fix(server): --session-cookie-secure flag; scope+char-count password; invalid-email test

2026-06-02 15:16:46 +02:00
parent dbff95c2a9
commit 369eee4098
3 changed files with 31 additions and 14 deletions
@@ -38,3 +38,13 @@ async fn create_user_persists_and_password_verifies(pool: PgPool) {
    assert_eq!(user.role, Role::Admin);
    assert!(auth::verify_password("bootstrap-pw-123", &stored_hash));
 }
+
+#[tokio::test]
+async fn create_user_rejects_invalid_email() {
+    // The email is parsed before the password is read or the DB is touched, so an
+    // invalid email errors out without reaching the (unreachable) database URL.
+    let err = server::create_user("postgres://unused", "not-an-email", Role::Admin)
+        .await
+        .unwrap_err();
+    assert!(err.to_string().contains("email"), "got: {err}");
+}