Pryv.io test results

open-pryv.io 2.0.0-pre.2

Summary

1275tests total
1259✅ passing
16❓ pending
0❌ failing

Date: Sat Apr 11 2026 09:56:06 GMT+0000 (Coordinated Universal Time)

api-server component

Summary

906tests total
891✅ passing
15❓ pending
0❌ failing

Tests

IdStatusTest
[AD01] Accesses with account streams [AD02] POST /accesses [AD03] When using a personal access [AD07] to create an access for visible account streams [AD08] with a read-level permission
UE9Gshould return 201
BUYPshould create access in the database
S3IQshould enable user to read visible stream event with this access
[AD01] Accesses with account streams [AD02] POST /accesses [AD03] When using a personal access [AD07] to create an access for visible account streams [AD08] with a read-level permission [AD09] for the "account" stream
XEAKshould return 201
65I4should create access in the database
L99Lshould allow to access visible events in storageUsed
[AD01] Accesses with account streams [AD02] POST /accesses [AD03] When using a personal access [AD07] to create an access for visible account streams [AD08] with a read-level permission [AD10] for the "storageUsed" stream
EPEPshould return 201
U3UMshould create access in the database
A4UPshould allow to access visible events in storageUsed
[AD01] Accesses with account streams [AD02] POST /accesses [AD03] When using a personal access [AD07] to create an access for visible account streams [AD11] with a create-only-level permission
IWMQshould return 201
APYNshould create access in the database
[AD01] Accesses with account streams [AD02] POST /accesses [AD03] When using a personal access [AD07] to create an access for visible account streams [AD12] with a contribute-level permission
R0M1should return 201
Q8R8should create access in the database
TI1Xshould allow to create visible stream events
[AD01] Accesses with account streams [AD02] POST /accesses [AD03] When using a personal access [AD07] to create an access for visible account streams [AD13] with a manage-level permission
93HOshould return 400
YPHXshould return the correct error
[AD01] Accesses with account streams [AD02] POST /accesses [AD03] When using a personal access [AD14] to create an access for not visible account streams
ATGUshould return 400
Q2KZshould return the correct error
[AD01] Accesses with account streams [AD02] POST /accesses [AD03] When using a personal access [AD15] to create an access for unexisting system streams
KKKSshould return 403 forbidden
[AD01] Accesses with account streams [AD04] DELETE /accesses [AD05] When using a personal access [AD06] to delete an account stream access
Z40Jshould return 200
MP9Tshould delete the access in the database
[AC01] accesses [AC02] access deletions [AC03] when given a few existing accesses [AC04] accesses.get
H7ZSaccess should contain tokens and apiEndpoints
P12Lshould contain deletions
BQ7Mcontains active accesses
NVCQcontains deleted accesses as well
6ZQLdeleted access are in UTC (seconds) format
[AC01] accesses [AC02] access deletions [AC03] when given a few existing accesses [AC05] accesses.create [AC06] for a valid access
N3Q1should contain an access
8UOWaccess should contain token and apiEndpoint
J77Zshould contain the set values, but no “deleted” field in the API response
A4JPshould contain the field “deleted:null” in the database
[AC01] accesses [AC02] access deletions [AC03] when given a few existing accesses [AC05] accesses.create [AC07] for a deleted access
1DJ6should return an error
7ZPKerror should say that the deleted field is forbidden upon creation
[AC01] accesses [AC02] access deletions [AC03] when given a few existing accesses [AC08] accesses.update
JNJKshould return an error
OS36error should say that the deleted field is forbidden upon update
[AC01] accesses [AC09] Delete app access [AC10] when deleting an app access that created shared accesses
WE2Oshould return the accessDeletion and relatedDeletions
IVWPshould delete it and the accesses it created, not touching the expired ones
[AC01] accesses [AC11] access expiry [AC12] when given a few existing accesses [AC13] accesses.get [AC14] vanilla version
489Jsucceeds
7NPEcontains only active accesses
[AC01] accesses [AC11] access expiry [AC12] when given a few existing accesses [AC13] accesses.get [AC15] when given the includeExpired=true parameter
PIGEsucceeds
DZHLincludes expired accesses
[AC01] accesses [AC11] access expiry [AC12] when given a few existing accesses [AC16] accesses.create [AC17] when called with expireAfter>0
3ONAcreates an access with set expiry timestamp
[AC01] accesses [AC11] access expiry [AC12] when given a few existing accesses [AC16] accesses.create [AC18] when called with expireAfter=0
8B65creates an expired access
[AC01] accesses [AC11] access expiry [AC12] when given a few existing accesses [AC16] accesses.create [AC19] when called with expireAfter<0 < b>
JHWHfails
[AC01] accesses [AC11] access expiry [AC12] when given a few existing accesses [AC16] accesses.create [AC20] Store accesses
JZWHcreate an access on :dummy: store
JUWHcreate an access :dummy:marcella on :dummy: store
[AC01] accesses [AC11] access expiry [AC12] when given a few existing accesses [AC21] accesses.checkApp [AC22] when the matching access is not expired
B66Breturns the matching access
[AC01] accesses [AC11] access expiry [AC12] when given a few existing accesses [AC21] accesses.checkApp [AC23] when the matching access is expired
DLHJreturns no match
[AC01] accesses [AC11] access expiry [AC12] when given a few existing accesses [AC24] other API accesses [AC25] using an expired access
AJG5fails
KGT4returns a proper error message
[AC01] accesses [AC11] access expiry [AC12] when given a few existing accesses [AC24] other API accesses [AC26] using a valid access
CBRFsucceeds
[AC01] accesses [AC27] access client data [AC28] when given a few existing accesses [AC29] accesses.get
KML2succeeds
NY85contains existing accesses with clientData
[AC01] accesses [AC27] access client data [AC28] when given a few existing accesses [AC30] accesses.create [AC31] when called with clientData={}
OMUOcreates an access with empty clientData
[AC01] accesses [AC27] access client data [AC28] when given a few existing accesses [AC30] accesses.create [AC32] when called with clientData=null
E5C1throws a schema error
[AC01] accesses [AC27] access client data [AC28] when given a few existing accesses [AC30] accesses.create [AC33] when called with complex clientData
JYD4creates an access with complex clientData
[AC01] accesses [AC27] access client data [AC28] when given a few existing accesses [AC34] accesses.checkApp [AC35] when the provided clientData matches the existing clientData
U1AMreturns the matching access
[AC01] accesses [AC27] access client data [AC28] when given a few existing accesses [AC34] accesses.checkApp [AC36] when the provided clientData does not match the existing clientData
2EERreturns no match
[AC01] accesses [AC27] access client data [AC28] when given a few existing accesses [AC34] accesses.checkApp [AC37] when no clientData is provided but existing access has one
DHZQreturns no match
[AC01] accesses [AC38] access-info
PH0Kshould return the username
[ACCO] Account with system streams [DA01] GET /account [DA02] and when user has multiple events per stream and additional streams events
XRKXshould return 200
JUHRshould return account information in the structure that is defined in system streams and only active values
R5S0should return only visible default stream events
[ACCO] Account with system streams [DA03] POST /change-password [DA04] and when valid data is provided
X9VQshould return 200
ACNEshould find password in password history
[ACCO] Account with system streams [DA05] PUT /account [DA06] when updating the username
P69Jshould return 400
DBM6should return the correct error
[ACCO] Account with system streams [DA05] PUT /account [DA07] when updating non editable fields
90N3should return 400
QHZ4should return the correct error
[ACCO] Account with system streams [DA05] PUT /account [DA08] when updating a unique field that is already taken [DA09] and the field is not unique in PlatformDB
K3X9should return a 409 error
8TRPshould return the correct error
[ACCO] Account with system streams [DA05] PUT /account [DA10] when updating email and language
JJ81should return 200
K9ICshould returned updated account data
JQHXshould update the field values in the database
[AUDI] Audit logs events (Pattern C) [AU01] GET /events
0BK7must not return null values or trashed=false
VBV0must not return “auth” in “content:query”
R8MSmust escape special characters
[AUDI] Audit logs events (Pattern C) [AU02] GET /audit/logs
RV4Wmust return a valid id field
[FG5R] Events of system streams [ED01] GET /events [ED02] When using a personal access
KS6Kshould return visible system events only
[FG5R] Events of system streams [ED01] GET /events [ED03] When using a shared access with a read-level permission on the .account stream
DRFHshould return visible system events only
[FG5R] Events of system streams [ED01] GET /events [ED04] When using a shared access with a read-level permission on all streams (star) and a visible system stream
GF3Ashould return only the account event for which a permission was explicitely provided
[FG5R] Events of system streams [ED01] GET /events [ED05] When using a shared access with a read-level permission on all streams (star)
RM74should not return any system events
[FG5R] Events of system streams [ED06] GET /events/ [ED10] When using a personal access [ED11] to retrieve a visible system event
9IEXshould return 200
IYE6should return the event
[FG5R] Events of system streams [ED06] GET /events/ [ED10] When using a personal access [ED12] to retrieve a non visible system event
Y2OAshould return 403
DHZEshould return the right error message
[FG5R] Events of system streams [ED06] GET /events/ [ED13] When using a shared access with a read-level permission on all streams (star) and a visible system stream
YPZXshould return 200
1NRMshould return the event
[FG5R] Events of system streams [ED07] POST /events [ED14] When using a personal access [ED15] to create an editable system event [ED16] which is non indexed and non unique
F308should return 201
9C2Dshould return the created event
A9DCshould update the field value (single event per field)
[FG5R] Events of system streams [ED07] POST /events [ED14] When using a personal access [ED15] to create an editable system event [ED17] which is indexed [ED18] when the new value is valid
8C80should return 201
67F7should return the created event
467Dshould update the field value (single event per field)
[FG5R] Events of system streams [ED07] POST /events [ED14] When using a personal access [ED15] to create an editable system event [ED17] which is indexed [ED19] when the new value is invalid
PQHRshould return 400
[FG5R] Events of system streams [ED07] POST /events [ED14] When using a personal access [ED15] to create an editable system event [ED20] which is indexed and unique [WCIU] whose content is unique
SQZ2should return 201
YS79should return the created event
DA23should update the field value (single event per field)
[FG5R] Events of system streams [ED07] POST /events [ED14] When using a personal access [ED15] to create an editable system event [ED20] which is indexed and unique [ED21] whose content is already taken by another user
89BCshould return 409
10BCshould return the correct error
[FG5R] Events of system streams [ED07] POST /events [ED14] When using a personal access [ED15] to create an editable system event [ED20] which is indexed and unique [6B8D] When creating an event with an email already taken by another user
2021should return a 409 error
121Eshould return the correct error
[FG5R] Events of system streams [ED07] POST /events [ED14] When using a personal access [ED22] to create a non editable system event
6CE0should return a 400 error
90E6should return the correct error
[FG5R] Events of system streams [ED07] POST /events [ED23] when using a shared access with a contribute-level permission on a system stream
X49Rshould return 201
764Ashould return the created event
[FG5R] Events of system streams [ED07] POST /events [ED24] when using a shared access with a manage-level permission on all streams (star)
YX07should return 403
YYU1should return correct error id
[FG5R] Events of system streams [ED08] PUT /events/ [ED25] when using a personal access [ED26] to update an editable system event [ED27] which is non indexed and non unique
2FA2should return 200
763Ashould return the updated event
[FG5R] Events of system streams [ED08] PUT /events/ [ED25] when using a personal access [ED26] to update an editable system event [ED27] which is non indexed and non unique [ED29] by changing its steamIds [ED30] when editing with 2 streamIds at the time
8BFKshould return 400
E3KEshould return the correct error
[FG5R] Events of system streams [ED08] PUT /events/ [ED25] when using a personal access [ED26] to update an editable system event [ED27] which is non indexed and non unique [ED29] by changing its steamIds [ED31] when substituting a system stream with another one
9004should return 400
E3AEshould return the correct error
[FG5R] Events of system streams [ED08] PUT /events/ [ED25] when using a personal access [ED26] to update an editable system event [ED32] which is indexed [ED33] as register is working [ED34] when the new value is valid
0RUKshould return 200
[FG5R] Events of system streams [ED08] PUT /events/ [ED25] when using a personal access [ED26] to update an editable system event [ED32] which is indexed [ED33] as register is working [ED36] when the new value is invalid
