azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-04-22 22:26:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
34eba48b4577b06bb295b1e7b979f05746bf62b7
admin/_docs/02_tasks/done/AZ-193_resource_tests.md
T
Oleksandr Bezdieniezhnykh d320d6dd59 [AZ-189] [AZ-190] [AZ-191] [AZ-192] [AZ-193] [AZ-194] [AZ-195] Add e2e blackbox test suite 
Made-with: Cursor
2026-04-16 06:25:36 +03:00

2.6 KiB
Raw Blame History

Resource Distribution Blackbox Tests

Task: AZ-193_resource_tests Name: Resource Blackbox Tests Description: Implement blackbox tests for upload, encrypted download, and encrypt-decrypt round-trip verification Complexity: 5 points Dependencies: AZ-189_test_infrastructure, AZ-190_auth_tests, AZ-192_hardware_tests Component: Blackbox Tests Tracker: AZ-193 Epic: AZ-188

Problem

The encrypted resource distribution flow is the most complex and security-critical feature, with no automated tests.

Outcome

  • File upload succeeds (FT-P-08)
  • Encrypted download returns valid ciphertext (FT-P-09)
  • Decrypt with same key derivation produces original content (FT-P-10)
  • Upload with no file returns error (FT-N-05)
  • Unauthenticated download rejected (tested in security tests)

Scope

Included

  • Resource upload (POST /resources/{folder})
  • Encrypted resource download (POST /resources/get)
  • Encryption round-trip verification (client-side decryption)
  • Empty upload error handling

Excluded

  • Installer download (simple stream, low risk)
  • ClearFolder endpoint (utility)

Acceptance Criteria

AC-1: File upload Given caller is authenticated When POST /resources/testfolder with multipart file Then HTTP 200

AC-2: Encrypted download Given a file is uploaded and user has bound hardware When POST /resources/get with valid credentials Then HTTP 200 with application/octet-stream content

AC-3: Encryption round-trip Given a known file is uploaded When the encrypted download is decrypted with the same key derivation (email + password + hwHash via SHA-384) Then decrypted content byte-equals the original file

AC-4: Empty upload rejected Given caller is authenticated When POST /resources/testfolder with no file Then HTTP 409 with ExceptionEnum code 70

Blackbox Tests

AC Ref Initial Data/Conditions What to Test Expected Behavior NFR References
AC-1 Auth user POST /resources/testfolder multipart HTTP 200
AC-2 Uploaded file, bound hw POST /resources/get HTTP 200, binary
AC-3 Known file, known creds Download + decrypt Byte equality
AC-4 Auth user POST /resources/testfolder no file HTTP 409, code 70

Risks & Mitigation

Risk 1: Encryption key derivation mismatch

  • Risk: Test client must replicate the exact key derivation algorithm (SHA-384 with specific salt format)
  • Mitigation: Reference Security.GetApiEncryptionKey implementation for exact salt template
Reference in New Issue View Git Blame Copy Permalink