core/php-tenant
8
0
Fork 0
Code Issues 43 Pull requests 33 Projects Releases Packages Wiki Activity Actions

test: add edge case tests for TotpService #67

Open
Charon wants to merge 1 commit from feat/totp-edge-case-tests into dev
pull from: feat/totp-edge-case-tests
merge into: core:dev
Conversation 0 Commits 1 Files changed 1 +405
Charon commented 2026-03-24 13:37:01 +00:00
Member
Copy link

Fixes #17

Summary

  • Add 37 Pest tests covering TotpService edge cases
  • Clock drift: acceptance within WINDOW=1, rejection beyond tolerance
  • Malformed base32 secrets: lowercase, padding, invalid chars, empty
  • Code format: spaces, dashes, too short/long, alphabetic, whitespace
  • Replay behaviour: documents no built-in replay protection
  • Cross-secret rejection: code from secret A rejected by secret B
  • Base32 round-trips: binary data, known vector, empty, boundary bytes
  • RFC 6238 conformance: determinism, zero-padding, period variation

Test plan

  • All 37 tests pass (53 assertions)
  • Pint lint passes
  • No database dependencies (pure unit tests of TotpService)
Fixes #17 ## Summary - Add 37 Pest tests covering TotpService edge cases - Clock drift: acceptance within WINDOW=1, rejection beyond tolerance - Malformed base32 secrets: lowercase, padding, invalid chars, empty - Code format: spaces, dashes, too short/long, alphabetic, whitespace - Replay behaviour: documents no built-in replay protection - Cross-secret rejection: code from secret A rejected by secret B - Base32 round-trips: binary data, known vector, empty, boundary bytes - RFC 6238 conformance: determinism, zero-padding, period variation ## Test plan - [x] All 37 tests pass (53 assertions) - [x] Pint lint passes - [x] No database dependencies (pure unit tests of TotpService)
Charon added 1 commit 2026-03-24 13:37:02 +00:00 
Add 37 Pest tests covering TotpService edge cases that were previously
untested: clock drift acceptance/rejection across time windows, malformed
base32 secrets (lowercase, padding, invalid chars, empty), code format
handling (spaces, dashes, too short/long, alphabetic, whitespace),
replay behaviour documentation, cross-secret rejection, base32
encode/decode round-trips (binary, empty, boundary bytes), and RFC 6238
conformance (determinism, zero-padding, period variation).

Fixes #17

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin feat/totp-edge-case-tests:feat/totp-edge-case-tests
git checkout feat/totp-edge-case-tests

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git checkout dev
git merge --no-ff feat/totp-edge-case-tests
git checkout feat/totp-edge-case-tests
git rebase dev
git checkout dev
git merge --ff-only feat/totp-edge-case-tests
git checkout feat/totp-edge-case-tests
git rebase dev
git checkout dev
git merge --no-ff feat/totp-edge-case-tests
git checkout dev
git merge --squash feat/totp-edge-case-tests
git checkout dev
git merge --ff-only feat/totp-edge-case-tests
git checkout dev
git merge feat/totp-edge-case-tests
git push origin dev
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
P1

Priority 1 - Critical

  
P2

Priority 2 - Important

  
P3

Priority 3 - Nice to have

  
PHP

PHP codebase

  
agent-ready

   
bug

Bug fix

  
clotho

Assigned to Clotho AI agent

  
discovery

Auto-discovered by agent

  
docs

Documentation

  
epic

   
refactor

Code quality refactoring

  
review

Needs human review

  
security

Security hardening

  
testing

Test coverage

  
athena

Assign to Athena AI agent (M3 Ultra)

  
athena-gemini

Dispatch to Gemini CLI on M3 Ultra

  
audit

Code audit task

  
clotho

Assign to Clotho AI agent for processing

  
clotho-gemini

Dispatch to Gemini CLI on darbs (AU)

  
codex

Dispatch to Codex CLI on gateway for analysis

  
darbs-claude

Dispatch to Claude on darbs (AU)

  
security

Security review task

  
wiki

Documentation/wiki update

No labels
P1
P2
P3
PHP
agent-ready
bug
clotho
discovery
docs
epic
refactor
review
security
testing
athena
athena-gemini
audit
clotho
clotho-gemini
codex
darbs-claude
security
wiki
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: core/php-tenant#67
No description provided.
Delete branch "feat/totp-edge-case-tests"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?