Files
stock-manager/tests/unit/services/user.service.test.ts
T

99 lines
2.2 KiB
TypeScript

import { describe, expect, it, vi } from "vitest"
vi.mock("@/lib/prisma", () => ({
default: {},
}))
import {
getUserById,
getUserByEmail,
getUserCredentialsByEmail,
} from "@/services/user.service"
describe("getUserById", () => {
it("does not select passwordHash across the broad user lookup boundary", async () => {
const findUnique = vi.fn().mockResolvedValue(null)
const db = {
user: {
findUnique,
},
}
await getUserById("user-1", db as never)
expect(findUnique).toHaveBeenCalledWith({
where: {
id: "user-1",
},
select: expect.not.objectContaining({
passwordHash: true,
}),
})
})
})
describe("getUserByEmail", () => {
it("queries emailNormalized with a normalized email", async () => {
const findUnique = vi.fn().mockResolvedValue(null)
const db = {
user: {
findUnique,
},
}
await getUserByEmail(" Admin@Example.Test ", db as never)
expect(findUnique).toHaveBeenCalledWith({
where: {
emailNormalized: "admin@example.test",
},
select: expect.not.objectContaining({
passwordHash: true,
}),
})
})
it("does not return passwordHash across the broad user lookup boundary", async () => {
const findUnique = vi.fn().mockResolvedValue({
id: "user-1",
name: "Admin",
email: "admin@example.test",
role: "ADMIN",
status: "ACTIVE",
createdAt: new Date("2024-01-01T00:00:00.000Z"),
updatedAt: new Date("2024-01-01T00:00:00.000Z"),
})
const db = {
user: {
findUnique,
},
}
const user = await getUserByEmail("admin@example.test", db as never)
expect(user).not.toHaveProperty("passwordHash")
})
})
describe("getUserCredentialsByEmail", () => {
it("selects passwordHash only for credential verification", async () => {
const findUnique = vi.fn().mockResolvedValue(null)
const db = {
user: {
findUnique,
},
}
await getUserCredentialsByEmail("Admin@Example.Test", db as never)
expect(findUnique).toHaveBeenCalledWith({
where: {
emailNormalized: "admin@example.test",
},
select: expect.objectContaining({
passwordHash: true,
}),
})
})
})