Test/backend csrf#1203
Open
wonderfulmarv01 wants to merge 6 commits into
Open
Conversation
…y improvements and new features - Added TrustBadge component to the marketplace page. - Updated CreateCommitmentStepConfigure to improve accessibility by changing form to a div with role and aria-label. - Modified CreateCommitmentStepReview to replace labels with paragraphs for better semantics and added buttons for checkbox interactions. - Improved MarketplaceHeader by changing the mobile menu overlay to a button for better accessibility. - Refactored RecentAttestationsPanel to remove unnecessary roles and improve semantics. - Updated HeroSection links to use the Link component directly for better performance and accessibility. - Simplified ProblemSection by removing unnecessary role attributes. - Added accessibility comments in CommitmentDisputeModal. - Adjusted tsconfig.json for better JSX handling and improved formatting.
…cross frontend components
|
Someone is attempting to deploy a commit to the 1nonly's projects Team on Vercel. A member of the Team first needs to authorize it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes #763
Pull Request Summary: Extend CSRF coverage for tamper and mismatch branches
Description
This pull request strengthens backend CSRF and session test coverage, resolves the integration branch state, and achieves 100% test coverage for the CSRF authentication and session management helpers.
Key Changes
Merged the test/marketplace-card branch into test/backend-csrf via a clean fast-forward to compile all test enhancements (MarketplaceCard tests + React SVG camelCase warnings fix) into this deployment branch.
Confirmed the branch is fully up-to-date with both the local master branch and upstream/master.
The unit test suites under src/lib/backend have been verified to fully cover the following security mechanisms:
Token Self-Verification: Asserts a freshly generated token verifies against its active browser session.
Tamper, Empty, and Absent Rejection: Covers cases where the header token is empty, missing, or malformed.
Double-Submit Matching: Asserts that a token belonging to sessionA is rejected when presented alongside the session cookie for sessionB (cross-session isolation).
Token Expiry & Rotation: Asserts that after calling rotateCsrfToken(sessionId), the old token is immediately rejected and the newly generated token is accepted.
Response Cookies: Asserts that cookies are set with the correct flags (httpOnly: true, sameSite: 'lax', Secure in production) and cleared correctly on session destruction.
Verification Results
All related authentication, session, and cookie tests pass cleanly:
Total Tests: 25 tests passing.
Test Coverage: 100% Statements, Branches, Functions, and Lines across the key backend modules:
src/lib/backend/csrf.ts
src/lib/backend/session.ts
src/lib/backend/sessionCookies.ts