Skip to content

test : added vitest unit tests for requireAssessmentAccess middleware#1905

Open
tmdeveloper007 wants to merge 1 commit into
gopaljilab:mainfrom
tmdeveloper007:#1900
Open

test : added vitest unit tests for requireAssessmentAccess middleware#1905
tmdeveloper007 wants to merge 1 commit into
gopaljilab:mainfrom
tmdeveloper007:#1900

Conversation

@tmdeveloper007

@tmdeveloper007 tmdeveloper007 commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Closes #1900.

Summary of What Has Been Done:
Added 8 vitest unit tests for the requireAssessmentAccess middleware. Tests cover invalid assessment IDs, unauthorized access, assessment-not-found 404s, IDOR protection (returns 404 not 403 to avoid existence leakage), authorized access with req.assessment attachment, and unexpected error handling.

Changes Made:

  • server/middleware/requireAssessmentAccess.test.ts (new file)

Impact it Made:

  • Validates IDOR protection: unauthorized users get 404 (not 403) to prevent record existence leakage
  • Confirms audit logging for both allowed and denied access attempts
  • All 8 tests pass locally

Note: Please assign this PR to the tmdeveloper007 account.

@github-actions github-actions Bot added the type:security Vulnerability fixes or security-related enhancements. label Jun 25, 2026
@vercel

vercel Bot commented Jun 25, 2026

Copy link
Copy Markdown

@tmdeveloper007 is attempting to deploy a commit to the gopaljilab's projects Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type:security Vulnerability fixes or security-related enhancements.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

test : add vitest unit tests for requireAssessmentAccess middleware

1 participant

@tmdeveloper007