[WPB-8628] Clean up syntax of test cases that occur in BSI audit. (#4041

)


Co-authored-by: Leif Battermann <[email protected]>

changelog.d/5-internal/wpb8628-clean-up-syntax-of-tests-from-bsi-audit

@@ -0,0 +1 @@
+Clean up syntax of test cases that occur in BSI audit.

integration/test/Test/AccessUpdate.hs

@@ -38,7 +38,6 @@ testBaz :: HasCallStack => App ()
 testBaz = pure ()
 -}
 
--- | @SF.Federation @SF.Separation @TSFI.RESTfulAPI @S2
 --
 -- The test asserts that, among others, remote users are removed from a
 -- conversation when an access update occurs that disallows guests from
@@ -74,8 +73,6 @@ testAccessUpdateGuestRemoved = do
     res.status `shouldMatchInt` 200
     res.json %. "members.others.0.qualified_id" `shouldMatch` objQidObject bob
 
--- @END
-
 testAccessUpdateGuestRemovedUnreachableRemotes :: HasCallStack => App ()
 testAccessUpdateGuestRemovedUnreachableRemotes = do
   resourcePool <- asks resourcePool

integration/test/Test/Login.hs

@@ -23,7 +23,6 @@ testLoginVerify6DigitEmailCodeSuccess = do
   bindResponse (loginWith2ndFactor owner email defPassword code) $ \resp -> do
     resp.status `shouldMatchInt` 200
 
--- @SF.Channel @TSFI.RESTfulAPI @S2
 --
 -- Test that login fails with wrong second factor email verification code
 testLoginVerify6DigitWrongCodeFails :: HasCallStack => App ()
@@ -39,9 +38,6 @@ testLoginVerify6DigitWrongCodeFails = do
     resp.status `shouldMatchInt` 403
     resp.json %. "label" `shouldMatch` "code-authentication-failed"
 
--- @END
-
--- @SF.Channel @TSFI.RESTfulAPI @S2
 --
 -- Test that login without verification code fails if SndFactorPasswordChallenge feature is enabled in team
 testLoginVerify6DigitMissingCodeFails :: HasCallStack => App ()
@@ -54,9 +50,6 @@ testLoginVerify6DigitMissingCodeFails = do
     resp.status `shouldMatchInt` 403
     resp.json %. "label" `shouldMatch` "code-authentication-required"
 
--- @END
-
--- @SF.Channel @TSFI.RESTfulAPI @S2
 --
 -- Test that login fails with expired second factor email verification code
 testLoginVerify6DigitExpiredCodeFails :: HasCallStack => App ()
@@ -80,8 +73,6 @@ testLoginVerify6DigitExpiredCodeFails = do
         resp.status `shouldMatchInt` 403
         resp.json %. "label" `shouldMatch` "code-authentication-failed"
 
--- @END
-
 testLoginVerify6DigitResendCodeSuccessAndRateLimiting :: HasCallStack => App ()
 testLoginVerify6DigitResendCodeSuccessAndRateLimiting = do
   (owner, team, []) <- createTeam OwnDomain 0

libs/zauth/test/ZAuth.hs

@@ -56,7 +56,7 @@ tests = do
           ],
         testGroup
           "Signing and Verifying"
-          [ testCase "expired" (runCreate z 1 $ testExpired v),
+          [ testCase "testExpired - expired" (runCreate z 1 $ testExpired v),
             testCase "not expired" (runCreate z 2 $ testNotExpired v),
             testCase "signed access-token is valid" (runCreate z 3 $ testSignAndVerify v)
           ],
@@ -94,7 +94,6 @@ testNotExpired p = do
   liftIO $ assertBool "testNotExpired: validation failed" (isRight x)
 
 -- The testExpired test conforms to the following testing standards:
--- @SF.Channel @TSFI.RESTfulAPI @TSFI.NTP @S2 @S3
 --
 -- Using an expired access token should fail
 testExpired :: V.Env -> Create ()
@@ -105,8 +104,6 @@ testExpired p = do
   x <- liftIO $ runValidate p $ check t
   liftIO $ Left Expired @=? x
 
