# Integration Tests for MockForge Collaboration
This directory contains comprehensive integration tests for the Cloud Collaboration Mode API.
## Test Structure
### Test Files
1. **`auth_tests.rs`** - Authentication endpoints
- User registration (success, duplicate username)
- User login (success, wrong password, nonexistent user)
- JWT token generation and validation
2. **`workspace_tests.rs`** - Workspace management
- CRUD operations (create, read, update, delete)
- Authorization checks (unauthorized access)
- Member management (add, list, remove)
- Role-based permissions (viewer cannot update)
3. **`version_control_tests.rs`** - Version control features
- Commit creation and listing
- Permission checks (viewer forbidden)
- Input validation (empty/long messages, invalid names)
- Pagination support
- Snapshot creation and retrieval
- Restore operations
- Cross-workspace security
- Version increment tracking
### Test Infrastructure
**`common/mod.rs`** provides:
- `TestContext`: Test setup with in-memory SQLite database
- Helper methods for creating users, workspaces, and members
- Auto-cleanup with temp directories
- Router setup for API testing
## Running Tests
### Prerequisites
The tests require SQLx offline mode or a configured database. Due to SQLx compile-time checking,
you have two options:
#### Option 1: SQLX_OFFLINE Mode (Recommended for CI)
```bash
SQLX_OFFLINE=true cargo test --tests
```
#### Option 2: With Database
```bash
# Set up database URL
export DATABASE_URL="sqlite:test.db"
# Run migrations
sqlx migrate run
# Prepare query metadata
cargo sqlx prepare
# Run tests
cargo test --tests
```
### Run Specific Test Suites
```bash
# Auth tests only
cargo test --test auth_tests
# Workspace tests only
cargo test --test workspace_tests
# Version control tests only
cargo test --test version_control_tests
```
### Run Specific Tests
```bash
# Run a single test
cargo test test_create_commit_success
# Run tests matching a pattern
cargo test commit
```
## Test Coverage
### Authentication (6 tests)
- ✅ Successful registration with token generation
- ✅ Duplicate username rejection
- ✅ Successful login
- ✅ Wrong password rejection
- ✅ Nonexistent user handling
### Workspace Management (11 tests)
- ✅ Create workspace
- ✅ Create without auth (401)
- ✅ List user workspaces
- ✅ Get workspace details
- ✅ Update workspace
- ✅ Delete workspace
- ✅ Add member to workspace
- ✅ List workspace members
- ✅ Viewer cannot update (403)
### Version Control (20 tests)
**Commits:**
- ✅ Create commit successfully
- ✅ Viewer cannot create commit (403)
- ✅ Empty commit message validation (400)
- ✅ Long commit message validation (400)
- ✅ List commits with pagination
- ✅ Get specific commit
- ✅ Cross-workspace commit access denied (400)
- ✅ Restore to commit
- ✅ Viewer cannot restore (403)
- ✅ Commit version auto-increment
**Snapshots:**
- ✅ Create snapshot successfully
- ✅ Invalid snapshot name (400)
- ✅ Snapshot name too long (400)
- ✅ List snapshots
- ✅ Get snapshot by name
### Total: 37 Integration Tests
## Test Patterns
### 1. Happy Path Testing
```rust
#[tokio::test]
async fn test_create_commit_success() {
let ctx = TestContext::new().await;
let (user, token) = ctx.create_test_user("editor", "editor@example.com").await;
let workspace_id = ctx.create_test_workspace(user.id, "Test").await;
let response = ctx.router.clone().oneshot(
Request::builder()
.method("POST")
.uri(&format!("/workspaces/{}/commits", workspace_id))
.header(auth_header(&token).0, auth_header(&token).1)
.body(Body::from(json!({...}).to_string()))
.unwrap()
).await.unwrap();
assert_eq!(response.status(), StatusCode::OK);
}
```
### 2. Authorization Testing
```rust
#[tokio::test]
async fn test_viewer_cannot_create_commit() {
// Create owner and viewer
// Add viewer to workspace
// Attempt operation as viewer
assert_eq!(response.status(), StatusCode::FORBIDDEN);
}
```
### 3. Validation Testing
```rust
#[tokio::test]
async fn test_commit_message_too_long() {
let long_message = "a".repeat(501);
// Send request with long message
assert_eq!(response.status(), StatusCode::BAD_REQUEST);
}
```
### 4. Security Testing
```rust
#[tokio::test]
async fn test_cross_workspace_commit_access() {
// Create commit in workspace1
// Try to access from workspace2
assert_eq!(response.status(), StatusCode::BAD_REQUEST);
}
```
## Known Issues
### SQLx Compile-Time Checking
Due to SQLx's compile-time query validation, the tests require either:
1. `SQLX_OFFLINE=true` environment variable, OR
2. A configured database with `DATABASE_URL`
See `../SQLX_SETUP.md` for details on resolving SQLx type checking issues.
### Workaround
Until SQLx setup is complete, the test code is validated and ready to run.
All test logic is sound and will execute successfully once SQLx is configured.
## Future Enhancements
### Additional Test Coverage Needed:
1. WebSocket integration tests
2. Concurrent access tests
3. Performance/load tests
4. Mock/endpoint management tests (when implemented)
5. Conflict resolution tests
6. Real-time sync tests
### Test Infrastructure Improvements:
1. Shared test fixtures
2. Test data builders
3. Custom assertions
4. Test utilities for WebSocket connections
5. Async test helpers
## Contributing
When adding new endpoints or features:
1. Add corresponding integration tests
2. Test both happy path and error cases
3. Verify authentication and authorization
4. Test input validation
5. Check edge cases and boundary conditions
6. Update this README with new test counts
## Test Maintenance
- Tests use in-memory SQLite databases (fast, isolated)
- Each test creates a fresh `TestContext` (no state leakage)
- Temp directories auto-cleanup on drop
- No manual database cleanup needed