Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Notifications MVP #2813

Merged
merged 26 commits into from
Jan 14, 2025

Review: Handling tasks by ID instead of project ID and task number

adb5b20
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Merged

feat: Notifications MVP #2813

Review: Handling tasks by ID instead of project ID and task number
adb5b20
Select commit
Loading
Failed to load commit list.
GitHub Actions / Test report for security:test succeeded Jan 14, 2025 in 0s

49 passed, 0 failed and 0 skipped

Tests passed successfully

Report Passed Failed Skipped Time
backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.AuthenticationDisabledFilterTest.xml 3✅ 171ms
backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.AuthenticationFilterTest.xml 10✅ 172ms
backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.AuthenticationInterceptorTest.xml 4✅ 134ms
backend/security/build/test-results/test/TEST-io.tolgee.security.authorization.OrganizationAuthorizationInterceptorTest.xml 7✅ 167ms
backend/security/build/test-results/test/TEST-io.tolgee.security.authorization.ProjectAuthorizationInterceptorTest.xml 11✅ 320ms
backend/security/build/test-results/test/TEST-io.tolgee.security.ratelimit.GlobalIpRateLimitFilterTest.xml 3✅ 13ms
backend/security/build/test-results/test/TEST-io.tolgee.security.ratelimit.GlobalUserRateLimitFilterTest.xml 3✅ 14ms
backend/security/build/test-results/test/TEST-io.tolgee.security.ratelimit.RateLimitInterceptorTest.xml 8✅ 146ms

✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.AuthenticationDisabledFilterTest.xml

3 tests were completed in 171ms with 3 passed, 0 failed and 0 skipped.

Test suite Passed Failed Skipped Time
io.tolgee.security.authentication.AuthenticationDisabledFilterTest 3✅ 171ms

✅ io.tolgee.security.authentication.AuthenticationDisabledFilterTest

✅ it does not filter when request is OPTIONS()
✅ it does not require authentication to go through()
✅ it does not authenticate when authentication is enabled()

✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.AuthenticationFilterTest.xml

10 tests were completed in 172ms with 10 passed, 0 failed and 0 skipped.

Test suite Passed Failed Skipped Time
io.tolgee.security.authentication.AuthenticationFilterTest 10✅ 172ms

✅ io.tolgee.security.authentication.AuthenticationFilterTest

✅ it does not allow request to go through with invalid JWT tokens()
✅ it does not filter when request is OPTIONS()
✅ it applies a rate limit on authentication attempts()
✅ it allows request to go through when using invalid PAK()
✅ it allows request to go through when using invalid PAT()
✅ it allows request to go through with valid JWT token()
✅ it allows request to go through when using expired PAK()
✅ it allows request to go through when using expired PAT()
✅ it allows request to go through when using valid PAK()
✅ it allows request to go through when using valid PAT()

✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.AuthenticationInterceptorTest.xml

4 tests were completed in 134ms with 4 passed, 0 failed and 0 skipped.

Test suite Passed Failed Skipped Time
io.tolgee.security.authentication.AuthenticationInterceptorTest 4✅ 134ms

✅ io.tolgee.security.authentication.AuthenticationInterceptorTest

✅ it ignores super JWT requirement when authentication is disabled()
✅ it doesn't allow API key authentication by default()
✅ it enforces the super JWT requirement()
✅ it doesn't interfere with basic endpoints()

✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authorization.OrganizationAuthorizationInterceptorTest.xml

7 tests were completed in 167ms with 7 passed, 0 failed and 0 skipped.

Test suite Passed Failed Skipped Time
io.tolgee.security.authorization.OrganizationAuthorizationInterceptorTest 7✅ 167ms

✅ io.tolgee.security.authorization.OrganizationAuthorizationInterceptorTest

✅ rejects access if the user does not have a sufficiently high role()
✅ it hides the organization if the user cannot see it()
✅ not throw when annotated by email verification bypass()
✅ rejects access if the user does not have a verified email()
✅ it has no effect on endpoints not specific to a single organization()
✅ it requires an annotation to be present on the handler()
✅ it does not allow both annotations to be present()

✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authorization.ProjectAuthorizationInterceptorTest.xml

11 tests were completed in 320ms with 11 passed, 0 failed and 0 skipped.

Test suite Passed Failed Skipped Time
io.tolgee.security.authorization.ProjectAuthorizationInterceptorTest 11✅ 320ms

✅ io.tolgee.security.authorization.ProjectAuthorizationInterceptorTest

✅ it hides the organization if the user cannot see it()
✅ permissions work as intended when using implicit project id()
✅ it does not let scopes on the key work if the authenticated user does not have them()
✅ it has no effect on endpoints not specific to a single project()
✅ ensures API key works only for the project it is bound to()
✅ rejects access if the user is admin and authorizes with API key()
✅ rejects access if the user does not have the required scope (single scope)()
✅ it restricts scopes (multiple scopes)()
✅ it requires an annotation to be present on the handler()
✅ it does not allow both annotations to be present()
✅ rejects access if the user does not have the required scope (multiple scopes)()

✅ backend/security/build/test-results/test/TEST-io.tolgee.security.ratelimit.GlobalIpRateLimitFilterTest.xml

3 tests were completed in 13ms with 3 passed, 0 failed and 0 skipped.

Test suite Passed Failed Skipped Time
io.tolgee.security.ratelimit.GlobalIpRateLimitFilterTest 3✅ 13ms

✅ io.tolgee.security.ratelimit.GlobalIpRateLimitFilterTest

✅ it lets requests through()
✅ it does not let rate limited requests through()
✅ it does rate limit if request is OPTIONS()

✅ backend/security/build/test-results/test/TEST-io.tolgee.security.ratelimit.GlobalUserRateLimitFilterTest.xml

3 tests were completed in 14ms with 3 passed, 0 failed and 0 skipped.

Test suite Passed Failed Skipped Time
io.tolgee.security.ratelimit.GlobalUserRateLimitFilterTest 3✅ 14ms

✅ io.tolgee.security.ratelimit.GlobalUserRateLimitFilterTest

✅ it lets requests through()
✅ it does not let rate limited requests through()
✅ it does rate limit if request is OPTIONS()

✅ backend/security/build/test-results/test/TEST-io.tolgee.security.ratelimit.RateLimitInterceptorTest.xml

8 tests were completed in 146ms with 8 passed, 0 failed and 0 skipped.

Test suite Passed Failed Skipped Time
io.tolgee.security.ratelimit.RateLimitInterceptorTest 8✅ 146ms

✅ io.tolgee.security.ratelimit.RateLimitInterceptorTest

✅ it rate limits requests according to the specified policy()
✅ endpoint rate limit policy is correctly extracted from annotations()
✅ endpoint rate limit bucket correctly discriminates against major path variables()
✅ endpoint rate limit uses the correct user or ip discrimination method()
✅ it uses different buckets for different paths()
✅ it does not rate limit when limits are disabled()
✅ it does not rate limit when there are no annotations()
✅ it uses the same buckets for paths with a shared bucket()