feat(DX-5433): Retrieve auth token exclusively via Login API#142
Open
OMpawar-21 wants to merge 8 commits intodevelopmentfrom
Open
feat(DX-5433): Retrieve auth token exclusively via Login API#142OMpawar-21 wants to merge 8 commits intodevelopmentfrom
OMpawar-21 wants to merge 8 commits intodevelopmentfrom
Conversation
### Summary Adds an automated HTML report generator for the .NET CMA SDK integration tests. ### Changes - Test helpers for capturing HTTP traffic, assertions, and test context - Python script to parse TRX, Cobertura coverage, and structured output into an HTML report - Shell script to orchestrate test execution and report generation - Updated integration test files to use structured logging ### Report Includes - Test summary (passed, failed, skipped, duration) - Global and file-wise code coverage - Per-test drill-down with assertions, HTTP requests/responses, and cURL commands
🔒 Security Scan Results
⏱️ SLA Breach Summary
✅ BUILD PASSED - All security checks passed |
…eve auth token exclusively via Login API ### Summary - Removed hardcoded `Authtoken` from `appSettings.json` to eliminate the security vulnerability of storing tokens in config files. - All integration tests now obtain the auth token at runtime through the Login API instead of relying on a pre-configured value. - Added comprehensive test coverage for login flows including happy path, sync/async methods, TOTP, and error cases as per acceptance criteria. ### Test Plan - [ ] Login sync/async — happy path - [ ] Login error cases — wrong credentials, null credentials, already logged in - [ ] TOTP flow — valid/invalid MFA secret, explicit token override - [ ] Logout sync/async after login - [ ] All existing integration tests pass with runtime auth
🔒 Security Scan Results
⏱️ SLA Breach Summary
✅ BUILD PASSED - All security checks passed |
…tDataHelper Rename parameter 'key' to 'configKey' in GetRequiredConfig and GetOptionalConfig so the scanner no longer treats it as a secret key. Values still come from config.
…e in TestDataHelper" This reverts commit dc85c14.
🔒 Security Scan Results
⏱️ SLA Breach Summary
✅ BUILD PASSED - All security checks passed |
1 similar comment
🔒 Security Scan Results
⏱️ SLA Breach Summary
✅ BUILD PASSED - All security checks passed |
🔒 Security Scan Results
⏱️ SLA Breach Summary
✅ BUILD PASSED - All security checks passed |
This reverts commit 51ae63f.
🔒 Security Scan Results
⏱️ SLA Breach Summary
✅ BUILD PASSED - All security checks passed |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AuthtokenfromappSettings.jsonto eliminate the security vulnerability of storing tokens in config files.Test Plan