azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 14:11:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
837b1f23748bf6288f3ac7b502fb063049a144b2
admin/_docs/03_implementation/test_run_report_cycle2.md
T

3.3 KiB
Raw Blame History

Test Run Report — Cycle 2

Date: 2026-05-14 Scope: Full E2E suite (docker compose -f docker-compose.test.yml run --rm e2e-consumer) Mode: functional Trigger: autodev existing-code Step 11 (post-Implement gate for cycle 2)

Summary

TEST RESULTS: 82 passed, 0 failed, 3 skipped, 0 errors

Wall time: ~71 s. Re-runs of the suite during cycle 2 ranged 6080 s.

System-Under-Test Reality Gate

  • Database: real Postgres 17 container (admin-test-db-1); SQL migrations applied via e2e/db-init/00_run_all.sh (now includes 09_sessions_logout_and_mission.sql, 10_users_mfa.sql).
  • API: real Azaion.AdminApi build running in admin-system-under-test-1; no in-process stubs, no fakes — every test hits the same kestrel that production runs.
  • Auth: real Argon2id verification (~250 ms per /login per AZ-536), real ES256 signing (per AZ-532), real Otp.NET TOTP verification (per AZ-534).
  • DataProtection: IDataProtector keys are container-ephemeral in test (acceptable — every test seeds its own user); production must set DataProtection:KeysFolder.

No internal product modules are mocked or stubbed. Reality gate: PASS.

Skipped Tests — Classification

All three skips are legitimate environment-mismatch skips per the test-run cheatsheet (the "would run if the environment were present" predicate holds).

# Test Reason for skip Verdict
1 CorsHttpsTests.AZ_538_AC3_HSTS_header_present_in_production Requires ASPNETCORE_ENVIRONMENT=Production; test harness runs Development. HSTS gate verified by code inspection of Program.cs UseHsts. Legitimate
2 CorsHttpsTests.AZ_538_AC4_HTTP_request_redirects_to_HTTPS_in_production Same Production-only gate; verified by code inspection of Program.cs UseHttpsRedirection. Legitimate
3 LoginRateLimitTests.AC1_Per_ip_rate_limit_returns_429 Per-IP partition keys on RemoteIpAddress; in the shared-IP container test environment all requests look like one client to the limiter. Verified by ASP.NET Core RateLimiter unit tests + a manual probe documented in the AZ-537 spec. Legitimate

No illegitimate skips — proceeding without resolution requests.

Failures / Errors

None.

Pre-Existing Flake (passed in this run)

PasswordHashingTests.AC5_Verify_uses_constant_time_comparator_no_obvious_timing_leak — Argon2 timing-stability assertion that occasionally trips under suite-level concurrency. Passed cleanly in the cycle-2 final run. Filed under follow-up items in the cycle implementation report.

Outcome

PASS — return success to the autodev orchestrator. Auto-chain to Step 12 (Test-Spec Sync).

Reference in New Issue View Git Blame Copy Permalink