mirror of
https://github.com/azaion/admin.git
synced 2026-04-22 22:16:33 +00:00
d320d6dd59
Made-with: Cursor
2.3 KiB
2.3 KiB
Resilience Tests
NFT-RES-01: Database Connection Loss Recovery
Summary: API returns appropriate errors when database is unavailable, and recovers when it comes back. Traces to: AC-1, AC-9
Preconditions:
- System running normally with database connected
Fault injection:
- Stop the PostgreSQL container
Steps:
| Step | Action | Expected Behavior |
|---|---|---|
| 1 | Stop test-db container | Database unavailable |
| 2 | Send POST /login request | HTTP 500 (database error, not crash) |
| 3 | Verify API process is still running | Process alive, accepting connections |
| 4 | Restart test-db container | Database available |
| 5 | Wait 5 seconds for connection recovery | — |
| 6 | Send POST /login request | HTTP 200 or HTTP 409 (normal behavior) |
Pass criteria: API does not crash on DB loss; recovers within 10s of DB restoration
NFT-RES-02: Invalid JWT Token Handling
Summary: API rejects malformed JWT tokens gracefully without crashing. Traces to: AC-18
Preconditions:
- System running normally
Fault injection:
- Send requests with malformed Authorization headers
Steps:
| Step | Action | Expected Behavior |
|---|---|---|
| 1 | Send GET /users with Authorization: Bearer invalid-token |
HTTP 401 |
| 2 | Send GET /users with Authorization: Bearer (empty) |
HTTP 401 |
| 3 | Send GET /users with Authorization: NotBearer token |
HTTP 401 |
| 4 | Send normal login request | HTTP 200 (system unaffected) |
Pass criteria: All malformed tokens return HTTP 401; system remains operational
NFT-RES-03: Concurrent Hardware Binding Attempt
Summary: Two simultaneous hardware check requests for the same user do not corrupt data. Traces to: AC-10, AC-11
Preconditions:
- User with no hardware bound
Fault injection:
- Race condition: two concurrent POST /resources/check with same hardware
Steps:
| Step | Action | Expected Behavior |
|---|---|---|
| 1 | Send two POST /resources/check simultaneously with same hardware | Both return HTTP 200 or one returns 200 and other returns 409 |
| 2 | Send a third POST /resources/check with same hardware | HTTP 200 (consistent state) |
Pass criteria: No database corruption; subsequent requests behave consistently