Merge branch 'main' into fix/680-manual-card-empty-provenance

Author: Chris0Jeky

backend/tests/Taskdeck.Api.Tests/AuthControllerEdgeCaseTests.cs

@@ -275,7 +275,7 @@ public async Task TokenValidationMiddleware_ShouldPassThrough_WhenClaimsHaveNoUs
     public async Task Login_ShouldReturn401_WhenBodyIsNull()
     {
         var authService = CreateMockAuthService();
-        var controller = new AuthController(authService.Object, CreateGitHubSettings(false), CreateAnonymousUserContext());
+        var controller = new AuthController(authService.Object, CreateGitHubSettings(false), CreateMockUserContext().Object);
 
         var result = await controller.Login(null);
 
@@ -288,7 +288,7 @@ public async Task Login_ShouldReturn401_WhenBodyIsNull()
     public async Task Login_ShouldReturn401_WhenFieldsEmpty()
     {
         var authService = CreateMockAuthService();
-        var controller = new AuthController(authService.Object, CreateGitHubSettings(false), CreateAnonymousUserContext());
+        var controller = new AuthController(authService.Object, CreateGitHubSettings(false), CreateMockUserContext().Object);
 
         var result = await controller.Login(new LoginDto("", ""));
 
@@ -305,16 +305,7 @@ private static AuthController CreateAuthController(bool gitHubConfigured = false
     {
         var authServiceMock = CreateMockAuthService();
         var gitHubSettings = CreateGitHubSettings(gitHubConfigured);
-        return new AuthController(authServiceMock.Object, gitHubSettings, CreateAnonymousUserContext());
-    }
-
-    private static IUserContext CreateAnonymousUserContext()
-    {
-        var mock = new Mock<IUserContext>();
-        mock.Setup(c => c.IsAuthenticated).Returns(false);
-        mock.Setup(c => c.UserId).Returns((string?)null);
-        mock.Setup(c => c.Role).Returns((string?)null);
-        return mock.Object;
+        return new AuthController(authServiceMock.Object, gitHubSettings, CreateMockUserContext().Object);
     }
 
     private static Mock<AuthenticationService> CreateMockAuthService()
@@ -328,6 +319,14 @@ private static Mock<AuthenticationService> CreateMockAuthService()
         return new Mock<AuthenticationService>(unitOfWorkMock.Object, DefaultJwtSettings) { CallBase = true };
     }
 
+    private static Mock<IUserContext> CreateMockUserContext()
+    {
+        var mock = new Mock<IUserContext>();
+        mock.Setup(u => u.UserId).Returns(Guid.NewGuid().ToString());
+        mock.Setup(u => u.IsAuthenticated).Returns(true);
+        return mock;
+    }
+
     private static GitHubOAuthSettings CreateGitHubSettings(bool configured)
     {
         return configured

backend/tests/Taskdeck.Api.Tests/BoardsHubIntegrationTests.cs

@@ -0,0 +1,140 @@
+using System.Net;
+using System.Net.Http.Json;
+using FluentAssertions;
+using Taskdeck.Api.Tests.Support;
+using Taskdeck.Application.DTOs;
+using Taskdeck.Domain.Exceptions;
+using Xunit;
+
+namespace Taskdeck.Api.Tests.ErrorContract;
+
+/// <summary>
+/// Verifies GP-03 error contract compliance for board endpoints.
+/// Every 4xx response must return a structured ApiErrorResponse with
+/// non-empty errorCode and message.
+/// </summary>
+public class BoardErrorContractTests : IClassFixture<TestWebApplicationFactory>
+{
+    private readonly TestWebApplicationFactory _factory;
+
+    public BoardErrorContractTests(TestWebApplicationFactory factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task CreateBoard_EmptyName_Returns400WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "board-err-empty");
+
+        var response = await client.PostAsJsonAsync(
+            "/api/boards",
+            new CreateBoardDto(string.Empty, "desc"));
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.BadRequest, ErrorCodes.ValidationError);
+    }
+
+    [Fact]
+    public async Task CreateBoard_WhitespaceName_Returns400WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "board-err-ws");
+
+        var response = await client.PostAsJsonAsync(
+            "/api/boards",
+            new CreateBoardDto("   ", "desc"));
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.BadRequest, ErrorCodes.ValidationError);
+    }
+
+    [Fact]
+    public async Task CreateBoard_NameExceeding100Chars_Returns400WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "board-err-long");
+
+        var longName = new string('A', 101);
+        var response = await client.PostAsJsonAsync(
+            "/api/boards",
+            new CreateBoardDto(longName, "desc"));
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.BadRequest, ErrorCodes.ValidationError);
+    }
+
+    [Fact]
+    public async Task CreateBoard_NameExactly100Chars_ReturnsCreated()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "board-err-exact");
+
+        var exactName = new string('B', 100);
+        var response = await client.PostAsJsonAsync(
+            "/api/boards",
+            new CreateBoardDto(exactName, "desc"));
+
+        response.StatusCode.Should().Be(HttpStatusCode.Created);
+    }
+
+    [Fact]
+    public async Task GetBoard_NonExistentId_Returns404WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "board-err-404");
+
+        var response = await client.GetAsync($"/api/boards/{Guid.NewGuid()}");
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.NotFound, ErrorCodes.NotFound);
+    }
+
+    [Fact]
+    public async Task UpdateBoard_NonExistentId_Returns404WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "board-err-upd404");
+
+        var response = await client.PutAsJsonAsync(
+            $"/api/boards/{Guid.NewGuid()}",
+            new UpdateBoardDto("new-name", null, null));
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.NotFound, ErrorCodes.NotFound);
+    }
+
+    [Fact]
+    public async Task DeleteBoard_NonExistentId_Returns404WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "board-err-del404");
+
+        var response = await client.DeleteAsync($"/api/boards/{Guid.NewGuid()}");
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.NotFound, ErrorCodes.NotFound);
+    }
+
+    [Fact]
+    public async Task CreateBoard_SpecialCharactersInName_Succeeds()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "board-err-special");
+
+        var response = await client.PostAsJsonAsync(
+            "/api/boards",
+            new CreateBoardDto("Board <script>alert('xss')</script>", "desc"));
+
+        response.StatusCode.Should().Be(HttpStatusCode.Created);
+    }
+
+    [Fact]
+    public async Task UpdateBoard_EmptyName_Returns400WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "board-err-updempty");
+        var board = await ApiTestHarness.CreateBoardAsync(client, stem: "update-empty");
+
+        var response = await client.PutAsJsonAsync(
+            $"/api/boards/{board.Id}",
+            new UpdateBoardDto(string.Empty, null, null));
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.BadRequest, ErrorCodes.ValidationError);
+    }
+}

