Open
Conversation
New test files covering all major API endpoints: - AccountSignup, AccountLogin, AccountAuthenticated - Devices CRUD, Shockers CRUD, Tokens CRUD - Sessions, Users, DeviceEndpoint (hub auth) - Public endpoints, Authorization/isolation, RateLimiter Infrastructure improvements: - TestHelper with direct DB/Redis user creation (bypasses endpoints) - Auth helpers for session cookie, API token, and hub token clients - Rate limiting disabled in test host - Cookie domain includes localhost for test server - Fixed Turnstile mock DTO JSON property names Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Unit tests (Common.Tests): - MathUtils: Haversine distance calculations - StringUtils: Truncate edge cases - PermissionUtils: IsAllowed with all ControlType/permission combos - CryptoUtils: random string length, charset, uniqueness - GravatarUtils: URL format and email hashing - HashingUtils: password hash/verify roundtrip, token hashing, algorithm detection - UsernameValidator: boundary values, special characters Integration tests (API.IntegrationTests): - SignalRUserHubTests: negotiate endpoint auth (session, API token, hub token, invalid) - ShareLinksTests: public share link CRUD, cross-user isolation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds a comprehensive test suite with 374 tests covering both unit and integration testing for the OpenShock API. The PR implements test infrastructure including database/Redis helpers, authentication client factories, and Turnstile mock handling to enable efficient, isolated testing.
Changes:
- Added 248 unit tests for utility classes (HashingUtils, MathUtils, StringUtils, PermissionUtils, CryptoUtils, GravatarUtils, UsernameValidator)
- Added 126 integration tests covering all major API endpoints including account management, devices, shockers, tokens, sessions, users, shares, and SignalR
- Implemented test infrastructure with TestHelper for direct DB/Redis operations, authentication client factories, and rate limiting disabled in test environment
Reviewed changes
Copilot reviewed 26 out of 26 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| Directory.Packages.props | Added SignalR.Client package for SignalR integration tests |
| API.IntegrationTests/API.IntegrationTests.csproj | Added SignalR.Client package reference |
| Common.Tests/Validation/UsernameValidatorTests.cs | Added 11 boundary tests for username validation edge cases |
| Common.Tests/Utils/StringUtilsTests.cs | New test file with 6 tests for string truncation utility |
| Common.Tests/Utils/PermissionUtilsTests.cs | New test file with 13 tests for permission checking logic |
| Common.Tests/Utils/MathUtilsTests.cs | New test file with 7 tests for Haversine distance calculations |
| Common.Tests/Utils/HashingUtilsTests.cs | Expanded with 165 new tests for password/token hashing |
| Common.Tests/Utils/GravatarUtilsTests.cs | New test file with 5 tests for Gravatar URL generation |
| Common.Tests/Utils/CryptoUtilsTests.cs | New test file with 6 tests for random string generation |
| API.IntegrationTests/WebApplicationFactory.cs | Updated to disable rate limiting and add localhost to cookie domains |
| API.IntegrationTests/HttpMessageHandlers/InterceptedHttpMessageHandler.cs | Added JSON property name attributes for Turnstile mock DTO |
| API.IntegrationTests/Helpers/TestHelper.cs | New helper class providing user/device/token creation and authenticated client factories |
| API.IntegrationTests/Tests/AccountSignupTests.cs | 9 tests for V1/V2 signup, validation, and duplicate handling |
| API.IntegrationTests/Tests/AccountLoginTests.cs | 12 tests for V1/V2 login, Turnstile validation, and logout |
| API.IntegrationTests/Tests/AccountAuthenticatedTests.cs | 6 tests for password/username changes |
| API.IntegrationTests/Tests/UsersTests.cs | 5 tests for user self-retrieval and lookup endpoints |
| API.IntegrationTests/Tests/TokensTests.cs | 13 tests for API token CRUD and authentication |
| API.IntegrationTests/Tests/SessionsTests.cs | 5 tests for session management |
| API.IntegrationTests/Tests/DevicesTests.cs | 14 tests for device CRUD, token regeneration, and cross-user isolation |
| API.IntegrationTests/Tests/DeviceEndpointTests.cs | 6 tests for hub/device-authenticated endpoints |
| API.IntegrationTests/Tests/ShockersTests.cs | 12 tests for shocker CRUD, pause/unpause functionality |
| API.IntegrationTests/Tests/ShareLinksTests.cs | 9 tests for share link CRUD and cross-user isolation |
| API.IntegrationTests/Tests/SignalRUserHubTests.cs | 7 tests for SignalR hub negotiate endpoint with various auth methods |
| API.IntegrationTests/Tests/AuthorizationTests.cs | 13 tests for cross-cutting authorization and isolation |
| API.IntegrationTests/Tests/RateLimiterTests.cs | 2 smoke tests verifying rate limiter middleware registration |
| API.IntegrationTests/Tests/PublicTests.cs | 3 tests for public API endpoints |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Cache BCrypt password hashes in TestHelper so each unique password is only hashed once instead of ~100+ times. Add 30s per-test timeout as a safety net. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Limit parallel test execution to ProcessorCount*2 (min 8) to prevent thread pool starvation from synchronous BCrypt in login/signup endpoints. Also bump per-test timeout to 60s and add coverage gitignore entries. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
TestHelperwith direct DB/Redis user creation, auth helpers for session cookie/API token/hub token clients, rate limiting disabled in test host, Turnstile mock fixTest plan
dotnet test --project API.IntegrationTests)dotnet test --project Common.Tests)🤖 Generated with Claude Code