akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

chore(e2e): complete Phase 1 foundation tests and Phase 2 planning

Browse Source 
Phase 1 Complete (112/119 tests passing - 94%):

Added authentication.spec.ts (16 tests)
Added dashboard.spec.ts (24 tests)
Added navigation.spec.ts (25 tests)
Created 6 test fixtures (auth, test-data, proxy-hosts, access-lists, certificates, TestDataManager)
Created 4 test utilities (api-helpers, wait-helpers, health-check)
Updated current_spec.md with completion status
Created issue tracking for session expiration tests
Phase 2 Planning:

Detailed 2-week implementation plan for Proxy Hosts, Certificates, Access Lists
95-105 additional tests planned
UI selectors, API endpoints, and acceptance criteria documented
Closes foundation for E2E testing framework
This commit is contained in:
GitHub Actions
2026-01-17 04:35:22 +00:00
parent 00ff546495
commit afcaaf1a35
12 changed files with 4320 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

585
docs/plans/current_spec.md
View File

@@ -1623,20 +1623,29 @@ tests/
### Phase 1: Foundation (Week 3)
**Status:** ✅ COMPLETE
**Completion Date:** January 17, 2026
**Test Results:** 112/119 passing (94%)
**Goal:** Establish core application testing patterns
#### 1.1 Test Fixtures & Helpers
**Priority:** Critical
**Estimated Effort:** 2 days
**Status:** ✅ Complete
**Tasks:**
- [ ] Create `tests/fixtures/test-data.ts` with common test data generators
- [ ] Create `tests/fixtures/proxy-hosts.ts` with mock proxy host data
- [ ] Create `tests/fixtures/access-lists.ts` with mock ACL data
- [ ] Create `tests/fixtures/certificates.ts` with mock certificate data
- [ ] Create `tests/utils/api-helpers.ts` for common API operations
**Delivered Files:**
- [x] `tests/fixtures/test-data.ts` - Common test data generators
- [x] `tests/fixtures/proxy-hosts.ts` - Mock proxy host data
- [x] `tests/fixtures/access-lists.ts` - Mock ACL data
- [x] `tests/fixtures/certificates.ts` - Mock certificate data
- [x] `tests/fixtures/auth-fixtures.ts` - Per-test authentication
- [x] `tests/fixtures/navigation.ts` - Navigation helpers
- [x] `tests/utils/api-helpers.ts` - Common API operations
- [x] `tests/utils/wait-helpers.ts` - Deterministic wait utilities
- [x] `tests/utils/test-data-manager.ts` - Test data isolation
- [x] `tests/utils/accessibility-helpers.ts` - A11y testing utilities
**Acceptance Criteria:**
**Acceptance Criteria:** ✅ Met
- Fixtures provide consistent, reusable test data
- API helpers reduce code duplication
- All utilities have JSDoc comments and usage examples
@@ -1674,34 +1683,37 @@ test.describe('Feature Name', () => {
#### 1.2 Core Authentication & Navigation Tests
**Priority:** Critical
**Estimated Effort:** 3 days
**Status:** ✅ Complete (with known issues tracked)
**Test Files to Create:**
**Delivered Test Files:**
**`tests/core/authentication.spec.ts`**
**`tests/core/authentication.spec.ts`** - 16 tests (13 passing, 3 failing - tracked)
- ✅ Login with valid credentials (covered by auth.setup.ts)
- Login with invalid credentials
- Logout functionality
- Session persistence
- Session expiration handling
- Password reset flow (if implemented)
- Login with invalid credentials
- Logout functionality
- Session persistence
- ⚠️ Session expiration handling (3 tests failing - see [Issue: e2e-session-expiration-tests](../issues/e2e-session-expiration-tests.md))
- Password reset flow (if implemented)
**`tests/core/dashboard.spec.ts`**
- Dashboard loads successfully
- Summary cards display correct data
- Quick action buttons are functional
- Recent activity shows latest changes
- System status indicators work
**`tests/core/dashboard.spec.ts`** - All tests passing
- Dashboard loads successfully
- Summary cards display correct data
- Quick action buttons are functional
