Serreau Jovann
ea50f8e740
Add POST /api/account/lookup route for account lookup by email
...
New API endpoint secured by X-App-Secret header (no JWT auth required).
Accepts an email in the request body and returns the user's id and
stripeAccountId if present. Includes 6 unit tests covering all cases
(success, missing secret, invalid secret, missing email, user not found).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-28 19:03:15 +01:00
Serreau Jovann
c82a9d4d4b
Add ApiAuthTrait tests, mark API controllers for coverage ignore
...
ApiAuthTraitTest (10 tests):
- authenticateRequest: missing headers, invalid token, expired token, user not found, email mismatch, success
- success: without meta, with meta
- error: custom status, default 400
Coverage ignore:
- ApiLiveController: requires DB + JWT integration
- ApiSandboxController: requires JWT integration
- ApiAuthController: login/refresh (DB), sso (Keycloak), helpers (private)
- verifyJwt remains fully tested (7 unit tests)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-23 20:38:55 +01:00
Serreau Jovann
cd3df224e5
Add tests for ApiAuthController (JWT) and ApiDocController (doc/spec/insomnia)
...
ApiAuthControllerTest (7 unit tests):
- verifyJwt valid token, expired token, invalid signature, wrong email
- Malformed token, too few parts, empty payload
ApiDocControllerTest (5 WebTestCase tests):
- /api/doc returns success with env-switcher
- /api/doc/spec.json returns 5 sections array
- /api/doc/insomnia.json downloads with correct format and resources
- Insomnia export contains workspace/environment/request_group/request
- Login request has afterResponseScript for jwt_token auto-store
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-23 20:06:50 +01:00
