResilienceTests.cs
+1 -1
View File
@@ -165,7 +165,7 @@ public sealed class ResilienceTests
p95.Should().BeLessThan(500);
}
[Fact(Skip = "API bug: MultipartBodyLengthLimit defaults to 128MB while Kestrel MaxRequestBodySize is 200MB — FormOptions not configured")]
[Fact]
[Trait("Category", "ResourceLimit")]
public async Task Max_file_upload_200_mb_accepted()
{
e2e/Azaion.E2E/Tests/ResourceTests.cs
+2 -2
View File
@@ -119,7 +119,7 @@ public sealed class ResourceTests
var folder = $"restest-{Guid.NewGuid():N}";
const string fileName = "roundtrip.bin";
var original = Enumerable.Range(0, 128).Select(i => (byte)i).ToArray();
const string password = "RoundTrip1!";
const string password = "RoundTrip123";
const string hardware = "RT-HW-CPU-001-GPU-002";
string? email = null;
@@ -174,7 +174,7 @@ public sealed class ResourceTests
}
}
[Fact(Skip = "API bug: missing file upload returns 500 instead of 400/409 — unhandled BadHttpRequestException")]
[Fact]
public async Task Upload_without_file_is_rejected_with_400_or_409_and_60_on_conflict()
{
// Arrange
e2e/Azaion.E2E/Tests/SecurityTests.cs
+4 -4
View File
@@ -76,7 +76,7 @@ public sealed class SecurityTests
// Act & Assert
using (var r = await client.PostAsync("/users",
new { email = targetEmail, password = "TestPwd1234", role = 10 }))
new { email = targetEmail, password = "TestPwd12345", role = 10 }))
r.StatusCode.Should().Be(HttpStatusCode.Forbidden);
using (var r = await client.GetAsync("/users"))
@@ -89,7 +89,7 @@ public sealed class SecurityTests
r.StatusCode.Should().Be(HttpStatusCode.Forbidden);
}
[Fact(Skip = "API bug: GET /users exposes passwordHash field with actual hash values")]
[Fact]
public async Task Users_list_must_not_expose_non_empty_password_hash_in_json()
{
// Arrange
@@ -150,7 +150,7 @@ public sealed class SecurityTests
var payload = Encoding.UTF8.GetBytes($"secret-{Guid.NewGuid()}");
var email1 = $"{Guid.NewGuid():N}@sectest.example.com";
var email2 = $"{Guid.NewGuid():N}@sectest.example.com";
const string password = "TestPwd1234";
const string password = "TestPwd12345";
var hw1 = $"hw-{Guid.NewGuid():N}";
var hw2 = $"hw-{Guid.NewGuid():N}";
@@ -207,7 +207,7 @@ public sealed class SecurityTests
{
// Arrange
var email = $"{Guid.NewGuid():N}@sectest.example.com";
const string password = "TestPwd1234";
const string password = "TestPwd12345";
try
{
var reg = JsonSerializer.Serialize(new { email, password, role = 10 }, JsonOptions);
e2e/Azaion.E2E/Tests/UserManagementTests.cs
+10 -10
View File
@@ -32,7 +32,7 @@ public sealed class UserManagementTests
try
{
// Arrange
var body = new { email, password = "SecurePass1", role = 10 };
var body = new { email, password = "SecurePass1!", role = 10 };
// Act
using var response = await client.PostAsync("/users", body);
@@ -87,7 +87,7 @@ public sealed class UserManagementTests
try
{
// Arrange
using (var createResp = await client.PostAsync("/users", new { email, password = "SecurePass1", role = 10 }))
using (var createResp = await client.PostAsync("/users", new { email, password = "SecurePass1!", role = 10 }))
{
createResp.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NoContent);
}
@@ -112,7 +112,7 @@ public sealed class UserManagementTests
try
{
// Arrange
using (var createResp = await client.PostAsync("/users", new { email, password = "SecurePass1", role = 10 }))
using (var createResp = await client.PostAsync("/users", new { email, password = "SecurePass1!", role = 10 }))
{
createResp.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NoContent);
}
@@ -137,7 +137,7 @@ public sealed class UserManagementTests
try
{
// Arrange
using (var createResp = await client.PostAsync("/users", new { email, password = "SecurePass1", role = 10 }))
using (var createResp = await client.PostAsync("/users", new { email, password = "SecurePass1!", role = 10 }))
{
createResp.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NoContent);
}
@@ -160,7 +160,7 @@ public sealed class UserManagementTests
}
}
[Fact(Skip = "API bug: no email length validation — returns 200 instead of 400")]
[Fact]
public async Task Registration_rejects_short_email_with_400()
{
// Arrange
@@ -168,13 +168,13 @@ public sealed class UserManagementTests
// Act
using var response = await client.PostAsync("/users",
new { email = "ab@c.de", password = "ValidPass1", role = 10 });
new { email = "ab@c.de", password = "ValidPass123", role = 10 });
// Assert
response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
}
[Fact(Skip = "API bug: no email format validation — returns 200 instead of 400")]
[Fact]
public async Task Registration_rejects_invalid_email_format_with_400()
{
// Arrange
@@ -182,13 +182,13 @@ public sealed class UserManagementTests
// Act
using var response = await client.PostAsync("/users",
new { email = "notavalidemail", password = "ValidPass1", role = 10 });
new { email = "notavalidemail", password = "ValidPass123", role = 10 });
// Assert
response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
}
[Fact(Skip = "API bug: no password length validation — returns 200 instead of 400")]
[Fact]
public async Task Registration_rejects_short_password_with_400()
{
// Arrange
@@ -210,7 +210,7 @@ public sealed class UserManagementTests
// Act
using var response = await client.PostAsync("/users",
new { email = _fixture.AdminEmail, password = "DuplicateP1", role = 10 });
new { email = _fixture.AdminEmail, password = "DuplicateP1!", role = 10 });
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Conflict);