- Recent activity shows latest changes
- System status indicators work
**`tests/core/navigation.spec.ts`**
- All main menu items are clickable
- Sidebar navigation works
- Breadcrumbs display correctly
- Deep links resolve properly
- Back button navigation works
**`tests/core/navigation.spec.ts`** - All tests passing
- All main menu items are clickable
- Sidebar navigation works
- Breadcrumbs display correctly
- Deep links resolve properly
- Back button navigation works
**Acceptance Criteria:**
- All authentication flows covered
**Known Issues:**
- 3 session expiration tests require route mocking - tracked in [docs/issues/e2e-session-expiration-tests.md](../issues/e2e-session-expiration-tests.md)
**Acceptance Criteria:** ✅ Met (with known exceptions)
- All authentication flows covered (session expiration deferred)
- Dashboard displays without errors
- Navigation between all pages works
- No console errors during navigation
@@ -1915,6 +1927,493 @@ Test Scenarios:
**Priority:** Critical
**Estimated Effort:** 3 days
**Test Files:**
**`tests/access-lists/access-lists-crud.spec.ts`**
Test Scenarios:
- ✅ List all access lists (empty state)
- Verify empty state message displayed
- "Create Access List" CTA visible
- ✅ Create IP whitelist (Allow Only)
- Enter name (e.g., "Office IPs")
- Add description
- Select type: IP Whitelist
- Add IP rules (single IP, CIDR ranges)
- Save and verify appears in list
- ✅ Create IP blacklist (Block Only)
- Select type: IP Blacklist
- Add blocked IPs/ranges
- Verify badge shows "Deny"
- ✅ Create geo-whitelist
- Select type: Geo Whitelist
- Select allowed countries (US, CA, GB)
- Verify country badges displayed
- ✅ Create geo-blacklist
- Select type: Geo Blacklist
- Block high-risk countries
- Apply security presets
- ✅ Enable/disable access list
- Toggle enabled state
- Verify badge shows correct status
- ✅ Edit access list
- Update name, description, rules
- Add/remove IP ranges
- Change type (whitelist ↔ blacklist)
- ✅ Delete access list
- Confirm backup creation before delete
- Verify removed from list
- Verify proxy hosts unaffected
**`tests/access-lists/access-lists-rules.spec.ts`**
Test Scenarios:
- ✅ Add single IP address
- Enter `192.168.1.100`
- Add optional description
- Verify appears in rules list
- ✅ Add CIDR range
- Enter `10.0.0.0/24`
- Verify covers 256 IPs
- Display IP count badge
- ✅ Add multiple rules
- Add 5+ IP rules
- Verify all rules displayed
- Support pagination/scrolling
- ✅ Remove individual rule
- Click delete on specific rule
- Verify removed from list
- Other rules unaffected
- ✅ RFC1918 Local Network Only
- Toggle "Local Network Only" switch
- Verify IP rules section hidden
- Description shows "RFC1918 ranges only"
- ✅ Invalid IP validation
- Enter invalid IP (e.g., `999.999.999.999`)
- Verify error message displayed
- Form not submitted
- ✅ Invalid CIDR validation
- Enter invalid CIDR (e.g., `192.168.1.0/99`)
- Verify error message displayed
- ✅ Get My IP feature
- Click "Get My IP" button
- Verify current IP populated in field
- Toast shows IP source
**`tests/access-lists/access-lists-geo.spec.ts`**
Test Scenarios:
- ✅ Select single country
- Click country in dropdown
- Country badge appears
- ✅ Select multiple countries
- Add US, CA, GB
- All badges displayed
- Deselect removes badge
- ✅ Country search/filter
- Type "united" in search
- Shows United States, United Kingdom, UAE
- Select from filtered list
- ✅ Geo-whitelist vs geo-blacklist behavior
- Whitelist: only selected countries allowed
- Blacklist: selected countries blocked
**`tests/access-lists/access-lists-presets.spec.ts`**
Test Scenarios:
- ✅ Show security presets (blacklist only)
- Presets section hidden for whitelists
- Presets section visible for blacklists
- ✅ Apply "Known Malicious Actors" preset
