fix: resolve all 13 remaining test failures
- OAuth: add userId to oauth_codes schema and migration, derive userId
from stored auth code/token record instead of passing separately
- Auth middleware tests: destructure {db, userId} from createTestDb,
pass userId to createApiKey, fix error message assertion
- MCP tests: add missing await on getCollectionSummary and
createSecondTestUser calls
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -202,9 +202,14 @@ oauthRoutes.post("/authorize", async (c) => {
|
||||
return c.json({ error: "redirect_uri not allowed" }, 400);
|
||||
}
|
||||
|
||||
// Get or create user from OIDC session
|
||||
const { getOrCreateUser } = await import("../services/auth.service");
|
||||
const user = await getOrCreateUser(db, auth.sub);
|
||||
|
||||
const { code } = await createAuthorizationCode(
|
||||
db,
|
||||
clientId,
|
||||
user.id,
|
||||
codeChallenge,
|
||||
codeChallengeMethod,
|
||||
redirectUri,
|
||||
|
||||
@@ -36,6 +36,7 @@ export async function getClient(db: Db = prodDb, clientId: string) {
|
||||
export async function createAuthorizationCode(
|
||||
db: Db = prodDb,
|
||||
clientId: string,
|
||||
userId: number,
|
||||
codeChallenge: string,
|
||||
codeChallengeMethod: string,
|
||||
redirectUri: string,
|
||||
@@ -46,6 +47,7 @@ export async function createAuthorizationCode(
|
||||
await db.insert(oauthCodes).values({
|
||||
code,
|
||||
clientId,
|
||||
userId,
|
||||
codeChallenge,
|
||||
codeChallengeMethod,
|
||||
redirectUri,
|
||||
@@ -61,7 +63,6 @@ export async function exchangeCode(
|
||||
codeVerifier: string,
|
||||
clientId: string,
|
||||
redirectUri: string,
|
||||
userId: number,
|
||||
): Promise<{
|
||||
accessToken: string;
|
||||
refreshToken: string;
|
||||
@@ -88,7 +89,7 @@ export async function exchangeCode(
|
||||
// Mark code as used
|
||||
await db.update(oauthCodes).set({ used: 1 }).where(eq(oauthCodes.code, code));
|
||||
|
||||
return generateTokens(db, clientId, userId);
|
||||
return generateTokens(db, clientId, record.userId);
|
||||
}
|
||||
|
||||
// ── Token Management ─────────────────────────────────────────────────
|
||||
@@ -144,7 +145,6 @@ export async function refreshAccessToken(
|
||||
db: Db = prodDb,
|
||||
refreshToken: string,
|
||||
clientId: string,
|
||||
userId: number,
|
||||
): Promise<{
|
||||
accessToken: string;
|
||||
refreshToken: string;
|
||||
@@ -168,7 +168,7 @@ export async function refreshAccessToken(
|
||||
// Delete old token pair
|
||||
await db.delete(oauthTokens).where(eq(oauthTokens.id, record.id));
|
||||
|
||||
return generateTokens(db, clientId, userId);
|
||||
return generateTokens(db, clientId, record.userId);
|
||||
}
|
||||
|
||||
// ── Cleanup ──────────────────────────────────────────────────────────
|
||||
|
||||
Reference in New Issue
Block a user