xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Implement admin back-pass flow and guarded admin actions"

Browse Source 
This reverts commit 5595bfd3b1.
This commit is contained in:
Frank Tovar
2026-02-08 14:43:26 +01:00
parent 5595bfd3b1
commit 5ec18d20ea
25 changed files with 108 additions and 571 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
GameList.Tests/AdminTests.cs
View File

@@ -77,13 +77,7 @@ public class AdminTests
Score = 8
});
var resp = await admin.SendAsync(new HttpRequestMessage(HttpMethod.Delete, $"/api/admin/players/{await player.GetProfileIdAsync()}")
{
Content = JsonContent.Create(new
{
AdminPassword = "Pass123!"
})
});
var resp = await admin.DeleteAsync($"/api/admin/players/{await player.GetProfileIdAsync()}");
resp.EnsureSuccessStatusCode();
await factory.WithDbContextAsync(db =>
@@ -195,10 +189,7 @@ public class AdminTests
await player.RegisterAsync("player");
await player.CreateSuggestionAsync("Keep");
var reset = await admin.PostAsJsonAsync("/api/admin/reset", new
{
AdminPassword = "Pass123!"
});
var reset = await admin.PostAsJsonAsync("/api/admin/reset", new { });
reset.EnsureSuccessStatusCode();
await factory.WithDbContextAsync(db =>
@@ -218,10 +209,7 @@ public class AdminTests
}
});
var factoryReset = await admin.PostAsJsonAsync("/api/admin/factory-reset", new
{
AdminPassword = "Pass123!"
});
var factoryReset = await admin.PostAsJsonAsync("/api/admin/factory-reset", new { });
factoryReset.EnsureSuccessStatusCode();
await factory.WithDbContextAsync(db =>
@@ -241,26 +229,21 @@ public class AdminTests
}
[Fact]
public async Task Admin_results_closing_moves_only_players_with_suggestions_back_to_vote()
public async Task Admin_results_closing_moves_back_to_vote_and_clears_finalize()
{
await using var factory = new TestWebApplicationFactory();
var admin = factory.CreateClientWithCookies();
await admin.RegisterAsync("admin", admin: true);
var player = factory.CreateClientWithCookies();
await player.RegisterAsync("player");
var fresh = factory.CreateClientWithCookies();
await fresh.RegisterAsync("fresh");
await player.CreateSuggestionAsync("Player game");
var open = await admin.PostAsJsonAsync("/api/admin/results", new { resultsOpen = true });
open.EnsureSuccessStatusCode();
await factory.WithDbContextAsync(async db =>
{
var p = await db.Players.SingleAsync(x => x.Username == "player");
var freshPlayer = await db.Players.SingleAsync(x => x.Username == "fresh");
var p = await db.Players.FirstAsync(x => !x.IsAdmin);
p.VotesFinal = true;
freshPlayer.VotesFinal = true;
var state = await db.AppState.SingleAsync();
state.UpdatedAt = DateTimeOffset.UnixEpoch;
await db.SaveChangesAsync();
@@ -271,12 +254,9 @@ public class AdminTests
await factory.WithDbContextAsync(async db =>
{
var p = await db.Players.SingleAsync(x => x.Username == "player");
var freshPlayer = await db.Players.SingleAsync(x => x.Username == "fresh");
var p = await db.Players.FirstAsync(x => !x.IsAdmin);
Assert.Equal(Phase.Vote, p.CurrentPhase);
Assert.False(p.VotesFinal);
Assert.Equal(Phase.Suggest, freshPlayer.CurrentPhase);
Assert.False(freshPlayer.VotesFinal);
var state = await db.AppState.AsNoTracking().SingleAsync();
Assert.False(state.ResultsOpen);
Assert.True(state.UpdatedAt > DateTimeOffset.UnixEpoch);
@@ -445,10 +425,7 @@ public class AdminTests
await db.SaveChangesAsync();
});
var reset = await admin.PostAsJsonAsync("/api/admin/reset", new
{
AdminPassword = "Pass123!"
});
var reset = await admin.PostAsJsonAsync("/api/admin/reset", new { });
reset.EnsureSuccessStatusCode();
await factory.WithDbContextAsync(async db =>
@@ -460,10 +437,7 @@ public class AdminTests
Assert.False(state.ResultsOpen);
});
var factoryReset = await admin.PostAsJsonAsync("/api/admin/factory-reset", new
{
AdminPassword = "Pass123!"
});
var factoryReset = await admin.PostAsJsonAsync("/api/admin/factory-reset", new { });
factoryReset.EnsureSuccessStatusCode();
await factory.WithDbContextAsync(async db =>
{
@@ -471,56 +445,4 @@ public class AdminTests
Assert.False(state.ResultsOpen);
});
}
[Fact]
public async Task Admin_destructive_actions_require_valid_admin_password()
{
await using var factory = new TestWebApplicationFactory();
var admin = factory.CreateClientWithCookies();
await admin.RegisterAsync("admin", admin: true);
var player = factory.CreateClientWithCookies();
await player.RegisterAsync("victim");
var delete = await admin.SendAsync(new HttpRequestMessage(HttpMethod.Delete, $"/api/admin/players/{await player.GetProfileIdAsync()}")
{
Content = JsonContent.Create(new
{
AdminPassword = "wrong"
})
});
Assert.Equal(HttpStatusCode.Unauthorized, delete.StatusCode);
var reset = await admin.PostAsJsonAsync("/api/admin/reset", new
{
AdminPassword = "wrong"
});
Assert.Equal(HttpStatusCode.Unauthorized, reset.StatusCode);
var factoryReset = await admin.PostAsJsonAsync("/api/admin/factory-reset", new
{
AdminPassword = "wrong"
});
Assert.Equal(HttpStatusCode.Unauthorized, factoryReset.StatusCode);
}
[Fact]
public async Task Admin_can_move_voter_back_to_suggest_via_phase_endpoint()
{
await using var factory = new TestWebApplicationFactory();
var admin = factory.CreateClientWithCookies();
await admin.RegisterAsync("admin", admin: true);
var player = factory.CreateClientWithCookies();
await player.RegisterAsync("moveme");
await player.AdvanceToVoteAsync("Move seed");
var move = await admin.PostAsJsonAsync($"/api/admin/players/{await player.GetProfileIdAsync()}/phase", new
{
Phase = "Suggest"
});
move.EnsureSuccessStatusCode();
var me = await player.GetFromJsonAsync<JsonElement>("/api/me");
Assert.Equal(nameof(Phase.Suggest), me.GetProperty("currentPhase").GetString());
}
}