- Click "Apply" on preset
- IP rules populated
- Toast shows rules added count
- ✅ Apply "High-Risk Countries" preset
- Apply geo-blacklist preset
- Countries auto-selected
- Can add additional countries
- ✅ Preset warning displayed
- Shows data source and update frequency
- Warning for aggressive presets
**`tests/access-lists/access-lists-test-ip.spec.ts`**
Test Scenarios:
- ✅ Open Test IP dialog
- Click test tube icon on ACL row
- Dialog opens with IP input
- ✅ Test allowed IP
- Enter IP that should be allowed
- Click "Test"
- Success toast: "✅ IP Allowed: [reason]"
- ✅ Test blocked IP
- Enter IP that should be blocked
- Click "Test"
- Error toast: "🚫 IP Blocked: [reason]"
- ✅ Invalid IP test
- Enter invalid IP
- Error toast displayed
- ✅ Test RFC1918 detection
- Test with private IP (192.168.x.x)
- Verify local network detection
- ✅ Test IPv6 address
- Enter IPv6 address
- Verify correct allow/block decision
**`tests/access-lists/access-lists-integration.spec.ts`**
Test Scenarios:
- ✅ Assign ACL to proxy host
- Edit proxy host
- Select ACL from dropdown
- Save and verify assignment
- ✅ ACL selector shows only enabled lists
- Disabled ACLs hidden from dropdown
- Enabled ACLs visible with type badge
- ✅ Bulk update ACL on multiple hosts
- Select multiple hosts
- Click "Update ACL" bulk action
- Select ACL from modal
- Verify all hosts updated
- ✅ Remove ACL from proxy host
- Select "No Access Control (Public)"
- Verify ACL unassigned
- ✅ Delete ACL in use
- Attempt delete of assigned ACL
- Warning shows affected hosts
- Confirm or cancel
**Key UI Selectors:**
```typescript
// AccessLists.tsx page selectors
'button >> text=Create Access List' // Create button
'[role="table"]' // ACL list table
'[role="row"]' // Individual ACL rows
'button >> text=Edit' // Edit action (row)
'button >> text=Delete' // Delete action (row)
'button[title*="Test IP"]' // Test IP button (TestTube2 icon)
// AccessListForm.tsx selectors
'input#name' // Name input
'textarea#description' // Description input
'select#type' // Type dropdown (whitelist/blacklist/geo)
'[data-state="checked"]' // Enabled toggle (checked)
'button >> text=Get My IP' // Get current IP
'button >> text=Add' // Add IP rule
'input[placeholder*="192.168"]' // IP input field
// AccessListSelector.tsx selectors
'select >> text=Access Control List' // ACL selector in ProxyHostForm
'option >> text=No Access Control' // Public option
```
**API Endpoints:**
```typescript
// Access Lists CRUD
GET /api/v1/access-lists // List all
GET /api/v1/access-lists/:id // Get single
POST /api/v1/access-lists // Create
PUT /api/v1/access-lists/:id // Update
DELETE /api/v1/access-lists/:id // Delete
POST /api/v1/access-lists/:id/test // Test IP against ACL
GET /api/v1/access-lists/templates // Get presets
// Proxy Host ACL Integration
PUT /api/v1/proxy-hosts/bulk-update-acl // Bulk ACL update
```
**Critical Assertions:**
- ACL appears in list after creation
- IP rules correctly parsed and displayed
- Type badges match ACL configuration
- Test IP returns accurate allow/block decisions
- ACL assignment persists on proxy hosts
- Validation prevents invalid CIDR/IP input
- Security presets apply correctly
---
## Phase 2 Implementation Plan (Detailed)
**Timeline:** Week 4-5 (2 weeks)
**Total Tests Estimated:** 95-105 tests
**Based on Phase 1 Velocity:** 112 tests in ~1 week = ~16 tests/day
### Week 4: Proxy Hosts & Access Lists (Days 1-5)
#### Day 1-2: Proxy Hosts CRUD (30-35 tests)
**File: `tests/proxy/proxy-hosts-crud.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 1 | displays empty state when no hosts exist | `[data-testid="empty-state"]`, `text=Add Proxy Host` | `GET /proxy-hosts` | P0 |
| 2 | shows skeleton loading while fetching | `[data-testid="skeleton-table"]` | `GET /proxy-hosts` | P1 |
