fix: close auth, permission, contract and e2e review blockers
This commit is contained in:
Your Name
@@ -2,17 +2,21 @@ import { beforeEach, describe, expect, it, vi } from 'vitest'
|
||||
|
||||
const getMock = vi.fn()
|
||||
const postMock = vi.fn()
|
||||
const refreshSessionBundleMock = vi.fn()
|
||||
|
||||
vi.mock('@/lib/http/client', () => ({
|
||||
get: getMock,
|
||||
post: postMock,
|
||||
refreshSessionBundle: refreshSessionBundleMock,
|
||||
}))
|
||||
|
||||
describe('auth service', () => {
|
||||
beforeEach(() => {
|
||||
getMock.mockReset()
|
||||
postMock.mockReset()
|
||||
refreshSessionBundleMock.mockReset()
|
||||
postMock.mockResolvedValue(undefined)
|
||||
refreshSessionBundleMock.mockResolvedValue(undefined)
|
||||
})
|
||||
|
||||
it('loads public auth capabilities without auth headers', async () => {
|
||||
@@ -84,6 +88,28 @@ describe('auth service', () => {
|
||||
)
|
||||
})
|
||||
|
||||
it('verifies password-login totp with the temporary challenge token', async () => {
|
||||
const { verifyTOTPAfterPasswordLogin } = await import('./auth')
|
||||
|
||||
await verifyTOTPAfterPasswordLogin({
|
||||
user_id: 42,
|
||||
code: '123456',
|
||||
device_id: 'device-1',
|
||||
temp_token: 'temp-token-demo',
|
||||
})
|
||||
|
||||
expect(postMock).toHaveBeenCalledWith(
|
||||
'/auth/login/totp-verify',
|
||||
{
|
||||
user_id: 42,
|
||||
code: '123456',
|
||||
device_id: 'device-1',
|
||||
temp_token: 'temp-token-demo',
|
||||
},
|
||||
{ auth: false, credentials: 'include' },
|
||||
)
|
||||
})
|
||||
|
||||
it('submits public registration without auth headers', async () => {
|
||||
const { register } = await import('./auth')
|
||||
|
||||
@@ -106,7 +132,7 @@ describe('auth service', () => {
|
||||
)
|
||||
})
|
||||
|
||||
it('submits first-admin bootstrap without auth headers', async () => {
|
||||
it('submits first-admin bootstrap with bootstrap secret header', async () => {
|
||||
const { bootstrapAdmin } = await import('./auth')
|
||||
|
||||
await bootstrapAdmin({
|
||||
@@ -114,6 +140,7 @@ describe('auth service', () => {
|
||||
password: 'Bootstrap123!@#',
|
||||
email: 'bootstrap_admin@example.com',
|
||||
nickname: 'Bootstrap Admin',
|
||||
bootstrap_secret: 'bootstrap-secret-demo',
|
||||
})
|
||||
|
||||
expect(postMock).toHaveBeenCalledWith(
|
||||
@@ -124,7 +151,13 @@ describe('auth service', () => {
|
||||
email: 'bootstrap_admin@example.com',
|
||||
nickname: 'Bootstrap Admin',
|
||||
},
|
||||
{ auth: false, credentials: 'include' },
|
||||
{
|
||||
auth: false,
|
||||
credentials: 'include',
|
||||
headers: {
|
||||
'X-Bootstrap-Secret': 'bootstrap-secret-demo',
|
||||
},
|
||||
},
|
||||
)
|
||||
})
|
||||
|
||||
@@ -192,12 +225,13 @@ describe('auth service', () => {
|
||||
expect(postMock).toHaveBeenCalledWith('/auth/logout', undefined, { credentials: 'include' })
|
||||
})
|
||||
|
||||
it('refreshes the session with credentials even when no body token is supplied', async () => {
|
||||
it('refreshes the session through the shared refresh single-flight when no body token is supplied', async () => {
|
||||
const { refreshSession } = await import('./auth')
|
||||
|
||||
await refreshSession()
|
||||
|
||||
expect(postMock).toHaveBeenCalledWith(
|
||||
expect(refreshSessionBundleMock).toHaveBeenCalledTimes(1)
|
||||
expect(postMock).not.toHaveBeenCalledWith(
|
||||
'/auth/refresh',
|
||||
undefined,
|
||||
{ auth: false, credentials: 'include' },
|
||||
|
||||
Reference in New Issue
Block a user