azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-04-22 19:36:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-189] [AZ-190] [AZ-191] [AZ-192] [AZ-193] [AZ-194] [AZ-195] Add e2e blackbox test suite

Browse Source 
Made-with: Cursor
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-04-16 06:25:36 +03:00
parent 1b38e888e1
commit d320d6dd59
98 changed files with 6883 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/02_tasks/done/AZ-193_resource_tests.md
+71
View File
@@ -0,0 +1,71 @@
# Resource Distribution Blackbox Tests
**Task**: AZ-193_resource_tests
**Name**: Resource Blackbox Tests
**Description**: Implement blackbox tests for upload, encrypted download, and encrypt-decrypt round-trip verification
**Complexity**: 5 points
**Dependencies**: AZ-189_test_infrastructure, AZ-190_auth_tests, AZ-192_hardware_tests
**Component**: Blackbox Tests
**Tracker**: AZ-193
**Epic**: AZ-188
## Problem
The encrypted resource distribution flow is the most complex and security-critical feature, with no automated tests.
## Outcome
- File upload succeeds (FT-P-08)
- Encrypted download returns valid ciphertext (FT-P-09)
- Decrypt with same key derivation produces original content (FT-P-10)
- Upload with no file returns error (FT-N-05)
- Unauthenticated download rejected (tested in security tests)
## Scope
### Included
- Resource upload (POST /resources/{folder})
- Encrypted resource download (POST /resources/get)
- Encryption round-trip verification (client-side decryption)
- Empty upload error handling
### Excluded
- Installer download (simple stream, low risk)
- ClearFolder endpoint (utility)
## Acceptance Criteria
**AC-1: File upload**
Given caller is authenticated
When POST /resources/testfolder with multipart file
Then HTTP 200
**AC-2: Encrypted download**
Given a file is uploaded and user has bound hardware
When POST /resources/get with valid credentials
Then HTTP 200 with application/octet-stream content
**AC-3: Encryption round-trip**
Given a known file is uploaded
When the encrypted download is decrypted with the same key derivation (email + password + hwHash via SHA-384)
Then decrypted content byte-equals the original file
**AC-4: Empty upload rejected**
Given caller is authenticated
When POST /resources/testfolder with no file
Then HTTP 409 with ExceptionEnum code 70
## Blackbox Tests
| AC Ref | Initial Data/Conditions | What to Test | Expected Behavior | NFR References |
|--------|------------------------|-------------|-------------------|----------------|
| AC-1 | Auth user | POST /resources/testfolder multipart | HTTP 200 | — |
| AC-2 | Uploaded file, bound hw | POST /resources/get | HTTP 200, binary | — |
| AC-3 | Known file, known creds | Download + decrypt | Byte equality | — |
| AC-4 | Auth user | POST /resources/testfolder no file | HTTP 409, code 70 | — |
## Risks & Mitigation
**Risk 1: Encryption key derivation mismatch**
- *Risk*: Test client must replicate the exact key derivation algorithm (SHA-384 with specific salt format)
- *Mitigation*: Reference Security.GetApiEncryptionKey implementation for exact salt template