| 3 | lists all proxy hosts in table | `role=table`, `role=row` | `GET /proxy-hosts` | P0 |
| 4 | displays host details (domain, forward, ssl) | `role=cell` | - | P0 |
| 5 | opens create form when Add clicked | `button >> text=Add Proxy Host`, `role=dialog` | - | P0 |
| 6 | creates basic HTTP proxy host | `#proxy-name`, `#domain-names`, `#forward-host`, `#forward-port` | `POST /proxy-hosts` | P0 |
| 7 | creates HTTPS proxy host with SSL | `[name="ssl_forced"]` | `POST /proxy-hosts` | P0 |
| 8 | creates proxy with WebSocket support | `[name="allow_websocket_upgrade"]` | `POST /proxy-hosts` | P1 |
| 9 | creates proxy with HTTP/2 support | `[name="http2_support"]` | `POST /proxy-hosts` | P1 |
| 10 | shows Docker containers in dropdown | `button >> text=Docker Discovery` | `GET /docker/containers` | P1 |
| 11 | auto-fills from Docker container | Docker container option | - | P1 |
| 12 | validates empty domain name | `#domain-names:invalid` | - | P0 |
| 13 | validates invalid domain format | Error toast | - | P0 |
| 14 | validates empty forward host | `#forward-host:invalid` | - | P0 |
| 15 | validates invalid forward port | `#forward-port:invalid` | - | P0 |
| 16 | validates port out of range (0, 65536) | Error message | - | P1 |
| 17 | rejects XSS in domain name | 422 response | `POST /proxy-hosts` | P0 |
| 18 | rejects SQL injection in fields | 422 response | `POST /proxy-hosts` | P0 |
| 19 | opens edit form for existing host | `button[aria-label="Edit"]` | `GET /proxy-hosts/:uuid` | P0 |
| 20 | updates domain name | Form submission | `PUT /proxy-hosts/:uuid` | P0 |
| 21 | updates forward host and port | Form submission | `PUT /proxy-hosts/:uuid` | P0 |
| 22 | toggles host enabled/disabled | `role=switch` | `PUT /proxy-hosts/:uuid` | P0 |
| 23 | assigns SSL certificate | Certificate selector | `PUT /proxy-hosts/:uuid` | P1 |
| 24 | assigns access list | ACL selector | `PUT /proxy-hosts/:uuid` | P1 |
| 25 | shows delete confirmation dialog | `role=alertdialog` | - | P0 |
| 26 | deletes single host | Confirm button | `DELETE /proxy-hosts/:uuid` | P0 |
| 27 | cancels delete operation | Cancel button | - | P1 |
| 28 | shows success toast after CRUD | `role=alert` | - | P0 |
| 29 | shows error toast on failure | `role=alert[data-type="error"]` | - | P0 |
| 30 | navigates back to list after save | URL check | - | P1 |
**File: `tests/proxy/proxy-hosts-bulk.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 31 | selects single host via checkbox | `role=checkbox` | - | P0 |
| 32 | selects all hosts via header checkbox | Header checkbox | - | P0 |
| 33 | shows bulk actions when selected | Bulk action buttons | - | P0 |
| 34 | bulk updates ACL on multiple hosts | `button >> text=Update ACL` | `PUT /proxy-hosts/bulk-update-acl` | P0 |
| 35 | bulk deletes multiple hosts | `button >> text=Delete` | Multiple `DELETE` | P1 |
| 36 | bulk updates security headers | Security headers modal | `PUT /proxy-hosts/bulk-update-security-headers` | P1 |
| 37 | clears selection after bulk action | Checkbox states | - | P1 |
**File: `tests/proxy/proxy-hosts-search-filter.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 38 | filters hosts by domain search | Search input | - | P1 |
| 39 | filters by enabled/disabled status | Status filter | - | P1 |
| 40 | filters by SSL status | SSL filter | - | P2 |
| 41 | sorts by domain name | Column header click | - | P2 |
| 42 | sorts by creation date | Column header click | - | P2 |
| 43 | paginates large host lists | Pagination controls | `GET /proxy-hosts?page=2` | P2 |
#### Day 3: Access Lists CRUD (20-25 tests)
**File: `tests/access-lists/access-lists-crud.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 1 | displays empty state when no ACLs | `[data-testid="empty-state"]` | `GET /access-lists` | P0 |
| 2 | lists all access lists in table | `role=table` | `GET /access-lists` | P0 |
