Skip to content

test(contract): add unauthorized caller revert tests for content-likes#1259

Open
wendypetersondev wants to merge 2 commits into
MyFanss:mainfrom
wendypetersondev:feat/921-content-likes-auth-tests
Open

test(contract): add unauthorized caller revert tests for content-likes#1259
wendypetersondev wants to merge 2 commits into
MyFanss:mainfrom
wendypetersondev:feat/921-content-likes-auth-tests

Conversation

@wendypetersondev
Copy link
Copy Markdown
Contributor

@wendypetersondev wendypetersondev commented May 30, 2026

Implements comprehensive unauthorized caller revert tests for the content-likes Soroban contract.

Changes

  • Add 4 unit tests verifying like() and unlike() reject unauthorized callers
  • Add 4 integration tests from external caller perspective
  • Test scenarios: no auth, wrong user parameter
  • Verify proper error handling with try_* methods
  • Follow subscription contract auth_matrix.rs pattern
  • Use env.set_auths(&[]) to strip authorization

Test Coverage

  • Total tests: 24 (10 existing + 6 event + 8 authorization)
  • All tests verify Err return, not panics
  • No state mutation on unauthorized attempts

Security

  • Verifies no unauthorized access to like/unlike operations
  • Verifies user identity is properly enforced
  • Verifies proper error handling
  • Follows Soroban security best practices

Fixes #921

@wendypetersondev
feat(contract): emit events for content-likes state changes
a1c6856 
- Add structured event types (LikedEvent, UnlikedEvent) in new events module
- Emit LikedEvent when user likes content (idempotent, no duplicate events)
- Emit UnlikedEvent when user unlikes content
- Add 3 unit tests verifying event emission and idempotent behavior
- Add 3 integration tests from external caller perspective
- Events follow Soroban SDK best practices with #[contracttype] decorator
- Topic constants (TOPIC_LIKED, TOPIC_UNLIKED) for indexer filtering
- No breaking changes to contract API or logic
- All existing tests pass, no regressions

Fixes MyFanss#922
@wendypetersondev
test(contract): add unauthorized caller revert tests for content-likes
8b975ea 
- Add 4 unit tests verifying like() and unlike() reject unauthorized callers
- Add 4 integration tests from external caller perspective
- Test scenarios: no auth, wrong user parameter
- Verify proper error handling with try_* methods
- Follow subscription contract auth_matrix.rs pattern
- Use env.set_auths(&[]) to strip authorization
- All tests verify Err return, not panics
- No state mutation on unauthorized attempts
- Total tests: 24 (10 existing + 6 event + 8 authorization)

Fixes MyFanss#921
@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented May 30, 2026

@wendypetersondev Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Contract content-likes: Add unauthorized caller revert tests

1 participant

@wendypetersondev