RDZFshould return 400
[FG5R] Events of system streams [ED08] PUT /events/ [ED25] when using a personal access [ED26] to update an editable system event [ED32] which is indexed [ED37] without external register (PlatformDB handles all)
AA92should return 200
[FG5R] Events of system streams [ED08] PUT /events/ [ED25] when using a personal access [ED26] to update an editable system event [ED38] which is unique [ED39] by updating a unique field that is valid
4BB1should return 200
[FG5R] Events of system streams [ED08] PUT /events/ [ED25] when using a personal access [ED26] to update an editable system event [ED38] which is unique [ED41] by updating a unique field that is already taken [ED42] with a field that is already taken by another user
F8A8should return 409
[FG5R] Events of system streams [ED08] PUT /events/ [ED25] when using a personal access [ED26] to update an editable system event [ED38] which is unique [ED41] by updating a unique field that is already taken [ED43] with a field that is not unique in mongodb
5782should return 409
B285should return the correct error
[FG5R] Events of system streams [ED08] PUT /events/ [ED25] when using a personal access [ED44] to update a non editable system event
034Dshould return 400
BB5Fshould return the correct error
[FG5R] Events of system streams [ED08] PUT /events/ [ED45] when using a shared access with a contribute-level access on a system stream [ED46] to update an editable system event
W8PQshould return 200
TFOIshould return the updated event
[FG5R] Events of system streams [ED08] PUT /events/ [ED47] when using a shared access with a manage-level permission on all streams (star) [ED48] to update an editable system event
H1XLshould return 403
7QA3should return the correct error
[FG5R] Events of system streams [ED09] DELETE /events/ [ED49] When using a personal access [ED50] to delete an account event [ED52] which is unique
43B1should return 400
3E12should return the correct error
[FG5R] Events of system streams [ED09] DELETE /events/ [ED49] When using a personal access [ED50] to delete an account event [ED53] which is indexed
1B70should return 400
CBB9should return the correct error
[FG5R] Events of system streams [ED09] DELETE /events/ [ED49] When using a personal access [ED55] to delete a non editable system event
8EDBshould return a 400
A727should return the correct error
[FG5R] Events of system streams [ED09] DELETE /events/ [ED56] when using a shared access with a contribute-level access on a system stream
I1I1should return 400
UFLTshould return the correct error
[FG5R] Events of system streams [ED09] DELETE /events/ [ED57] when using a shared access with a manage-level permission on all streams (star)
AT1Eshould return 403
FV8Wshould return the correct error
[SYSS] System streams [SS01] GET /streams [SS02] When using a personal access
9CGOShould return all streams - including system ones
[SYSS] System streams [SS03] POST /streams [SS04] When using a personal access [SS05] to create a child to a system stream
GRI4should return status 400
XP07should return the correct error
[SYSS] System streams [SS06] PUT /streams/ [SS07] When using a personal access [SS08] to update a system stream
SLIRshould return status 400
V6HCshould return the correct error
[SYSS] System streams [SS09] DELETE /streams/ [SS10] When using a personal access [SS11] to delete a system stream
1R35should return status 400
4939should return the correct error
[ACCP] accesses (app) [AA01] GET /
YEHWmust return shared accesses whose permissions are a subset of the current one’s
GLHPmust be forbidden to requests with a shared access token
[ACCP] accesses (app) [AA02] POST /
QVHSmust create a new shared access with the sent data and return it
6GR1must forbid trying to create a non-shared access
A4MCmust forbid trying to create an access with greater permissions
QN6Dmust return a correct error if the sent data is badly formatted
4HAEmust allow creation of shared accesses with an access that has superior permission on root stream (*)
[ACCP] accesses (app) [AA03] PUT /
11UZmust return a 410 (Gone)
[ACCP] accesses (app) [AA04] DELETE /
5BOOmust delete the shared access
ZTSXforbid deletion of already deleted for AppTokens
VGQSmust forbid trying to delete a non-shared access
ZTSYmust forbid trying to delete an access that was not created by itself
J32Pmust return a correct error if the access does not exist
[ACSF] accesses (personal) [AS01] GET /
K5BFmust return all accesses (including personal ones)
[ACSF] accesses (personal) [AS02] POST /
BU9Umust create a new shared access with the sent data, returning it
FPUEmust create a new app access with the sent data, creating/restoring requested streams
865Imust accept two app accesses with the same name (app ids) but different device names
4Y3Ymust ignore erroneous requests to create new streams
WSG8must fail if a stream similar to that requested for creation already exists
GVC7must refuse to create new personal accesses (obtained via login only)
YRNEmust slugify the new access’ predefined token
00Y3must return an error if a permission’s streamId has an invalid format
V3AVmust return an error if the sent data is badly formatted
HETKmust refuse empty defaultName values for streams
YG81must return an error if an access with the same token already exists
GZTHmust return an error if an shared access with the same name already exists
4HO6must return an error if an “app” access with the same name (app id) and device name already exists
PO0Rmust return an error if the device name is set for a non-app access
RWGGmust return an error if the given predefined access’s token is a reserved word
08SKmust return an error if the permission streamId has invalid characters
[ACSF] accesses (personal) [AS03] PUT /
U04Amust return a 410 (Gone)
[ACSF] accesses (personal) [AS04] DELETE /
S8EKmust delete the shared access
5GBImust delete the personal access
NN11must return an error if the access does not exist
[ACSF] accesses (personal) [AS05] POST /check-app
VCH9must return the adjusted permissions structure if no access exists
R8H5must accept requested permissions with store “:dummy:” and adapt to correct name
R8H4must accept requested permissions with “*” for “all streams”
9QNKmust return the existing app access if matching
IF33must also return the token of the existing mismatching access if any
G5T2must propose fixes to duplicate ids of streams and signal an error when appropriate
MTY1must return an error if the sent data is badly formatted
U5KDmust be forbidden to non-personal accesses
[ACCO] account [AC02] PUT /
0PPVmust modify account details with the sent data
[ACCO] account [AC03] storage space monitoring
NFJQmust properly compute used storage size for a given user when called
Y445must properly compute storage size for all users in nightly script
0QVHmust be approximately updated (diff) when adding an attached file
93APmust be approximately updated (diff) when deleting an attached file
5WO0must be approximately updated (diff) when deleting an event
[ACCO] account [AC04] /change-password
6041must change the password to the given value
[ACCO] account [AC04] /change-password [APWD] When password rules are enabled [AC05] Complexity rules:
1YPTmust return an error if the new password is too short
352Rmust accept the new password if it is long enough
663Amust return an error if the new password does not contains characters from enough categories
OY2Gmust accept the new password if it contains characters from enough categories
[ACCO] account [AC04] /change-password [APWD] When password rules are enabled [AC06] Reuse rules:
AFX4must return an error if the new password is found in the N last passwords used
6XXPmust accept the new password if different from the N last passwords used
[ACCO] account [AC04] /change-password [APWD] When password rules are enabled [AC07] Age rules:
J4O6must return an error if the current password’s age is below the set minimum
RGGNmust accept the new password if the current one’s age is greater than the set minimum
[ACCO] account [AC08] /request-password-reset and /reset-password
G1VN“request” must trigger an email with a reset token, store that token, then “reset” must reset the password to the given value
HV0Vmust not trigger a reset email if mailing is deactivated
VZ1Wmust not trigger a reset email if reset mail is deactivated
3P2Nmust not be possible to use a reset token to illegally change password of another user
VGRT“reset” must return an error if the reset token was already used
[ACCO] account [AC08] /request-password-reset and /reset-password [RPWD] When password rules are enabled
HZCUmust fail if the new password does not comply (smoke test; see “/change-password” tests)
[PGTD] DELETE /users/:username [USAD] depending on "user-account:delete" config parameter
8UT7Should accept when “personalToken” is active and a valid personal token is provided
IJ5FShould reject when “personalToken” is active and an invalid token is provided
NZ6GShould reject when only “personalToken” is active and a valid admin token is provided
UK8HShould accept when “personalToken” and “adminToken” are active and a valid admin token is provided
[PGTD] DELETE /users/:username [DOA0] dnsLess:isActive = true [D7H0] when given existing username
CM5Qshould respond with 200
BQXAshould delete user entries from impacted collections
4Y76should delete user event files
75IWshould delete HF data
MPXHshould delete user audit events
635Gshould delete user from the cache
710Fshould not delete entries of other users
GUPHshould not delete other user event files
[PGTD] DELETE /users/:username [DOA0] dnsLess:isActive = true [DL01] when given invalid authorization key
JNVSshould respond with 404
[PGTD] DELETE /users/:username [DOA0] dnsLess:isActive = true [DL02] when given not existing username
C58Ushould respond with 404
[PGTD] DELETE /users/:username [DOA1] dnsLess:isActive = false [D7H1] when given existing username
T21Zshould respond with 200
K4J1should delete user entries from impacted collections
TIKTshould delete user event files
7WMGshould delete HF data
UWYYshould delete user audit events
U004should delete user from the cache
WMMVshould not delete entries of other users
9ZTMshould not delete other user event files
[PGTD] DELETE /users/:username [DOA1] dnsLess:isActive = false [DL01] when given invalid authorization key
T3UKshould respond with 404
[PGTD] DELETE /users/:username [DOA1] dnsLess:isActive = false [DL02] when given not existing username
O73Jshould respond with 404
[PGTD] DELETE /users/:username [DL03] User - Create - Delete - Create - Login
JBZMshould be able to recreate this user, and login
[DYND] dynData [DYN01] ID generation
DY01must generate unique IDs for each instance
DY02must use provided prefix in IDs
DY03must preserve stream hierarchy with correct parent references
DY04must maintain access permissions with correct stream references
DY05must preserve event streamIds with correct references
[DYND] dynData [DYN02] Data structure
DY10must have same number of items as static data
DY11must provide attachments (unchanged from static)
DY12must provide helper functions
[DYND] dynData [DYN03] Reset functions
DY20must reset users without error
DY21must reset accesses without error
DY22must reset profile without error
DY23must reset streams without error
DY24must reset events without error
DY25must allow API access with dynamic user
[DYND] dynData [DYN04] Parallel isolation
DY30must allow two instances to operate independently
[EVDY] events with dynData [EVDY01] GET /
ED01must return events for the user
ED02must filter events by streamIds
[EVDY] events with dynData [EVDY02] POST /
ED10must create a new event
[EVDY] events with dynData [EVDY03] GET /:id
ED20must return a specific event from dynData
[EVDY] events with dynData [EVDY04] Access with different tokens
ED30must return events with read-all access
ED31must restrict events with limited access
[MSTR] events.streamIds [MS01] events [MS02] GET /events
WJ0Smust return streamIds (if many)
[MSTR] events.streamIds [MS01] events [MS03] GET /events/:id
IJQZmust return streamIds containing all stream IDs
[MSTR] events.streamIds [MS01] events [MS04] POST /events [MS06] when using "streamIds"
VXMGmust return streamIds containing all stream IDs
2QZFmust clean duplicate streamIds
NY0Emust forbid providing an unknown streamId
6Z2Dmust forbid creating an event in multiple streams, if a contribute permission is missing on at least one stream
[MSTR] events.streamIds [MS01] events [MS07] PUT /events/:id
BBBXmust return streamIds containing all stream IDs
42KZmust allow modification, if you have a contribute permission on at least 1 streamId
[MSTR] events.streamIds [MS01] events [MS07] PUT /events/:id [MS08] when modifying streamIds
TQHGmust forbid providing an unknown streamId
6Q8Bmust allow streamId addition, if you have a contribute permission for it
MFF7must forbid streamId addition, if you don’t have a contribute permission for it
83N6must allow streamId deletion, if you have a contribute permission for it
JLS5must forbid streamId deletion, if you have read but no contribute permission for it
[MSTR] events.streamIds [MS01] events [MS09] POST /event/start
FOM3must return a 410 (Gone)
[MSTR] events.streamIds [MS01] events [MS10] POST /event/stop
BR33must return a 410 (Gone)
[MSTR] events.streamIds [MS01] events [MS11] DELETE /events/:id
BPL0must return streamIds containing all stream IDs
T5ZYmust allow trashing, if you have a contribute permission on at least 1 streamId
