Follow-up from PR #164
This issue tracks adding test coverage for the Redis error (503 / rejection) paths in the login lockout utilities introduced in PR #164.
Context
PR #164 added Redis-backed login lockout to apps/public-api. The implementation correctly uses fail-open behavior on success paths and fail-closed on lockout reads when Redis is unavailable. However, test cases explicitly asserting this resilience behavior (i.e., when checkLockout or recordFailedAttempt rejects with a Redis error) are not yet present.
What needs to be done
Add unit/integration tests to apps/public-api/src/__tests__/userAuth.email.test.js (and any other relevant test files) covering:
checkLockout rejects (Redis down) — login should proceed normally (fail-open), not surface a 500 to the caller.recordFailedAttempt rejects (Redis down) — login failure response should still return the appropriate 400, without surfacing a Redis error.clearLockout rejects (Redis down) — signup / password-reset should complete successfully and only log the error (fail-open).
References
Follow-up from PR #164
This issue tracks adding test coverage for the Redis error (503 / rejection) paths in the login lockout utilities introduced in PR #164.
Context
PR #164 added Redis-backed login lockout to
apps/public-api. The implementation correctly uses fail-open behavior on success paths and fail-closed on lockout reads when Redis is unavailable. However, test cases explicitly asserting this resilience behavior (i.e., whencheckLockoutorrecordFailedAttemptrejects with a Redis error) are not yet present.What needs to be done
Add unit/integration tests to
apps/public-api/src/__tests__/userAuth.email.test.js(and any other relevant test files) covering:checkLockoutrejects (Redis down) — login should proceed normally (fail-open), not surface a 500 to the caller.recordFailedAttemptrejects (Redis down) — login failure response should still return the appropriate 400, without surfacing a Redis error.clearLockoutrejects (Redis down) — signup / password-reset should complete successfully and only log the error (fail-open).References