xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
67a164e53b25e41c03f67c0d84b59e796e71b357
GameList/TASKS.md

3.2 KiB
Raw Blame History

TASKS

Authentication & Identity

  • Cover register success behavior: trims username/display name, enforces 24/16 char caps, issues auth cookie, stores normalized username (no plain passwords).
  • Add register/login rejection cases for overlength usernames/display names and ensure login success sets LastLoginAt + fills DisplayName when null.
  • Verify admin claim/authorization end-to-end: admin cookie includes claim; non-admin hitting /api/admin/* returns 401/403.

State & Phase

  • Assert /api/state payload fields (currentPhase, votesFinal, hasJoker, counts) for authenticated user.
  • Test GetPhase alignment: legacy Reveal -> Vote; closing results (resultsOpen false) realigns users from Results to Vote and clears VotesFinal.
  • Add /api/me/phase/next happy path to Results when resultsOpen=true and ensure VotesFinal clears on advance; cover Suggest->Vote success.
  • Ensure /api/me/phase/prev clears VotesFinal and respects per-step back transitions; add name limit >16 rejection.

Suggestions

  • Enforce phase gating on create for non-admins outside Suggest (no joker) and require display name before create.
  • Add validation cases: invalid game/youtube URLs, missing/overlong name (>100), player count ranges (min<1, max>32, only one of min/max provided), trimming/truncation of optional fields.
  • Verify /api/suggestions/mine excludes other players; /api/suggestions/all returns ordered list with LinkedIds/LinkedTitles metadata.
  • Test DELETE: player can delete own in Suggest only; admin any time; links to children cleared and related votes removed.
  • Joker create path should unfinalize all players ballots, not just the caller.

Votes

  • Guard /api/votes/mine for auth/phase mismatch; reject negative scores too.
  • Cover finalize toggle back to false and phase-change unfinalization; ensure VotesFinal blocks edits and resets correctly.
  • Add linked-vote coverage for nested/root-detection cases (e.g., chains) to ensure scores fan out as expected.

Results

  • Require Results phase and auth even when resultsOpen=true (phase mismatch/unauth 400/401).
  • Validate results payload fields: totals/count/average (average=0 when no votes), MyVote, link metadata, ordering by average.

Admin Operations

  • Cover /api/admin/results closing path: moves everyone to Vote, clears VotesFinal, updates UpdatedAt timestamp.
  • Extend vote-status tests for mixed finalized vs waiting users and ordering by display/username.
  • Add happy-path joker grant in Vote phase; assert VotesFinal resets for that player.
  • Exercise link/unlink phase gating and not-found cases; verify linking re-parents groups, deletes group votes, and unfinalizes affected players counts; ensure unlink follows spec vs current NotFound-on-missing behavior.
  • Confirm reset clears HasJoker/VotesFinal and closes results; factory-reset re-seeds AppState defaults (ResultsOpen=false, UpdatedAt set).

Infrastructure/Helpers

  • Expand IsReachableImageAsync tests: HEAD success path, redirect rejection, oversized content-length guard, fallback GET with non-image content.
  • Add coverage for global exception handler returning JSON 500 and logging.
Reference in New Issue View Git Blame Copy Permalink