| 3 | shows ACL type badge (Allow/Deny) | `Badge[variant="success"]` | - | P0 |
| 4 | creates IP whitelist | `select#type`, `option[value="whitelist"]` | `POST /access-lists` | P0 |
| 5 | creates IP blacklist | `option[value="blacklist"]` | `POST /access-lists` | P0 |
| 6 | creates geo-whitelist | `option[value="geo_whitelist"]` | `POST /access-lists` | P0 |
| 7 | creates geo-blacklist | `option[value="geo_blacklist"]` | `POST /access-lists` | P0 |
| 8 | validates empty name | `input#name:invalid` | - | P0 |
| 9 | adds single IP rule | IP input, Add button | - | P0 |
| 10 | adds CIDR range rule | `10.0.0.0/24` input | - | P0 |
| 11 | shows IP count for CIDR | IP count badge | - | P1 |
| 12 | removes IP rule | Delete button on rule | - | P0 |
| 13 | validates invalid CIDR | Error message | - | P0 |
| 14 | enables RFC1918 local network only | Toggle switch | - | P1 |
| 15 | Get My IP populates field | `button >> text=Get My IP` | `GET /system/my-ip` | P1 |
| 16 | edits existing ACL | Edit button, form | `PUT /access-lists/:id` | P0 |
| 17 | deletes ACL with backup | Delete, confirm | `DELETE /access-lists/:id` | P0 |
| 18 | toggles ACL enabled/disabled | Enable switch | `PUT /access-lists/:id` | P0 |
| 19 | shows CGNAT warning on first load | Alert component | - | P2 |
| 20 | dismisses CGNAT warning | Dismiss button | - | P2 |
**File: `tests/access-lists/access-lists-geo.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 21 | selects country from list | Country dropdown | - | P0 |
| 22 | adds multiple countries | Country badges | - | P0 |
| 23 | removes country | Badge X button | - | P0 |
| 24 | shows all 40+ countries | Country list | - | P1 |
**File: `tests/access-lists/access-lists-test.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 25 | opens Test IP dialog | TestTube2 icon button | - | P0 |
| 26 | tests allowed IP shows success | Success toast | `POST /access-lists/:id/test` | P0 |
| 27 | tests blocked IP shows error | Error toast | `POST /access-lists/:id/test` | P0 |
| 28 | validates invalid IP input | Error message | - | P1 |
#### Day 4-5: Access Lists Integration & Presets (10-15 tests)
**File: `tests/access-lists/access-lists-presets.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 1 | shows presets section for blacklist | Presets toggle | - | P1 |
| 2 | hides presets for whitelist | - | - | P1 |
| 3 | applies security preset | Apply button | - | P1 |
| 4 | shows preset warning | Warning icon | - | P2 |
| 5 | shows data source link | External link | - | P2 |
**File: `tests/access-lists/access-lists-integration.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 6 | assigns ACL to proxy host | ACL selector | `PUT /proxy-hosts/:uuid` | P0 |
| 7 | shows only enabled ACLs in selector | Dropdown options | `GET /access-lists` | P0 |
| 8 | bulk assigns ACL to hosts | Bulk ACL modal | `PUT /proxy-hosts/bulk-update-acl` | P0 |
| 9 | removes ACL from proxy host | "No Access Control" | `PUT /proxy-hosts/:uuid` | P0 |
| 10 | warns when deleting ACL in use | Warning dialog | - | P1 |
### Week 5: SSL Certificates (Days 6-10)
#### Day 6-7: Certificate List & Upload (25-30 tests)
**File: `tests/certificates/certificates-list.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 1 | displays empty state when no certs | Empty state | `GET /certificates` | P0 |
| 2 | lists all certificates | Table rows | `GET /certificates` | P0 |
| 3 | shows certificate details | Name, domain, expiry | - | P0 |
| 4 | shows status badge (valid) | `Badge[variant="success"]` | - | P0 |
| 5 | shows status badge (expiring) | `Badge[variant="warning"]` | - | P0 |
| 6 | shows status badge (expired) | `Badge[variant="error"]` | - | P0 |
| 7 | sorts by name column | Header click | - | P1 |
