CapaKraken

Files

T

Hartmut d3bfa8ca98 test(mfa): full MFA test coverage — unit + E2E

Unit tests (packages/api — 13 tests):
- generateTotpSecret: DB write, returns secret + uri
- verifyAndEnableTotp: valid token enables; invalid/already-enabled/no-secret guards
- verifyTotp (login): valid → ok; invalid → UNAUTHORIZED; not-enabled → BAD_REQUEST
- getCurrentMfaStatus: reads totpEnabled flag

E2E tests (apps/web/e2e/dev-system/mfa.spec.ts — 7 scenarios):
- Setup flow: generate secret, enable with valid code, reject invalid code, UI QR check
- Login flow: MFA prompt appears, valid code logs in, wrong code shows error + stays on prompt
- Login without MFA: no TOTP prompt for users without MFA enabled

Also: start.sh health-check timeout 30s → 90s (container startup can exceed 30s)

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-04-01 22:30:36 +02:00

dev-system

test(mfa): full MFA test coverage — unit + E2E

2026-04-01 22:30:36 +02:00

admin.spec.ts

chore: full technical rename planarchy → capakraken

2026-03-27 13:18:09 +01:00

allocations.spec.ts

security: close audit findings #19–#23 and harden Docker setup (#24 )

2026-04-01 18:19:21 +02:00

assistant-approvals.spec.ts

feat(assistant): add approval inbox and e2e hardening