backend/tests/Taskdeck.Api.Tests/ErrorContract/BoardErrorContractTests.cs

@@ -0,0 +1,124 @@
+using System.Net;
+using System.Net.Http.Json;
+using FluentAssertions;
+using Taskdeck.Api.Tests.Support;
+using Taskdeck.Application.DTOs;
+using Taskdeck.Domain.Exceptions;
+using Xunit;
+
+namespace Taskdeck.Api.Tests.ErrorContract;
+
+/// <summary>
+/// Verifies GP-03 error contract compliance for capture endpoints.
+/// Every 4xx response must return a structured ApiErrorResponse with
+/// non-empty errorCode and message.
+/// </summary>
+public class CaptureErrorContractTests : IClassFixture<TestWebApplicationFactory>
+{
+    private readonly TestWebApplicationFactory _factory;
+
+    public CaptureErrorContractTests(TestWebApplicationFactory factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task CreateCapture_EmptyText_Returns400WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "cap-err-empty");
+
+        var response = await client.PostAsJsonAsync(
+            "/api/capture/items",
+            new CreateCaptureItemDto(null, string.Empty));
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.BadRequest, ErrorCodes.ValidationError);
+    }
+
+    [Fact]
+    public async Task CreateCapture_WhitespaceText_Returns400WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "cap-err-ws");
+
+        var response = await client.PostAsJsonAsync(
+            "/api/capture/items",
+            new CreateCaptureItemDto(null, "   "));
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.BadRequest, ErrorCodes.ValidationError);
+    }
+
+    [Fact]
+    public async Task CreateCapture_NoBoardContext_Succeeds()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "cap-err-noboard");
+
+        var response = await client.PostAsJsonAsync(
+            "/api/capture/items",
+            new CreateCaptureItemDto(null, "A capture without board context"));
+
+        response.StatusCode.Should().Be(HttpStatusCode.Created);
+    }
+
+    [Fact]
+    public async Task GetCapture_NonExistentId_Returns404WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "cap-err-404");
+
+        var response = await client.GetAsync($"/api/capture/items/{Guid.NewGuid()}");
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.NotFound, ErrorCodes.NotFound);
+    }
+
+    [Fact]
+    public async Task IgnoreCapture_NonExistentId_Returns404WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "cap-err-ign404");
+
+        var response = await client.PostAsync(
+            $"/api/capture/items/{Guid.NewGuid()}/ignore",
+            content: null);
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.NotFound, ErrorCodes.NotFound);
+    }
+
+    [Fact]
+    public async Task CancelCapture_NonExistentId_Returns404WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "cap-err-cancel404");
+
+        var response = await client.PostAsync(
+            $"/api/capture/items/{Guid.NewGuid()}/cancel",
+            content: null);
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.NotFound, ErrorCodes.NotFound);
+    }
+
+    [Fact]
+    public async Task ListCaptures_InvalidStatus_Returns400WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "cap-err-status");
+
+        var response = await client.GetAsync("/api/capture/items?status=InvalidStatusValue");
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.BadRequest, ErrorCodes.ValidationError);
+    }
+
+    [Fact]
+    public async Task TriageCapture_NonExistentId_Returns404WithErrorContract()
+    {
+        using var client = _factory.CreateClient();
+        await ApiTestHarness.AuthenticateAsync(client, "cap-err-triage404");
+
+        var response = await client.PostAsync(
+            $"/api/capture/items/{Guid.NewGuid()}/triage",
+            content: null);
+
+        await ApiTestHarness.AssertErrorContractAsync(response, HttpStatusCode.NotFound, ErrorCodes.NotFound);
+    }
+}