xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e11cb233132b31f23cea876e5645d4cd41ad5bdf
GameList/TASKS.md
Frank Tovar e11cb23313 Add test review tasks
2026-02-05 18:42:31 +01:00

40 lines
3.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# TASKS
## Authentication & Identity
- [ ] Cover register success behavior: trims username/display name, enforces 24/16 char caps, issues auth cookie, stores normalized username (no plain passwords).
- [ ] Add register/login rejection cases for overlength usernames/display names and ensure login success sets LastLoginAt + fills DisplayName when null.
- [ ] Verify admin claim/authorization end-to-end: admin cookie includes claim; non-admin hitting `/api/admin/*` returns 401/403.
## State & Phase
- [ ] Assert `/api/state` payload fields (currentPhase, votesFinal, hasJoker, counts) for authenticated user.
- [ ] Test GetPhase alignment: legacy Reveal -> Vote; closing results (resultsOpen false) realigns users from Results to Vote and clears VotesFinal.
- [ ] Add `/api/me/phase/next` happy path to Results when resultsOpen=true and ensure VotesFinal clears on advance; cover Suggest->Vote success.
- [ ] Ensure `/api/me/phase/prev` clears VotesFinal and respects per-step back transitions; add name limit >16 rejection.
## Suggestions
- [ ] Enforce phase gating on create for non-admins outside Suggest (no joker) and require display name before create.
- [ ] Add validation cases: invalid game/youtube URLs, missing/overlong name (>100), player count ranges (min<1, max>32, only one of min/max provided), trimming/truncation of optional fields.
- [ ] Verify `/api/suggestions/mine` excludes other players; `/api/suggestions/all` returns ordered list with LinkedIds/LinkedTitles metadata.
- [ ] Test DELETE: player can delete own in Suggest only; admin any time; links to children cleared and related votes removed.
- [ ] Joker create path should unfinalize all players ballots, not just the caller.
## Votes
- [ ] Guard `/api/votes/mine` for auth/phase mismatch; reject negative scores too.
- [ ] Cover finalize toggle back to false and phase-change unfinalization; ensure VotesFinal blocks edits and resets correctly.
- [ ] Add linked-vote coverage for nested/root-detection cases (e.g., chains) to ensure scores fan out as expected.
## Results
- [ ] Require Results phase and auth even when resultsOpen=true (phase mismatch/unauth 400/401).
- [ ] Validate results payload fields: totals/count/average (average=0 when no votes), MyVote, link metadata, ordering by average.
## Admin Operations
- [ ] Cover `/api/admin/results` closing path: moves everyone to Vote, clears VotesFinal, updates UpdatedAt timestamp.
- [ ] Extend vote-status tests for mixed finalized vs waiting users and ordering by display/username.
- [ ] Add happy-path joker grant in Vote phase; assert VotesFinal resets for that player.
- [ ] Exercise link/unlink phase gating and not-found cases; verify linking re-parents groups, deletes group votes, and unfinalizes affected players counts; ensure unlink follows spec vs current NotFound-on-missing behavior.
- [ ] Confirm reset clears HasJoker/VotesFinal and closes results; factory-reset re-seeds AppState defaults (ResultsOpen=false, UpdatedAt set).
## Infrastructure/Helpers
- [ ] Expand `IsReachableImageAsync` tests: HEAD success path, redirect rejection, oversized content-length guard, fallback GET with non-image content.
- [ ] Add coverage for global exception handler returning JSON 500 and logging.
Reference in New Issue View Git Blame Copy Permalink