Skip to content

test(stellar): add SEP-10 authentication flow tests#195

Merged
dev-fatima-24 merged 4 commits into
dev-fatima-24:mainfrom
Harbduls:test/sep10-auth-flow
Apr 28, 2026
Merged

test(stellar): add SEP-10 authentication flow tests#195
dev-fatima-24 merged 4 commits into
dev-fatima-24:mainfrom
Harbduls:test/sep10-auth-flow

Conversation

@Harbduls
Copy link
Copy Markdown
Contributor

@Harbduls Harbduls commented Apr 28, 2026

Closes #91

Adds comprehensive test coverage for the SEP-10 authentication challenge/verification flow with 28 test cases covering all critical security edge cases.

Tests Added

Core Flow (5 tests)

  • Valid challenge generation and verification
  • Server and client signature validation
  • Time bounds verification (5-minute timeout)

Security Edge Cases (17 tests)

  • Expired challenges (>5 minutes)
  • Replay attack prevention (nonce reuse)
  • Network passphrase validation
  • Invalid/missing signature handling
  • Missing required fields (timeBounds, source, operations)
  • Concurrent verification attempts
  • Malformed XDR and nonce handling

Integration (2 tests)

  • Full authentication flow end-to-end
  • Multiple simultaneous clients

Key Features

  • Uses real Stellar SDK keypairs (no crypto mocks)
  • Fully offline/deterministic (no Horizon/Testnet dependency)
  • Time mocking for expiration tests
  • CI-compatible and repeatable

Files Changed

  • backend/tests/stellar/sep10-auth.test.js (629 lines)

Abd-Standard and others added 3 commits April 27, 2026 18:18
@Abd-Standard
test: add RTL tests for core components with 70% coverage
70e47f3 
- Set up Jest with jsdom, React Testing Library, and jest-dom
- Created comprehensive tests for 10 components/pages
- Fixed bugs in PatientDashboard (missing error state, Promise handling)
- Achieved 70.58% line coverage (87 passing tests)
@Abd-Standard
test(stellar): add SEP-10 auth flow tests
55f9352 
- Test valid challenge/verify flow
- Handle expired challenges and replayed nonces
- Verify signature and network passphrase validation
- Ensure missing fields are rejected
@Harbduls
Merge branch 'main' into test/sep10-auth-flow
6353a64
@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented Apr 28, 2026

@Harbduls Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@dev-fatima-24 dev-fatima-24 merged commit 84e96c0 into dev-fatima-24:main Apr 28, 2026
3 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement SEP-10 authentication flow tests

3 participants

@Harbduls @dev-fatima-24 @Abd-Standard