maxim.dolgolyov/Learn_System
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
25489a733aa248da5a0b1b8f00a0b9698eab5c61
Learn_System/backend/tests
T
History
Maxim Dolgolyov c1c08be2b0 test: 7 e2e tests for permission boundaries 
Focused suite covering IDOR and privilege-escalation patterns:
1. Student cannot delete another teacher's class (role block)
2. Teacher cannot delete another teacher's class (ownership check)
3. Banned user blocked on all protected routes
4. Token revoked after token_version bump (password change flow)
5. Join class with wrong invite code → 404, no membership created
6. Admin-only route blocks teacher role
7. Protected route without token → 401

All 7 pass. Pre-existing auth.test.js failures (rate-limiter shared
state in test server) are unrelated and were present before this PR.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-06 17:21:05 +03:00
..
auth.test.js
LearnSpace: full-stack educational whiteboard platform
2026-04-12 10:10:37 +03:00
security.test.js
test: 7 e2e tests for permission boundaries
2026-05-06 17:21:05 +03:00
sessions.test.js
LearnSpace: full-stack educational whiteboard platform
2026-04-12 10:10:37 +03:00
setup.js
LearnSpace: full-stack educational whiteboard platform
2026-04-12 10:10:37 +03:00
shop.test.js
LearnSpace: full-stack educational whiteboard platform
2026-04-12 10:10:37 +03:00