phil/StarPunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8e943fd56260c9854815fea698e3503036208259
StarPunk/docs/reports/2025-11-19-todo-test-updates.md
Phil Skentelbery 066cde8c46 docs: Extract and organize CLAUDE.MD content, restructure documentation 
This commit performs comprehensive documentation reorganization:

1. Extracted testing checklist from CLAUDE.MD to docs/standards/testing-checklist.md
   - Consolidated manual testing checklist
   - Added validation tools and resources
   - Created pre-release validation workflow

2. Streamlined CLAUDE.md to lightweight operational instructions
   - Python environment setup (uv)
   - Agent-developer protocol
   - Key documentation references
   - Removed redundant content (already in other docs)

3. Removed CLAUDE.MD (uppercase) - content was redundant
   - All content already exists in architecture/overview.md and projectplan docs
   - Only unique content (testing checklist) was extracted

4. Moved root documentation files to appropriate locations:
   - CONTAINER_IMPLEMENTATION_SUMMARY.md -> docs/reports/2025-11-19-container-implementation-summary.md
   - QUICKFIX-AUTH-LOOP.md -> docs/reports/2025-11-18-quickfix-auth-loop.md
   - TECHNOLOGY-STACK-SUMMARY.md -> docs/architecture/technology-stack-legacy.md
   - TODO_TEST_UPDATES.md -> docs/reports/2025-11-19-todo-test-updates.md

5. Consolidated design folders:
   - Moved all docs/designs/ content into docs/design/
   - Renamed PHASE-5-EXECUTIVE-SUMMARY.md to phase-5-executive-summary.md (consistent naming)
   - Removed empty docs/designs/ directory

6. Added ADR-021: IndieAuth Provider Strategy
   - Documents decision to build own IndieAuth provider
   - Explains rationale and trade-offs

Repository root now contains only: README.md, CLAUDE.md, CHANGELOG.md

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-24 10:17:50 -07:00

4.0 KiB
Raw Blame History

Test Updates Required for ADR-019 Implementation

Overview

The following tests need to be updated to reflect the PKCE implementation and removal of OAuth metadata/h-app features.

Changes Made

  1. _verify_state_token() now returns Optional[str] (code_verifier) instead of bool
  2. initiate_login() now generates and stores PKCE parameters
  3. handle_callback() now accepts iss parameter and validates PKCE
  4. OAuth metadata endpoint removed from /. well-known/oauth-authorization-server
  5. H-app microformats removed from templates
  6. IndieAuth metadata link removed from HTML head

Tests That Need Updating

tests/test_auth.py

State Token Verification Tests

  • test_verify_valid_state_token - should check for code_verifier string return
  • test_verify_invalid_state_token - should check for None return
  • test_verify_expired_state_token - should check for None return
  • test_state_tokens_are_single_use - should check for code_verifier string return

Fix: Change assertions from is True/is False to check for string/None

Initiate Login Tests

  • test_initiate_login_success - needs to check for PKCE parameters in URL
  • test_initiate_login_stores_state - needs to check code_verifier stored in DB

Fix: Update assertions to check for code_challenge and code_challenge_method=S256 in URL

Handle Callback Tests

  • test_handle_callback_success - needs to mock with code_verifier
  • test_handle_callback_unauthorized_user - needs to mock with code_verifier
  • test_handle_callback_indielogin_error - needs to mock with code_verifier
  • test_handle_callback_no_identity - needs to mock with code_verifier
  • test_handle_callback_logs_http_details - needs to check /token endpoint

Fix:

  • Add code_verifier to auth_state inserts in test setup
  • Pass iss parameter to handle_callback calls
  • Check that /token endpoint is called (not /auth)

tests/test_routes_public.py

OAuth Metadata Endpoint Tests (ALL SHOULD BE REMOVED)

  • test_oauth_metadata_endpoint_exists
  • test_oauth_metadata_content_type
  • test_oauth_metadata_required_fields
  • test_oauth_metadata_optional_fields
  • test_oauth_metadata_field_values
  • test_oauth_metadata_redirect_uris_is_array
  • test_oauth_metadata_cache_headers
  • test_oauth_metadata_valid_json
  • test_oauth_metadata_uses_config_values

Fix: Delete entire TestOAuthMetadataEndpoint class

IndieAuth Metadata Link Tests (ALL SHOULD BE REMOVED)

  • test_indieauth_metadata_link_present
  • test_indieauth_metadata_link_points_to_endpoint
  • test_indieauth_metadata_link_in_head

Fix: Delete entire TestIndieAuthMetadataLink class

tests/test_templates.py

H-app Microformats Tests (ALL SHOULD BE REMOVED)

  • test_h_app_microformats_present
  • test_h_app_contains_url_and_name_properties
  • test_h_app_contains_site_url
  • test_h_app_is_hidden
  • test_h_app_is_aria_hidden

Fix: Delete entire TestIndieAuthClientDiscovery class

tests/test_routes_dev_auth.py

Dev Mode Configuration Test

  • test_dev_mode_requires_dev_admin_me - May need update if it tests auth flow

Fix: Review and update if it tests the auth callback flow

New Tests to Add

  1. PKCE Integration Tests - Test full auth flow with PKCE
  2. Issuer Validation Tests - Test iss parameter validation
  3. Endpoint Tests - Verify /authorize and /token endpoints are used
  4. Code Verifier Storage Tests - Verify code_verifier is stored and retrieved

Priority

HIGH: Update core auth tests (state verification, handle_callback) MEDIUM: Remove obsolete tests (OAuth metadata, h-app) LOW: Add new comprehensive integration tests

Notes

  • All PKCE unit tests in tests/test_auth_pkce.py are passing
  • The implementation is correct, just need to update the tests to match new behavior
  • The failing tests are testing OLD behavior that we intentionally changed

When to Complete

These test updates should be completed before merging to main, but can be done in a follow-up commit on the feature branch.

Reference in New Issue View Git Blame Copy Permalink