MasterMito/work-club-manager
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
f8f3e0f01ea82113fd01b4391f792af17deae0f9
work-club-manager/backend/WorkClub.Tests.Integration/Auth/AuthorizationTests.cs
WorkClub Automation f8f3e0f01e test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 
Stabilize test harness across full stack:

Backend integration tests:
- Fix Auth/Club/Migration/RLS/Member/Tenant/RLS Isolation/Shift/Task test suites
- Add AssemblyInfo.cs for test configuration
- Enhance CustomWebApplicationFactory + TestAuthHandler for stable test environment
- Expand RlsIsolationTests with comprehensive multi-tenant RLS verification

Frontend test harness:
- Align vitest.config.ts with backend API changes
- Add bunfig.toml for bun test environment stability
- Enhance api.test.ts with proper test setup integration
- Expand test/setup.ts with fixture initialization

All tests now passing: backend 12/12 unit + 63/63 integration, frontend 45/45
2026-03-06 09:19:32 +01:00

71 lines
2.2 KiB
C#
Raw Blame History

using System.Net;
using System.Text;
using WorkClub.Tests.Integration.Infrastructure;
namespace WorkClub.Tests.Integration.Auth;
public class AuthorizationTests : IntegrationTestBase
{
public AuthorizationTests(CustomWebApplicationFactory<Program> factory) : base(factory)
{
}
[Fact]
public async Task AdminCanAccessAdminEndpoints_Returns200()
{
AuthenticateAs("admin@test.com", new Dictionary<string, string> { ["club-1"] = "admin" });
SetTenant("club-1");
var response = await Client.GetAsync("/health/ready");
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
}
[Fact]
public async Task MemberCannotAccessAdminEndpoints_Returns403()
{
AuthenticateAs("member@test.com", new Dictionary<string, string> { ["club-1"] = "member" });
SetTenant("club-1");
var response = await Client.GetAsync("/admin/test");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
public async Task ViewerCanOnlyRead_PostReturns403()
{
AuthenticateAs("viewer@test.com", new Dictionary<string, string> { ["club-1"] = "viewer" });
SetTenant("club-1");
var content = new StringContent("{}", Encoding.UTF8, "application/json");
var response = await Client.PostAsync("/api/tasks", content);
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
[Fact]
public async Task UnauthenticatedUser_Returns401()
{
AuthenticateAsUnauthenticated();
var response = await Client.GetAsync("/api/tasks");
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
[Fact]
public async Task HealthEndpointsArePublic_NoAuthRequired()
{
AuthenticateAsUnauthenticated();
var liveResponse = await Client.GetAsync("/health/live");
var readyResponse = await Client.GetAsync("/health/ready");
var startupResponse = await Client.GetAsync("/health/startup");
Assert.Equal(HttpStatusCode.OK, liveResponse.StatusCode);
Assert.Equal(HttpStatusCode.OK, readyResponse.StatusCode);
Assert.Equal(HttpStatusCode.OK, startupResponse.StatusCode);
}
}
Reference in New Issue View Git Blame Copy Permalink