2G32must allow deletion, if you have a contribute permission on at least 1 streamId
6W5Ymust forbid trashing, if you don’t have a contribute permission on at least 1 streamId
[MSTR] events.streamIds [MS01] events [MS12] GET /events/:id/:fileId -- attachments
JNS8should retrieve the attachment with the app token
6YFZshould retrieve the attachment with the app token correct headers
NH1Oshould retrieve the attachment with the shared access readToken
9KAFshould retrieve the attachment with the shared access token
9MELshould retrieve the attachment with the shared access readToken
[MSTR] events.streamIds [MS13] streams [MS14] POST /streams
EGW2must forbid setting the “singleActivity” field
[MSTR] events.streamIds [MS13] streams [MS15] PUT /streams/:id
EY79must forbid setting the “singleActivity” field
[MSTR] events.streamIds [MS13] streams [MS16] DELETE /streams [MS17] When the stream's event is part of at least another stream outside of its descendants [MS18] when mergeEventsWithParent=false
TWDGmust not delete events, but remove the deleted streamId from their streamIds
[MSTR] events.streamIds [MS13] streams [MS16] DELETE /streams [MS19] When the event is part of the stream and its children [MS20] when mergeEventsWithParent=false
6SBUmust delete the events
[MSTR] events.streamIds [MS13] streams [MS16] DELETE /streams [MS19] When the event is part of the stream and its children [MS21] when mergeEventsWithParent=true
2FRRmust not delete events, but remove all streamIds and add its parentId
[EVTP] Events (parallel) [ETP01] GET /events
PTEVmust return events for the user
PT2Vmust filter events by stream
PT3Vmust filter events by type
[EVTP] Events (parallel) [ETP02] POST /events
PTC1must create an event
PTC2must reject event with invalid stream
[EVTP] Events (parallel) [ETP03] PUT /events/:id
PTU1must update an event
[EVTP] Events (parallel) [ETP04] DELETE /events/:id
PTD1must trash an event
[EVPC] events (Pattern C) [EPC01] GET /
PC01must return events
PC02must only return events for the given streams when set
PC03must return an error if some of the given streams do not exist
PC04must only return events of any of the given types when set
PC05must refuse unsupported event types
PC06must only return events in the given time period
PC07must take into account fromTime and toTime even if set to 0
PC08must return only trashed events when requested
PC09must return all events (trashed or not) when requested
PC10must return only running period events when requested
PC11must return an error if withDeletions is given as parameter
PC12must only return events in the given paging range when set
[EVPC] events (Pattern C) [EPC02] POST /
PC20must create an event with the sent data
PC21must set the event time to “now” if missing
PC22must accept explicit null for optional fields
PC23must refuse events with no stream id
PC24must return a correct error if an event with the same id already exists
PC25must only allow ids that are formatted like cuids
PC28must validate the event content if its type is known
PC29must return an error if the sent data is badly formatted
PC30must return an error if the associated stream is unknown
PC31must return an error if the assigned stream is trashed
PC32must not fail (500) when sending an array instead of an object
PC33must not accept an empty streamIds array
PC34must not fail when validating content if passing a string instead of an object
[EVPC] events (Pattern C) [EPC03] GET /
PC40must return the event
PC41must return an error if the event does not exist
[EVPC] events (Pattern C) [EPC04] PUT /
PC50must modify the event with the sent data
PC51must add/update/remove the specified client data fields without touching the others
PC52must accept explicit null for optional fields
PC53must validate the event content if its type is known
PC54must return an error if the event does not exist
PC55must return an error if the sent data is badly formatted
PC56must return an error if the associated stream is unknown
[EVPC] events (Pattern C) [EPC05] DELETE /
PC60must flag the event as trashed
PC61must delete the event when already trashed
PC62must return an error if event does not exist
[EVPC] events (Pattern C) [EPC07] Type wildcard support
PC80must (unofficially) support a wildcard for event types
[EVPC] events (Pattern C) [EPC08] Deletions support
PC90must include event deletions when requested
[EVNT] events [EV01] GET /
WC8Cmust return the last 20 non-trashed events (sorted descending) by default
U8U9must only return events for the given streams (incl. sub-streams) when set
QR4Imust only return events of any of the given types when set
TWP8must (unofficially) support a wildcard for event types
7MOUmust only return events in the given time period sorted ascending when set
W5ITmust take into account fromTime and toTime even if set to 0
Y6SYmust take into account modifiedSince even if set to 0
QNDPmust properly exclude period events completed before the given period
5UFWmust return ongoing events started before the given time period
S9J4must only return events in the given paging range when set
915Emust return only trashed events when requested
6H0Zmust return all events (trashed or not) when requested
JZYFmust return only events modified since the given time when requested
B766must include event deletions (since that time) when requested
V72Amust only return running period event(s) when requested
68ILmust return an error if no access token is provided
[EVNT] events [EV02] GET //
F29Mmust return the attached file with the correct headers
PP6Gmust return readToken in attachments
NL65must accept a secure read token in the query string instead of the `“Authorization” header
ZDY4must accept special chars in Content-Disposition header
TN27must allow a filename path suffix after the file id
LOUBmust allow any filename (including special characters)
9NJ0must refuse an invalid file read token
9HNMmust refuse auth via the regular “auth” query string parameter
MMCZmust return a proper error if trying to get an unknown attachment
[EVNT] events [EV03] POST /
1GR6must create an event with the sent data, returning it
WN86must return a correct error if an event with the same id already exists
94PWmust not allow reuse of deleted ids (unlike streams)
UL6Ymust not stop the running period event if the stream allows overlapping
3S2Tmust allow the event’s period overlapping existing periods when the stream allows it
[EVNT] events [EV04] POST / (multipart content)
4CUVmust create a new event with the uploaded files
HROImust properly handle part names containing special chars (e.g. “.”, “$”)
0QGVmust return an error if the non-file content part is not JSON
R8ERmust return an error if there is more than one non-file content part
[EVNT] events [EV05] POST / (multipart content)
ZI01must add the uploaded files to the event as attachments
EUZMmust add the uploaded files to the event without replacing existing attachments
[EVNT] events [EV06] GET /
8GSSallows access at level=read
IBO4denies access without authorization
[EVNT] events [EV07] PUT /
4QRUmust modify the event with the sent data
6B05must add/update/remove the specified client data fields without touching the others
[EVNT] events [EV07] PUT / [EV08] forbidden updates of protected fields
MPUAmust prevent updating attachments
L15Umust prevent update of protected fields and throw a forbidden error in strict mode
6NZ7must prevent update of protected fields and log a warning in non-strict mode
[EVNT] events [EV09] PUT HF/non-HF events
Z7R1a normal event should not be updated to an hf-event
Z7R2An hf-event should not be updated to a normal event
[EVNT] events [EV10] DELETE //
RW8Mmust delete the attachment (reference in event + file)
ZLZNmust return an error if not existing
[EVNT] events [EV11] DELETE /
AT5Ymust flag the event as trashed
73CDmust delete the event when already trashed including all its attachments
[EGSQ] events.get streams query [EQ01] Internal query helpers [EQ02] when transforming streams parameters
D2B5must convert strings array to expanded array inside [{any: []}]
JZWEmust convert single string “B” to [{any: [“B”]}]
8VV4must convert streams query with only “any” property to expanded streams query inside array [{any: []}])
HFT2must convert streams query property “all” to "and: [{any…}, {any…}]) with each containing expanded streamIds
PLMOmust convert streams query property “all” to "and: [{any…}]) with each containing expanded streamIds
JYURmust convert streams query property “all” and “not” to "and: [{any…}] not:) with each containing expanded streamIds
2W2Kmust accept two streams queries expanding them
2EF9must convert streams query {any: [“*”]} to [{any: [all accessible streams]}]
TUZTmust convert streams query {any: [*], not: [“A”]} to [{any: [all accessible streams], [expanded “A”]}]
NHGFnot accept any: "" query mixed with “all” query. like: {any: [], all: [“D”], not: [“A”]}
U0FAnot accept any: “*”, “B” mix. like: {any: ["*2, “D”], not: [“A”]}
N3Q6must convert {any: “*”, not: [“A”]} to [{any: [all accessible streams], not: [expanded “A”]}]
[EGSQ] events.get streams query [EQ01] Internal query helpers [EQ02] when transforming streams parameters [EQ03] with multiple stores
U6GSgroup query streamIds per store
I7GFshould throw an error if two different store are mixed in a query item
ZUTRshould expand queries from differnt store
[EGSQ] events.get streams query [EQ01] Internal query helpers [EQ04] exception and errors
IOLAmust throw on malformed expressions
[EGSQ] events.get streams query [EQ01] Internal query helpers [EQ05] toMongoQuery()
KKIHmust convert to MongoDB including expansion
4QMRmust convert to MongoDB including with “ALL”
NG7Fmust convert to MongoDB including expansion with “NOT”
HC6Xmust convert to MongoDB including expansion with “ALL” and “NOT”
0RNWmust handle array of queries
[EGSQ] events.get streams query [EQ06] GET /events with streams queries
NKH8must accept a simple string
BW6Zmust accept array of strings
HFA2must accept * (star) with a not without including items in trashed streams
MMB0must accept * (star) with !B && !E without including items in trashed streams
VUERmust return events in A && E
CBP2must return events in A && !B
I19Hmust return events in A && !D
55HBmust return events in A && NOT-EQUAL D
O4DJmust return all events in B || (D && !E)
UJSBmust accept an object in a batch call (instead of a stringified one)
ENFEmust accept a stringified object in a batch call
[EGSQ] events.get streams query [EQ06] GET /events with streams queries [EQ07] edge cases
X8B1must return an error on non-existing stream
WRVUmust return error when there is no “any”
30NVmust return error when provided a boolean instead of a string
YOJ9must return error when provided a null instead of a stream query
8NNPmust return an error when providing a non-stringified stream query
3X9Imust return an empty list when provided a trashed streamId
[FRBD] methods/helpers/commonFunctions.js: catchForbiddenUpdate(schema) [FB01] with streams schema
DMGVmust throw a forbidden error if “ignoreProtectedFieldUpdates” is null
Z51Kmust throw a forbidden error if “ignoreProtectedFieldUpdates” is false
EUKLmust not throw any error if “ignoreProtectedFieldUpdates” is true but print a warn log
[FRBD] methods/helpers/commonFunctions.js: catchForbiddenUpdate(schema) [FB02] with events schema
0RQMmust throw a forbidden error if “ignoreProtectedFieldUpdates” is null
6TK9must throw a forbidden error if “ignoreProtectedFieldUpdates” is false
IJ4Mmust not throw any error if “ignoreProtectedFieldUpdates” is true but print a warn log
[FRBD] methods/helpers/commonFunctions.js: catchForbiddenUpdate(schema) [FB03] with accesses schema
GP6Cmust throw a forbidden error if “ignoreProtectedFieldUpdates” is null
MUC0must throw a forbidden error if “ignoreProtectedFieldUpdates” is false
QGDAmust not throw any error if “ignoreProtectedFieldUpdates” is true but print a warn log
[AUTHP] auth (parallel) [AUP01] /login
P2CVmust authenticate credentials and return access token
P1TImust not be case-sensitive for the username
PL7Jmust return error when credentials are invalid
P4AQmust return error if app id is untrusted
PNDBmust return error if origin does not match app id
P5UMmust reuse session if already open
[AUTHP] auth (parallel) [AUP02] /logout
P6W5must terminate session and fail second logout
[AUTH] auth [AU01] /login
2CV5must authenticate the given credentials, open a session and return the access token
68SHmust return expired
5UMPmust reuse the current session if already open
509Amust accept “wildcarded” app ids and origins
ADL4must accept “no origin” (i.e. not a CORS request) if authorized
A7JLmust also accept “referer” in place of “origin” (e.g. some browsers do not provide “origin”)
IKNMmust also accept “referer” in place of “origin” (e.g. some browsers do not provide “origin”)
1TI6must not be case-sensitive for the username
FMJHmust support concurrent login request, saving only the last token that is written in the storage
9WHPmust not leak _private object from Result
[AUTH] auth [AU01] /login [AU02] when we log into a temporary log file
C03Jmust replace the password in the logs by (hidden) when an error occurs
G0YTmust not mention the password in the logs when none is provided
[AUTH] auth [AU01] /login [WPRA] When password rules are enabled
675Vmust succeed if the password is not yet expired, returning planned expiration time and possible change time
D3EVmust return an error if the password has expired, indicating the date it did so
[AUTH] auth [AU03] /logout
6W5Mmust terminate the access session and fail to logout a second time (session already expired)
