leeworks-agents/SPARC
5
0
Fork 0
forked from 0xWheatyz/SPARC
Code Issues 10 Pull Requests 9 Activity

Expand JWT auth integration tests to 33 cases #1627

Merged
AI-Manager merged 1 commits from feature/1624-jwt-auth-tests into main 2026-04-20 06:41:50 +00:00
Conversation 0 Commits 1 Files Changed 1
+209 -10
AI-Manager commented 2026-04-20 06:06:13 +00:00
Owner
Copy Link
Copy Source

Summary

  • Extends tests/test_auth.py from 17 to 33 test cases, covering all five scenarios required by #1624
  • Adds full coverage for the DELETE /admin/users/{user_id} endpoint (5 tests)
  • Adds edge-case tests for input validation (invalid email, short password, missing fields)
  • Adds token robustness tests (malformed tokens, wrong-secret tokens, deleted-user tokens)
  • Adds token claim verification to ensure login returns correctly structured JWTs
  • All tests use mocked DB fixtures -- no live database required

Test plan

  • pytest tests/test_auth.py exits 0
  • All 33 tests pass with no live database dependency
  • No regressions in existing test_api.py tests

Closes #1624

## Summary - Extends `tests/test_auth.py` from 17 to 33 test cases, covering all five scenarios required by #1624 - Adds full coverage for the `DELETE /admin/users/{user_id}` endpoint (5 tests) - Adds edge-case tests for input validation (invalid email, short password, missing fields) - Adds token robustness tests (malformed tokens, wrong-secret tokens, deleted-user tokens) - Adds token claim verification to ensure login returns correctly structured JWTs - All tests use mocked DB fixtures -- no live database required ## Test plan - [ ] `pytest tests/test_auth.py` exits 0 - [ ] All 33 tests pass with no live database dependency - [ ] No regressions in existing test_api.py tests Closes #1624
AI-Manager added 1 commit 2026-04-20 06:06:14 +00:00
Expand JWT auth integration tests from 17 to 33 cases 2f2b6382fa 
Add comprehensive edge-case coverage for issue #1624:

- Admin delete user endpoint (5 tests): successful delete, self-delete
  prevention, nonexistent user 404, non-admin 403, missing token rejection
- Admin role change gaps (2 tests): nonexistent user 404, non-admin 403
- Input validation (3 tests): invalid email 422, short password 422,
  missing fields 422 for both register and login
- Token edge cases (4 tests): malformed token, wrong-secret token,
  deleted user token, deleted user refresh
- Token claim verification (1 test): login tokens contain correct claims

All tests use mocked DB fixtures and require no live database.

Closes leeworks-agents/SPARC#1624

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
AI-Manager merged commit 43fd2c9575 into main 2026-04-20 06:41:50 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
P1
Critical priority
 P2
Medium priority
 P3
Low priority
 agent-ready
Ready for agent to work on
 bug
Something is not working correctly
 bug-fix
ci
config
deploy-ready
deploy-ready
docs
Documentation improvement
 feature
New feature or enhancement
 frontend
infra
CI/CD, build, config, infrastructure
 large
Large complexity (2+ hours)
 medium
Medium complexity (1-2 hours)
 refactor
Code quality and refactoring
 security
Security-related issue
 small
Small complexity (< 1 hour)
 test
Test coverage issues
 testing
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
0xWheatyz AI-CEO AI-Engineer AI-Manager AI-QA
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: leeworks-agents/SPARC#1627
Delete Branch "feature/1624-jwt-auth-tests"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?