feat(04-01): add Wave 0 xfail stubs for DOC-02, ADMIN-06, SEC-08, SEC-09
- test_documents.py: append 4 stubs (content_stream 200, 206, admin_403, no_presigned_url)
- test_audit.py: create new file with 4 stubs (viewer, no_doc_content, user_403, export_csv)
- test_security.py: create new file with 2 stubs (credentials_enc_not_in_response, delete_user_cleans_files)
- All stubs: xfail(strict=False), body is pytest.xfail("not implemented yet")
This commit is contained in:
curo1305
@@ -0,0 +1,43 @@
|
||||
"""
|
||||
Audit log API tests — Wave 0 xfail stubs for Phase 4.
|
||||
|
||||
All tests in this file are xfail stubs. They will be implemented in Plan 04-07.
|
||||
The stubs ensure pytest collects them and keeps CI green before implementation
|
||||
code exists.
|
||||
|
||||
Requirement: ADMIN-06 — admin audit log viewer, no doc content, export CSV.
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# ADMIN-06: Audit log viewer
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
@pytest.mark.xfail(strict=False)
|
||||
async def test_audit_log_viewer(async_client, admin_user):
|
||||
"""GET /api/admin/audit-log returns paginated entries."""
|
||||
pytest.xfail("not implemented yet")
|
||||
|
||||
|
||||
@pytest.mark.xfail(strict=False)
|
||||
async def test_audit_log_no_doc_content(async_client, admin_user):
|
||||
"""Audit log entries contain no 'filename' or 'extracted_text' keys in metadata."""
|
||||
pytest.xfail("not implemented yet")
|
||||
|
||||
|
||||
@pytest.mark.xfail(strict=False)
|
||||
async def test_audit_log_regular_user_403(async_client, auth_user):
|
||||
"""GET /api/admin/audit-log with regular user token returns 403."""
|
||||
pytest.xfail("not implemented yet")
|
||||
|
||||
|
||||
@pytest.mark.xfail(strict=False)
|
||||
async def test_audit_log_export_csv(async_client, admin_user):
|
||||
"""GET /api/admin/audit-log/export?format=csv returns CSV content-type."""
|
||||
pytest.xfail("not implemented yet")
|
||||
@@ -336,3 +336,32 @@ async def test_documents_require_auth(async_client):
|
||||
"""
|
||||
resp = await async_client.get("/api/documents")
|
||||
assert resp.status_code in (401, 403), f"Expected 401 or 403, got {resp.status_code}"
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Wave 0 xfail stubs for Phase 4 DOC-02 proxy / content-stream tests
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
@pytest.mark.xfail(strict=False)
|
||||
async def test_content_stream_200(async_client, auth_user):
|
||||
"""GET /api/documents/{id}/content returns 200 with correct Content-Type and Content-Disposition: inline."""
|
||||
pytest.xfail("not implemented yet")
|
||||
|
||||
|
||||
@pytest.mark.xfail(strict=False)
|
||||
async def test_content_stream_206_range(async_client, auth_user):
|
||||
"""GET /api/documents/{id}/content with Range header returns 206 and Content-Range header."""
|
||||
pytest.xfail("not implemented yet")
|
||||
|
||||
|
||||
@pytest.mark.xfail(strict=False)
|
||||
async def test_content_stream_admin_403(async_client, admin_user):
|
||||
"""GET /api/documents/{id}/content with admin JWT returns 403."""
|
||||
pytest.xfail("not implemented yet")
|
||||
|
||||
|
||||
@pytest.mark.xfail(strict=False)
|
||||
async def test_content_stream_no_presigned_url(async_client, auth_user):
|
||||
"""GET /api/documents/{id}/content response body does not contain any presigned URL token."""
|
||||
pytest.xfail("not implemented yet")
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
"""
|
||||
Security invariant tests — Wave 0 xfail stubs for Phase 4.
|
||||
|
||||
All tests in this file are xfail stubs. They will be implemented in Plans
|
||||
04-06 and 04-08 (security hardening). The stubs ensure pytest collects them
|
||||
and keeps CI green before implementation code exists.
|
||||
|
||||
Requirements: SEC-08 (credentials_enc exclusion), SEC-09 (delete-user-cleans-files).
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# SEC-08: credentials_enc never in API response
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
@pytest.mark.xfail(strict=False)
|
||||
async def test_credentials_enc_not_in_response(async_client, auth_user):
|
||||
"""No API response for current user includes credentials_enc field."""
|
||||
pytest.xfail("not implemented yet")
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# SEC-09: Delete user cleans up MinIO objects
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
@pytest.mark.xfail(strict=False)
|
||||
async def test_delete_user_cleans_files(async_client, admin_user):
|
||||
"""Admin DELETE /api/admin/users/{id} triggers MinIO object deletion before DB removal."""
|
||||
pytest.xfail("not implemented yet")
|
||||
Reference in New Issue
Block a user