E2MD(or any request) must alternatively accept the access token in the query string
[AUTH] auth [AU04] SSO support
TIDWGET /who-am-i must return a 410 as it has been removed
[MAIL] Mailing helper methods
HGVDshould throw an error if mailing method is invalid
OKQ2should throw an error if mailing method is missing
[MAIL] Mailing helper methods [ML01] using Mandrill [ML02] validating request body
GU60should not be empty
8JJUshould contain a valid auth key
G906should contain a valid recipient
KBE0should contain a valid substitution of variables
2ABYshould contain valid tags
[MAIL] Mailing helper methods [ML03] using Microservice [ML04] validating request body
LHCBshould not be empty
9UEUshould contain a valid auth key
1Y6Kshould contain a valid recipient
UT8Mshould contain a valid substitution of variables
[ARSR] ArraySerializationStream [AR01] testing around the array size limit
U21Zmust return a valid array when receiving limit-3 items
MKNLmust return a valid array when receiving limit-2 items
MUPFmust return a valid array when receiving limit-1 items
CM4Qmust return a valid array when receiving limit+0 items
F8S9must return a valid array when receiving limit+1 items
6T4Vmust return a valid array when receiving limit+2 items
QBOSmust return a valid array when receiving limit+3 items
[ARSR] ArraySerializationStream [AR02] testing with small number of items
69F6must return a valid array when receiving 0 item(s)
BJRTmust return a valid array when receiving 1 item(s)
YJI0must return a valid array when receiving 2 item(s)
EKQQmust return a valid array when receiving 3 item(s)
[DRNM] DrainStream
AFWRmust be fed objects and return them in the callback
23UQmust return an error when the provided limit is exceeded
[MFAA] MFA acceptance (seq) [MA1] when services.mfa.mode is "disabled" (default)
MA1Aauth.login returns the access token directly
MA1Bmfa.activate returns 503 (apiUnavailable)
[MFAA] MFA acceptance (seq) [MA2] when services.mfa.mode is "challenge-verify" [MA3] mfa.activate
MA3Asends an SMS challenge and returns a 302 with mfaToken
MA3Brejects an app-type access token with 403
MA3Cpropagates an SMS provider error as 400
[MFAA] MFA acceptance (seq) [MA2] when services.mfa.mode is "challenge-verify" [MA4] mfa.confirm
MA4Averifies the code, persists profile.mfa, returns 10 recovery codes
MA4Brejects an invalid mfaToken with 401
MA4Cpropagates an SMS verify error as 400
[MFAA] MFA acceptance (seq) [MA2] when services.mfa.mode is "challenge-verify" [MA5] auth.login + mfa.verify after MFA activation
MA5Amfa.verify with a valid code releases the real Pryv access token
MA5Bmfa.challenge re-sends the SMS during a pending login
MA5Cmfa.verify with a bogus mfaToken returns 401
[MFAA] MFA acceptance (seq) [MA2] when services.mfa.mode is "challenge-verify" [MA6] mfa.deactivate
MA6Aclears the MFA profile; subsequent login returns a real token
[MFAA] MFA acceptance (seq) [MA2] when services.mfa.mode is "challenge-verify" [MA7] mfa.recover
MA7Adisables MFA when called with a valid recovery code
MA7Brejects an invalid recovery code
MA7Crejects when password is wrong
[PCRO] permissions create-only level [PC01] Permissions - create-only level [PC02] Accesses [PC07] GET / [PC08] when using an access with a "create-only" permissions
HOTOshould return an empty list
[PCRO] permissions create-only level [PC01] Permissions - create-only level [PC02] Accesses [PC09] POST / [PC10] when using an access with a "create-only" permission
X4Z1a masterToken should allow to create an access with a “create-only” permissions
ATCOan appToken with managed rights should allow to create an access with a “create-only” permissions
ATCYan appToken with managed rights should allow to create an access with a “create-only” permissions and selfRevoke forbidden
ATCRan appToken with read rights should be forbidden to create an access with a “create-only” permissions
ATCCan appToken with contribute rights should be allowed to create an access with a “create-only” permissions
FEGIa createOnlyToken should forbid to create an access with a “read” level permission permission
SL4Pshould forbid to create an access with a “contribute” level permission
ZX1Mshould forbid to create an access with a “manage” level permission
[PCRO] permissions create-only level [PC01] Permissions - create-only level [PC02] Accesses [PC11] PUT /
1WXJshould forbid updating accesses
[PCRO] permissions create-only level [PC01] Permissions - create-only level [PC02] Accesses [PC12] DELETE /
G6IPshould forbid deleting accesses
[PCRO] permissions create-only level [PC03] Events [PC13] GET /
CKF3should return an error list when fetching explicitly “create-only” streams
V4KJshould not return events when fetching “create-only” streams that are children of “read” streams
SYRWshould not return events when fetching “create-only” streams that are children of “contribute” streams
[PCRO] permissions create-only level [PC03] Events [PC14] GET /:id
N61Ishould forbid fetching an event when using a “create-only” permission
[PCRO] permissions create-only level [PC03] Events [PC15] POST /
0G8Ishould forbid creating events for out of scope streams
F406should allow creating events for “create-only” streams
[PCRO] permissions create-only level [PC03] Events [PC16] PUT /
V0UOshould forbid updating events for “create-only” streams
[PCRO] permissions create-only level [PC03] Events [PC17] DELETE /
5OUTshould forbid deleting events for “create-only” streams
[PCRO] permissions create-only level [PC03] Events [PC04] attachments [PC18] GET /events/{id}/{fileId}[/{fileName}]
VTU4should be forbidden
[PCRO] permissions create-only level [PC03] Events [PC04] attachments [PC19] POST /events/{id}
8J8Oshould be forbidden
[PCRO] permissions create-only level [PC03] Events [PC04] attachments [PC20] DELETE /events/{id}/{fileId}
GY6Mshould be forbidden
[PCRO] permissions create-only level [PC05] Streams [PC21] GET /
J12Fshould only return streams for which permissions are defined
[PCRO] permissions create-only level [PC05] Streams [PC22] POST /
TFWFshould forbid creating child streams in “create-only” streams
[PCRO] permissions create-only level [PC05] Streams [PC23] PUT /
PCO8should forbid updating “create-only” streams
[PCRO] permissions create-only level [PC05] Streams [PC24] DELETE /
PCO9should forbid deleting “create-only” streams
[PCRO] permissions create-only level [PC06] Webhooks [PC25] CREATE /
3AE9should allow creating webhooks
[PFRC] permissions forcedStreams [PF01] GET /events with forcedStreams
SO2Emust not see events on “B” when querying *
ELFFmust refuse querying C
[PNON] permissions none [PN01] GET /events with none permissions
VVOAmust not see event in “none” level stream
[PSLF] permissions selfRevoke [PS01] POST /accesses
JYL5must list accesses with forbidden selfRevoke by GET /accesses
JYU5must forbid creating accesses with selfRevoke different than forbidden
UZRAan appToken with managed rights should allow to create an access with selfRevoke forbidden
[PSLF] permissions selfRevoke [DACC] DELETE /accesses
AHS6must allow app accesses to self revoke by default
H6DUmust forbid app accesses to self revoke when set
3DR7must allow shared accesses to self revoke by default
F62Dmust forbid shared accesses to self revoke when set
[ACCP] Access permissions (sequential) [AP03] Auth and change tracking [AP04] custom auth step (e.g. to validate/parse caller id)
IA9Kmust be supported and deny access when failing
H58Rmust allow access when successful
H58Zmust allow access whith “callerid” headers
ISE4must fail properly (i.e. not granting access) when the custom function crashes
P4OMmust validate the custom function at startup time
[PPERM] Access permissions (Pattern C) [AP01] Events
1AK1get must only return events in accessible streams
NKI5get must return all events when permissions are defined for “all streams” (*)
5360get must alternatively accept the access token in the query string
KTM1must forbid getting an attached file if permissions are insufficient
2773must forbid creating events for ‘read-only’ streams
ZKZZmust forbid updating events for ‘read-only’ streams
4H62must forbid deleting events for ‘read-only’ streams
Y38Tmust allow creating events for ‘contribute’ streams
[PPERM] Access permissions (Pattern C) [AP02] Streams
BSFPget must only return streams for which permissions are defined
R4IAmust forbid creating child streams in ‘read-only’ streams
KHI7must forbid creating child streams in ‘contribute’ streams
MCDPmust forbid deleting child streams in ‘contribute’ streams
7B6Pmust forbid updating ‘contribute’ streams
RG5Rmust forbid deleting ‘contribute’ streams
21AZmust not allow creating child streams in trashed ‘managed’ streams
O1AZmust allow creating child streams in ‘managed’ streams
5QPUmust forbid moving streams into non-‘managed’ parent streams
HHSSmust recursively apply permissions to the streams’ child streams
NJ1Amust allow access to all streams when no specific stream permissions are defined
KP1Qmust allow deleting child streams in ‘managed’ streams
[PPERM] Access permissions (Pattern C) [AP03] Auth and change tracking
YE49must handle optional caller id in auth (in addition to token)
[PRFA] profile (app) [PA01] GET /public
FWG1must return publicly shared key-value profile info
[PRFA] profile (app) [PA02] GET /app
13DLmust return key-value settings for the current app
J37Umust refuse requests with a shared access token
GYBNmust refuse requests with a personal access token
[PRFA] profile (app) [PA03] PUT /app
1QFBmust add/update/remove the specified keys without touching the others
0H9Amust refuse requests with a shared access token
JC5Fmust refuse requests with a personal access token
[PRFP] profile (personal) [PP01] GET
J61R/public must return publicly shared key-value profile info
HIMS/private must return private key-value profile info
36B1must return an appropriate error for other paths
FUJA“private” must be forbidden to non-personal accesses
[PRFP] profile (personal) [PP02] PUT
M28R/public must add/update/remove the specified keys without touching the others
WU9C/private must add/update/remove the specified keys without touching the others
2AS6must create the profile if not existing
Q99Emust return an appropriate error for other paths
T565must be forbidden to non-personal accesses
[RG2C] Two-core integration tests Core startup verification
2C01both cores must respond to HTTP requests
2C02both cores must share the same PlatformDB
[RG2C] Two-core integration tests Registration + PlatformDB replication
2C10must register a user on Core A
2C11Core B must see the user via /reg/cores lookup
2C12admin/users on Core A must list the user
[RG2C] Two-core integration tests DNS resolution
2C20DNS must resolve username to correct core IP
2C21DNS must resolve lsc.{domain} to all core IPs
[RG2C] Two-core integration tests Admin endpoints across cores
2C30/system/admin/cores must list both cores
2C31/reg/hostings must reflect available cores
[RGAC] Register access authorization POST /reg/access
RA01must create an access request and return polling key
RA02must return 400 for missing requestingAppId
RA03must return 400 for missing requestedPermissions
RA04must echo clientData and oauthState
[RGAC] Register access authorization GET /reg/access/:key
RA10must return current state for valid key
RA11must return 400 for unknown key
[RGAC] Register access authorization POST /reg/access/:key (accept)
RA20must accept and return token + apiEndpoint
RA21subsequent poll must return ACCEPTED state
RA22must return 400 for ACCEPTED without token
[RGAC] Register access authorization POST /reg/access/:key (refuse)
RA30must refuse with reason
RA31subsequent poll must return REFUSED state
[RGAC] Register access authorization POST /reg/access/:key (errors)
RA40must return 400 for invalid status
RA41must return 400 for unknown key
[RGGF] Register gap features GET /:username/service/infos (alias)
GF01must return same status and structure as /service/info
[RGGF] Register gap features GET /apps
GF10must return apps list (may be empty)
GF11must return 404 for unknown appid
[RGGF] Register gap features POST /access/invitationtoken/check
GF20must return true when invitationTokens config is null (allow all)
GF21must return false for invalid token when tokens are configured
[RGGF] Register gap features DELETE /system/users/:username
GF30must require onlyReg=true
GF31must support dryRun without deleting
GF32must return 404 for unknown user
GF33must reject without admin auth
[RGGF] Register gap features POST /system/users/validate
GF40must validate and reserve unique fields for new user
GF41must reject duplicate username
GF42must reject invalid invitation token
GF43must reject without admin auth
[RGGF] Register gap features PUT /system/users
GF50must update user fields
GF51must reject without username
GF52must reject without admin auth
[RGLG] Legacy register routes + invitations GET /reg/:email/username
LG01must return username for known email
LG02must return 404 for unknown email
[RGLG] Legacy register routes + invitations GET /reg/:email/uid (deprecated)
LG03must return uid for known email
[RGLG] Legacy register routes + invitations GET /reg/:uid/server
LG10must redirect for known user
LG11must return 404 for unknown user
[RGLG] Legacy register routes + invitations POST /reg/:uid/server
LG12must return server and alias for known user
LG13must return 404 for unknown user
[RGLG] Legacy register routes + invitations GET /reg/admin/users/:username
LG20must return user info with admin auth
LG21must return 404 for unknown user
LG22must reject without admin auth
