phil/StarPunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f10d0679da6250230c9f57efdfcb3b3fdaec7a02
StarPunk/docs/design/v1.0.0/2025-11-19-todo-test-updates.md
Phil Skentelbery f10d0679da feat(tags): Add database schema and tags module (v1.3.0 Phase 1) 
Implements tag/category system backend following microformats2 p-category specification.

Database changes:
- Migration 008: Add tags and note_tags tables
- Normalized tag storage (case-insensitive lookup, display name preserved)
- Indexes for performance

New module:
- starpunk/tags.py: Tag management functions
  - normalize_tag: Normalize tag strings
  - get_or_create_tag: Get or create tag records
  - add_tags_to_note: Associate tags with notes (replaces existing)
  - get_note_tags: Retrieve note tags (alphabetically ordered)
  - get_tag_by_name: Lookup tag by normalized name
  - get_notes_by_tag: Get all notes with specific tag
  - parse_tag_input: Parse comma-separated tag input

Model updates:
- Note.tags property (lazy-loaded, prefer pre-loading in routes)
- Note.to_dict() add include_tags parameter

CRUD updates:
- create_note() accepts tags parameter
- update_note() accepts tags parameter (None = no change, [] = remove all)

Micropub integration:
- Pass tags to create_note() (tags already extracted by extract_tags())
- Return tags in q=source response

Per design doc: docs/design/v1.3.0/microformats-tags-design.md

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-10 11:24:23 -07:00

108 lines
4.0 KiB
Markdown
Raw Blame History

# Test Updates Required for ADR-019 Implementation
## Overview
The following tests need to be updated to reflect the PKCE implementation and removal of OAuth metadata/h-app features.
## Changes Made
1. **`_verify_state_token()` now returns `Optional[str]` (code_verifier) instead of `bool`**
2. **`initiate_login()` now generates and stores PKCE parameters**
3. **`handle_callback()` now accepts `iss` parameter and validates PKCE**
4. **OAuth metadata endpoint removed from `/. well-known/oauth-authorization-server`**
5. **H-app microformats removed from templates**
6. **IndieAuth metadata link removed from HTML head**
## Tests That Need Updating
### tests/test_auth.py
#### State Token Verification Tests
- `test_verify_valid_state_token` - should check for code_verifier string return
- `test_verify_invalid_state_token` - should check for None return
- `test_verify_expired_state_token` - should check for None return
- `test_state_tokens_are_single_use` - should check for code_verifier string return
**Fix**: Change assertions from `is True`/`is False` to check for string/None
#### Initiate Login Tests
- `test_initiate_login_success` - needs to check for PKCE parameters in URL
- `test_initiate_login_stores_state` - needs to check code_verifier stored in DB
**Fix**: Update assertions to check for `code_challenge` and `code_challenge_method=S256` in URL
#### Handle Callback Tests
- `test_handle_callback_success` - needs to mock with code_verifier
- `test_handle_callback_unauthorized_user` - needs to mock with code_verifier
- `test_handle_callback_indielogin_error` - needs to mock with code_verifier
- `test_handle_callback_no_identity` - needs to mock with code_verifier
- `test_handle_callback_logs_http_details` - needs to check /token endpoint
**Fix**:
- Add code_verifier to auth_state inserts in test setup
- Pass `iss` parameter to handle_callback calls
- Check that /token endpoint is called (not /auth)
### tests/test_routes_public.py
#### OAuth Metadata Endpoint Tests (ALL SHOULD BE REMOVED)
- `test_oauth_metadata_endpoint_exists`
- `test_oauth_metadata_content_type`
- `test_oauth_metadata_required_fields`
- `test_oauth_metadata_optional_fields`
- `test_oauth_metadata_field_values`
- `test_oauth_metadata_redirect_uris_is_array`
- `test_oauth_metadata_cache_headers`
- `test_oauth_metadata_valid_json`
- `test_oauth_metadata_uses_config_values`
**Fix**: Delete entire `TestOAuthMetadataEndpoint` class
#### IndieAuth Metadata Link Tests (ALL SHOULD BE REMOVED)
- `test_indieauth_metadata_link_present`
- `test_indieauth_metadata_link_points_to_endpoint`
- `test_indieauth_metadata_link_in_head`
**Fix**: Delete entire `TestIndieAuthMetadataLink` class
### tests/test_templates.py
#### H-app Microformats Tests (ALL SHOULD BE REMOVED)
- `test_h_app_microformats_present`
- `test_h_app_contains_url_and_name_properties`
- `test_h_app_contains_site_url`
- `test_h_app_is_hidden`
- `test_h_app_is_aria_hidden`
**Fix**: Delete entire `TestIndieAuthClientDiscovery` class
### tests/test_routes_dev_auth.py
#### Dev Mode Configuration Test
- `test_dev_mode_requires_dev_admin_me` - May need update if it tests auth flow
**Fix**: Review and update if it tests the auth callback flow
## New Tests to Add
1. **PKCE Integration Tests** - Test full auth flow with PKCE
2. **Issuer Validation Tests** - Test iss parameter validation
3. **Endpoint Tests** - Verify /authorize and /token endpoints are used
4. **Code Verifier Storage Tests** - Verify code_verifier is stored and retrieved
## Priority
**HIGH**: Update core auth tests (state verification, handle_callback)
**MEDIUM**: Remove obsolete tests (OAuth metadata, h-app)
**LOW**: Add new comprehensive integration tests
## Notes
- All PKCE unit tests in `tests/test_auth_pkce.py` are passing
- The implementation is correct, just need to update the tests to match new behavior
- The failing tests are testing OLD behavior that we intentionally changed
## When to Complete
These test updates should be completed before merging to main, but can be done in a follow-up commit on the feature branch.
Reference in New Issue View Git Blame Copy Permalink