azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-04-22 11:16:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-199] [AZ-200] [AZ-201] [AZ-202] Fix API bugs

Browse Source 
Made-with: Cursor
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-04-16 06:55:11 +03:00
parent 5286b6b8e3
commit 88c7b288df
9 changed files with 71 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
e2e/Azaion.E2E/Tests/SecurityTests.cs
+4 -4
View File
@@ -76,7 +76,7 @@ public sealed class SecurityTests
// Act & Assert
using (var r = await client.PostAsync("/users",
new { email = targetEmail, password = "TestPwd1234", role = 10 }))
new { email = targetEmail, password = "TestPwd12345", role = 10 }))
r.StatusCode.Should().Be(HttpStatusCode.Forbidden);
using (var r = await client.GetAsync("/users"))
@@ -89,7 +89,7 @@ public sealed class SecurityTests
r.StatusCode.Should().Be(HttpStatusCode.Forbidden);
}
[Fact(Skip = "API bug: GET /users exposes passwordHash field with actual hash values")]
[Fact]
public async Task Users_list_must_not_expose_non_empty_password_hash_in_json()
{
// Arrange
@@ -150,7 +150,7 @@ public sealed class SecurityTests
var payload = Encoding.UTF8.GetBytes($"secret-{Guid.NewGuid()}");
var email1 = $"{Guid.NewGuid():N}@sectest.example.com";
var email2 = $"{Guid.NewGuid():N}@sectest.example.com";
const string password = "TestPwd1234";
const string password = "TestPwd12345";
var hw1 = $"hw-{Guid.NewGuid():N}";
var hw2 = $"hw-{Guid.NewGuid():N}";
@@ -207,7 +207,7 @@ public sealed class SecurityTests
{
// Arrange
var email = $"{Guid.NewGuid():N}@sectest.example.com";
const string password = "TestPwd1234";
const string password = "TestPwd12345";
try
{
var reg = JsonSerializer.Serialize(new { email, password, role = 10 }, JsonOptions);