[RGLG] Legacy register routes + invitations GET /reg/admin/servers
LG30must return servers object with admin auth
[RGLG] Legacy register routes + invitations GET /reg/admin/invitations
LG40must return invitations list with admin auth
[RGLG] Legacy register routes + invitations GET /reg/admin/invitations/post
LG41must generate invitation tokens
LG42generated tokens must appear in invitations list
LG43generated tokens must be valid for registration check
LG44must reject without admin auth
[RGMC] register: multi-core [MC01] registration redirect
MC01Amust return redirect when user is assigned to another core
MC01Bmust assign user-to-core mapping in PlatformDB
[RGMC] register: multi-core [MC02] GET /reg/cores multi-core
MC02Amust return the correct core URL for a mapped user
MC02Bmust return error for unknown username
[RGMC] register: multi-core [MC03] GET /reg/hostings multi-core
MC03Amust return hostings with availability from PlatformDB
[RGMC] register: multi-core [MC04] /reg/access REDIRECTED
MC04Amust accept REDIRECTED status with redirectUrl
MC04Bpoll must return REDIRECTED with new poll URL
MC04Cmust return 400 for REDIRECTED without redirectUrl
[RGMC] register: multi-core [MC05] selectCoreForRegistration
MC05Amust return core with fewest users
MC05Bmust filter by hosting
MC05Cmust fall back to self when no candidates match hosting
MC05Dsingle-core always returns self
[RGMC] register: multi-core [MC06] setAvailable
MC06Amust exclude unavailable core from registration selection
MC06BsetAvailable(false) must update own core info
[RGMC] register: multi-core [MC07] GET /system/admin/cores
MC07Amust list cores with user counts
[RGMC] register: multi-core [MC08] coreIdToUrl
MC08Amust derive URL from coreId + domain
MC08Bmust return own URL when no domain (single-core fallback)
[RGMC] register: multi-core [MC09] wrong-core middleware
MC09Amust return 421 wrong-core when user is hosted on a different core
MC09Bmust let through requests for users hosted on this core
MC09Cmust let through requests for unknown users (no PlatformDB mapping)
MC09Dmust skip /reg and /system routes
MC09Esingle-core mode must be a no-op
[RGMC] register: multi-core [MC10] core.url override
MC10AcoreIdToUrl must return the explicit URL when other core has core.url set
MC10BcoreIdToUrl must fall back to derivation when no explicit URL is registered
MC10Cwrong-core middleware must surface explicit URL in 421 response
[RGRC] Register records admin endpoint POST /reg/records
RR01must accept valid record update with admin auth
RR02must reject request without admin auth
RR03must reject request with wrong admin key
RR04must reject request with missing subdomain
RR05must reject request with missing records
RR06record must persist to PlatformDB and overwrite cleanly
[REGC] registration: cluster [RC01] POST /users (create user) [RC01A] successful registration
QV8Zshould respond with status 201
TCOMshould respond with the username and apiEndpoint
[REGC] registration: cluster [RC01] POST /users (create user) [RC03] when the username already exists
NUC9should respond with status 409
X1IAshould respond with the correct error
[REGC] registration: cluster [RC01] POST /users (create user) [RC04] when the email already exists
SJXNshould respond with status 409
U0ZNshould respond with the correct error
[REGC] registration: cluster [RC01] POST /users (create user) [RC05] when the username and email both exist
LUC6should respond with status 409
XIN8should respond with the correct error
[REGC] registration: cluster [RC01] POST /users (create user) [RC07] when invitationTokens are undefined (null) [RC08] and a random string is provided as "invitationToken"
CMOVshould respond with status 201
[REGC] registration: cluster [RC01] POST /users (create user) [RC07] when invitationTokens are undefined (null) [RC09] and "invitationToken" is missing
LOIBshould respond with status 201
[REGC] registration: cluster [RC01] POST /users (create user) [RC10] when invitationTokens are defined [RC11] when a valid one is provided
Z2ZYshould respond with status 201
1BF3should find password in password history
[REGC] registration: cluster [RC01] POST /users (create user) [RC10] when invitationTokens are defined [RC12] when an invalid one is provided
4GONshould respond with status 400
P4GTshould respond with the correct error message
[REGC] registration: cluster [RC01] POST /users (create user) [RC13] when invitationTokens are set to [] (forbidden creation) [RC14] when any string is provided
CX9Nshould respond with status 400
[REGC] registration: cluster [RC01] POST /users (create user) [RC15] when custom account streams validation exists [RC16] when email is set as required and it is not set in the request
UMWBshould respond with status 400
8RDAshould respond with the correct error
[REGC] registration: cluster [RC01] POST /users (create user) [RC15] when custom account streams validation exists [RC17] when field does not match custom validation settings
8W22should respond with status 400
GBKDshould respond with the correct error
[REGC] registration: cluster [RC01] POST /users (create user) [RCPW] When password rules are enabled
0OBLmust fail if the new password does not comply
5BQLmust succeed if the new password complies
[BMM2] registration: DNS-less [RD01] POST /users
KB3Tshould respond with status 201 when given valid input
VDA8should respond with correct apiEndpoint for valid registration
LPLPValid access token exists in the response
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD03] when given an invalid username parameter [3Q1H] that is too short
M6CDshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD03] when given an invalid username parameter [MST7] that is too long
TL2Wshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD03] when given an invalid username parameter [XTD0] that has invalid characters
EIKEshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD04] when given an invalid password parameter [FSE9] that is too short
OYZMshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD04] when given an invalid password parameter [LQWX] that is too long
SBCXshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD04] when given an invalid password parameter [T56V] that has an invalid type
MP5Fshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD05] when given an invalid email parameter [S8U8] that is too long
1JN8should respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD05] when given an invalid email parameter [6OX5] that has an invalid type
6SIDshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD06] when given an invalid appId parameter [5P2E] that is too short
I9QEshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD06] when given an invalid appId parameter [HI9V] that is too long
4XCVshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD06] when given an invalid appId parameter [K4LE] that has an invalid type
NZ4Jshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD07] when given an invalid invitationToken parameter [CYW6] that has an invalid type
79A5should respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD08] when given an invalid referer parameter [5BNJ] that is too long
V51Eshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD08] when given an invalid referer parameter [AFUH] that has an invalid type
C4PKshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD09] when given an invalid language parameter [UPWY] that is too short
QYT8should respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD09] when given an invalid language parameter [LP4S] that is too long
R1LTshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD02] Schema validation [RD09] when given an invalid language parameter [RHT6] that has an invalid type
0QGWshould respond with status 400 and correct error message
[BMM2] registration: DNS-less [RD01] POST /users [RD10] Property values uniqueness
LZ1Kshould respond with status 409 and correct error for duplicate username/email
[BMM2] registration: DNS-less [RD01] POST /users [RD11] When providing an indexed value that is neither a number nor a string
S6PSmust return an error when providing an object
[BMM2] registration: DNS-less [RD12] GET /reg/:username/check
7T9Lwhen checking a valid available username, it should respond with status 200 and {reserved:false}
153Qwhen checking a valid taken username, it should respond with status 200 and reserved:true
H09Hwhen checking a too short username, it should respond with status 400 and the correct error
VFE1when checking a too long username, it should respond with status 400 and the correct error
FDTCwhen checking a username with invalid characters, it should respond with status 400 and the correct error
[EVST] events streaming with 2000 entries
SE1KStreams events
XZGBStreams deleted in sent as chunked
[RSLT] Result [RS01] concatStream
36RQmust concatenate multiple streams in a single Array
[RSLT] Result [RS02] toObject()
NKHFmust return the result’s content when not storing streams
MHASmust return the result content when storing streams
6P4Zmust return an error object when attempting to serialize streams containing an amountof objects exceeding the limit
TTELmust return an error when storing piped streams
H2GCmust return an error when the core pipeline crashes because of size
[ROOT] root [RT01] GET /
UA7Bshould return basic server meta information as JSON when requested
TO50should return basic server meta information as text otherwise
TS3Dshould return an error if trying to access an unknown user account
[ROOT] root [RT02] All requests:
TJHOshould return correct common HTTP headers + meta data in response body
OQ3Gshould return meta data in response body for errors as well
P06Yshould properly translate the Host header’s username (i.e. subdomain)
R3H5should translate the username in subdomain also when it only contains numbers
5IQKshould support POSTing “urlencoded” content with _json and _auth fields
2YEIshould support POSTing “urlencoded” content with _json, _method (PUT) and _auth fields
VJTPshould support POSTing “urlencoded” content with _json, _method (DELETE) and _auth fields
6D5Oshould properly handle JSON errors when POSTing “urlencoded” content with _json field
J2WPtrackingFunctions should update the access’s “last used” time and internal request counters
[ROOT] root [RT03] OPTIONS /
PDMAshould return OK
[ROOT] root [RT04] GET /access-info
0MI8must return current access information
[ROOT] root [RT05] Accept Basic Auth request
0MI9must accept the https://token@user.domain/ AUTH schema
0MI0must accept the https://token:anystring@user.domain/ AUTH schema
3W3Ymust accept the https://token:@user.domain/ AUTH schema
M54Umust return a 401 error when basic auth is missing using https://@user.domain/
TPH4must return a 403 error when using https://:token@user.domain/
[ROOT] root [RT06] POST / (i.e. batch call)
2IV3must be able to create streams with non-star permissions access
ORT3must execute the given method calls and return the results
TVPImust execute the method calls containing events.get and return the results
U4RBshould not add a null meta field in the response
WGVYmust return an error if the sent data is badly formatted
TV17streamed results such as stream.delete should be serialiazed
[SINF] Service [SN01] GET /service/info
FR4Kmust return all service info
[SK01] Socket.IO
25M0must dynamically create a namespace for the user
9ZH8must send correct CORS headers
VGKXmust connect with twice user name in the path (DnsLess)
VGKHmust connect to a user with a dash in the username
OSOTmust refuse connection if no valid access token is provided
[SK01] Socket.IO [SK02] calling API methods
FI6Fmust properly route method call messages for events and return the results, including meta
O3SWmust properly route method call messages for streams and return the results
TO6Zmust accept streamQuery as Javascript Object
NGUZmust not crash when callers omit the callback
ACA3must fail if the called target does not exist
L8WJmust fail if the called method does not exist
SNCWmust return API errors properly, including meta
744Zmust notify other sockets for the same user about events changes
GJLTmust notify other sockets for the same user (only) about streams changes
JC99must notify on each change
[SK01] Socket.IO [SK03] when using an access with a "create-only" permission
K2OOmust allow a connection
[SK01] Socket.IO [SK04] when spawning 2 api-server processes, A and B
JJRAchanges made in A notify clients of B
[STRP] streams (Pattern C) [STP01] GET /
P7G8must return streams
P7G9must return streams with state=all
PAJZmust return a correct error if the parent stream is unknown
PG5Fmust return a correct error if the stream is unknown
[STRP] streams (Pattern C) [STP02] POST /
PENVmust create a new root stream with the sent data and notify
PA2Hmust return a correct error if the sent data is badly formatted
PGGSmust return a correct error if a stream with the same id already exists
P8WGmust accept explicit null for optional fields
P88Vmust return an error if the new stream’s parentId is empty string
P84Rmust slugify the new stream’s predefined id
P2B3must return a correct error if the parent stream is unknown
P8JBmust return a correct error if the given predefined stream’s id is “null”
P6TPmust return a correct error if the given predefined stream’s id is “*”
PZ3Rmust accept streamId “size”
PCHDmust create a child stream when providing a parent stream id and notify
PJINmust return a correct error if the sent data is not valid JSON
[STRP] streams (Pattern C) [STP03] PUT /
PSO4must modify the stream with the sent data and notify
