feat(auth): align login and bootstrap with new user schema

This commit is contained in:
2026-06-19 01:05:33 +02:00
parent 2ed9445f7f
commit 01d89cd21b
10 changed files with 503 additions and 60 deletions
+98
View File
@@ -0,0 +1,98 @@
import { describe, expect, it, vi } from "vitest"
vi.mock("@/lib/prisma", () => ({
default: {},
}))
import {
getUserById,
getUserByEmail,
getUserCredentialsByEmail,
} from "@/services/user.service"
describe("getUserById", () => {
it("does not select passwordHash across the broad user lookup boundary", async () => {
const findUnique = vi.fn().mockResolvedValue(null)
const db = {
user: {
findUnique,
},
}
await getUserById("user-1", db as never)
expect(findUnique).toHaveBeenCalledWith({
where: {
id: "user-1",
},
select: expect.not.objectContaining({
passwordHash: true,
}),
})
})
})
describe("getUserByEmail", () => {
it("queries emailNormalized with a normalized email", async () => {
const findUnique = vi.fn().mockResolvedValue(null)
const db = {
user: {
findUnique,
},
}
await getUserByEmail(" Admin@Example.Test ", db as never)
expect(findUnique).toHaveBeenCalledWith({
where: {
emailNormalized: "admin@example.test",
},
select: expect.not.objectContaining({
passwordHash: true,
}),
})
})
it("does not return passwordHash across the broad user lookup boundary", async () => {
const findUnique = vi.fn().mockResolvedValue({
id: "user-1",
name: "Admin",
email: "admin@example.test",
role: "ADMIN",
status: "ACTIVE",
createdAt: new Date("2024-01-01T00:00:00.000Z"),
updatedAt: new Date("2024-01-01T00:00:00.000Z"),
})
const db = {
user: {
findUnique,
},
}
const user = await getUserByEmail("admin@example.test", db as never)
expect(user).not.toHaveProperty("passwordHash")
})
})
describe("getUserCredentialsByEmail", () => {
it("selects passwordHash only for credential verification", async () => {
const findUnique = vi.fn().mockResolvedValue(null)
const db = {
user: {
findUnique,
},
}
await getUserCredentialsByEmail("Admin@Example.Test", db as never)
expect(findUnique).toHaveBeenCalledWith({
where: {
emailNormalized: "admin@example.test",
},
select: expect.objectContaining({
passwordHash: true,
}),
})
})
})