--- @END
-
 testSignAndVerify :: V.Env -> Create ()
 testSignAndVerify p = do
   u <- liftIO nextRandom

services/brig/test/integration/API/User/Account.hs

@@ -102,17 +102,17 @@ tests _ at opts p b c ch g aws userJournalWatcher =
   testGroup
     "account"
     [ test p "post /register - 201 (with preverified)" $ testCreateUserWithPreverified opts b userJournalWatcher,
-      test p "post /register - 400 (with preverified)" $ testCreateUserWithInvalidVerificationCode b,
+      test p "testCreateUserWithInvalidVerificationCode - post /register - 400 (with preverified)" $ testCreateUserWithInvalidVerificationCode b,
       test p "post /register - 201" $ testCreateUser b g,
       test p "post /register - 201 + no email" $ testCreateUserNoEmailNoPassword b,
       test p "post /register - 201 anonymous" $ testCreateUserAnon b g,
-      test p "post /register - 400 empty name" $ testCreateUserEmptyName b,
-      test p "post /register - 400 name too long" $ testCreateUserLongName b,
+      test p "testCreateUserEmptyName - post /register - 400 empty name" $ testCreateUserEmptyName b,
+      test p "testCreateUserLongName - post /register - 400 name too long" $ testCreateUserLongName b,
       test p "post /register - 201 anonymous expiry" $ testCreateUserAnonExpiry b,
       test p "post /register - 201 pending" $ testCreateUserPending opts b,
       test p "post /register - 201 existing activation" $ testCreateAccountPendingActivationKey opts b,
-      test p "post /register - 409 conflict" $ testCreateUserConflict opts b,
-      test p "post /register - 400 invalid input" $ testCreateUserInvalidEmailOrPhone opts b,
+      test p "testCreateUserConflict - post /register - 409 conflict" $ testCreateUserConflict opts b,
+      test p "testCreateUserInvalidEmailOrPhone - post /register - 400 invalid input" $ testCreateUserInvalidEmailOrPhone opts b,
       test p "post /register - 403 blacklist" $ testCreateUserBlacklist opts b aws,
       test p "post /register - 400 external-SSO" $ testCreateUserExternalSSO b,
       test p "post /register - 403 restricted user creation" $ testRestrictedUserCreation opts b,
@@ -172,7 +172,6 @@ tests _ at opts p b c ch g aws userJournalWatcher =
     ]
 
 -- The testCreateUserWithInvalidVerificationCode test conforms to the following testing standards:
--- @SF.Provisioning @TSFI.RESTfulAPI @S2
 --
 -- Registering with an invalid verification code and valid account details should fail.
 testCreateUserWithInvalidVerificationCode :: Brig -> Http ()
@@ -197,8 +196,6 @@ testCreateUserWithInvalidVerificationCode brig = do
           ]
   postUserRegister' regEmail brig !!! const 404 === statusCode
 
--- @END
-
 testUpdateUserEmailByTeamOwner :: Opt.Opts -> Brig -> Http ()
 testUpdateUserEmailByTeamOwner opts brig = do
   (_, teamOwner, emailOwner : otherTeamMember : _) <- createPopulatedBindingTeamWithNamesAndHandles brig 2
@@ -336,7 +333,6 @@ assertOnlySelfConversations galley uid = do
     liftIO $ cnvType conv @?= SelfConv
 
 -- The testCreateUserEmptyName test conforms to the following testing standards:
--- @SF.Provisioning @TSFI.RESTfulAPI @S2
 --
 -- An empty name is not allowed on registration
 testCreateUserEmptyName :: Brig -> Http ()
@@ -348,10 +344,7 @@ testCreateUserEmptyName brig = do
   post (brig . path "/register" . contentJson . body p)
     !!! const 400 === statusCode
 