P5KNmust accept explicit null for optional fields
PPL2must return a correct error if the stream does not exist
PJWTmust return a correct error if the sent data is badly formatted
PHJBmust return a correct error if the new parent stream is unknown
P29Smust return an error if the parentId is the same as the id
[STRP] streams (Pattern C) [STP04] DELETE /
P205must flag the specified stream as trashed and notify
P1U1must return a correct error if the item is unknown
[STRP] streams (Pattern C) [STP05] Sibling name conflicts
PNRSmust fail if a sibling stream with the same name already exists
[STRE] streams [ST01] GET /
TG78must return non-trashed streams (as a tree) by default
DPWGmust return all streams (trashed or not) when requested
RDD5must include stream deletions (since the given time) when requested
T8AMmust include stream deletions even when the given time is 0
1M8Amust not keep stream deletions past a certain time (cannot test because cannot force-run Mongo’s TTL cleanup task)
W9VCmust return a correct 401 error if no access token is provided
UVWKmust return child streams when providing a parent stream id
[STRE] streams [ST02] POST /
UHKImust allow reuse of deleted ids
JINCmust return a correct error if the sent data is not valid JSON
[STRE] streams [ST03] PUT /
344Imust fail if a sibling stream with the same name already exists
JT6Gmust modify the stream with the sent data event if name and parentId sent are the same
PT1Emust move the stream under the given parent when specified
[STRE] streams [ST03] PUT / [ST04] forbidden updates of protected fields
PN1Hmust fail and throw a forbidden error in strict mode
A3WCmust succeed by ignoring protected fields and log a warning in non-strict mode
[STRE] streams [STRD] DELETE /
TEFFmust delete the stream when already trashed with its descendants if there are no linked events
LVTRmust return a correct error if there are linked events and the related parameter is missing
RKEUmust reject the deletion of a root stream with mergeEventsWithParent=true
26V0must reassign the linked events to the deleted stream’s parent when specified
KLD8must delete the linked events when mergeEventsWithParent is false
[SYRO] system route
JT1Ashould parse correctly usernames starting with “system”
CHEKSystem check Platform integrity
[SYRO] system route [SY01] DELETE /mfa
1V4Dshould return 204
3HE9should delete the user’s “mfa” profile property
I2PUshould not delete anything else in the profile
[SYER] system (ex-register) [SY02] POST /create-user (DEPRECATED)
0G7Cmust not send a welcome email if mailing is deactivated
TWBFmust not send a welcome email if welcome mail is deactivated
[SYER] system (ex-register) [SY02] POST /create-user (DEPRECATED) [SY03] when email sending really works
FUTRmust create a new user with the sent data, sending a welcome email
[SYER] system (ex-register) [SY02] POST /create-user (DEPRECATED) [SY04] when it just replies OK
9K71must run the process but not save anything for test username “backloop”
VGF5must return a correct 400 error if the sent data is badly formatted
ABI5must return a correct 400 error if the language property is above 5 characters
OVI4must return a correct 400 error if the language property is the empty string
RD10must return a correct 400 error if a user with the same user name already exists
NPJEmust return a correct 400 error if a user with the same email address already exists
Y5JBmust return a correct 404 error when authentication is invalid
GF3Lmust return a correct error if the content type is wrong
[SYER] system (ex-register) [SY02] POST /create-user (DEPRECATED) [SY05] when we log into a temporary log file
Y69Bmust replace the passwordHash in the logs by (hidden) when the authentication is invalid
MEJ9must replace the passwordHash in the logs by (hidden) when the payload is invalid (here parameters)
CO6Hmust not mention the passwordHash in the logs when none is provided
[SYER] system (ex-register) [SY06] GET /user-info/{username}
9C1AtrackingFunctions must return user information (including time of last account use)
FNJ5must return a correct 404 error when authentication is invalid
[SSDC] SystemStreams config [SD01] when valid custom systemStreams are provided
GB8Gmust set default values and other fields
KMT3must prefix default streams with the Pryv prefix
PVDCmust prefix custom streams with the customer prefix
[SSDC] SystemStreams config [SD03] When custom system streams contain duplicate streamIds
CHEFmust throw a config error
[SSDC] SystemStreams config [SD04] When providing a custom system stream that is unique but not indexed
42A1must throw a config error
[SSDC] SystemStreams config [SD05] When providing a custom system stream that has an invalid type
LU0Amust throw a config error
[SSDC] SystemStreams config [SD06] When providing an "other" custom stream that is unique
GZEKmust throw a config error
[SSDC] SystemStreams config [SD07] When providing an "other" custom stream that is indexed
2IBLmust throw a config error
[SSDC] SystemStreams config [SD08] When providing an "other" custom stream that is non editable
655Xmust throw a config error
[SSDC] SystemStreams config [SD09] When providing an "other" custom stream that is required at registration
OJJ0must throw a config error
[SVIF] config: serviceInfo [SI01] when dnsLess is disabled [SI02] when "serviceInfoUrl" points to a file
D2P7should load serviceInfo
[UPLD] uploads middleware [UP01] hasFileUpload
GY5Hshould parse file uploads
[NOTF] Notifications [NF01] #serverReady
B76Gnotifies internal listeners
SRAUnotifies test listeners
[NOTF] Notifications [NF02] #accountChanged
P6ZDnotifies internal listeners
Q96Snotifies test listeners
[NOTF] Notifications [NF03] #accessesChanged
P5CGnotifies internal listeners
VSN6notifies test listeners
[NOTF] Notifications [NF05] #streamsChanged
LDUQnotifies internal listeners
BUR1notifies test listeners
[NOTF] Notifications [NF06] #eventsChanged
N8RInotifies internal listeners
TRMWnotifies test listeners
[AUTN] Authentication [AT01] hasProperties
IKAIreturns true if all properties exist
K2PZreturns false if not all properties exist
U2NAreturns false if null is given
WJ7Jreturns false if a string is given
[CSVL] tryCoerceStringValues
DTZ1should behave as documented in the method
X26Sdoesn’t create keys in object
4MHHshould convert to array
X8PYnumber conversion works
[VERS] Versioning [VE01] Events
RWIAmust not return history when calling events.get
[VERS] Versioning [VE01] Events [VE02] deletionMode
FLLWmust delete the event’s history when deleting it with deletionMode=keep-nothing
6W0Bmust minimize the event’s history when deleting it with deletionMode=keep-authors
1DBCmust not modify the event’s history when deleting it with deletionMode=keep-everything
[VERS] Versioning [VE01] Events [VE03] events.getOne
YRI7must not return an event’s history when calling getOne with includeHistory flag off
KPQZmust return an event’s history when calling getOne with includeHistory flag on
[VERS] Versioning [VE01] Events [VE04] forceKeepHistory is OFF
PKA9must not generate history when updating an event
[VERS] Versioning [VE01] Events [VE05] forceKeepHistory is ON
0P6Smust generate history when updating an event
NZQBmust generate history when trashing an event
[VERS] Versioning [VE06] Streams
H1PKmust generate events’ history when their stream is deleted with mergeEventsWithParents=true since their streamId is modified
95TJmust delete the events’ history when their stream is deleted with mergeEventsWithParents=false and deletionMode=‘keep-nothing’
4U91must keep the events’ minimal history when their stream is deleted with mergeEventsWithParents=false and deletionMode=‘keep-authors’
D4CYmust not delete the events’ history when their stream is deleted with mergeEventsWithParents=false and deletionMode=‘keep-everything’
[VERS] Versioning [VE07] Users
4ETLmust allow reusing unique values after they are in history
[WH01] webhooks [WH02] GET / [WH08] when using an app token
R5KDshould return a status 200 with a webhooks object which is an array
67CXshould fetch all webhooks reachable by an app token
WSJGshould not fetch any Webhook outside its scope
[WH01] webhooks [WH02] GET / [WH09] when using a personal token
6MNCshould return a status 200 with a webhooks object which is an array
4YFQshould fetch all webhooks for the user
[WH01] webhooks [WH02] GET / [WH10] when using a shared token
RIZVshould return a status 200 with a webhooks object which is an array
[WH01] webhooks [WH03] GET /:webhookId [WH11] when using an app token [WH12] when fetching an existing webhook inside its scope
XMB7should return a status 200 with a webhook object
[WH01] webhooks [WH03] GET /:webhookId [WH11] when using an app token [WH13] when fetching an existing webhook outside of its scope
BDC2should return a status 403 with a forbidden error
[WH01] webhooks [WH03] GET /:webhookId [WH11] when using an app token [WH14] when fetching an unexistant webhook
O6MMshould return a status 404 with a unknown resource error
[WH01] webhooks [WH03] GET /:webhookId [WH15] when using a personal token
D8YQshould return a status 200 with a webhook object
[WH01] webhooks [WH03] GET /:webhookId [WH16] when using a shared token
604Hshould return a status 200 with a webhook object
[WH01] webhooks [WH04] POST / [WH17] when using an app token [WH18] when providing a valid webhook
Z1XDshould return a status 201 with the created webhook
XKLUshould save it to the storage
[WH01] webhooks [WH04] POST / [WH17] when using an app token [WH19] when providing an existing url
60OQshould return a status 409 with a collision error error
[WH01] webhooks [WH04] POST / [WH17] when using an app token [WH20] when providing invalid parameters [WH21] when url is not a string
3VIUshould return a status 400 with a invalid parameters error
[WH01] webhooks [WH04] POST / [WH22] when using a shared token [WH23] when providing a valid webhook
YTLWshould return a status 201 with the created webhook
UC6Jshould save it to the storage
[WH01] webhooks [WH04] POST / [WH24] when using a personal token [WH25] when providing a valid webhook
3AZOshould return a status 403 with a forbidden error
[WH01] webhooks [WH05] PUT /:webhookId [WH26] when using an app token [WH27] when updating an existing webhook [WH28] when changing a valid parameter
C9FUshould return a status 200 with the updated webhook
JSOHshould apply the changes to the storage
[WH01] webhooks [WH05] PUT /:webhookId [WH26] when using an app token [WH27] when updating an existing webhook [WH29] when changing a readonly parameter
PW4Ishould return a status 403 with an invalid parameter error
[WH01] webhooks [WH05] PUT /:webhookId [WH26] when using an app token [WH30] when updating a webhook outside its scope
8T2Gshould return a status 403 with a forbidden error
[WH01] webhooks [WH05] PUT /:webhookId [WH26] when using an app token [WH31] when updating an unexistant webhook
AR5Rshould return a status 404 with an unknown resource error
[WH01] webhooks [WH05] PUT /:webhookId [WH32] when using a personal token [WH33] when providing valid parameters
LCKNshould return a status 200 with the updated webhook
[WH01] webhooks [WH05] PUT /:webhookId [WH34] when using a shared token [WH35] when providing valid parameters
TMIZshould return a status 200 with the updated webhook
[WH01] webhooks [WH06] DELETE /:webhookId [WH36] when using an app token [WH37] when deleting an existing webhook
A0CGshould return a status 200 with the webhook deletion
KA98should delete it in the storage
[WH01] webhooks [WH06] DELETE /:webhookId [WH36] when using an app token [WH38] when deleting an unexistant webhook
ZPRTshould return a status 404 with an unknown resource error
[WH01] webhooks [WH06] DELETE /:webhookId [WH36] when using an app token [WH39] when deleting an already deleted webhook
5UX7should return a status 404 with an unknown resource error
[WH01] webhooks [WH06] DELETE /:webhookId [WH36] when using an app token [WH40] when deleting a webhook outside of its scope
7O0Fshould return a status 403 with a forbidden error
[WH01] webhooks [WH06] DELETE /:webhookId [WH41] when using a personal token [WH42] when deleting an existing webhook
P6X4should return a status 200 with the webhook deletion
[WH01] webhooks [WH06] DELETE /:webhookId [WH43] when using a shared token [WH44] when deleting an existing webhook
OZZBshould return a status 200 with the webhook deletion
[WH01] webhooks [WH07] POST /:webhookId/test [WH45] when using an app token [WH46] when the webhook exists [WH47] when the URL is valid
ZM2Bshould return a status 200 with a webhook object
Q7KLshould send a POST request to the URL
[WH01] webhooks [WH07] POST /:webhookId/test [WH45] when using an app token [WH46] when the webhook exists [WH48] when the URL is invalid
KLROshould return a status 400 with an error object
[WH01] webhooks [WH07] POST /:webhookId/test [WH45] when using an app token [WH49] when the webhook does not exist
KXA8should return a status 404 with a unknown resource error
[WH01] webhooks [WH07] POST /:webhookId/test [WH45] when using an app token [WH50] when the webhook is outside of its scope
KZJDshould return a status 403 with a forbidden error
[WH01] webhooks [WH07] POST /:webhookId/test [WH51] when using a personal token [WH52] when the webhook exists
HYZZshould return a status 200 with a webhook object
SBI7should send a POST request to the URL
[WH01] webhooks [WH07] POST /:webhookId/test [WH53] when using a shared token [WH54] when the webhook exists
O8PBshould return a status 200 with a webhook object
C62Ishould send a POST request to the URL

