CapaKraken

Hartmut/CapaKraken

Fork 0

Commit Graph

Author	SHA1	Message	Date
Hartmut	d3bfa8ca98	test(mfa): full MFA test coverage — unit + E2E Unit tests (packages/api — 13 tests): - generateTotpSecret: DB write, returns secret + uri - verifyAndEnableTotp: valid token enables; invalid/already-enabled/no-secret guards - verifyTotp (login): valid → ok; invalid → UNAUTHORIZED; not-enabled → BAD_REQUEST - getCurrentMfaStatus: reads totpEnabled flag E2E tests (apps/web/e2e/dev-system/mfa.spec.ts — 7 scenarios): - Setup flow: generate secret, enable with valid code, reject invalid code, UI QR check - Login flow: MFA prompt appears, valid code logs in, wrong code shows error + stays on prompt - Login without MFA: no TOTP prompt for users without MFA enabled Also: start.sh health-check timeout 30s → 90s (container startup can exceed 30s) Co-Authored-By: claude-flow <ruv@ruv.net>	2026-04-01 22:30:36 +02:00

Author

SHA1

Message

Date

Hartmut

d3bfa8ca98

test(mfa): full MFA test coverage — unit + E2E

Unit tests (packages/api — 13 tests):
- generateTotpSecret: DB write, returns secret + uri
- verifyAndEnableTotp: valid token enables; invalid/already-enabled/no-secret guards
- verifyTotp (login): valid → ok; invalid → UNAUTHORIZED; not-enabled → BAD_REQUEST
- getCurrentMfaStatus: reads totpEnabled flag

E2E tests (apps/web/e2e/dev-system/mfa.spec.ts — 7 scenarios):
- Setup flow: generate secret, enable with valid code, reject invalid code, UI QR check
- Login flow: MFA prompt appears, valid code logs in, wrong code shows error + stays on prompt
- Login without MFA: no TOTP prompt for users without MFA enabled

Also: start.sh health-check timeout 30s → 90s (container startup can exceed 30s)

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-04-01 22:30:36 +02:00

1 Commits