From c8a0443ad2f42f7910b8a4590b42f73c824cf5a6 Mon Sep 17 00:00:00 2001 From: curo1305 Date: Mon, 25 May 2026 18:25:18 +0200 Subject: [PATCH] feat(04-01): add Wave 0 xfail stubs for DOC-02, ADMIN-06, SEC-08, SEC-09 - test_documents.py: append 4 stubs (content_stream 200, 206, admin_403, no_presigned_url) - test_audit.py: create new file with 4 stubs (viewer, no_doc_content, user_403, export_csv) - test_security.py: create new file with 2 stubs (credentials_enc_not_in_response, delete_user_cleans_files) - All stubs: xfail(strict=False), body is pytest.xfail("not implemented yet") --- backend/tests/test_audit.py | 43 +++++++++++++++++++++++++++++++++ backend/tests/test_documents.py | 29 ++++++++++++++++++++++ backend/tests/test_security.py | 36 +++++++++++++++++++++++++++ 3 files changed, 108 insertions(+) create mode 100644 backend/tests/test_audit.py create mode 100644 backend/tests/test_security.py diff --git a/backend/tests/test_audit.py b/backend/tests/test_audit.py new file mode 100644 index 0000000..c532be0 --- /dev/null +++ b/backend/tests/test_audit.py @@ -0,0 +1,43 @@ +""" +Audit log API tests — Wave 0 xfail stubs for Phase 4. + +All tests in this file are xfail stubs. They will be implemented in Plan 04-07. +The stubs ensure pytest collects them and keeps CI green before implementation +code exists. + +Requirement: ADMIN-06 — admin audit log viewer, no doc content, export CSV. +""" +from __future__ import annotations + +import os + +import pytest + + +# --------------------------------------------------------------------------- +# ADMIN-06: Audit log viewer +# --------------------------------------------------------------------------- + + +@pytest.mark.xfail(strict=False) +async def test_audit_log_viewer(async_client, admin_user): + """GET /api/admin/audit-log returns paginated entries.""" + pytest.xfail("not implemented yet") + + +@pytest.mark.xfail(strict=False) +async def test_audit_log_no_doc_content(async_client, admin_user): + """Audit log entries contain no 'filename' or 'extracted_text' keys in metadata.""" + pytest.xfail("not implemented yet") + + +@pytest.mark.xfail(strict=False) +async def test_audit_log_regular_user_403(async_client, auth_user): + """GET /api/admin/audit-log with regular user token returns 403.""" + pytest.xfail("not implemented yet") + + +@pytest.mark.xfail(strict=False) +async def test_audit_log_export_csv(async_client, admin_user): + """GET /api/admin/audit-log/export?format=csv returns CSV content-type.""" + pytest.xfail("not implemented yet") diff --git a/backend/tests/test_documents.py b/backend/tests/test_documents.py index 0a29e0b..7a44cf7 100644 --- a/backend/tests/test_documents.py +++ b/backend/tests/test_documents.py @@ -336,3 +336,32 @@ async def test_documents_require_auth(async_client): """ resp = await async_client.get("/api/documents") assert resp.status_code in (401, 403), f"Expected 401 or 403, got {resp.status_code}" + + +# --------------------------------------------------------------------------- +# Wave 0 xfail stubs for Phase 4 DOC-02 proxy / content-stream tests +# --------------------------------------------------------------------------- + + +@pytest.mark.xfail(strict=False) +async def test_content_stream_200(async_client, auth_user): + """GET /api/documents/{id}/content returns 200 with correct Content-Type and Content-Disposition: inline.""" + pytest.xfail("not implemented yet") + + +@pytest.mark.xfail(strict=False) +async def test_content_stream_206_range(async_client, auth_user): + """GET /api/documents/{id}/content with Range header returns 206 and Content-Range header.""" + pytest.xfail("not implemented yet") + + +@pytest.mark.xfail(strict=False) +async def test_content_stream_admin_403(async_client, admin_user): + """GET /api/documents/{id}/content with admin JWT returns 403.""" + pytest.xfail("not implemented yet") + + +@pytest.mark.xfail(strict=False) +async def test_content_stream_no_presigned_url(async_client, auth_user): + """GET /api/documents/{id}/content response body does not contain any presigned URL token.""" + pytest.xfail("not implemented yet") diff --git a/backend/tests/test_security.py b/backend/tests/test_security.py new file mode 100644 index 0000000..eba552c --- /dev/null +++ b/backend/tests/test_security.py @@ -0,0 +1,36 @@ +""" +Security invariant tests — Wave 0 xfail stubs for Phase 4. + +All tests in this file are xfail stubs. They will be implemented in Plans +04-06 and 04-08 (security hardening). The stubs ensure pytest collects them +and keeps CI green before implementation code exists. + +Requirements: SEC-08 (credentials_enc exclusion), SEC-09 (delete-user-cleans-files). +""" +from __future__ import annotations + +import os + +import pytest + + +# --------------------------------------------------------------------------- +# SEC-08: credentials_enc never in API response +# --------------------------------------------------------------------------- + + +@pytest.mark.xfail(strict=False) +async def test_credentials_enc_not_in_response(async_client, auth_user): + """No API response for current user includes credentials_enc field.""" + pytest.xfail("not implemented yet") + + +# --------------------------------------------------------------------------- +# SEC-09: Delete user cleans up MinIO objects +# --------------------------------------------------------------------------- + + +@pytest.mark.xfail(strict=False) +async def test_delete_user_cleans_files(async_client, admin_user): + """Admin DELETE /api/admin/users/{id} triggers MinIO object deletion before DB removal.""" + pytest.xfail("not implemented yet")