--- @END
-
 -- The testCreateUserLongName test conforms to the following testing standards:
--- @SF.Provisioning @TSFI.RESTfulAPI @S2
 --
 -- a name with > 128 characters is not allowed.
 testCreateUserLongName :: Brig -> Http ()
@@ -364,8 +357,6 @@ testCreateUserLongName brig = do
   post (brig . path "/register" . contentJson . body p)
     !!! const 400 === statusCode
 
--- @END
-
 testCreateUserAnon :: Brig -> Galley -> Http ()
 testCreateUserAnon brig galley = do
   let p =
@@ -443,7 +434,6 @@ testCreateUserNoEmailNoPassword brig = do
     !!! (const 202 === statusCode)
 
 -- The testCreateUserConflict test conforms to the following testing standards:
--- @SF.Provisioning @TSFI.RESTfulAPI @S2
 --
 -- email address must not be taken on @/register@.
 testCreateUserConflict :: Opt.Opts -> Brig -> Http ()
@@ -475,10 +465,7 @@ testCreateUserConflict _ brig = do
     const 409 === statusCode
     const (Just "key-exists") === fmap Error.label . responseJsonMaybe
 
--- @END
-
 -- The testCreateUserInvalidEmailOrPhone test conforms to the following testing standards:
--- @SF.Provisioning @TSFI.RESTfulAPI @S2
 --
 -- Test to make sure a new user cannot be created with an invalid email address or invalid phone number.
 testCreateUserInvalidEmailOrPhone :: Opt.Opts -> Brig -> Http ()
@@ -508,8 +495,6 @@ testCreateUserInvalidEmailOrPhone _ brig = do
   post (brig . path "/register" . contentJson . body reqPhone)
     !!! const 400 === statusCode
 
--- @END
-
 testCreateUserBlacklist :: Opt.Opts -> Brig -> AWS.Env -> Http ()
 testCreateUserBlacklist (Opt.setRestrictUserCreation . Opt.optSettings -> Just True) _ _ = pure ()
 testCreateUserBlacklist _ brig aws =
@@ -893,7 +878,7 @@ testCreateUserAnonExpiry b = do
           let diff = diffUTCTime a now
               minExp = 1 :: Integer -- 1 second
               maxExp = 60 * 60 * 24 * 10 :: Integer -- 10 days
-          liftIO $ assertBool "expiry must in be the future" (diff >= fromIntegral minExp)
+          liftIO $ assertBool "expiry must be in the future" (diff >= fromIntegral minExp)
           liftIO $ assertBool "expiry must be less than 10 days" (diff < fromIntegral maxExp)
     expire :: ResponseLBS -> Maybe UTCTime
     expire r = field "expires_at" =<< responseJsonMaybe r

services/brig/test/integration/API/User/Auth.hs

@@ -100,9 +100,9 @@ tests conf m z db b g n =
           test m "handle" (testHandleLogin b),
           test m "email-untrusted-domain" (testLoginUntrustedDomain b),
           test m "send-phone-code" (testSendLoginCode b),
-          test m "failure" (testLoginFailure b),
+          test m "testLoginFailure - failure" (testLoginFailure b),
           test m "throttle" (testThrottleLogins conf b),
-          test m "limit-retry" (testLimitRetries conf b),
+          test m "testLimitRetries - limit-retry" (testLimitRetries conf b),
           test m "login with 6 character password" (testLoginWith6CharPassword b db),
           testGroup
             "sso-login"
@@ -129,8 +129,8 @@ tests conf m z db b g n =
         ],
       testGroup
         "refresh /access"
-        [ test m "invalid-cookie" (testInvalidCookie @ZAuth.User z b),
-          test m "invalid-cookie legalhold" (testInvalidCookie @ZAuth.LegalHoldUser z b),
+        [ test m "testInvalidCookie - invalid-cookie" (testInvalidCookie @ZAuth.User z b),
+          test m "testInvalidCookie - invalid-cookie legalhold" (testInvalidCookie @ZAuth.LegalHoldUser z b),
           test m "invalid-token" (testInvalidToken z b),
           test m "missing-cookie" (testMissingCookie @ZAuth.User @ZAuth.Access z b),
           test m "missing-cookie legalhold" (testMissingCookie @ZAuth.LegalHoldUser @ZAuth.LegalHoldAccess z b),
@@ -161,7 +161,7 @@ tests conf m z db b g n =
         [ test m "list" (testListCookies b),
           test m "remove-by-label" (testRemoveCookiesByLabel b),
           test m "remove-by-label-id" (testRemoveCookiesByLabelAndId b),
-          test m "limit" (testTooManyCookies conf b),
+          test m "testTooManyCookies - limit" (testTooManyCookies conf b),
           test m "logout" (testLogout b)
         ],
       testGroup
@@ -423,7 +423,6 @@ testSendLoginCode brig = do
   liftIO $ assertEqual "timeout" (Just (Code.Timeout 600)) _timeout
 
