test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend)

Stabilize test harness across full stack: Backend integration tests: - Fix Auth/Club/Migration/RLS/Member/Tenant/RLS Isolation/Shift/Task test suites - Add AssemblyInfo.cs for test configuration - Enhance CustomWebApplicationFactory + TestAuthHandler for stable test environment - Expand RlsIsolationTests with comprehensive multi-tenant RLS verification Frontend test harness: - Align vitest.config.ts with backend API changes - Add bunfig.toml for bun test environment stability - Enhance api.test.ts with proper test setup integration - Expand test/setup.ts with fixture initialization All tests now passing: backend 12/12 unit + 63/63 integration, frontend 45/45
2026-03-06 09:19:32 +01:00
parent 9950185213
commit f8f3e0f01e
18 changed files with 489 additions and 428 deletions
--- a/backend/WorkClub.Tests.Integration/Infrastructure/CustomWebApplicationFactory.cs
+++ b/backend/WorkClub.Tests.Integration/Infrastructure/CustomWebApplicationFactory.cs
@@ -51,11 +51,26 @@ public class CustomWebApplicationFactory<TProgram> : WebApplicationFactory<TProg
            services.AddAuthentication(defaultScheme: "Test")
                .AddScheme<AuthenticationSchemeOptions, TestAuthHandler>("Test", options => { });

-            // Build service provider and ensure database created
+            // Build service provider and run migrations
            var sp = services.BuildServiceProvider();
            using var scope = sp.CreateScope();
            var db = scope.ServiceProvider.GetRequiredService<AppDbContext>();
-            db.Database.EnsureCreated();
+            db.Database.Migrate();
+            
+            using var conn = new Npgsql.NpgsqlConnection(_postgresContainer.GetConnectionString());
+            conn.Open();
+            using var cmd = conn.CreateCommand();
+            cmd.CommandText = @"
+                DO $$ BEGIN
+                IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'rls_test_user') THEN
+                    CREATE USER rls_test_user WITH PASSWORD 'rlspass';
+                    GRANT CONNECT ON DATABASE workclub_test TO rls_test_user;
+                    GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO rls_test_user;
+                    GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO rls_test_user;
+                END IF;
+                END $$;
+            ";
+            cmd.ExecuteNonQuery();
        });

        builder.UseEnvironment("Test");
--- a/backend/WorkClub.Tests.Integration/Infrastructure/IntegrationTestBase.cs
+++ b/backend/WorkClub.Tests.Integration/Infrastructure/IntegrationTestBase.cs
@@ -15,13 +15,20 @@ public abstract class IntegrationTestBase : IClassFixture<CustomWebApplicationFa

    protected void AuthenticateAs(string email, Dictionary<string, string> clubs, string? userId = null)
    {
-        var clubsJson = JsonSerializer.Serialize(clubs);
+        var clubsCsv = string.Join(",", clubs.Keys);
        Client.DefaultRequestHeaders.Remove("X-Test-Clubs");
-        Client.DefaultRequestHeaders.Add("X-Test-Clubs", clubsJson);
+        Client.DefaultRequestHeaders.Add("X-Test-Clubs", clubsCsv);
+
+        // Preserve role mapping as JSON for role claim injection in TestAuthHandler
+        var clubRolesJson = JsonSerializer.Serialize(clubs);
+        Client.DefaultRequestHeaders.Remove("X-Test-ClubRoles");
+        Client.DefaultRequestHeaders.Add("X-Test-ClubRoles", clubRolesJson);

        Client.DefaultRequestHeaders.Remove("X-Test-Email");
        Client.DefaultRequestHeaders.Add("X-Test-Email", email);

+        Client.DefaultRequestHeaders.Remove("X-Test-Unauthenticated");
+
        if (!string.IsNullOrEmpty(userId))
        {
            Client.DefaultRequestHeaders.Remove("X-Test-UserId");
@@ -29,6 +36,15 @@ public abstract class IntegrationTestBase : IClassFixture<CustomWebApplicationFa
        }
    }

