Jean-Luc Makiola
458b33f1c7
- All beforeEach now use async/await createTestDb() - All service calls in tests now awaited - All direct DB calls (.run()/.all()) replaced with await - All test callbacks made async - Fixed PostgreSQL GROUP BY strictness in totals.service.ts (categories.name and categories.icon added to groupBy) - db type changed to 'any' to accommodate PGlite type differences Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
172 lines
5.0 KiB
TypeScript
172 lines
5.0 KiB
TypeScript
import { beforeEach, describe, expect, it } from "bun:test";
|
|
import {
|
|
changePassword,
|
|
createApiKey,
|
|
createSession,
|
|
createUser,
|
|
deleteApiKey,
|
|
deleteSession,
|
|
getSession,
|
|
getUserCount,
|
|
listApiKeys,
|
|
verifyApiKey,
|
|
verifyPassword,
|
|
} from "../../src/server/services/auth.service.ts";
|
|
import { createTestDb } from "../helpers/db.ts";
|
|
|
|
describe("Auth Service", () => {
|
|
let db: any;
|
|
|
|
beforeEach(async () => {
|
|
db = await createTestDb();
|
|
});
|
|
|
|
describe("User Management", () => {
|
|
it("creates a user with hashed password (hash !== plaintext)", async () => {
|
|
const user = await createUser(db, "admin", "secret123");
|
|
|
|
expect(user).toBeDefined();
|
|
expect(user.id).toBeGreaterThan(0);
|
|
expect(user.username).toBe("admin");
|
|
expect(user.passwordHash).not.toBe("secret123");
|
|
expect(user.passwordHash.length).toBeGreaterThan(0);
|
|
});
|
|
|
|
it("verifies correct password returns user", async () => {
|
|
await createUser(db, "admin", "secret123");
|
|
const user = await verifyPassword(db, "admin", "secret123");
|
|
|
|
expect(user).not.toBeNull();
|
|
expect(user!.username).toBe("admin");
|
|
});
|
|
|
|
it("rejects incorrect password returns null", async () => {
|
|
await createUser(db, "admin", "secret123");
|
|
const user = await verifyPassword(db, "admin", "wrongpassword");
|
|
|
|
expect(user).toBeNull();
|
|
});
|
|
|
|
it("getUserCount returns 0 then 1", async () => {
|
|
const countBefore = await getUserCount(db);
|
|
expect(countBefore).toBe(0);
|
|
|
|
await createUser(db, "admin", "secret123");
|
|
|
|
const countAfter = await getUserCount(db);
|
|
expect(countAfter).toBe(1);
|
|
});
|
|
|
|
it("changes password successfully", async () => {
|
|
await createUser(db, "admin", "oldpass");
|
|
const changed = await changePassword(db, "admin", "oldpass", "newpass");
|
|
expect(changed).toBe(true);
|
|
|
|
// Verify new password works
|
|
const user = await verifyPassword(db, "admin", "newpass");
|
|
expect(user).not.toBeNull();
|
|
|
|
// Verify old password no longer works
|
|
const oldAttempt = await verifyPassword(db, "admin", "oldpass");
|
|
expect(oldAttempt).toBeNull();
|
|
});
|
|
|
|
it("rejects password change with wrong current password", async () => {
|
|
await createUser(db, "admin", "secret123");
|
|
const changed = await changePassword(
|
|
db,
|
|
"admin",
|
|
"wrongcurrent",
|
|
"newpass",
|
|
);
|
|
expect(changed).toBe(false);
|
|
});
|
|
});
|
|
|
|
describe("Session Management", () => {
|
|
it("creates and retrieves a session (id length is 64 hex chars)", async () => {
|
|
const user = await createUser(db, "admin", "secret123");
|
|
const session = await createSession(db, user.id);
|
|
|
|
expect(session).toBeDefined();
|
|
expect(session.id).toHaveLength(64);
|
|
expect(session.userId).toBe(user.id);
|
|
expect(session.expiresAt).toBeInstanceOf(Date);
|
|
|
|
const retrieved = await getSession(db, session.id);
|
|
expect(retrieved).not.toBeNull();
|
|
expect(retrieved!.id).toBe(session.id);
|
|
});
|
|
|
|
it("returns null for expired session (expiryDays = -1)", async () => {
|
|
const user = await createUser(db, "admin", "secret123");
|
|
const session = await createSession(db, user.id, -1);
|
|
|
|
const retrieved = await getSession(db, session.id);
|
|
expect(retrieved).toBeNull();
|
|
});
|
|
|
|
it("deletes a session", async () => {
|
|
const user = await createUser(db, "admin", "secret123");
|
|
const session = await createSession(db, user.id);
|
|
|
|
await deleteSession(db, session.id);
|
|
|
|
const retrieved = await getSession(db, session.id);
|
|
expect(retrieved).toBeNull();
|
|
});
|
|
});
|
|
|
|
describe("API Key Management", () => {
|
|
it("creates key and returns raw key once (length > 16, prefix matches first 8 chars)", async () => {
|
|
const result = await createApiKey(db, "test-key");
|
|
|
|
expect(result).toBeDefined();
|
|
expect(result.rawKey).toBeDefined();
|
|
expect(result.rawKey.length).toBeGreaterThan(16);
|
|
expect(result.keyPrefix).toBe(result.rawKey.slice(0, 8));
|
|
expect(result.name).toBe("test-key");
|
|
});
|
|
|
|
it("verifies valid key returns true", async () => {
|
|
const result = await createApiKey(db, "test-key");
|
|
const isValid = await verifyApiKey(db, result.rawKey);
|
|
|
|
expect(isValid).toBe(true);
|
|
});
|
|
|
|
it("rejects invalid key returns false", async () => {
|
|
await createApiKey(db, "test-key");
|
|
const isValid = await verifyApiKey(db, "invalidkey12345678");
|
|
|
|
expect(isValid).toBe(false);
|
|
});
|
|
|
|
it("deletes key so it is no longer valid", async () => {
|
|
const result = await createApiKey(db, "test-key");
|
|
await deleteApiKey(db, result.id);
|
|
|
|
const isValid = await verifyApiKey(db, result.rawKey);
|
|
expect(isValid).toBe(false);
|
|
});
|
|
|
|
it("listApiKeys returns keys without hashes", async () => {
|
|
await createApiKey(db, "key-one");
|
|
await createApiKey(db, "key-two");
|
|
|
|
const keys = await listApiKeys(db);
|
|
expect(keys).toHaveLength(2);
|
|
expect(keys[0].name).toBe("key-one");
|
|
expect(keys[1].name).toBe("key-two");
|
|
// Ensure no hash is exposed
|
|
for (const key of keys) {
|
|
expect(key).toHaveProperty("id");
|
|
expect(key).toHaveProperty("name");
|
|
expect(key).toHaveProperty("keyPrefix");
|
|
expect(key).toHaveProperty("createdAt");
|
|
expect(key).not.toHaveProperty("keyHash");
|
|
}
|
|
});
|
|
});
|
|
});
|