[Week 4] Write Comprehensive Test SuiteΒ #18
Description
Description
Write comprehensive tests for all authentication functionality to ensure reliability and security.
Test Coverage Required
Unit Tests
- User registration validation
- Password hashing and verification
- OTP generation and validation
- JWT token generation and validation
- Session management functions
- Email validation against university domains
- Rate limiting logic
- Brute force protection logic
Integration Tests
- Complete registration flow (signup β verify)
- Login flow with valid credentials
- Login flow with invalid credentials
- Token refresh flow
- Logout flow
- Password reset complete flow
- Session management across devices
- Rate limiting enforcement
- Account lockout scenario
Security Tests
- SQL injection attempts
- XSS attempts in input
- CSRF protection (if applicable)
- Brute force attempts
- Rate limit bypass attempts
- Token tampering
- Expired token handling
Edge Cases
- Duplicate registration attempts
- Expired OTP codes
- Multiple simultaneous logins
- Session conflicts
- Network failure during email send
- Database connection issues
Test Organization
test/
βββ wavve_backend/
β βββ accounts/
β βββ user_test.exs
β βββ session_test.exs
β βββ otp_token_test.exs
βββ wavve_backend_web/
βββ controllers/
βββ auth_controller_test.exs
Coverage Goal
- Minimum 80% code coverage
- 100% coverage for security-critical code
- All happy paths tested
- All error paths tested
Test Helpers
Create test helpers for:
- Creating test users
- Generating valid/invalid tokens
- Mocking email delivery
- Setting up test sessions
Definition of Done
- All tests written and passing
- Coverage meets minimum 80%
- CI/CD integration ready
- Test documentation added
- No flaky tests