fix: resolve all 13 remaining test failures
- OAuth: add userId to oauth_codes schema and migration, derive userId
from stored auth code/token record instead of passing separately
- Auth middleware tests: destructure {db, userId} from createTestDb,
pass userId to createApiKey, fix error message assertion
- MCP tests: add missing await on getCollectionSummary and
createSecondTestUser calls
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -57,6 +57,7 @@ export const items = pgTable("items", {
|
||||
quantity: integer("quantity").notNull().default(1),
|
||||
globalItemId: integer("global_item_id").references(() => globalItems.id),
|
||||
purchasePriceCents: integer("purchase_price_cents"),
|
||||
brand: text("brand"),
|
||||
createdAt: timestamp("created_at").defaultNow().notNull(),
|
||||
updatedAt: timestamp("updated_at").defaultNow().notNull(),
|
||||
});
|
||||
@@ -210,6 +211,9 @@ export const oauthCodes = pgTable("oauth_codes", {
|
||||
id: serial("id").primaryKey(),
|
||||
code: text("code").notNull().unique(),
|
||||
clientId: text("client_id").notNull(),
|
||||
userId: integer("user_id")
|
||||
.notNull()
|
||||
.references(() => users.id),
|
||||
codeChallenge: text("code_challenge").notNull(),
|
||||
codeChallengeMethod: text("code_challenge_method").notNull().default("S256"),
|
||||
redirectUri: text("redirect_uri").notNull(),
|
||||
|
||||
@@ -202,9 +202,14 @@ oauthRoutes.post("/authorize", async (c) => {
|
||||
return c.json({ error: "redirect_uri not allowed" }, 400);
|
||||
}
|
||||
|
||||
// Get or create user from OIDC session
|
||||
const { getOrCreateUser } = await import("../services/auth.service");
|
||||
const user = await getOrCreateUser(db, auth.sub);
|
||||
|
||||
const { code } = await createAuthorizationCode(
|
||||
db,
|
||||
clientId,
|
||||
user.id,
|
||||
codeChallenge,
|
||||
codeChallengeMethod,
|
||||
redirectUri,
|
||||
|
||||
@@ -36,6 +36,7 @@ export async function getClient(db: Db = prodDb, clientId: string) {
|
||||
export async function createAuthorizationCode(
|
||||
db: Db = prodDb,
|
||||
clientId: string,
|
||||
userId: number,
|
||||
codeChallenge: string,
|
||||
codeChallengeMethod: string,
|
||||
redirectUri: string,
|
||||
@@ -46,6 +47,7 @@ export async function createAuthorizationCode(
|
||||
await db.insert(oauthCodes).values({
|
||||
code,
|
||||
clientId,
|
||||
userId,
|
||||
codeChallenge,
|
||||
codeChallengeMethod,
|
||||
redirectUri,
|
||||
@@ -61,7 +63,6 @@ export async function exchangeCode(
|
||||
codeVerifier: string,
|
||||
clientId: string,
|
||||
redirectUri: string,
|
||||
userId: number,
|
||||
): Promise<{
|
||||
accessToken: string;
|
||||
refreshToken: string;
|
||||
@@ -88,7 +89,7 @@ export async function exchangeCode(
|
||||
// Mark code as used
|
||||
await db.update(oauthCodes).set({ used: 1 }).where(eq(oauthCodes.code, code));
|
||||
|
||||
return generateTokens(db, clientId, userId);
|
||||
return generateTokens(db, clientId, record.userId);
|
||||
}
|
||||
|
||||
// ── Token Management ─────────────────────────────────────────────────
|
||||
@@ -144,7 +145,6 @@ export async function refreshAccessToken(
|
||||
db: Db = prodDb,
|
||||
refreshToken: string,
|
||||
clientId: string,
|
||||
userId: number,
|
||||
): Promise<{
|
||||
accessToken: string;
|
||||
refreshToken: string;
|
||||
@@ -168,7 +168,7 @@ export async function refreshAccessToken(
|
||||
// Delete old token pair
|
||||
await db.delete(oauthTokens).where(eq(oauthTokens.id, record.id));
|
||||
|
||||
return generateTokens(db, clientId, userId);
|
||||
return generateTokens(db, clientId, record.userId);
|
||||
}
|
||||
|
||||
// ── Cleanup ──────────────────────────────────────────────────────────
|
||||
|
||||
Reference in New Issue
Block a user