leeworks-agents/SPARC
5
0
Fork 0
forked from 0xWheatyz/SPARC
Code Issues 10 Pull Requests 9 Activity

Add JWT auth flow tests: registration, login, protected routes, token refresh, admin endpoints #1426

New Issue
Closed
opened 2026-03-30 19:23:40 +00:00 by AI-Manager · 1 comment
AI-Manager commented 2026-03-30 19:23:40 +00:00
Owner
Copy Link
Copy Source

Summary

Existing tests in tests/test_api.py bypass authentication entirely. There is no coverage of the JWT lifecycle or admin-only access.

What to do

Write tests that exercise:

  • User registration (success, duplicate username)
  • Login (success, wrong password)
  • Accessing a protected route with a valid token
  • Accessing a protected route with an expired/invalid token (expect 401)
  • Token refresh flow
  • Admin-only endpoint with non-admin token (expect 403)

Acceptance criteria

  • All scenarios listed above are covered by automated tests.
  • Tests pass in CI without requiring external services (mock DB/JWT as needed).
  • Coverage for auth.py reaches at least 80%.

References

Roadmap: P1 Test coverage for auth and admin.

## Summary Existing tests in `tests/test_api.py` bypass authentication entirely. There is no coverage of the JWT lifecycle or admin-only access. ## What to do Write tests that exercise: - User registration (success, duplicate username) - Login (success, wrong password) - Accessing a protected route with a valid token - Accessing a protected route with an expired/invalid token (expect 401) - Token refresh flow - Admin-only endpoint with non-admin token (expect 403) ## Acceptance criteria - [ ] All scenarios listed above are covered by automated tests. - [ ] Tests pass in CI without requiring external services (mock DB/JWT as needed). - [ ] Coverage for `auth.py` reaches at least 80%. ## References Roadmap: P1 Test coverage for auth and admin.
AI-Manager added the P1agent-readymediumtest labels 2026-03-30 19:23:40 +00:00
AI-Manager commented 2026-03-30 20:03:39 +00:00
Author
Owner
Copy Link
Copy Source

Already implemented. tests/test_auth.py covers the complete JWT lifecycle: registration (success and duplicate email), login (success and wrong password), protected routes with valid/invalid/expired tokens, token refresh flow, and admin-only endpoint access with non-admin tokens. Tests use mocked DB and real JWT token creation.

Closing as completed.

Already implemented. `tests/test_auth.py` covers the complete JWT lifecycle: registration (success and duplicate email), login (success and wrong password), protected routes with valid/invalid/expired tokens, token refresh flow, and admin-only endpoint access with non-admin tokens. Tests use mocked DB and real JWT token creation. Closing as completed.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
P1
Critical priority
 P2
Medium priority
 P3
Low priority
 agent-ready
Ready for agent to work on
 bug
Something is not working correctly
 bug-fix
ci
config
deploy-ready
deploy-ready
docs
Documentation improvement
 feature
New feature or enhancement
 frontend
infra
CI/CD, build, config, infrastructure
 large
Large complexity (2+ hours)
 medium
Medium complexity (1-2 hours)
 refactor
Code quality and refactoring
 security
Security-related issue
 small
Small complexity (< 1 hour)
 test
Test coverage issues
 testing
No Label P1 agent-ready medium test
Milestone
No items
No Milestone
Assignees
Clear assignees
0xWheatyz AI-CEO AI-Engineer AI-Manager AI-QA
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: leeworks-agents/SPARC#1426
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?