 -- The testLoginFailure test conforms to the following testing standards:
--- @SF.Provisioning @TSFI.RESTfulAPI @S2
 --
 -- Test that trying to log in with a wrong password or non-existent email fails.
 testLoginFailure :: Brig -> Http ()
@@ -446,8 +445,6 @@ testLoginFailure brig = do
     PersistentCookie
     !!! const 403 === statusCode
 
--- @END
-
 testThrottleLogins :: Opts.Opts -> Brig -> Http ()
 testThrottleLogins conf b = do
   -- Get the maximum amount of times we are allowed to login before
@@ -473,7 +470,6 @@ testThrottleLogins conf b = do
   login b (defEmailLogin e) SessionCookie !!! const 200 === statusCode
 
 -- The testLimitRetries test conforms to the following testing standards:
--- @SF.Channel @TSFI.RESTfulAPI @TSFI.NTP @S2
 --
 -- The following test tests the login retries. It checks that a user can make
 -- only a prespecified number of attempts to log in with an invalid password,
@@ -528,8 +524,6 @@ testLimitRetries conf brig = do
   liftIO $ threadDelay (1000000 * 2)
   login brig (defEmailLogin email) SessionCookie !!! const 200 === statusCode
 
--- @END
-
 -------------------------------------------------------------------------------
 -- LegalHold Login
 
@@ -656,7 +650,6 @@ testNoUserSsoLogin brig = do
 -- Token Refresh
 
 -- The testInvalidCookie test conforms to the following testing standards:
--- @SF.Provisioning @TSFI.RESTfulAPI @TSFI.NTP @S2
 --
 -- Test that invalid and expired tokens do not work.
 testInvalidCookie :: forall u. ZAuth.UserTokenLike u => ZAuth.Env -> Brig -> Http ()
@@ -674,8 +667,6 @@ testInvalidCookie z b = do
     const 403 === statusCode
     const (Just "expired") =~= responseBody
 
--- @END
-
 testInvalidToken :: ZAuth.Env -> Brig -> Http ()
 testInvalidToken z b = do
   user <- Public.userId <$> randomUser b
@@ -1188,7 +1179,6 @@ testRemoveCookiesByLabelAndId b = do
   listCookies b (userId u) >>= liftIO . ([lbl] @=?) . map cookieLabel
 
 -- The testTooManyCookies test conforms to the following testing standards:
--- @SF.Provisioning @TSFI.RESTfulAPI @S2
 --
 -- The test asserts that there is an upper limit for the number of user cookies
 -- per cookie type. It does that by concurrently attempting to create more
@@ -1238,8 +1228,6 @@ testTooManyCookies config b = do
             )
         xxx -> error ("Unexpected status code when logging in: " ++ show xxx)
 
--- @END
-
 testLogout :: Brig -> Http ()
 testLogout b = do
   Just email <- userEmail <$> randomUser b