vikunja/pkg/webtests
kolaente 879462d717 fix(caldav): enforce URL project match in GetResourcesByList
Multiget REPORT requests would happily return tasks from projects
different from the one in the href, even though GetTasksByUIDs now
filters by access. Drop any returned task whose real project_id does
not match the project ID parsed from the href path segment.

Hardening for GHSA-48ch-p4gq-x46x.
2026-04-09 16:07:32 +00:00
..
_test.go.tpl chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
api_token_method_matching_test.go fix(security): enforce HTTP method and path in scoped API token matcher 2026-04-09 15:17:20 +00:00
api_tokens_test.go test: verify caldav permission group appears in /routes 2026-03-30 12:09:53 +00:00
archived_test.go fix(project): remove non-existent columns from UpdateProject column list 2026-04-03 16:59:05 +00:00
background_test.go test: verify background removal preserves project title 2026-04-08 09:07:15 +00:00
caldav_test.go fix(caldav): enforce URL project match in GetResourcesByList 2026-04-09 16:07:32 +00:00
error_responses_test.go feat: add session-based auth with refresh token rotation 2026-02-25 10:30:25 +01:00
healthcheck_test.go feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
integrations.go test: verify background removal preserves project title 2026-04-08 09:07:15 +00:00
kanban_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
label_task_test.go test: add web tests for bulk label task endpoint 2026-03-10 23:58:44 +01:00
link_share_avatar_test.go feat!: rename right to permission (#1277) 2025-08-13 11:05:05 +02:00
link_sharing_auth_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
link_sharing_test.go test(security): webtest that a deleted link share rejects its still-valid JWT 2026-04-09 15:38:07 +00:00
login_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
main_test.go refactor: use Go idioms for running tests 2026-02-17 18:01:05 +01:00
oauth2_test.go test: add tests for OAuth 2.0 authorization flow 2026-03-27 23:05:04 +00:00
project_test.go test: update expected results for archived project propagation 2026-03-25 09:06:33 +00:00
register_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
sessions_test.go test: add session lifecycle tests 2026-02-25 10:30:25 +01:00
task_attachment_idor_test.go test: add IDOR test for task attachment ReadOne (GHSA-jfmm-mjcp-8wq2) 2026-03-23 16:34:07 +00:00
task_attachment_upload_test.go feat: add session-based auth with refresh token rotation 2026-02-25 10:30:25 +01:00
task_collection_test.go test: update expected results for archived project propagation 2026-03-25 09:06:33 +00:00
task_comment_test.go fix: use require.Error instead of assert.Error for error assertions 2026-03-20 11:41:28 +00:00
task_test.go test: add web integration tests for task duplication 2026-03-04 17:20:26 +01:00
token_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
user_change_password_test.go test(api): add tests for password validation in reset and update flows 2026-02-25 13:44:56 +01:00
user_confirm_email_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
user_export_download_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
user_export_status_test.go feat: show user export status in settings (#1200) 2025-07-30 15:50:26 +00:00
user_password_request_token_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
user_password_reset_test.go test: add web test for disabled user password reset rejection 2026-03-20 11:23:21 +00:00
user_project_test.go test: verify email masking for external team name search 2026-03-04 20:32:11 +01:00
user_show_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
user_totp_test.go fix: update TOTP fixtures and tests to avoid conflicts with existing enrollment tests 2026-03-20 12:22:27 +00:00
webhook_test.go test: add failing test for webhook BasicAuth credential exposure 2026-03-23 16:35:47 +00:00