The concurrent upload tests were hardcoding localhost:8080 for worker
threads, but CI sets ORCHARD_TEST_URL to the actual server hostname.
This caused "Connection refused" errors in CI.
- Add proxy-body-size annotation to allow unlimited uploads via nginx
- Add requires_direct_s3 marker for tests needing direct MinIO access
- Exclude requires_direct_s3 tests from CI (can't access MinIO from outside K8s)
- Add auto-migration for tag ref_count triggers to ensure they exist
Password change tests were using the admin account, which invalidated
all admin sessions including the shared integration_client. Now all
password change tests create and use dedicated test users, keeping
the admin session intact for other tests.
Tests updated:
- test_change_password_success
- test_change_password_wrong_current
- test_password_too_short_on_change
- Add auth_client fixture (function-scoped) for authentication tests
- Update all tests in test_auth_api.py to use auth_client
- Prevents auth tests from polluting the shared integration_client session
- Each auth test gets a fresh client, avoiding state leakage
- Add ORCHARD_LOGIN_RATE_LIMIT env var to Helm deployment template
- Set relaxed rate limit (1000/minute) for dev/stage deployments
- Production keeps strict default (5/minute) for security
- Re-enable auth tests in CI (no longer excluded by marker)
- Update test docstrings to reflect rate limit configuration
- Add auth_intensive marker for tests that make many login requests
- Mark all tests in test_auth_api.py with auth_intensive
- Exclude auth_intensive tests from CI integration runs against deployed
environments (they trigger 429 rate limiting)
- Remove duplicate TestSecurityEdgeCases class definition
- Register auth_intensive, integration, large, slow markers in conftest.py
- Make integration_client fixture session-scoped (single login per test run)
- Add configurable credentials via ORCHARD_TEST_USERNAME/PASSWORD env vars
- Fail fast with clear error message if authentication fails
- Add cookie verification after login
- Remove silent failure mode that hid auth issues
- Add tests for version creation via upload with explicit version parameter
- Add tests for version auto-detection from filename/metadata
- Add tests for version listing and retrieval
- Add tests for download by version: prefix
- Add tests for version deletion
- Test version resolution priority (version: vs tag: prefixes)
