9 Commits

Author	SHA1	Message	Date
Yaojia Wang	6a70933886	test(signalr): Add comprehensive SignalR test suite ... Implemented 90+ unit and integration tests for SignalR realtime collaboration: Hub Unit Tests (59 tests - 100% passing): - BaseHubTests.cs: 13 tests (connection, authentication, tenant isolation) - ProjectHubTests.cs: 18 tests (join/leave project, typing indicators, permissions) - NotificationHubTests.cs: 8 tests (mark as read, caller isolation) - RealtimeNotificationServiceTests.cs: 17 tests (all notification methods) - ProjectNotificationServiceAdapterTests.cs: 6 tests (adapter delegation) Integration & Security Tests (31 tests): - SignalRSecurityTests.cs: 10 tests (multi-tenant isolation, auth validation) - SignalRCollaborationTests.cs: 10 tests (multi-user scenarios) - TestJwtHelper.cs: JWT token generation utilities Test Infrastructure: - Created ColaFlow.API.Tests project with proper dependencies - Added TestHelpers for reflection-based property extraction - Updated ColaFlow.IntegrationTests with Moq and FluentAssertions Test Metrics: - Total Tests: 90 tests (59 unit + 31 integration) - Pass Rate: 100% for unit tests (59/59) - Pass Rate: 71% for integration tests (22/31 - 9 need refactoring) - Code Coverage: Comprehensive coverage of all SignalR components - Execution Time: <100ms for all unit tests Coverage Areas: ✅ Hub connection lifecycle (connect, disconnect, abort) ✅ Authentication & authorization (JWT, claims extraction) ✅ Multi-tenant isolation (tenant groups, cross-tenant prevention) ✅ Real-time notifications (project, issue, user events) ✅ Permission validation (project membership checks) ✅ Typing indicators (multi-user collaboration) ✅ Service layer (RealtimeNotificationService, Adapter pattern) Files Added: - tests/ColaFlow.API.Tests/ (new test project) - ColaFlow.API.Tests.csproj - Helpers/TestHelpers.cs - Hubs/BaseHubTests.cs (13 tests) - Hubs/ProjectHubTests.cs (18 tests) - Hubs/NotificationHubTests.cs (8 tests) - Services/RealtimeNotificationServiceTests.cs (17 tests) - Services/ProjectNotificationServiceAdapterTests.cs (6 tests) - tests/ColaFlow.IntegrationTests/SignalR/ - SignalRSecurityTests.cs (10 tests) - SignalRCollaborationTests.cs (10 tests) - TestJwtHelper.cs All unit tests passing. Integration tests demonstrate comprehensive scenarios but need minor refactoring for mock verification precision. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-04 19:02:08 +01:00
Yaojia Wang	9ed2bc36bd	feat(backend): Implement 3 CRITICAL Day 8 Gap Fixes from Architecture Analysis ... Implemented all 3 critical fixes identified in Day 6 Architecture Gap Analysis: **Fix 1: UpdateUserRole Feature (RESTful PUT endpoint)** - Created UpdateUserRoleCommand and UpdateUserRoleCommandHandler - Added PUT /api/tenants/{tenantId}/users/{userId}/role endpoint - Implements self-demotion prevention (cannot demote self from TenantOwner) - Implements last owner protection (cannot remove last TenantOwner) - Returns UserWithRoleDto with updated role information - Follows RESTful best practices (PUT for updates) **Fix 2: Last TenantOwner Deletion Prevention (Security)** - Verified CountByTenantAndRoleAsync repository method exists - Verified IsLastTenantOwnerAsync validation in RemoveUserFromTenantCommandHandler - UpdateUserRoleCommandHandler now prevents: * Self-demotion from TenantOwner role * Removing the last TenantOwner from tenant - SECURITY: Prevents tenant from becoming ownerless (critical vulnerability fix) **Fix 3: Database-Backed Rate Limiting (Security & Reliability)** - Created EmailRateLimit entity with proper domain logic - Added EmailRateLimitConfiguration for EF Core - Implemented DatabaseEmailRateLimiter service (replaces MemoryRateLimitService) - Updated DependencyInjection to use database-backed implementation - Created database migration: AddEmailRateLimitsTable - Added composite unique index on (email, tenant_id, operation_type) - SECURITY: Rate limit state persists across server restarts (prevents email bombing) - Implements cleanup logic for expired rate limit records **Testing:** - Added 9 comprehensive integration tests in Day8GapFixesTests.cs - Fix 1: 3 tests (valid update, self-demote prevention, idempotency) - Fix 2: 3 tests (remove last owner fails, update last owner fails, remove 2nd-to-last succeeds) - Fix 3: 3 tests (persists across requests, expiry after window, prevents bulk emails) - 6 tests passing, 3 skipped (long-running/environment-specific tests) **Files Changed:** - 6 new files created - 6 existing files modified - 1 database migration added - All existing tests still pass (no regressions) **Verification:** - Build succeeds with no errors - All critical business logic tests pass - Database migration generated successfully - Security vulnerabilities addressed 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-03 23:17:41 +01:00
Yaojia Wang	312df4b70e	Adjust test	2025-11-03 22:29:31 +01:00
Yaojia Wang	a220e5d5d7	Refactor	2025-11-03 21:02:14 +01:00
Yaojia Wang	709068f68b	In progress	2025-11-03 20:19:48 +01:00
Yaojia Wang	32a25b3b35	In progress	2025-11-03 20:02:41 +01:00
Yaojia Wang	dbbb49e5b6	fix(backend): Fix integration test failures - GlobalExceptionHandler and test isolation ... Fixed 8 failing integration tests by addressing two root causes: 1. GlobalExceptionHandler returning incorrect HTTP status codes - Added handling for UnauthorizedAccessException → 401 - Added handling for ArgumentException/InvalidOperationException → 400 - Added handling for DbUpdateException (duplicate key) → 409 - Now correctly maps exception types to HTTP status codes 2. Test isolation issue with shared HttpClient - Modified DatabaseFixture to create new HttpClient for each test - Prevents Authorization header pollution between tests - Ensures clean test state for authentication tests Test Results: - Before: 23/31 passed (8 failed) - After: 31/31 passed (0 failed) Changes: - Enhanced GlobalExceptionHandler with proper status code mapping - Fixed DatabaseFixture.Client to create isolated instances - All authentication and RBAC tests now pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-03 17:38:40 +01:00
Yaojia Wang	4183b10b39	Commit all scripts	2025-11-03 17:19:20 +01:00
Yaojia Wang	ebdd4ee0d7	fix(backend): Fix Integration Test database provider conflict with environment-aware DI ... Implement environment-aware dependency injection to resolve EF Core provider conflict in Integration Tests. The issue was caused by both PostgreSQL and InMemory providers being registered in the same service provider. Changes: - Modified Identity Module DependencyInjection to skip PostgreSQL DbContext registration in Testing environment - Modified ProjectManagement Module ModuleExtensions with same environment check - Updated Program.cs to pass IHostEnvironment to both module registration methods - Added Microsoft.Extensions.Hosting.Abstractions package to Identity.Infrastructure project - Updated ColaFlowWebApplicationFactory to set Testing environment and register InMemory databases - Simplified WebApplicationFactory by removing complex RemoveAll logic Results: - All 31 Integration Tests now run (previously only 1 ran) - No EF Core provider conflict errors - 23 tests pass, 8 tests fail (failures are business logic issues, not infrastructure) - Production environment still uses PostgreSQL as expected 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-03 17:16:31 +01:00