feat: defer invoices below 5 EUR with carry-over #3525
GitHub Actions / Test report for security:test
succeeded
Mar 18, 2026 in 1s
116 passed, 0 failed and 0 skipped
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.AdminAccessInterceptorTest.xml
25 tests were completed in 596ms with 25 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.authentication.AdminAccessInterceptorTest | 25✅ | 596ms |
✅ io.tolgee.security.authentication.AdminAccessInterceptorTest
✅ it allows PATCH from admin()
✅ it allows unauthenticated requests()
✅ it denies POST from user()
✅ it allows GET from admin()
✅ it allows GET from supporter()
✅ it denies HEAD from supporter when method annotated with WriteOperation()
✅ it allows POST from supporter when method annotated with AllowInReadOnlyMode()
✅ it denies PUT from supporter()
✅ it allows DELETE from supporter when method annotated with AllowInReadOnlyMode()
✅ it allows PUT from supporter when method annotated with AllowInReadOnlyMode()
✅ it denies DELETE from user()
✅ it denies PATCH from supporter()
✅ it allows POST from admin()
✅ it denies DELETE from supporter()
✅ it denies PATCH from user()
✅ it allows HEAD from admin()
✅ it denies PUT from user()
✅ it allows HEAD from supporter()
✅ it denies GET from supporter when method annotated with WriteOperation()
✅ it denies POST from supporter()
✅ it denies HEAD from user()
✅ it allows PATCH from supporter when method annotated with AllowInReadOnlyMode()
✅ it denies GET from user()
✅ it allows DELETE from admin()
✅ it allows PUT from admin()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.AuthenticationDisabledFilterTest.xml
3 tests were completed in 65ms with 3 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.authentication.AuthenticationDisabledFilterTest | 3✅ | 65ms |
✅ io.tolgee.security.authentication.AuthenticationDisabledFilterTest
✅ it does not filter when request is OPTIONS()
✅ it does not require authentication to go through()
✅ it does not authenticate when authentication is enabled()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.AuthenticationFilterTest.xml
10 tests were completed in 110ms with 10 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.authentication.AuthenticationFilterTest | 10✅ | 110ms |
✅ io.tolgee.security.authentication.AuthenticationFilterTest
✅ it does not allow request to go through with invalid JWT tokens()
✅ it does not filter when request is OPTIONS()
✅ it applies a rate limit on authentication attempts()
✅ it allows request to go through when using invalid PAK()
✅ it allows request to go through when using invalid PAT()
✅ it allows request to go through with valid JWT token()
✅ it allows request to go through when using expired PAK()
✅ it allows request to go through when using expired PAT()
✅ it allows request to go through when using valid PAK()
✅ it allows request to go through when using valid PAT()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.AuthenticationInterceptorTest.xml
4 tests were completed in 49ms with 4 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.authentication.AuthenticationInterceptorTest | 4✅ | 49ms |
✅ io.tolgee.security.authentication.AuthenticationInterceptorTest
✅ it ignores super JWT requirement when authentication is disabled()
✅ it doesn't allow API key authentication by default()
✅ it enforces the super JWT requirement()
✅ it doesn't interfere with basic endpoints()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.EmailValidationInterceptorTest.xml
2 tests were completed in 19ms with 2 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.authentication.EmailValidationInterceptorTest | 2✅ | 19ms |
✅ io.tolgee.security.authentication.EmailValidationInterceptorTest
✅ not throw when annotated by email verification bypass()
✅ rejects access if the user does not have a verified email()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.ReadOnlyModeInterceptorTest.xml
17 tests were completed in 175ms with 17 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.authentication.ReadOnlyModeInterceptorTest | 17✅ | 175ms |
✅ io.tolgee.security.authentication.ReadOnlyModeInterceptorTest
✅ it denies PATCH()
✅ it allows unauthenticated requests()
✅ it allows GET()
✅ it allows read-only DELETE when method annotated with AllowInReadOnlyMode()
✅ it allows read-only PUT when method annotated with AllowInReadOnlyMode()
✅ it denies PUT()
✅ it allows read-only POST when method annotated with AllowInReadOnlyMode()
✅ it allows POST when we are not in read only mode()
✅ it allows DELETE when we are not in read only mode()
✅ it denies DELETE()
✅ it allows HEAD()
✅ it denies POST()
✅ it allows PATCH when we are not in read only mode()
✅ it allows PUT when we are not in read only mode()
✅ it allows read-only PATCH when method annotated with AllowInReadOnlyMode()
✅ it denies GET annotated with WriteOperation()
✅ it denies HEAD annotated with WriteOperation()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authentication.SsoAuthenticationInterceptorTest.xml
6 tests were completed in 47ms with 6 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.authentication.SsoAuthenticationInterceptorTest | 6✅ | 47ms |
✅ io.tolgee.security.authentication.SsoAuthenticationInterceptorTest
✅ it allows access when sso is not forced for the user()
