- Updated UsersPage tests to check for specific URL formats instead of regex patterns.
- Increased timeout for Go coverage report generation to handle larger repositories.
- Cleaned up generated artifacts before running CodeQL analysis to reduce false positives.
- Removed outdated QA testing report for authentication fixes on the certificates page.
- Added final report confirming successful resolution of authentication issues with certificate endpoints.
- Deleted previous test output files to maintain a clean test results directory.
- Add 16 comprehensive tests for user_handler.go covering PreviewInviteURL,
getAppName, email normalization, permission/role defaults, and edge cases
- Add 14 unit tests for url.go functions (GetBaseURL, ConstructURL, NormalizeURL)
- Refactor URL connectivity tests to use mock HTTP transport pattern
- Fix 21 test failures caused by SSRF protection blocking localhost
- Maintain full SSRF security - no production code security changes
- Coverage increased from 66.67% to 86.1% (exceeds 85% target)
- All security scans pass with zero Critical/High vulnerabilities
- 38 SSRF protection tests verified passing
Technical details:
- Added optional http.RoundTripper parameter to TestURLConnectivity()
- Created mockTransport for test isolation without network calls
- Changed settings handler test to use public URL for validation
- Verified no regressions in existing test suite
Closes: Coverage gap identified in Codecov report
See: docs/plans/user_handler_coverage_fix.md
See: docs/plans/qa_remediation.md
See: docs/reports/qa_report_final.md
GitHub Actions