GOTRS 0.6.3 focused on internal improvements. No headline features, but the kind of work that prevents future bugs.

The Problem

Our test suite used a separate authentication bypass. This seemed convenient - tests ran faster without real auth. But bugs slipped through because tests weren’t exercising the actual auth path.

A permission check worked in tests but failed in production. An auth header was validated differently. Edge cases in token handling went untested.

We also had duplicate type conversion functions scattered across packages, creating circular dependencies and maintenance headaches.

Our Solution

Tests now authenticate the same way production does. A single YAML route loader serves both contexts. Centralised auth helpers (GetTestAuthToken(t) and AddTestAuthCookie(req, token)) handle test authentication using the real auth system.

The new internal/convert package consolidates type conversion functions. ToInt(), ToUint(), ToString() with fallback values - all in one place. The circular dependency between shared and middleware is gone.

Bug fixes included: customer user lookup now matches on both login and email (not just login), test users have proper group permissions, and database connection handling no longer closes singleton connections mid-test.

The Benefits

Auth-related bugs get caught in tests rather than discovered in production. The test suite exercises the same code paths users experience.

The codebase is cleaner. Type conversions live in one place. Circular dependencies are eliminated.

Test reliability improved. No more “sql: database is closed” errors. No more “You do not have access to any queues” failures from missing permissions.

Internal improvements like these aren’t glamorous, but they’re what separate reliable software from frustrating software. The next person who adds an auth feature will have tests that actually validate it.