azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-04-22 08:56:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-189] [AZ-190] [AZ-191] [AZ-192] [AZ-193] [AZ-194] [AZ-195] Add e2e blackbox test suite

Browse Source 
Made-with: Cursor
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-04-16 06:25:36 +03:00
parent 1b38e888e1
commit d320d6dd59
98 changed files with 6883 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/02_tasks/done/AZ-190_auth_tests.md
+62
View File
@@ -0,0 +1,62 @@
# Authentication Blackbox Tests
**Task**: AZ-190_auth_tests
**Name**: Auth Blackbox Tests
**Description**: Implement blackbox tests for login, JWT validation, and authentication error handling
**Complexity**: 3 points
**Dependencies**: AZ-189_test_infrastructure
**Component**: Blackbox Tests
**Tracker**: AZ-190
**Epic**: AZ-188
## Problem
The login and JWT authentication flows have no automated test coverage. Regressions in credential validation or token generation would go undetected.
## Outcome
- Login with valid credentials returns a JWT token (FT-P-01)
- JWT token contains correct issuer, audience, and lifetime claims (FT-P-03)
- Login with unknown email returns error code 10 (FT-N-01)
- Login with wrong password returns error code 30 (FT-N-02)
## Scope
### Included
- Login endpoint positive and negative scenarios
- JWT token structure and claims validation
### Excluded
- Token refresh (not implemented)
- Rate limiting on login (not implemented)
## Acceptance Criteria
**AC-1: Successful login**
Given a seed user exists
When POST /login is called with valid credentials
Then HTTP 200 is returned with a non-empty JWT token
**AC-2: JWT claims**
Given a valid JWT token from login
When the token payload is decoded
Then iss = "AzaionApi", aud = "Annotators/OrangePi/Admins", exp ≈ iat + 4 hours (± 60s)
**AC-3: Unknown email**
Given no user with the specified email exists
When POST /login is called
Then HTTP 409 is returned with ExceptionEnum code 10
**AC-4: Wrong password**
Given a user exists with a different password
When POST /login is called with wrong password
Then HTTP 409 is returned with ExceptionEnum code 30
## Blackbox Tests
| AC Ref | Initial Data/Conditions | What to Test | Expected Behavior | NFR References |
|--------|------------------------|-------------|-------------------|----------------|
| AC-1 | Seed admin user | POST /login valid | HTTP 200, token present | — |
| AC-2 | JWT from AC-1 | Decode token claims | iss, aud, exp correct | — |
| AC-3 | No matching user | POST /login unknown email | HTTP 409, code 10 | — |
| AC-4 | Seed user, wrong password | POST /login wrong pass | HTTP 409, code 30 | — |