✅ it allows access for user using sso authentication()
✅ it rejects access if sso is forced for the user()
✅ it allows access for user with invalid email as username()
✅ it allows access for user using sso global authentication()
✅ it allows access when annotated by email verification bypass()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authorization.FeatureAuthorizationInterceptorTest.xml
6 tests were completed in 61ms with 6 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.authorization.FeatureAuthorizationInterceptorTest | 6✅ | 61ms |
✅ io.tolgee.security.authorization.FeatureAuthorizationInterceptorTest
✅ it denies access when none of the required features are enabled()
✅ it allows access when at least one of the required features is enabled()
✅ it denies access when any required feature is not enabled()
✅ it allows access when all required features are enabled()
✅ it does not allow both annotations to be present()
✅ it has no effect on endpoints without feature requirements()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authorization.OrganizationAuthorizationInterceptorTest.xml
8 tests were completed in 111ms with 8 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.authorization.OrganizationAuthorizationInterceptorTest | 8✅ | 111ms |
✅ io.tolgee.security.authorization.OrganizationAuthorizationInterceptorTest
✅ rejects access if the user does not have a sufficiently high role()
✅ it hides the organization if the user cannot see it()
✅ it allows supporter to bypass checks for read-only organization endpoints()
✅ it has no effect on endpoints not specific to a single organization()
✅ it allows admin to access any endpoint()
✅ it does not let supporter bypass checks for write organization endpoints()
✅ it requires an annotation to be present on the handler()
✅ it does not allow both annotations to be present()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.authorization.ProjectAuthorizationInterceptorTest.xml
14 tests were completed in 260ms with 14 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.authorization.ProjectAuthorizationInterceptorTest | 14✅ | 260ms |
✅ io.tolgee.security.authorization.ProjectAuthorizationInterceptorTest
✅ it hides the organization if the user cannot see it()
✅ permissions work as intended when using implicit project id()
✅ it does not let scopes on the key work if the authenticated user does not have them()
✅ it has no effect on endpoints not specific to a single project()
✅ ensures API key works only for the project it is bound to()
✅ rejects access if the user is admin and authorizes with API key()
✅ it allows admin to access any endpoint()
✅ it allows supporter to bypass checks for read-only project endpoints()
✅ rejects access if the user does not have the required scope (single scope)()
✅ it restricts scopes (multiple scopes)()
✅ it does not let supporter to bypass checks for write project endpoints()
✅ it requires an annotation to be present on the handler()
✅ it does not allow both annotations to be present()
✅ rejects access if the user does not have the required scope (multiple scopes)()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.ratelimit.GlobalIpRateLimitFilterTest.xml
6 tests were completed in 15ms with 6 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.ratelimit.GlobalIpRateLimitFilterTest | 6✅ | 15ms |
✅ io.tolgee.security.ratelimit.GlobalIpRateLimitFilterTest
✅ it skips rate limiting for actuator endpoints with context path()
✅ it lets requests through()
✅ it does not let rate limited requests through()
✅ it skips rate limiting for bare actuator endpoint()
✅ it does rate limit if request is OPTIONS()
✅ it skips rate limiting for actuator endpoints()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.ratelimit.GlobalUserRateLimitFilterTest.xml
6 tests were completed in 10ms with 6 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.ratelimit.GlobalUserRateLimitFilterTest | 6✅ | 10ms |
✅ io.tolgee.security.ratelimit.GlobalUserRateLimitFilterTest
✅ it skips rate limiting for actuator endpoints with context path()
✅ it lets requests through()
✅ it does not let rate limited requests through()
✅ it skips rate limiting for bare actuator endpoint()
✅ it does rate limit if request is OPTIONS()
✅ it skips rate limiting for actuator endpoints()
✅ backend/security/build/test-results/test/TEST-io.tolgee.security.ratelimit.RateLimitInterceptorTest.xml
9 tests were completed in 118ms with 9 passed, 0 failed and 0 skipped.
| Test suite | Passed | Failed | Skipped | Time |
|---|---|---|---|---|
| io.tolgee.security.ratelimit.RateLimitInterceptorTest | 9✅ | 118ms |
✅ io.tolgee.security.ratelimit.RateLimitInterceptorTest
✅ it rate limits requests according to the specified policy()
✅ endpoint rate limit policy is correctly extracted from annotations()
✅ endpoint rate limit bucket correctly discriminates against major path variables()
✅ endpoint rate limit uses the correct user or ip discrimination method()
✅ it throws RateLimitBlockedException after max strikes when blocking is enabled()
✅ it uses different buckets for different paths()
✅ it does not rate limit when limits are disabled()
✅ it does not rate limit when there are no annotations()
✅ it uses the same buckets for paths with a shared bucket()
Loading