curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
159 Commits 1 Branch 0 Tags
3180e759de0d20cd1caf52319d32c808c65d4b89
Commit Graph

7 Commits

Author SHA1 Message Date
curo1305 e2e499b8b1 feat(05-10): oauth_initiate returns 200 JSON {url} instead of 302 redirect 
- Remove response_class=RedirectResponse from @router.get decorator
- Replace both RedirectResponse(status_code=302) returns with JSONResponse({url})
- Frontend can now inject Bearer header before navigating to OAuth URL (T-05-10-01)
- Update test_connect_google_drive to expect 200 JSON (regression fix)
 2026-05-30 11:24:33 +02:00
curo1305 9b6d3f91d4 test(05-10): add failing tests for OAuth initiate JSON URL return 2026-05-30 11:23:38 +02:00
curo1305 6d094d17f0 feat(05-09): PATCH /documents/{id} endpoint + cloud-aware Celery re-analyze 
- Add DocumentPatch Pydantic model with filename and folder_id optional fields
- Add PATCH /api/documents/{doc_id} endpoint: ownership guard, model_fields_set
  to distinguish absent vs null folder_id, returns updated metadata dict
- Update _run() in document_tasks.py to use get_storage_backend_for_document
  for non-MinIO backends instead of hardcoded MinIO path
- CloudConnectionError caught in cloud path: returns extract_failed status
- Update test to use pure unit mocks (no PostgreSQL) for _run() cloud routing
- All 3 plan tests pass; 23 test_cloud.py tests pass
 2026-05-30 11:16:01 +02:00
curo1305 9bc056100c test(05-09): add failing tests for PATCH /documents/{id} and cloud-aware re-analyze 
- test_patch_document_filename: expects 200 with updated filename (PATCH endpoint missing → 405)
- test_patch_document_wrong_owner: expects 404 for non-owner (PATCH endpoint missing → 405)
- test_reanalyze_cloud_document_routes_to_cloud_backend: expects cloud backend called for nextcloud docs
 2026-05-30 11:13:31 +02:00
curo1305 d84e38acca test(05-06): promote 11 integration test stubs to real passing tests 
- test_connect_google_drive: OAuth initiate redirects to Google (Redis mocked)
- test_oauth_callback_valid_state: valid state + mocked Flow.fetch_token → 302 (CLOUD-01)
- test_oauth_callback_invalid_state: invalid state → error redirect (CLOUD-01)
- test_webdav_connect_validates: localhost URL → 422 (D-17 SSRF)
- test_credentials_enc_not_exposed: credentials_enc absent from response (CLOUD-02, SEC-08)
- test_cloud_upload_no_presigned: cloud upload returns no upload_url (CLOUD-03)
- test_connection_status_display: ACTIVE status in list response (CLOUD-04)
- test_invalid_grant_sets_requires_reauth: 503 on invalid_grant (CLOUD-05)
- test_disconnect_deletes_credentials: DELETE 204 + DB row gone (CLOUD-06)
- test_admin_cannot_see_credentials: admin gets 403 (SEC-08 IDOR)
- test_cross_user_idor: wrong-owner delete → 404 (SEC-08 IDOR)

Also fix CloudConnectionOut.id field validator to accept UUID objects from ORM
(Rule 1: Bug - UUID id caused pydantic validation error on list_connections)

All 20 cloud tests PASSED; full suite: 282 passed, 1 pre-existing failure
 2026-05-29 07:51:02 +02:00
curo1305 096bb48116 test(05-06): promote 4 unit test stubs to real passing tests 
- test_credential_round_trip: verifies HKDF AES-256-GCM round-trip (CLOUD-02)
- test_ssrf_validation: parametrized over 6 URLs (5 blocked, 1 public) (D-17)
- test_ssrf_link_local: explicit link-local 169.254.x.x check (D-17)
- test_factory_returns_correct_backend: mock-based factory test (CLOUD-07)
All 4 tests PASSED; no xfail decorators remaining on these tests
 2026-05-29 07:47:33 +02:00
curo1305 231dfcd987 test(05-01): create test_cloud.py with 15 Phase 5 xfail stubs 
All 15 stubs decorated with @pytest.mark.xfail(strict=False) covering
CLOUD-01..07, D-17 SSRF (test_ssrf_validation parametrized + test_ssrf_link_local),
and SEC-08/IDOR (test_admin_cannot_see_credentials, test_cross_user_idor).
pytest tests/test_cloud.py exits 0 with 19 xfailed (19 = 15 stubs + 4 parametrize variants).
 2026-05-28 20:49:18 +02:00