search

WordPress / two-factor

Two-Factor Authentication for WordPress.
https://wordpress.org/plugins/two-factor/
GNU General Public License v2.0
723 stars 151 forks source link

Test coverage seems low #468

Open iandunn opened 2 years ago

iandunn commented 2 years ago

I ran an Xdebug report locally and the overall coverage was 34% before #427, and 23% after.

I'm not a coverage zealot, and don't think 100% is a reasonable, but 100% over the critical areas seems reasonable for a security plugin, especially before it becomes a canonical plugin or merges into Core.

sjinks/wp-two-factor-provider-webauthn has some e2e tests that might provide a head start. Adding more unit/integration tests would be nice too.

Using @codeCoverageIgnore on the untestable and low-severity areas would also help make it more obvious if everything that should be covered actually is.

Related: #467

iandunn commented 2 years ago

i didn't mean to close this with #469 , that just increased TOTP. I think it's worth examining the rest of the plugin as well (except U2F).

iandunn commented 2 years ago

It's not necessarily a priority for 0.8, though, unless y'all want it to be.

iandunn commented 1 year ago

Related #497