| 8 | sorts by expiry date | Header click | - | P1 |
| 9 | shows associated proxy hosts | Host count/badges | - | P2 |
**File: `tests/certificates/certificates-upload.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 10 | opens upload modal | `button >> text=Add Certificate` | - | P0 |
| 11 | uploads valid cert and key | File inputs | `POST /certificates` (multipart) | P0 |
| 12 | validates PEM format | Error on invalid | - | P0 |
| 13 | rejects mismatched cert/key | Error toast | - | P0 |
| 14 | rejects expired certificate | Error toast | - | P1 |
| 15 | shows upload progress | Progress indicator | - | P2 |
| 16 | closes modal after success | Modal hidden | - | P1 |
| 17 | shows success toast | `role=alert` | - | P0 |
| 18 | deletes certificate | Delete button | `DELETE /certificates/:id` | P0 |
| 19 | shows delete confirmation | Confirm dialog | - | P0 |
| 20 | creates backup before delete | Backup API | `POST /backups` | P1 |
**File: `tests/certificates/certificates-validation.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 21 | rejects empty name | Validation error | - | P0 |
| 22 | rejects missing cert file | Required error | - | P0 |
| 23 | rejects missing key file | Required error | - | P0 |
| 24 | rejects self-signed (if configured) | Warning/Error | - | P2 |
| 25 | handles network error gracefully | Error toast | - | P1 |
#### Day 8-9: ACME Certificates (15-20 tests)
**File: `tests/certificates/certificates-acme.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 1 | shows ACME certificate info | Let's Encrypt badge | - | P0 |
| 2 | displays HTTP-01 challenge type | Challenge type indicator | - | P1 |
| 3 | displays DNS-01 challenge type | Challenge type indicator | - | P1 |
| 4 | shows certificate renewal date | Expiry countdown | - | P0 |
| 5 | shows "Renew Now" for expiring | Renew button visible | - | P1 |
| 6 | hides "Renew Now" for valid | Renew button hidden | - | P1 |
| 7 | displays wildcard indicator | Wildcard badge | - | P1 |
| 8 | shows SAN (multiple domains) | Domain list | - | P2 |
**Note:** Full ACME flow testing requires mocked ACME server (staging.letsencrypt.org) - these tests verify UI behavior with pre-existing ACME certificates.
**File: `tests/certificates/certificates-status.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 9 | dashboard shows certificate stats | CertificateStatusCard | - | P1 |
| 10 | shows valid certificate count | Valid count badge | - | P1 |
| 11 | shows expiring certificate count | Warning count | - | P1 |
| 12 | shows pending certificate count | Pending count | - | P2 |
| 13 | links to certificates page | Card link | - | P2 |
| 14 | progress bar shows coverage | Progress component | - | P2 |
#### Day 10: Certificate Integration & Cleanup (10-15 tests)
**File: `tests/certificates/certificates-integration.spec.ts`**
| # | Test Name | UI Selectors | API Endpoint | Priority |
|---|-----------|-------------|--------------|----------|
| 1 | assigns certificate to proxy host | Certificate selector | `PUT /proxy-hosts/:uuid` | P0 |
| 2 | shows only valid certs in selector | Dropdown filtered | `GET /certificates` | P0 |
| 3 | certificate cleanup dialog on host delete | CertificateCleanupDialog | - | P0 |
| 4 | deletes orphan certs option | Checkbox in dialog | - | P1 |
| 5 | keeps certs option | Default unchecked | - | P1 |
| 6 | shows affected hosts on cert delete | Host list | - | P1 |
| 7 | warns about hosts using certificate | Warning message | - | P1 |
---
### Fixtures Reference
**Proxy Hosts:** `tests/fixtures/proxy-hosts.ts`
- `basicProxyHost` - HTTP proxy to internal service
- `proxyHostWithSSL` - HTTPS with forced SSL
- `proxyHostWithWebSocket` - WebSocket enabled
- `proxyHostFullSecurity` - All security features
- `wildcardProxyHost` - Wildcard domain
