ccc5e97000
PR #120 rewrote auth.controller.spec.ts and environment.service.spec.ts in a leaner style but dropped several edge cases that PR #116 covered. Port the gaps so the server coverage matches the original review intent: - auth.controller: returnToken=false must behave like the omitted case (no token in the response body, cookie still set) — guards an `!== undefined`-style regression. - environment.getCorsAllowedOrigins: empty string -> [], single origin, and leading/trailing/duplicate commas with spaces -> trimmed list. - environment.isSwaggerEnabled: mixed-case "True" -> true; "false"/""/"1" -> false. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
106 lines
3.2 KiB
TypeScript
106 lines
3.2 KiB
TypeScript
import { AuthController } from './auth.controller';
|
|
|
|
// Direct instantiation with stub deps. The Test.createTestingModule form failed
|
|
// to resolve the injected dependency tokens (e.g. AUDIT_SERVICE) at compile(),
|
|
// and this smoke test only needs the controller to construct.
|
|
describe('AuthController', () => {
|
|
let controller: AuthController;
|
|
|
|
beforeEach(() => {
|
|
controller = new AuthController(
|
|
{} as any, // authService
|
|
{} as any, // sessionService
|
|
{} as any, // environmentService
|
|
{} as any, // moduleRef
|
|
{} as any, // auditService
|
|
);
|
|
});
|
|
|
|
it('should be defined', () => {
|
|
expect(controller).toBeDefined();
|
|
});
|
|
|
|
// The EE MFA module is absent in this repo, so require() throws and is caught;
|
|
// login falls through to authService.login -> setAuthCookie -> returnToken.
|
|
describe('login returnToken branch', () => {
|
|
const workspace = { id: 'ws1', enforceSso: false };
|
|
|
|
const makeController = () => {
|
|
const authService = {
|
|
login: jest.fn().mockResolvedValue('jwt-token-123'),
|
|
};
|
|
const environmentService = {
|
|
getCookieExpiresIn: jest.fn().mockReturnValue(new Date()),
|
|
isHttps: jest.fn().mockReturnValue(false),
|
|
};
|
|
const ctrl = new AuthController(
|
|
authService as any,
|
|
{} as any,
|
|
environmentService as any,
|
|
{} as any,
|
|
{} as any,
|
|
);
|
|
const res = { setCookie: jest.fn() };
|
|
return { ctrl, authService, res };
|
|
};
|
|
|
|
it('returns the body token and sets the cookie when returnToken is true', async () => {
|
|
const { ctrl, authService, res } = makeController();
|
|
const loginInput = {
|
|
email: 'a@b.com',
|
|
password: 'pw',
|
|
returnToken: true,
|
|
};
|
|
|
|
const result = await ctrl.login(
|
|
workspace as any,
|
|
res as any,
|
|
loginInput as any,
|
|
);
|
|
|
|
expect(result).toEqual({ authToken: 'jwt-token-123' });
|
|
expect(res.setCookie).toHaveBeenCalledTimes(1);
|
|
expect(res.setCookie).toHaveBeenCalledWith(
|
|
'authToken',
|
|
'jwt-token-123',
|
|
expect.objectContaining({ httpOnly: true }),
|
|
);
|
|
expect(authService.login).toHaveBeenCalled();
|
|
});
|
|
|
|
it('returns no body token but still sets the cookie when returnToken is omitted', async () => {
|
|
const { ctrl, res } = makeController();
|
|
const loginInput = { email: 'a@b.com', password: 'pw' };
|
|
|
|
const result = await ctrl.login(
|
|
workspace as any,
|
|
res as any,
|
|
loginInput as any,
|
|
);
|
|
|
|
expect(result).toBeUndefined();
|
|
expect(res.setCookie).toHaveBeenCalledTimes(1);
|
|
});
|
|
|
|
// Guards against an `!== undefined`-style bug: an explicit `false` must
|
|
// behave exactly like the omitted case (cookie set, no token in the body).
|
|
it('returns no body token but still sets the cookie when returnToken is false', async () => {
|
|
const { ctrl, res } = makeController();
|
|
const loginInput = {
|
|
email: 'a@b.com',
|
|
password: 'pw',
|
|
returnToken: false,
|
|
};
|
|
|
|
const result = await ctrl.login(
|
|
workspace as any,
|
|
res as any,
|
|
loginInput as any,
|
|
);
|
|
|
|
expect(result).toBeUndefined();
|
|
expect(res.setCookie).toHaveBeenCalledTimes(1);
|
|
});
|
|
});
|
|
});
|