Merge branch 'main' into issue/mitgliederverwaltung-533
Some checks reported errors
continuous-integration/drone/push Build was killed
continuous-integration/drone/promote/production Build is passing

# Conflicts:
#	test/mv_web/member_live/index_test.exs
This commit is contained in:
Moritz 2026-06-16 18:13:03 +02:00
commit 84e1cf1cb8
118 changed files with 767 additions and 1148 deletions

View file

@ -0,0 +1,58 @@
defmodule Mv.ApplicationTest do
@moduledoc """
Guards the AshAuthentication supervisor wiring in `Mv.Application`.
The auth children (token Expunger, audit-log batcher/expunger) resolve their
configuration via `Spark.sparks(otp_app, Ash.Resource)`. With the wrong
`otp_app` they silently start against an empty resource set: the token
Expunger then runs against no token resources and becomes a no-op. This test
pins the corrected `:mv` wiring against the *running* application tree: the
supervisor and all three children are present, and the token Expunger booted
live and resolved the real `:mv` token resource.
The two audit-log children legitimately report an `:undefined` pid because no
`AuditLogResource` resources exist under `:mv` (their init returns `:ignore`);
that is a successful start, not a crash, so they are only asserted present.
"""
use ExUnit.Case, async: false
alias AshAuthentication.TokenResource.Expunger
test "AshAuthentication children boot under the :mv otp_app and resolve real config" do
# Locate the running AshAuthentication.Supervisor inside the live app tree.
auth_sup =
Mv.Supervisor
|> Supervisor.which_children()
|> Enum.find_value(fn
{AshAuthentication.Supervisor, pid, _type, _mods} when is_pid(pid) -> pid
_ -> nil
end)
assert is_pid(auth_sup), "AshAuthentication.Supervisor is not running in Mv.Supervisor"
children = Supervisor.which_children(auth_sup)
child_ids = children |> Enum.map(&elem(&1, 0)) |> Enum.sort()
# All three auth children are present in the supervision tree.
assert child_ids ==
Enum.sort([
AshAuthentication.TokenResource.Expunger,
AshAuthentication.AuditLogResource.Batcher,
AshAuthentication.AuditLogResource.Expunger
])
# The token Expunger booted as a live process and resolved the real :mv
# token resource — proving the children run against non-empty :mv config
# rather than the empty set the wrong otp_app produced.
expunger_pid =
Enum.find_value(children, fn
{Expunger, pid, _, _} when is_pid(pid) -> pid
_ -> nil
end)
assert is_pid(expunger_pid), "token Expunger did not boot as a live process under :mv"
assert Process.alive?(expunger_pid)
assert %{otp_app: :mv, resources: resources} = :sys.get_state(expunger_pid)
assert Map.has_key?(resources, Mv.Accounts.Token)
end
end

View file

@ -12,10 +12,10 @@ defmodule Mv.Authorization.Checks.HasPermissionFailClosedTest do
"""
use Mv.DataCase, async: true
alias Mv.Authorization.Checks.HasPermission
import Mv.Fixtures
alias Mv.Authorization.Checks.HasPermission
test "auto_filter deny-filter matches no records (regression for NOT IN [] allow-all bug)" do
# Arrange: create some members in DB
_m1 = member_fixture()

View file

@ -1,59 +0,0 @@
defmodule Mv.OidcRoleSyncConfigTest do
@moduledoc """
Tests for OIDC role sync configuration (OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM).
Reads via Mv.Config (ENV first, then Settings).
"""
use Mv.DataCase, async: false
alias Mv.OidcRoleSyncConfig
describe "oidc_admin_group_name/0" do
test "returns nil when OIDC_ADMIN_GROUP_NAME is not configured" do
restore = clear_env("OIDC_ADMIN_GROUP_NAME")
on_exit(restore)
assert OidcRoleSyncConfig.oidc_admin_group_name() == nil
end
test "returns configured admin group name when set via ENV" do
restore = set_env("OIDC_ADMIN_GROUP_NAME", "mila-admin")
on_exit(restore)
assert OidcRoleSyncConfig.oidc_admin_group_name() == "mila-admin"
end
end
describe "oidc_groups_claim/0" do
test "returns default \"groups\" when OIDC_GROUPS_CLAIM is not configured" do
restore = clear_env("OIDC_GROUPS_CLAIM")
on_exit(restore)
assert OidcRoleSyncConfig.oidc_groups_claim() == "groups"
end
test "returns configured claim name when OIDC_GROUPS_CLAIM is set via ENV" do
restore = set_env("OIDC_GROUPS_CLAIM", "ak_groups")
on_exit(restore)
assert OidcRoleSyncConfig.oidc_groups_claim() == "ak_groups"
end
end
defp set_env(key, value) do
previous = System.get_env(key)
System.put_env(key, value)
fn ->
if previous, do: System.put_env(key, previous), else: System.delete_env(key)
end
end
defp clear_env(key) do
previous = System.get_env(key)
System.delete_env(key)
fn ->
if previous, do: System.put_env(key, previous)
end
end
end

View file

@ -4,7 +4,6 @@ defmodule Mv.StatisticsTest do
"""
use Mv.DataCase, async: true
require Ash.Query
import Ash.Expr
import Mv.Fixtures, only: [create_fee_type: 2]
@ -13,6 +12,8 @@ defmodule Mv.StatisticsTest do
alias Mv.MembershipFees.MembershipFeeCycle
alias Mv.Statistics
require Ash.Query
setup do
actor = Mv.Helpers.SystemActor.get_system_actor()
%{actor: actor}