f96dcd01f2
- Create src/lib/db.ts (shared pg.Pool, query/withTx helpers, server-only) - Add @types/pg devDep - Migration 204: add email, auth_provider, auth_subject columns to admin_users; backfill from auth.users; new upsert_admin_user accepts multi-provider args; new get_admin_user_for_session RPC resolves Auth.js session id (UUID or Google sub) to an admin row - Refactor getAdminUser() to use pg + new RPC; auto-provisions on first Google sign-in using session.user.email - Refactor updatePasswordAction to call update_user_password via pg (drops the Supabase REST hop) - Delete orphaned src/actions/login.ts (replaced by auth-actions.ts) - Drop remaining DEV_FORCE_UID references in users.ts; dev path now uses dev_session cookie (the only cookie the dev flow can set) - Update AdminUser type: user_id is now string | null (Google users have no Supabase auth id); add email + auth_provider fields - Fix downstream type errors: StopProductAssignment.callerUid accepts null; pickup.ts performedBy widens to string | null - Bump vitest config, tests/, and other earlier cleanup changes
108 lines
3.4 KiB
TypeScript
108 lines
3.4 KiB
TypeScript
/**
|
|
* Unit tests for the auth server actions in src/actions/auth-actions.ts.
|
|
*
|
|
* Mocks `@/lib/auth` and `next-auth` to test the action wrappers in
|
|
* isolation from the network and the Auth.js runtime.
|
|
*/
|
|
|
|
import { describe, it, expect, vi, beforeEach } from "vitest";
|
|
|
|
const signInMock = vi.fn();
|
|
const signOutMock = vi.fn();
|
|
|
|
vi.mock("@/lib/auth", () => ({
|
|
signIn: signInMock,
|
|
signOut: signOutMock,
|
|
}));
|
|
|
|
const authErrors: Array<{ name: string; message?: string }> = [];
|
|
vi.mock("next-auth", () => ({
|
|
AuthError: class AuthError extends Error {
|
|
override name = "AuthError";
|
|
constructor(message?: string) {
|
|
super(message);
|
|
authErrors.push({ name: this.name, message });
|
|
}
|
|
},
|
|
}));
|
|
|
|
// Import after mocks.
|
|
const { signInWithPassword, signInWithGoogle, signOutAction } = await import(
|
|
"@/actions/auth-actions"
|
|
);
|
|
|
|
beforeEach(() => {
|
|
signInMock.mockReset();
|
|
signOutMock.mockReset();
|
|
});
|
|
|
|
describe("signInWithPassword", () => {
|
|
it("returns ok:false when email is missing", async () => {
|
|
const fd = new FormData();
|
|
fd.set("password", "x");
|
|
const result = await signInWithPassword(null, fd);
|
|
expect(result.ok).toBe(false);
|
|
if (!result.ok) expect(result.error).toMatch(/email/i);
|
|
expect(signInMock).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it("returns ok:false when password is missing", async () => {
|
|
const fd = new FormData();
|
|
fd.set("email", "a@b.com");
|
|
const result = await signInWithPassword(null, fd);
|
|
expect(result.ok).toBe(false);
|
|
if (!result.ok) expect(result.error).toMatch(/password/i);
|
|
expect(signInMock).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it("trims email and passes credentials to signIn", async () => {
|
|
signInMock.mockResolvedValue(undefined);
|
|
const fd = new FormData();
|
|
fd.set("email", " admin@brand.test ");
|
|
fd.set("password", "secret");
|
|
const result = await signInWithPassword(null, fd);
|
|
expect(result).toEqual({ ok: true });
|
|
expect(signInMock).toHaveBeenCalledWith("supabase-password", {
|
|
email: "admin@brand.test",
|
|
password: "secret",
|
|
redirect: false,
|
|
});
|
|
});
|
|
|
|
it("returns ok:false with a friendly message on AuthError", async () => {
|
|
signInMock.mockRejectedValue(new Error("auth failed")); // not an AuthError
|
|
const fd = new FormData();
|
|
fd.set("email", "a@b.com");
|
|
fd.set("password", "wrong");
|
|
await expect(signInWithPassword(null, fd)).rejects.toThrow("auth failed");
|
|
});
|
|
|
|
it("catches AuthError and returns ok:false", async () => {
|
|
// The mocked AuthError is registered as a real class via the mock
|
|
// factory above, so we can construct one here.
|
|
const { AuthError } = await import("next-auth");
|
|
signInMock.mockRejectedValue(new AuthError("invalid credentials"));
|
|
const fd = new FormData();
|
|
fd.set("email", "a@b.com");
|
|
fd.set("password", "wrong");
|
|
const result = await signInWithPassword(null, fd);
|
|
expect(result).toEqual({ ok: false, error: "Invalid email or password." });
|
|
});
|
|
});
|
|
|
|
describe("signInWithGoogle", () => {
|
|
it("calls signIn with the google provider and /admin redirect", async () => {
|
|
signInMock.mockResolvedValue(undefined);
|
|
await signInWithGoogle();
|
|
expect(signInMock).toHaveBeenCalledWith("google", { redirectTo: "/admin" });
|
|
});
|
|
});
|
|
|
|
describe("signOutAction", () => {
|
|
it("calls signOut with the login redirect", async () => {
|
|
signOutMock.mockResolvedValue(undefined);
|
|
await signOutAction();
|
|
expect(signOutMock).toHaveBeenCalledWith({ redirectTo: "/login" });
|
|
});
|
|
});
|