long-agent/user-system
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e4c16dd6c5f25de6c3852f84d78dd41cccf14e4a
user-system/internal
History
Your Name e4c16dd6c5 test: add comprehensive TOTPHandler security tests 
Add 20+ test functions covering 2FA/TOTP security critical paths:

Status Operations:
- GetTOTPStatus_Success: retrieve 2FA status
- GetTOTPStatus_Unauthorized: auth required

Setup Operations:
- SetupTOTP_Success: generate secret, QR code, recovery codes
- SetupTOTP_AlreadyEnabled: handle already-enabled state
- SetupTOTP_Unauthorized: auth required
- SetupIdempotency: multiple setup calls behavior

Enable Operations:
- EnableTOTP_MissingCode: validation required fields
- EnableTOTP_InvalidCode: reject invalid TOTP codes
- EnableTOTP_NotSetup: require setup before enable
- EnableTOTP_AlreadyEnabled: prevent double-enable

Disable Operations:
- DisableTOTP_MissingCode: validation required fields
- DisableTOTP_NotEnabled: error when 2FA not active
- DisableTOTP_InvalidCode: reject invalid codes

Verification:
- VerifyTOTP_MissingCode: validation
- VerifyTOTP_NotEnabled: error when inactive
- VerifyTOTP_InvalidCode: reject invalid codes
- VerifyTOTP_Unauthorized: auth required
- VerifyTOTP_WithDeviceID: device trust integration

Security & Edge Cases:
- FullFlow_SetupEnableDisable: complete lifecycle
- RecoveryCodes_ExistAfterSetup: verify recovery codes format
- InvalidJSON_Enable: malformed request handling

Coverage: TOTPHandler from 0% to ~80%+
Key security boundaries: auth, setup state, enabled state, code validation
2026-05-30 10:19:50 +08:00
..
api
test: add comprehensive TOTPHandler security tests
2026-05-30 10:19:50 +08:00
auth
fix: close auth, permission, contract and e2e review blockers
2026-05-28 15:19:13 +08:00
cache
test: add sysutil and cache tests
2026-05-29 17:38:48 +08:00
concurrent
fix: P2 security and correctness issues
2026-04-18 20:48:11 +08:00
config
test: realign verification baseline and supporting tests
2026-05-28 15:19:34 +08:00
database
perf: Sprint 19 P0/P1 性能优化落地
2026-04-18 22:57:44 +08:00
domain
test: add domain constants tests
2026-05-29 21:04:33 +08:00
e2e
fix: P2 security and correctness issues
2026-04-18 20:48:11 +08:00
integration
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
middleware
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
monitoring
test: add monitoring collector tests
2026-05-29 17:23:44 +08:00
pagination
test: improve coverage for pagination and domain packages
2026-05-29 14:57:49 +08:00
performance
fix: P2 security and correctness issues
2026-04-18 20:48:11 +08:00
pkg
test: add timezone package tests
2026-05-29 21:20:30 +08:00
repository
test: add repository and domain tests
2026-05-29 16:59:05 +08:00
robustness
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
security
test: add security encryption tests
2026-05-29 17:28:57 +08:00
server
test: add server package tests
2026-05-29 16:04:40 +08:00
service
test: add service header util tests
2026-05-29 18:37:52 +08:00
testdb
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
testutil
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
util
test: expand responseheaders test coverage to 97.2%
2026-05-29 20:13:56 +08:00