makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

fix: resolve all 13 remaining test failures
Some checks failed
CI / ci (push) Failing after 56s
Details
CI / e2e (push) Has been skipped
Details

Browse Source 
- OAuth: add userId to oauth_codes schema and migration, derive userId
  from stored auth code/token record instead of passing separately
- Auth middleware tests: destructure {db, userId} from createTestDb,
  pass userId to createApiKey, fix error message assertion
- MCP tests: add missing await on getCollectionSummary and
  createSecondTestUser calls

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jean-Luc Makiola
2026-04-06 20:25:41 +02:00
parent c0f9d5c4d0
commit 7dbbfcb915
6 changed files with 30 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tests/mcp/tools.test.ts
View File

@@ -213,7 +213,7 @@ describe("MCP Collection Summary Resource", () => {
test("returns overview with correct counts", async () => {
const { db, userId } = await createTestDb();
const summary = getCollectionSummary(db, userId);
const summary = await getCollectionSummary(db, userId);
expect(summary.overview).toBeDefined();
expect(summary.overview.totalItems).toBe(0);
expect(summary.overview.categoryCount).toBe(1); // Uncategorized
@@ -242,7 +242,7 @@ describe("MCP Collection Summary Resource", () => {
categoryId: 1,
});
const summary = getCollectionSummary(db, userId);
const summary = await getCollectionSummary(db, userId);
expect(summary.overview.totalItems).toBe(2);
expect(summary.overview.totalWeightGrams).toBe(2000);
expect(summary.overview.activeThreadCount).toBe(1);
@@ -255,7 +255,7 @@ describe("MCP Collection Summary Resource", () => {
describe("MCP Cross-User Isolation", () => {
test("user 2 cannot see user 1's items via MCP tools", async () => {
const { db, userId } = await createTestDb();
const userId2 = createSecondTestUser(db);
const userId2 = await createSecondTestUser(db);
const user1Tools = registerItemTools(db, userId);
const user2Tools = registerItemTools(db, userId2);
@@ -286,7 +286,7 @@ describe("MCP Cross-User Isolation", () => {
test("user 2 cannot access user 1's item by ID", async () => {
const { db, userId } = await createTestDb();
const userId2 = createSecondTestUser(db);
const userId2 = await createSecondTestUser(db);
const user1Tools = registerItemTools(db, userId);
const user2Tools = registerItemTools(db, userId2);
@@ -306,7 +306,7 @@ describe("MCP Cross-User Isolation", () => {
test("user 2 cannot see user 1's threads via MCP tools", async () => {
const { db, userId } = await createTestDb();
const userId2 = createSecondTestUser(db);
const userId2 = await createSecondTestUser(db);
const user1Tools = registerThreadTools(db, userId);
const user2Tools = registerThreadTools(db, userId2);
@@ -330,7 +330,7 @@ describe("MCP Cross-User Isolation", () => {
test("collection summary is scoped to user", async () => {
const { db, userId } = await createTestDb();
const userId2 = createSecondTestUser(db);
const userId2 = await createSecondTestUser(db);
const user1Tools = registerItemTools(db, userId);
await user1Tools.create_item({
@@ -339,8 +339,8 @@ describe("MCP Cross-User Isolation", () => {
weightGrams: 500,
});
const user1Summary = getCollectionSummary(db, userId);
const user2Summary = getCollectionSummary(db, userId2);
const user1Summary = await getCollectionSummary(db, userId);
const user2Summary = await getCollectionSummary(db, userId2);
expect(user1Summary.overview.totalItems).toBe(1);
expect(user2Summary.overview.totalItems).toBe(0);

11
tests/middleware/auth.test.ts
View File

@@ -21,10 +21,11 @@ mock.module("../../src/server/services/oauth.service", () => ({
// Import middleware AFTER mocks are set up
const { requireAuth } = await import("../../src/server/middleware/auth");
let db: Awaited<ReturnType<typeof createTestDb>>;
let db: any;
let userId: number;
beforeEach(async () => {
db = await createTestDb();
({ db, userId } = await createTestDb());
mockGetAuth.mockReset();
mockGetAuth.mockReturnValue(null);
mockVerifyAccessToken.mockReset();
@@ -64,7 +65,7 @@ describe("auth middleware", () => {
test("allows POST with valid API key", async () => {
const app = createApp();
const key = await createApiKey(db, "test");
const key = await createApiKey(db, userId, "test");
const res = await app.request("/items", {
method: "POST",
headers: { "X-API-Key": key.rawKey },
@@ -102,7 +103,7 @@ describe("auth middleware", () => {
});
expect(res.status).toBe(401);
const body = await res.json();
expect(body.error).toBe("invalid_token");
expect(body.error).toBe("Invalid or expired token");
});
test("allows POST with valid OIDC session", async () => {
@@ -114,7 +115,7 @@ describe("auth middleware", () => {
test("API key takes priority over OIDC session", async () => {
const app = createApp();
const key = await createApiKey(db, "test");
const key = await createApiKey(db, userId, "test");
mockGetAuth.mockReturnValue({ sub: "user-123" });
const res = await app.request("/items", {
method: "POST",