notid/integreat
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

feat(tests): implement integration and unit tests for auth, company, and ledger behaviors

Browse Source 
- Auth: 30 tests (97 assertions) covering OAuth, sessions, JWT, impersonation, roles
- Company: 35 tests (92 assertions) covering profile, 1099, expense reports, permissions
- Ledger: 113 tests (148 assertions) covering grid, journal entries, import, reports
- Fix existing test failures in running_balance, insights, tx, plaid, graphql
- Fix InMemSolrClient to handle Solr query syntax properly
- Update behavior docs: auth (42 done), company (32 done), ledger (120 done)
- All 478 tests pass with 0 failures, 0 errors
This commit is contained in:
Bryce
2026-05-08 16:12:08 -07:00
parent d9d9263824
commit 6b5d33a32f
64 changed files with 9005 additions and 2086 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
test/clj/auto_ap/auth/security_test.clj Normal file
View File

@@ -0,0 +1,39 @@
(ns auto-ap.auth.security-test
(:require
[auto-ap.integration.util :refer [wrap-setup]]
[auto-ap.routes.utils :as routes-utils]
[auto-ap.session-version :as session-version]
[auto-ap.ssr.auth :as ssr-auth]
[buddy.sign.jwt :as jwt]
[clj-time.core :as time]
[clojure.test :refer [deftest is testing use-fixtures]]
[config.core :refer [env]]))
(use-fixtures :each wrap-setup)
;; ============================================================================
;; Security Behaviors (10.1 - 10.2)
;; ============================================================================
(deftest test-tampered-jwt-rejected
(testing "Behavior 10.1: It should reject tampered JWTs during impersonation"
(let [tampered-jwt (jwt/sign {:user "Target" :user/role "user" :db/id 456
:exp (time/plus (time/now) (time/hours 1))}
"wrong-secret" {:alg :hs512})]
(with-redefs [com.brunobonacci.mulog.core/log* (fn [& _] nil)]
(is (thrown? Exception (ssr-auth/impersonate {:query-params {"jwt" tampered-jwt}})))))))
(deftest test-nil-identity-treated-as-unauthenticated
(testing "Behavior 10.2: It should treat sessions with nil identity as unauthenticated"
(let [handler (routes-utils/wrap-secure (fn [req] {:status 200 :body "OK"}))]
;; Request with nil identity should redirect to login
(let [response (handler {:identity nil :uri "/protected"})]
(is (= 302 (:status response)))
(is (re-find #"/login" (get-in response [:headers "Location"]))))
;; DISCREPANCY: Empty map is truthy, so buddy.auth/authenticated? treats it as authenticated.
;; Only nil identity is treated as unauthenticated.
(let [response (handler {:identity {} :uri "/protected"})]
(is (= 200 (:status response)) "Empty map identity is treated as authenticated"))
;; Request with identity containing role should proceed
(let [response (handler {:identity {:user/role "user"} :uri "/protected"})]
(is (= 200 (:status response)))))))