+    protected void AuthenticateAsUnauthenticated()
+    {
+        Client.DefaultRequestHeaders.Remove("X-Test-Clubs");
+        Client.DefaultRequestHeaders.Remove("X-Test-Email");
+        Client.DefaultRequestHeaders.Remove("X-Test-UserId");
+        Client.DefaultRequestHeaders.Remove("X-Test-Unauthenticated");
+        Client.DefaultRequestHeaders.Add("X-Test-Unauthenticated", "true");
+    }
+
    protected void SetTenant(string tenantId)
    {
        Client.DefaultRequestHeaders.Remove("X-Tenant-Id");
--- a/backend/WorkClub.Tests.Integration/Infrastructure/TestAuthHandler.cs
+++ b/backend/WorkClub.Tests.Integration/Infrastructure/TestAuthHandler.cs
@@ -19,15 +19,32 @@ public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions

    protected override Task<AuthenticateResult> HandleAuthenticateAsync()
    {
+        // Support explicit unauthenticated test scenarios
+        var unauthenticatedHeader = Context.Request.Headers["X-Test-Unauthenticated"].ToString();
+        if (!string.IsNullOrEmpty(unauthenticatedHeader) && unauthenticatedHeader.Equals("true", StringComparison.OrdinalIgnoreCase))
+        {
+            return Task.FromResult(AuthenticateResult.NoResult());
+        }
+
        var clubsClaim = Context.Request.Headers["X-Test-Clubs"].ToString();
        var emailClaim = Context.Request.Headers["X-Test-Email"].ToString();
        var userIdClaim = Context.Request.Headers["X-Test-UserId"].ToString();
+        var clubRolesJson = Context.Request.Headers["X-Test-ClubRoles"].ToString();
+
+        // If no test auth headers are present, return NoResult (unauthenticated)
+        if (string.IsNullOrEmpty(emailClaim) && string.IsNullOrEmpty(userIdClaim) && string.IsNullOrEmpty(clubsClaim))
+        {
+            return Task.FromResult(AuthenticateResult.NoResult());
+        }
+
+        var resolvedEmail = string.IsNullOrEmpty(emailClaim) ? "test@test.com" : emailClaim;

        var claims = new List<Claim>
        {
            new Claim(ClaimTypes.NameIdentifier, "test-user"),
            new Claim("sub", string.IsNullOrEmpty(userIdClaim) ? Guid.NewGuid().ToString() : userIdClaim),
-            new Claim(ClaimTypes.Email, string.IsNullOrEmpty(emailClaim) ? "test@test.com" : emailClaim),
+            new Claim(ClaimTypes.Email, resolvedEmail),
+            new Claim("preferred_username", resolvedEmail),
        };

        if (!string.IsNullOrEmpty(clubsClaim))
@@ -35,6 +52,33 @@ public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions
            claims.Add(new Claim("clubs", clubsClaim));
        }

+        // Parse tenant-specific role from X-Test-ClubRoles if provided
+        if (!string.IsNullOrEmpty(clubRolesJson))
+        {
+            var tenantId = Context.Request.Headers["X-Tenant-Id"].ToString();
+            if (!string.IsNullOrEmpty(tenantId))
+            {
+                try
+                {
+                    var clubRoles = JsonSerializer.Deserialize<Dictionary<string, string>>(clubRolesJson);
+                    if (clubRoles != null)
+                    {
+                        var tenantRole = clubRoles.FirstOrDefault(kvp => 
+                            kvp.Key.Equals(tenantId, StringComparison.OrdinalIgnoreCase)).Value;
+                        
+                        if (!string.IsNullOrEmpty(tenantRole))
+                        {
+                            claims.Add(new Claim(ClaimTypes.Role, tenantRole));
+                        }
+                    }
+                }
+                catch (JsonException)
+                {
+                    // Invalid JSON in X-Test-ClubRoles header, proceed without role claim
+                }
+            }
+        }
+
        var identity = new ClaimsIdentity(claims, "Test");
        var principal = new ClaimsPrincipal(identity);
        var ticket = new AuthenticationTicket(principal, "Test");