Gondulf

phil/Gondulf

Fork 0

Commit Graph

Author	SHA1	Message	Date
Phil Skentelbery	bf69588426	test: update tests for session-based auth flow Update E2E and integration tests to work with the new session-based authentication flow that requires email verification on every login. Changes: - Add mock fixtures for DNS, email, HTML fetcher, and auth session services - Update test fixtures to use session_id instead of passing auth params directly to consent endpoint - Create flow_app_with_mocks and e2e_app_with_mocks fixtures for proper test isolation - Update TestAuthenticationFlow and TestAuthorizationFlow fixtures to yield (client, code, consent_data) tuples - Update all test methods to unpack the new fixture format The new flow: 1. GET /authorize -> verify_code.html (email verification) 2. POST /authorize/verify-code -> consent page 3. POST /authorize/consent with session_id -> redirect with auth code 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-22 15:30:10 -07:00
Phil Skentelbery	052d3ad3e1	feat(auth): implement response_type=id authentication flow Implements both IndieAuth flows per W3C specification: - Authentication flow (response_type=id): Code redeemed at authorization endpoint, returns only user identity - Authorization flow (response_type=code): Code redeemed at token endpoint, returns access token Changes: - Authorization endpoint GET: Accept response_type=id (default) and code - Authorization endpoint POST: Handle code verification for authentication flow - Token endpoint: Validate response_type=code for authorization flow - Store response_type in authorization code metadata - Update metadata endpoint: response_types_supported=[code, id], code_challenge_methods_supported=[S256] The default behavior now correctly defaults to response_type=id when omitted, per IndieAuth spec section 5.2. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-22 12:23:20 -07:00
Phil Skentelbery	e1f79af347	feat(test): add Phase 5b integration and E2E tests Add comprehensive integration and end-to-end test suites: - Integration tests for API flows (authorization, token, verification) - Integration tests for middleware chain and security headers - Integration tests for domain verification services - E2E tests for complete authentication flows - E2E tests for error scenarios and edge cases - Shared test fixtures and utilities in conftest.py - Rename Dockerfile to Containerfile for Podman compatibility 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-21 22:22:04 -07:00

Author

SHA1

Message

Date

Phil Skentelbery

bf69588426

test: update tests for session-based auth flow

Update E2E and integration tests to work with the new session-based
authentication flow that requires email verification on every login.

Changes:
- Add mock fixtures for DNS, email, HTML fetcher, and auth session services
- Update test fixtures to use session_id instead of passing auth params
  directly to consent endpoint
- Create flow_app_with_mocks and e2e_app_with_mocks fixtures for proper
  test isolation
- Update TestAuthenticationFlow and TestAuthorizationFlow fixtures to
  yield (client, code, consent_data) tuples
- Update all test methods to unpack the new fixture format

The new flow:
1. GET /authorize -> verify_code.html (email verification)
2. POST /authorize/verify-code -> consent page
3. POST /authorize/consent with session_id -> redirect with auth code

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-22 15:30:10 -07:00

Phil Skentelbery

052d3ad3e1

feat(auth): implement response_type=id authentication flow

Implements both IndieAuth flows per W3C specification:
- Authentication flow (response_type=id): Code redeemed at authorization endpoint, returns only user identity
- Authorization flow (response_type=code): Code redeemed at token endpoint, returns access token

Changes:
- Authorization endpoint GET: Accept response_type=id (default) and code
- Authorization endpoint POST: Handle code verification for authentication flow
- Token endpoint: Validate response_type=code for authorization flow
- Store response_type in authorization code metadata
- Update metadata endpoint: response_types_supported=[code, id], code_challenge_methods_supported=[S256]

The default behavior now correctly defaults to response_type=id when omitted, per IndieAuth spec section 5.2.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-22 12:23:20 -07:00

Phil Skentelbery

e1f79af347

feat(test): add Phase 5b integration and E2E tests

Add comprehensive integration and end-to-end test suites:
- Integration tests for API flows (authorization, token, verification)
- Integration tests for middleware chain and security headers
- Integration tests for domain verification services
- E2E tests for complete authentication flows
- E2E tests for error scenarios and edge cases
- Shared test fixtures and utilities in conftest.py
- Rename Dockerfile to Containerfile for Podman compatibility

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-21 22:22:04 -07:00

3 Commits