diff --git a/TASKLIST.md b/TASKLIST.md index 9d6d455..4372f89 100644 --- a/TASKLIST.md +++ b/TASKLIST.md @@ -1129,8 +1129,13 @@ - PF-07: 已配对客户端重复配对保护 - Edge Cases: 并发配对、过期清理验证 +- 已新增 `Yonexus.Server/tests/auth-failures.test.ts` + - AF-07: nonce collision 触发 re_pair_required + - AF-08: rate limit 触发 re_pair_required + - 覆盖 re_pair 后 secret 清理与 pairingStatus=revoked + **待完成** -- AF(Authentication Failures)测试套件 +- AF(Authentication Failures)剩余场景(stale/future timestamp、invalid signature 等) - RP(Re-pairing Triggers)测试套件 - CF/HF/SR 边界场景测试 diff --git a/Yonexus.Server b/Yonexus.Server index 4f4c6bf..3597298 160000 --- a/Yonexus.Server +++ b/Yonexus.Server @@ -1 +1 @@ -Subproject commit 4f4c6bf993f76d2eab1c05668ad696110f8c6cb1 +Subproject commit 35972981d3f809740a662c9866ab6b18181d82ee diff --git a/tests/failure-path/MATRIX.md b/tests/failure-path/MATRIX.md index d7d9ca4..83ea18e 100644 --- a/tests/failure-path/MATRIX.md +++ b/tests/failure-path/MATRIX.md @@ -38,8 +38,8 @@ This document defines the systematic test coverage for pairing and authenticatio | AF-04 | Wrong secret | Client has outdated secret | `auth_failed(invalid_secret)` | ⬜ | | AF-05 | Stale timestamp | Proof timestamp >10s old | `auth_failed(stale_timestamp)` | ⬜ | | AF-06 | Future timestamp | Proof timestamp in future | `auth_failed(future_timestamp)` | ⬜ | -| AF-07 | Nonce collision | Reused nonce within window | `auth_failed(nonce_collision)` → `re_pair_required` 🔴 | ⬜ | -| AF-08 | Rate limited | >10 attempts in 10s | `auth_failed(rate_limited)` → `re_pair_required` 🔴 | ⬜ | +| AF-07 | Nonce collision | Reused nonce within window | `auth_failed(nonce_collision)` → `re_pair_required` 🔴 | ✅ | +| AF-08 | Rate limited | >10 attempts in 10s | `auth_failed(rate_limited)` → `re_pair_required` 🔴 | ✅ | | AF-09 | Wrong public key | Key doesn't match stored | `auth_failed(invalid_signature)` | ⬜ | | AF-10 | Malformed auth_request | Missing required fields | Protocol error | ⬜ | | AF-11 | Tampered proof | Modified signature | `auth_failed(invalid_signature)` | ⬜ |