vikunja/pkg/webtests
kolaente cae89caef2 feat(api/v2): add bot user CRUD on /api/v2
Port the BotUser resource from /api/v1's /user/bots routes to the
Huma-backed /api/v2, preserving every v1 behavior:

- Full CRUD at /user/bots and /user/bots/{bot} with v2 verbs (POST
  creates, PUT updates; PATCH is synthesised by AutoPatch).
- ReadAll returns only the caller's own bots; read/update/delete of an
  unowned or missing bot is refused with 403, since ownership is resolved
  by loading the user (no existence disclosure, no 404 branch).
- Create requires a real user account and rejects link shares, the
  bot- username prefix is enforced, and bots are created without an
  email or password — all delegated to the unchanged model layer.
- ReadOne surfaces max_permission via the shared value-embed pattern and
  carries an ETag for conditional requests.

doc/readOnly tags are added to the exposed user.User fields the bot
response surfaces, and to BotUser.Status, so the v2 OpenAPI schema is
documented. The model and v1 routes are untouched.

The webtest ports the v1 model-level permission matrix to the v2 HTTP
surface and adds the v2-only ETag/304 and merge-patch coverage.
2026-06-05 08:51:39 +00:00
..
_test.go.tpl chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
admin_share_bypass_test.go test(admin): add webtests for /admin/* endpoints and share bypass 2026-04-20 18:55:06 +00:00
admin_test.go test(admin): add webtests for /admin/* endpoints and share bypass 2026-04-20 18:55:06 +00:00
api_token_method_matching_test.go fix(security): enforce HTTP method and path in scoped API token matcher 2026-04-09 15:17:20 +00:00
api_tokens_test.go test: verify caldav permission group appears in /routes 2026-03-30 12:09:53 +00:00
archived_test.go fix(project): remove non-existent columns from UpdateProject column list 2026-04-03 16:59:05 +00:00
background_test.go test: verify background removal preserves project title 2026-04-08 09:07:15 +00:00
caldav_test.go fix(caldav): return 404 when trying to access a project that cannot exist with CalDAV (#2796) 2026-05-28 08:14:52 +02:00
error_responses_test.go feat: add session-based auth with refresh token rotation 2026-02-25 10:30:25 +01:00
healthcheck_test.go feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
huma_admin_test.go test(api/v2): port full v1 admin projects coverage 2026-06-03 19:48:08 +00:00
huma_api_token_test.go feat(api/v2): add API token list/create/delete on /api/v2 2026-06-05 08:49:23 +00:00
huma_archived_test.go test(api/v2): isolate project tests per-handler, not via shared harness 2026-06-05 07:40:07 +00:00
huma_avatar_test.go test(api/v2): port full v1 avatar coverage to TestAvatar 2026-06-03 19:58:27 +00:00
huma_avatar_upload_test.go fix(api/v2): reject non-decodable images (e.g. SVG) on avatar upload with 400 2026-06-02 11:55:25 +00:00
huma_bot_user_test.go feat(api/v2): add bot user CRUD on /api/v2 2026-06-05 08:51:39 +00:00
huma_errors_test.go test(api/v2): Label round-trip, ETag, PATCH, error shapes 2026-05-31 12:56:57 +00:00
huma_helpers_test.go test(api/v2): Label round-trip, ETag, PATCH, error shapes 2026-05-31 12:56:57 +00:00
huma_label_task_test.go feat(api/v2): add task labels (create/list/delete) on /api/v2 2026-06-05 08:33:47 +00:00
huma_label_test.go feat(api/v2): report max_permission on label and project-view reads 2026-06-04 21:16:51 +00:00
huma_project_test.go test(api/v2): strengthen project max_permission assertions 2026-06-05 07:40:07 +00:00
huma_project_view_test.go feat(api/v2): report max_permission on label and project-view reads 2026-06-04 21:16:51 +00:00
huma_session_test.go feat(api/v2): add session list/delete on /api/v2 2026-06-05 08:21:48 +00:00
huma_task_comment_test.go test(api/v2): assert task comment max_permission and per-caller ETag 2026-06-05 07:43:38 +00:00
huma_task_duplicate_test.go test(api/v2): port full v1 TaskDuplicate coverage 2026-06-03 20:29:15 +00:00
huma_team_test.go test(api/v2): assert both ETags non-empty in team permission test 2026-06-05 08:06:54 +00:00
integrations.go test(api/v2): isolate project tests per-handler, not via shared harness 2026-06-05 07:40:07 +00:00
kanban_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
label_task_test.go test: add web tests for bulk label task endpoint 2026-03-10 23:58:44 +01:00
link_share_avatar_test.go feat!: rename right to permission (#1277) 2025-08-13 11:05:05 +02:00
link_sharing_auth_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
link_sharing_test.go test(security): webtest that a deleted link share rejects its still-valid JWT 2026-04-09 15:38:07 +00:00
login_test.go test(webtests): add end-to-end TOTP lockout test 2026-04-09 16:08:26 +00:00
main_test.go refactor: use Go idioms for running tests 2026-02-17 18:01:05 +01:00
oauth2_test.go test: add tests for OAuth 2.0 authorization flow 2026-03-27 23:05:04 +00:00
project_test.go fix(security): move reparent Admin gate into UpdateProject 2026-04-09 16:47:35 +00:00
register_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
sessions_test.go test: add session lifecycle tests 2026-02-25 10:30:25 +01:00
task_attachment_idor_test.go test: add IDOR test for task attachment ReadOne (GHSA-jfmm-mjcp-8wq2) 2026-03-23 16:34:07 +00:00
task_attachment_upload_test.go feat: add session-based auth with refresh token rotation 2026-02-25 10:30:25 +01:00
task_by_index_test.go test(api): cover positive project-identifier resolution 2026-05-19 08:53:25 +00:00
task_collection_test.go feat(projects): always store identifiers as uppercase (#2775) 2026-05-19 10:35:43 +02:00
task_comment_test.go fix: use require.Error instead of assert.Error for error assertions 2026-03-20 11:41:28 +00:00
task_test.go fix(assignees): resolve 500 error when reading task assignees 2026-05-26 18:59:33 +00:00
token_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
user_change_password_test.go test(api): add tests for password validation in reset and update flows 2026-02-25 13:44:56 +01:00
user_confirm_email_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
user_export_download_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
user_export_status_test.go feat: show user export status in settings (#1200) 2025-07-30 15:50:26 +00:00
user_password_request_token_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
user_password_reset_test.go test: add web test for disabled user password reset rejection 2026-03-20 11:23:21 +00:00
user_project_test.go test: verify email masking for external team name search 2026-03-04 20:32:11 +01:00
user_show_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
user_totp_test.go fix: update TOTP fixtures and tests to avoid conflicts with existing enrollment tests 2026-03-20 12:22:27 +00:00
webhook_test.go test: add failing test for webhook BasicAuth credential exposure 2026-03-23 16:35:47 +00:00