fix(frontend): confirm modal, settings display, race guard, and test coverage
- S1: Replace window.confirm() with AppConfirmModal for delete actions - S4: Add formatHours helper to avoid ugly decimals in settings hints - W5: Add generation counter to SettingsAdminPanel to prevent stale async results when section changes rapidly - S7: Remove unused ApiRequestError import from useScholarBulkActions - S2: Add error-path tests for bulk delete/toggle network failures - S3: Add CSRF boundary tests for bulk-delete and bulk-toggle endpoints
This commit is contained in:
parent
f8e3098fc3
commit
f501ea4f94
8 changed files with 181 additions and 33 deletions
|
|
@ -138,3 +138,33 @@ async def test_export_with_ids_filter(db_session: AsyncSession) -> None:
|
|||
resp_all = client.get("/api/v1/scholars/export")
|
||||
assert resp_all.status_code == 200
|
||||
assert len(resp_all.json()["data"]["scholars"]) == 2
|
||||
|
||||
|
||||
@pytest.mark.integration
|
||||
@pytest.mark.db
|
||||
@pytest.mark.asyncio
|
||||
async def test_bulk_delete_rejects_without_csrf(db_session: AsyncSession) -> None:
|
||||
await insert_user(db_session, email="csrf-bulk-del@example.com", password="pw123456")
|
||||
client = TestClient(app)
|
||||
login_user(client, email="csrf-bulk-del@example.com", password="pw123456")
|
||||
response = client.post(
|
||||
"/api/v1/scholars/bulk-delete",
|
||||
json={"scholar_profile_ids": [1]},
|
||||
)
|
||||
assert response.status_code == 403
|
||||
assert response.json()["error"]["code"] == "csrf_invalid"
|
||||
|
||||
|
||||
@pytest.mark.integration
|
||||
@pytest.mark.db
|
||||
@pytest.mark.asyncio
|
||||
async def test_bulk_toggle_rejects_without_csrf(db_session: AsyncSession) -> None:
|
||||
await insert_user(db_session, email="csrf-bulk-tog@example.com", password="pw123456")
|
||||
client = TestClient(app)
|
||||
login_user(client, email="csrf-bulk-tog@example.com", password="pw123456")
|
||||
response = client.post(
|
||||
"/api/v1/scholars/bulk-toggle",
|
||||
json={"scholar_profile_ids": [1], "is_enabled": False},
|
||||
)
|
||||
assert response.status_code == 403
|
||||
assert response.json()["error"]["code"] == "csrf_invalid"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue