torbo/flyer-crawler.projectium.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

moar fixes + unit test review of routes
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 55m32s
Details

Browse Source
This commit is contained in:
Torben Sorensen
2025-12-19 05:58:28 -08:00
parent 7b1b67d2ed
commit 2a8b1b8617
30 changed files with 525 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/routes/auth.routes.test.ts
View File

@@ -185,6 +185,24 @@ describe('Auth Routes (/api/auth)', () => {
expect(db.userRepo.createUser).toHaveBeenCalled();
});
it('should set a refresh token cookie on successful registration', async () => {
const mockNewUser = createMockUserProfile({ user_id: 'new-user-id', user: { user_id: 'new-user-id', email: 'cookie@test.com' } });
vi.mocked(db.userRepo.createUser).mockResolvedValue(mockNewUser);
vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
vi.mocked(db.adminRepo.logActivity).mockResolvedValue(undefined);
const response = await supertest(app)
.post('/api/auth/register')
.send({
email: 'cookie@test.com',
password: 'StrongPassword123!',
});
expect(response.status).toBe(201);
expect(response.headers['set-cookie']).toBeDefined();
expect(response.headers['set-cookie'][0]).toContain('refreshToken=');
});
it('should reject registration with a weak password', async () => {
const weakPassword = 'password';
@@ -444,6 +462,19 @@ describe('Auth Routes (/api/auth)', () => {
expect(response.body.message).toBe('Invalid or expired password reset token.');
});
it('should reject if token does not match any valid tokens in DB', async () => {
const tokenRecord = { user_id: 'user-123', token_hash: 'hashed-token', expires_at: new Date(Date.now() + 3600000) };
vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([tokenRecord]);
vi.mocked(bcrypt.compare).mockResolvedValue(false as never); // Token does not match
const response = await supertest(app)
.post('/api/auth/reset-password')
.send({ token: 'wrong-token', newPassword: 'a-Very-Strong-Password-123!' });
expect(response.status).toBe(400);
expect(response.body.message).toBe('Invalid or expired password reset token.');
});
it('should return 400 for a weak new password', async () => {
const tokenRecord = { user_id: 'user-123', token_hash: 'hashed-token', expires_at: new Date(Date.now() + 3600000) };
vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([tokenRecord]);