audit component

Summary

63tests total
63✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[ASTE] Audit Streams and Events [AS01] streams.get
U2PVmust retrieve access and actions substreams
D7WVforbid listing of all accesses
7SGOmust allow listing one accesses (stream) with appAccess
XP27must retrieve all available streams with a personal token
WOIGappToken must not retrieve list of available actions
TFZLpersonalToken must retrieve list of available actions
[ASTE] Audit Streams and Events [AS02] events.get
TJ8Smust retrieve logs by time range
8AFAmust retrieve logs by action
0XRApersonal token must retrieve all audit logs
31FMappAccess must retrieve only audit logs for this access (from auth token then converted by the core)
BLR4Invalid token should return an error
[AUDT] Audit [AT01] when making valid API calls
WTNLmust return 200
UZEVmust return logs when queried
[AUDT] Audit [AT01] when making valid API calls [AT02] when making a call that is not audited
NJFOvalidates the response
[AUDT] Audit [AT01] when making valid API calls [AT03] when making a call that has its own custom accessId
81O6validates the response
G7UVmust return logs when queried
[AUDT] Audit [AT01] when making valid API calls [AT04] when making a call that has no userId
JU8Fvalidates the response
[AUDT] Audit [AT05] when making invalid API calls [AT51] for an unknown user
LFSWvalidates the response
[AUDT] Audit [AT05] when making invalid API calls [AT52] with errorId "invalid-request-structure"
7SUKmust return 400
N5OSmust return logs when queried
[AUDT] Audit [AT05] when making invalid API calls [AT53] with errorId "invalid-parameters-format"
XX4Dmust return 400
BZT8must return logs when queried
[AUDT] Audit [AT05] when making invalid API calls [AT54] with errorId "unknown-referenced-resource"
9ZGImust return 400
OBQ8must return logs when queried
[AUDT] Audit [AT05] when making invalid API calls [AT55] with errorId "invalid-access-token"
ASLZmust return 403
6CZ0must return logs when queried
[AUDT] Audit [AT05] when making invalid API calls [AT56] with errorId "forbidden"
WUUWmust return 403
14LSmust return logs when queried
[AUDT] Audit [AT05] when making invalid API calls [AT57] with errorId "unknown-resource"
176Gmust return 404
7132must return logs when queried
[AUDT] Audit [AT05] when making invalid API calls [AT58] with a malformed request body
DZDPmust return 400
ZNP4must not record logs
[AUDT] Audit [AT06] Filtering [AT61] when filtering by calledMethods [AT62] when including all
ADZLvalidates logging and storage
[AUDT] Audit [AT06] Filtering [AT61] when filtering by calledMethods [AT63] when including all, but a few
Q2H9validates logging and storage
[AUDT] Audit [AT06] Filtering [AT61] when filtering by calledMethods [AT64] when only including a few
WDZ9validates logging and storage
[AUDT] Audit [AT06] Filtering [AT61] when filtering by calledMethods [AT65] when including nothing
NP6Hvalidates logging and storage
[AUDT] Audit [AT06] Filtering [AT61] when filtering by calledMethods [AT66] when using a method aggregate (here "events.all")
L2KGvalidates logging and storage
[AUDT] Audit [AT06] Filtering [AT61] when filtering by calledMethods [AT67] when excluding a few
JBPZvalidates logging and storage
[AUDT] Audit [AT06] Filtering [AT61] when filtering by calledMethods [AT68] when including and excluding some - without intersection
6GVQvalidates logging and storage
[AUDT] Audit [AT06] Filtering [AT61] when filtering by calledMethods [AT69] when including and excluding some - with intersection
UK0Kvalidates logging and storage
[AINT] Audit events integrity
XLELcreated access has integrity
ZKVCcreated event has integrity
WNWMmust find event integrity key and record value in the audit log
U09Jmust find access integrity key and record value in the audit log
[ALGR] Audit legacy route
QXCHmust retrieve logs by time range
4FB8must retrieve logs by action
U9HQpersonal token must retrieve all audit logs
6RP3appAccess must retrieve only audit logs for this access (from auth token then converted by the core)
R1ZFInvalid token should return an error
RQUAStreamId not starting with “:audit:” should return an error
[AFLT] AuditFilter [AF01] validation
3QJJmust accept an existing method
YIDZmust accept a valid method aggregator
74RSmust accept “all”
P6WWmust throw an error when providing a malformed filter
GFCEmust throw an error when providing an unexisting method
GY6Emust throw an error when providing an invalid aggregate method
[AFLT] AuditFilter [AF02] initialization
H8RBmust expand aggregate methods
[ASTO] Audit Storage [AS01] receive message and write it into its own database
KA8Bshould have written the action in the user’s database
9VM3storage.getActions returns a list of available actions
[SYSL] Syslog [SY01] receive message and write them to syslog
F8SHdefault message
9S6Atemplated message
0PA7plugin filtered message
1D5Splugin filtered message (SKIP)

business component

Summary

126tests total
126✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[WHBK] Webhook [WB01] send() [WB02] when sending to an existing endpoint [WB03] when the endpoint answers ASAP
Q7B2should send it
FICWshould add a log to runs
2VRKshould add the correct status to the last run
AOCPshould add the correct timestamp to the last run
2M6Fshould increment runCount
S1CYshould not increment failCount
22X1should send the meta
[WHBK] Webhook [WB01] send() [WB02] when sending to an existing endpoint [WB04] when the endpoint answers with a long delay
SRDLshould send the second message after the first
[WHBK] Webhook [WB01] send() [WB05] when sending to an unexistant endpoint
6UJHshould add a log to runs
VKUAshould add the no status to the last run
40UZshould add the correct timestamp to the last run
UE17should increment runCount
UJ2Yshould increment failCount
V5NHshould increment currentRetries
[WHBK] Webhook [WB01] send() [WB06] when scheduling for a retry [WB07] when the notifications service is down
E5VQshould save the run
XP7Gshould increment currentRetries
9AL1should schedule for a retry
OHLYshould send scheduled messages after an interval
1VITshould reset error tracking properties
[WHBK] Webhook [WB01] send() [WB08] when throttling frequent calls
73TGshould only send the message once
WPMHshould accumulate messages
YLWKshould schedule for a retry after minInterval
OZGPshould send scheduled messages after an interval
86OPshould remove the timeout afterwards
[WHBK] Webhook [WB01] send() [WB09] when the webhook becomes inactive after failures
768Lshould run 5 times
PX10should update the state to inactive
BLNPshould update the stored version
ODNMshould not run anymore
[WHBK] Webhook [WB01] send() [WB10] when the runs array gets shifted
FYORshould rotate the runs
[MCTX] MethodContext [MC01] #parseAuth
ZRW8should parse token out
AUIYshould also parse the callerId when available
[MCTX] MethodContext [MC02] #retrieveAccessFromId
OJW2checks expiry of the access
[MFAF] mfa/createMFAService factory
MF1Areturns null when mode is disabled
MF1Breturns null when config is missing
MF2Areturns a ChallengeVerifyService for mode=challenge-verify
MF2Breturns a SingleService for mode=single
MF3Athrows on unknown mode
[MFAG] mfa/generateCode
MFG1returns a code of the requested length when smaller than the random source
MFG2pads with leading zeroes when the random source is too short
[MFAP] mfa/Profile
MP1Ais inactive when content is empty
MP1Bis active when content has any key
MP2AgenerateRecoveryCodes() produces 10 unique UUID strings
[MFAS] mfa/Service [MFAR] replaceAll
MS1Areplaces every {{ key }} occurrence in a string
MS1Breturns non-strings unchanged
[MFAS] mfa/Service [MFAC] replaceRecursively
MS2Awalks an object tree replacing string leaves
MS2Bdoes not mutate the input
MS2Cpasses null/undefined through
[MFAS] mfa/Service [MFAB] base class
MS3Achallenge() and verify() throw on the abstract base
[MFAT] mfa/SessionStore
MT1Acreate() returns a UUID v4 mfaToken and stores the session
MT1Beach create() yields a fresh token
MT2Aget() returns undefined for unknown ids
MT2Bclear() removes the session and returns true
MT2Cclear() is idempotent — second clear returns false
MT3Asessions auto-expire after the ttl
MT4AclearAll() drops every session and cancels every timer
[BRQS] BatchRequest [BR01] .parse
QJ6Lshould parse the happy case
VV2Oaccepts an empty batch
0NWOthrows if format is missing or wrong
881Ythrows if another type is passed in
2PZ0throws if envelope doesn’t have a data attribute
[BREL] BatchRequestElement [BE01] .parse(obj)
AGQKshould parse a good looking object
LWMEfails if input is not an Object
BU7Qfails if eventId is missing or the wrong type
[DMTX] DataMatrix [DM01] .parse(obj)
576Jshould accept the happy path
IQTErefuses if not an object
WQGBrefuses if format is not flatJSON
34RSrefuses if fields are not strings
M5BIrefuses if points is not an array
V0SHrefuses if field names are not correct
SBU1refuses if data cannot be coerced
[DMTX] DataMatrix [DM02] #eachRow
QUQ3should iterate over all matrix rows
[DMTX] DataMatrix [DM03] #transform
L03Rshould call fn for each cell
7BRVshould store the return value in the matrix
[DMTX] DataMatrix [DM04] #minmax()
QGY6returns the minimum and maximum deltaTime used
ROK8throws an error if the matrix is empty
79DAthrows an error if the deltaTime is missing
[SROW] business.series.Row [SR01] toStruct
NJ4Gshould return a js object for the row
[SREP] business.series.Repository [SR01] with stubbed out connection
0UEAshould produce series objects for events
[TYPR] business.types.TypeRepository [TY01] type list update
WMDWshould work (must be called manually)
6VL6should fail gracefully
[TYPR] business.types.TypeRepository [TY02] basic types like mass/kg
EEWVshould be known
J0CJshould return a type instance allowing conversion
8WI1should throw when conversion fails
WKCSshould coerce to number during validation
[TYPR] business.types.TypeRepository [TY03] boolean type boolean/bool
E2Y1should be known
8FHUshould return a type instance allowing conversion
8U3Ushould coerce to boolean during validation
[TYPR] business.types.TypeRepository [TY04] complex types like position/wgs84
05LAshould be known
0QZ3should return a complex type instance
[TYPR] business.types.TypeRepository [TY05] complex types on several levels like message/facebook
D0GTshould return the correct value type for all fields
3BC9should return the correct value type for optional fields
IVPFshould resolve nested fields
5PMMdoes NOT handle requiredFields fully yet: only surface requirements are returned
[TYPR] business.types.TypeRepository [TY06] placeholder types like picture/attached
78HIshould be known
85BQshould return a type instance allowing conversion
[TYPR] business.types.TypeRepository [TY07] series types like series:mass/kg
SQNQshould be known
IR3Bshould inform about fields correctly
[TYPR] business.types.TypeRepository [TY08] validate()
VK9Jshould accept an array as a known type’s event content
[TYPV] business.types.TypeValidator
AE3Qshould be produced via a type repository
JT1Fshould validate simple types
QIVHshould validate complex types
[USRP] Users repository [UR01] createUser()
7C22must throw an item already exists error when username field is not unique
6CFEmust throw an item already exists error when email field is not unique

cache component

Summary

10tests total
10✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[CACH] Cache
FELTSecond get stream must be faster that first one
XDP6Cache should reset permissions on stream structure change when moving a stream in and out
[SYNC] Synchro
LHGVShould register listener on userId when using setStreams
RYQDShould register listener on userId when using setAccessLogic.
R7I6Should unset access Logic on unset Message
8M1BRegistered listener should be removed on clearEvent
KF7ERegistered listener should be removed on unsetUser
OKHQListeners should not receive “internal” messages
Y5GAListeners should receive transport messages UNSET_USER_DATA
Y5GUListeners should receive transport messages UNSET_USER

dns-server component

Summary

26tests total
26✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[DNS] DNS Server Root domain (dns.Resolver)
DN01must resolve A record for root domain
DN02must resolve AAAA record for root domain
DN03must resolve MX records for root domain
DN04must resolve NS records for root domain
DN05must resolve TXT records for root domain
[DNS] DNS Server Root domain (raw UDP)
DN06must return SOA record for root domain
DN07must resolve CAA record for root domain
[DNS] DNS Server Static subdomains
DN10must resolve CNAME for www subdomain
DN11must resolve CNAME for reg subdomain
DN12must resolve A record for static A subdomain
[DNS] DNS Server Username resolution
DN20must resolve username to core IP (A record)
DN21must resolve username to different core IP
DN22must resolve username via CNAME when core has no IP
DN23must return NXDOMAIN for unknown username
DN24must resolve username AAAA when core has IPv6
[DNS] DNS Server Cluster discovery (lsc)
DN30must return all core IPs for lsc.{domain}
[DNS] DNS Server updateStaticEntry
DN40must update runtime entry for ACME challenge
DN41must reject updates that would shadow a config-static entry
[DNS] DNS Server Non-matching domain
DN50must return NXDOMAIN for queries outside our domain
[DNP] DNS Server — PlatformDB persistence (Plan 27 Phase 1)
DNP01must load persisted records from PlatformDB on start()
DNP02updateStaticEntry must persist to PlatformDB
DNP03persisted records must survive a “restart”
DNP04config-static entries MUST shadow PlatformDB records
DNP05updateStaticEntry for a config-key must throw and leave PlatformDB untouched
DNP06periodic refresh must pick up records added after start() (multi-core propagation)
DNP07deleteStaticEntry must remove from PlatformDB and memory