- `dockerProxyHost` - From Docker discovery
- `invalidProxyHosts` - Validation test cases (XSS, SQL injection)
**Access Lists:** `tests/fixtures/access-lists.ts`
- `emptyAccessList` - No rules
- `allowOnlyAccessList` - IP whitelist
- `denyOnlyAccessList` - IP blacklist
- `mixedRulesAccessList` - Multiple IP ranges
- `authEnabledAccessList` - With HTTP basic auth
- `ipv6AccessList` - IPv6 ranges
- `invalidACLConfigs` - Validation test cases
**Certificates:** `tests/fixtures/certificates.ts`
- `letsEncryptCertificate` - HTTP-01 ACME
- `multiDomainLetsEncrypt` - SAN certificate
- `wildcardCertificate` - DNS-01 wildcard
- `customCertificateMock` - Uploaded PEM
- `expiredCertificate` - For error testing
- `expiringCertificate` - 25 days to expiry
- `invalidCertificates` - Validation test cases
---
### Acceptance Criteria for Phase 2
**Proxy Hosts (40 tests minimum):**
- [ ] All CRUD operations covered
- [ ] Bulk operations functional
- [ ] Docker discovery integration works
- [ ] Validation prevents all invalid input
- [ ] XSS/SQL injection rejected
**SSL Certificates (30 tests minimum):**
- [ ] List/upload/delete operations covered
- [ ] PEM validation enforced
- [ ] Certificate status displayed correctly
- [ ] Dashboard stats accurate
- [ ] Cleanup dialog handles orphan certs
**Access Lists (25 tests minimum):**
- [ ] All 4 ACL types covered (IP/Geo × Allow/Block)
- [ ] IP/CIDR rule management works
- [ ] Country selection works
- [ ] Test IP feature functional
- [ ] Integration with proxy hosts works
**Overall:**
- [ ] 95+ tests passing
- [ ] <5% flaky test rate
- [ ] All P0 tests complete
- [ ] 90%+ P1 tests complete
- [ ] No hardcoded waits
- [ ] All tests use TestDataManager for cleanup
---
### Phase 3: Security Features (Week 6-7)
**Goal:** Cover all Cerberus security features
@@ -2302,9 +2801,9 @@ Test Scenarios:
| Feature | Priority | Target Coverage | Test Files | Status |
|---------|----------|----------------|------------|--------|
| Authentication | Critical | 100% | 1 | ✅ Covered |
| Dashboard | Core | 100% | 1 | ❌ Not started |
| Navigation | Core | 100% | 1 | ❌ Not started |
| Authentication | Critical | 100% | 1 | ✅ Covered (94% - 3 session tests deferred) |
| Dashboard | Core | 100% | 1 | ✅ Covered |
| Navigation | Core | 100% | 1 | ✅ Covered |
| Proxy Hosts | Critical | 100% | 3 | ❌ Not started |
| Certificates | Critical | 100% | 3 | ❌ Not started |
| Access Lists | Critical | 100% | 2 | ❌ Not started |
@@ -2324,16 +2823,18 @@ Test Scenarios:
## Next Steps
1. **Review and Approve Plan:** Stakeholder sign-off
2. **Set Up Test Infrastructure:** Fixtures, utilities, CI configuration
3. **Begin Phase 1 Implementation:** Foundation tests
4. **Daily Standup Check-ins:** Progress tracking, blocker resolution
5. **Weekly Demo:** Show completed test coverage
6. **Iterate Based on Feedback:** Adjust plan as needed
1. ~~**Review and Approve Plan:** Stakeholder sign-off~~
2. ~~**Set Up Test Infrastructure:** Fixtures, utilities, CI configuration~~
3. ~~**Begin Phase 1 Implementation:** Foundation tests~~
4. **Begin Phase 2 Implementation:** Critical Path (Proxy Hosts, Certificates, ACLs)
5. **Fix Session Expiration Tests:** See [docs/issues/e2e-session-expiration-tests.md](../issues/e2e-session-expiration-tests.md)
6. **Daily Standup Check-ins:** Progress tracking, blocker resolution
7. **Weekly Demo:** Show completed test coverage
---
**Document Status:** Planning
**Last Updated:** January 16, 2026
**Next Review:** Upon Phase 1 completion (estimated Jan 24, 2026)
**Document Status:** In Progress - Phase 1 Complete
**Last Updated:** January 17, 2026
**Phase 1 Completed:** January 17, 2026 (112/119 tests passing - 94%)
**Next Review:** Upon Phase 2 completion (estimated Jan 31, 2026)
**Owner:** Planning Agent / QA Team