externals component

Summary

1tests total
0✅ passing
1❓ pending
0❌ failing

Tests

IdStatusTest

hfs-server component

Summary

60tests total
60✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[HFBT] Storing BATCH data in a HF series [HB01] Use Case: Store data in InfluxDB, Verification on either half
Q2ISshould store data correctly
[HFBT] Storing BATCH data in a HF series [HB02] POST /:user_name/series/batch
A3BQshould return core-metadata in every call
QHM5should fail without ‘Authorization’ header
[HFBT] Storing BATCH data in a HF series [HB02] POST /:user_name/series/batch [HB03] when the token has no permissions on the event
R57Lfails
[HFBT] Storing BATCH data in a HF series [HB02] POST /:user_name/series/batch [HB04] when the token has a "create-only" permission
ATAHshould work
[HFBT] Storing BATCH data in a HF series [HB02] POST /:user_name/series/batch [HB05] when using a metadata updater stub
OO01should schedule a metadata update on every store
[HFSQ] Querying data from a HF series
Q1X1should should accept a query with authentication token header
Q1X2should accept a query with authentication token in url parameter
Q1X3must accept basic auth schema
RAIJshould return core-metadata in every call
XAI2should accept a query when the authorized permission is on the event’s 2nd streamId
I2ZHshould refuse a query for an unknown user
EYCAshould refuse a query missing the authorization token
OINYshould refuse a query containing an unauthorized token
Q991should return an unknown resource error when querying data for an nonexistent event id
QMC7should refuse a query containing parameters with the wrong format
HGVVshould refuse a query when toTime is before fromTime
XI4Mshould refuse a query with a “create-only” token
[SDHF] Storing data in a HF series [SD01] Use Case: Store data in InfluxDB, Verification on either half
ZUBIshould convert timestamp to deltaTime
GZIZshould store data correctly
KC15should return data once stored
YALYshould accept a request when the authorized permission is on the event’s 2nd streamId
[SDHF] Storing data in a HF series [SD02] UPDATE and DELETE on handling event affect the serie
UD1Cmoving event in time does empty the cache
UD2Ctrashed event cannot be written to
ZTG6deleted events deletes series
[SDHF] Storing data in a HF series [SD03] POST /events/EVENT_ID/series [SD31] bypassing authentication [SD32] with auth success
N3PMstores data into InfluxDB
TL0Dshould return core-metadata in every call
RESCshould reject non-JSON bodies
KT1Rresponds with headers that allow CORS on OPTIONS
H1CGresponds with headers that allow CORS on POST
[SDHF] Storing data in a HF series [SD03] POST /events/EVENT_ID/series [SD31] bypassing authentication [SD32] with auth success [SD33] when request is malformed
96HCshould be rejected (format is not flatJSON)
38W3should be rejected (matrix is not square - not enough fields)
GJL5should be rejected (no negative deltaTime)
GJL4should be rejected (value types are not all valid)
JJROshould be rejected (missing deltaTime column)
LKFGshould be rejected (missing value column for a simple input)
[SDHF] Storing data in a HF series [SD03] POST /events/EVENT_ID/series [SD31] bypassing authentication [SD32] with auth success [SD34] when using a metadata updater stub
GU3Lshould schedule a metadata update on every store
[SDHF] Storing data in a HF series [SD03] POST /events/EVENT_ID/series [SD31] bypassing authentication [SD35] with auth failure
NLAWrefuses invalid/unauthorized accesses
[SDHF] Storing data in a HF series [SD03] POST /events/EVENT_ID/series [SD36] storing data in different formats
Y3BLstores data of any basic type
3WGHstores data of complex types
1NDBdoesn’t accept data in non-series format
YMHKstores strings
ZL7Cstores floats
[SDHF] Storing data in a HF series [SD03] POST /events/EVENT_ID/series [SD37] complex types such as ratio/generic
DTZ2refuses to store when deltaTime is present twice (ambiguous!)
UU4Rrefuses to store when other fields are present twice (ambiguous!)
[SDHF] Storing data in a HF series [SD03] POST /events/EVENT_ID/series [SD37] complex types such as ratio/generic [SD38] null fields
7UZTaccept null fields
7UTTdo not accept null for required fields
[SDHF] Storing data in a HF series [SD03] POST /events/EVENT_ID/series [SD37] complex types such as ratio/generic [SD39] when not all required fields are given
FNDTrefuses to store when not all required fields are given
H525returns error id “invalid-request-structure”
[SDHF] Storing data in a HF series [SD03] POST /events/EVENT_ID/series [SD37] complex types such as ratio/generic [SD40] when field names don't match the type
AJMSrefuses to store when field names don’t match the type
7CR7returns the error message with the id “invalid-request-structure”
[SDHF] Storing data in a HF series [SD03] POST /events/EVENT_ID/series [SD41] complex types such as position/wgs84
UDHOallows storing any number of optional fields, on each request
JDTHrefuses unknown fields
[SDHF] Storing data in a HF series [SD03] POST /events/EVENT_ID/series [SD42] using a "create-only" permissions
YCGZshould work
[METL] Metadata Loader
U6F2should allow write access to series
[METC] Metadata Cache
O8AEreturns loaded metadata for N minutes
[HFSV] Server
O84Ican be constructed
[HFSV] Server [HS01] .start
1VELstarts a http server on configured port
[HFCT] Controller [HC01] storeSeriesData
3BYCshould reject queries if the authorization header is missing
U0WBshould reject queries if the eventId is missing

mall component

Summary

22tests total
22✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[KVDB] Per-store key-value DB
2Z7LMust set and get key-value data
[MSTE] Stores Streams & Events [MS01] Streams [MS02] GET
1Q12Must retrieve dummy streams when querying parentId
UVQ2Must retrieve “yo” streams and “:dummy:” when requesting “*”
XC20master token must retrieve “yo” streams and all stores when requesting “*”
XC21personal token must retrive :dummy: stream structure
XC22app token must retrive :dummy: stream structure
XC23master token must retrive :dummy: stream structure
3ZTMRoot streams must have null parentIds “*”
[MSTE] Stores Streams & Events [MS01] Streams [MS03] CREATE
2Q12Create a stream under dummy
2Q13Should fail creating outside of store
2Q14Should fail creating outside of store 2
[MSTE] Stores Streams & Events [MS01] Streams [MS04] UPDATE
3Q12Create a stream under dummy
3Q13Should fail moving a stream outside of store
[MSTE] Stores Streams & Events [MS05] Events [MS06] GET
XD21personal token must retrive :dummy: events
XD22master token must retrive :dummy: events
XD23app token must retrive :dummy: events
[MSTE] Stores Streams & Events [MS05] Events [MS07] CREATE
YD21create event on :dummy:
YD22create with a given id on :dummy:
YD23should fail on mismatching stream and id in store
YD24should fail on mismatching stream in store and id
[MSTE] Stores Streams & Events [MS05] Events [MS08] UPDATE
ZD21update event :dummy:dummyevent0
ZD22should fail moving an event to another store

messages component

Summary

7tests total
7✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[PRMV] Pubsub removers
LVNKremover works
[NPUB] TcpPublisher
S386should construct
I21Mdelivers messages to “USERNAME”
[NSUB] TcpSubscriber
DMMPshould construct
[NSUB] TcpSubscriber [NS01] when subscribed to "foobar" [NS02] subscribe("USERNAME")
4MAIaccepts messages from USERNAME.sok1 and dispatches them to sinks
47BPignores messages from other users
[NSUB] TcpSubscriber [NS01] when subscribed to "foobar" [NS03] unsubscribe()
L49Eshould unsubscribe from TCP broker

middleware component

Summary

8tests total
8✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[LA01] loadAccess middleware [LA02] when an access is actually loaded in request context
OD3Dshould add the access id as Pryv-access-id header if token is valid
UDW7should still set the Pryv-access-id header in case of error (e.g. expired token)
[LA01] loadAccess middleware [LA03] when the access can not be loaded (e.g. invalid token)
9E2Dshould not set the Pryv-access-id header
[APIV] APIVersion#version [AV01] when a ".api-version" file exists in the project and is !== that 1.2.3
5ICPreads .api-version and returns that constant
[APIV] APIVersion#version [AV02] when a ".api-version" file exists in the project and is 1.2.3 (sentinel)
HV40should return git tag version
[SDTP] subdomainToPath middleware [SD01] using a minimal application
V0R9should not transform illegal usernames
Q5A5should transform username into a path segment
IDDEshould accept dashes

platform component

Summary

0tests total
0✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest

previews-server component

Summary

15tests total
15✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[EP01] event previews [EP02] GET //preview
NRT9must return JPEG previews for “picture/attached” events and cache the result
FEWUmust accept “.jpg” extension in the path (backwards-compatibility)
PBC1must adjust the desired size to the bigger standard size (if exists)
415Lmust limit the desired size to the biggest standard size if too big
CWTQmust serve the cached file if available
2MMEmust regenerate the cached file if obsolete
7Y91must respond with “no content” if the event type is not supported
61N8must return a proper error if the event does not exist
VIJOmust forbid requests missing an access token
FAK4must forbid requests with unauthorized accesses
QUM3must return a proper error if event data is corrupted (no attachment object)
GSDFmust work with animated GIFs too
[EP01] event previews [EP03] POST /clean-up-cache
FUYEmust clean up cached previews not accessed for one week by default
G5JRmust ignore files with no readable extended attribute
[PIDX] (index) [PI01] OPTIONS /
E5MWshould return OK

storage component

Summary

13tests total
13✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[UAST] Users Account Storage UserAccountStorage conformance addPasswordHash()
B2I7must throw an error if two passwords are added with the same time
[UAST] Users Account Storage UserAccountStorage conformance getCurrentPasswordTime()
85PWmust return the time of the current password
V54Smust throw an error if there is no password for the user id
[UAST] Users Account Storage UserAccountStorage conformance passwordExistsInHistory()
1OQPmust return true when looking for existing passwords
DO33must return false when looking for a non-existing password
FEYPmust return false when looking for an existing password that is beyond the given range

utils component

Summary

10tests total
10✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[TRUT] tree utils [TU01] buildTree()
32CBmust build a correct tree for a given consistent array
VVVSmust throw an error if objects do not contain the necessary properties
CEUFmust throw an error if the object in argument is not an array
[TRUT] tree utils [TU02] flattenTree()
11JJmust build a correct array for a given tree
OVJMmust throw an error if the object in argument is not an array
[TRUT] tree utils [TU03] findInTree()
S1N0must return the first item matching the given iterator function
SI6Lmust return null if no item matches the given iterator function
[TRUT] tree utils [TU04] filterTree()
YIE6must return only items matching the given iterator function
[TRUT] tree utils [TU05] collect()
AU44must return an array with values matching the iterator function for each item in the tree
[TRUT] tree utils [TU06] expandIds()
PFJPmust return an array with the ids passed in argument plus those of all their descendants

webhooks component

Summary

8tests total
8✅ passing
0❓ pending
0❌ failing

Tests

IdStatusTest
[WH01] webhooks [WH02] when loading Webhooks on startup [WH03] when booting the webhooks application
YD6Nshould send a boot message to all active webhooks
UM4Tshould send nothing to inactive webhooks
[WH01] webhooks [WH02] when loading Webhooks on startup [WH04] when creating an event in a Webhook scope [WH05] when the notifications server is running
3TMHshould send API call to the notifications server
7N4Lshould update the Webhook’s data to the storage
[WH01] webhooks [BBB] when creating a Webhook through api-server [WH06] when the notifications server is running returning 400
EXQDshould register a new webhook in the service through pubsub
8Q4Eshould deactivate after failures
PY61should be run again when updating its state
[WH01] webhooks [WH07] when there are running webhooks [WH08] when deleting a webhook through API server
904Dshould deactivate the current running webhook through pubsub