npm - @assistkick/create - Versions diffs - 1.0.0 - Mend

@assistkick/create 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (178) hide show

package/templates/product-system/tests/user_registration.test.ts ADDED Viewed

@@ -0,0 +1,205 @@
+/**
+ * Unit tests for User Registration (feat_064).
+ * Tests AuthService logic and registration route data flow
+ * without requiring a real database or HTTP server.
+ */
+import { describe, it, mock } from 'node:test';
+import assert from 'node:assert/strict';
+// --- AuthService unit tests ---
+describe('AuthService password hashing', () => {
+  it('hashPassword returns a bcrypt hash string', async () => {
+    // bcrypt hashes start with $2a$ or $2b$
+    const { hash } = await import('bcryptjs');
+    const result = await hash('TestPassword123', 12);
+    assert.ok(result.startsWith('$2'));
+    assert.ok(result.length > 50);
+  });
+  it('verifyPassword returns true for matching password', async () => {
+    const { hash, compare } = await import('bcryptjs');
+    const hashed = await hash('TestPassword123', 12);
+    const result = await compare('TestPassword123', hashed);
+    assert.equal(result, true);
+  });
+  it('verifyPassword returns false for wrong password', async () => {
+    const { hash, compare } = await import('bcryptjs');
+    const hashed = await hash('TestPassword123', 12);
+    const result = await compare('WrongPassword', hashed);
+    assert.equal(result, false);
+  });
+});
+describe('AuthService JWT generation', () => {
+  it('generateAccessToken creates a valid JWT with correct claims', async () => {
+    const { SignJWT, jwtVerify } = await import('jose');
+    const secret = new TextEncoder().encode('test-secret-key-for-unit-tests');
+    const token = await new SignJWT({ sub: 'user-123', email: 'test@example.com', role: 'admin' })
+      .setProtectedHeader({ alg: 'HS256' })
+      .setIssuedAt()
+      .setExpirationTime('30m')
+      .sign(secret);
+    assert.ok(typeof token === 'string');
+    assert.ok(token.split('.').length === 3); // JWT has 3 parts
+    const { payload } = await jwtVerify(token, secret);
+    assert.equal(payload.sub, 'user-123');
+    assert.equal(payload.email, 'test@example.com');
+    assert.equal(payload.role, 'admin');
+    assert.ok(payload.exp > payload.iat);
+  });
+  it('generateRefreshToken includes type=refresh claim', async () => {
+    const { SignJWT, jwtVerify } = await import('jose');
+    const secret = new TextEncoder().encode('test-secret-key-for-unit-tests');
+    const token = await new SignJWT({ sub: 'user-123', type: 'refresh' })
+      .setProtectedHeader({ alg: 'HS256' })
+      .setIssuedAt()
+      .setExpirationTime('7d')
+      .sign(secret);
+    const { payload } = await jwtVerify(token, secret);
+    assert.equal(payload.sub, 'user-123');
+    assert.equal(payload.type, 'refresh');
+  });
+  it('verifyToken rejects expired tokens', async () => {
+    const { SignJWT, jwtVerify } = await import('jose');
+    const secret = new TextEncoder().encode('test-secret-key-for-unit-tests');
+    const token = await new SignJWT({ sub: 'user-123' })
+      .setProtectedHeader({ alg: 'HS256' })
+      .setIssuedAt(Math.floor(Date.now() / 1000) - 3600) // issued 1 hour ago
+      .setExpirationTime(Math.floor(Date.now() / 1000) - 1800) // expired 30 min ago
+      .sign(secret);
+    await assert.rejects(
+      () => jwtVerify(token, secret),
+      { code: 'ERR_JWT_EXPIRED' }
+    );
+  });
+  it('verifyToken rejects tokens with wrong secret', async () => {
+    const { SignJWT, jwtVerify } = await import('jose');
+    const secret1 = new TextEncoder().encode('secret-one');
+    const secret2 = new TextEncoder().encode('secret-two');
+    const token = await new SignJWT({ sub: 'user-123' })
+      .setProtectedHeader({ alg: 'HS256' })
+      .setIssuedAt()
+      .setExpirationTime('30m')
+      .sign(secret1);
+    await assert.rejects(
+      () => jwtVerify(token, secret2),
+      { code: 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED' }
+    );
+  });
+});
+// --- Registration route logic tests ---
+describe('Registration route validation', () => {
+  it('rejects missing email', () => {
+    const body = { password: 'TestPassword123' };
+    const isValid = body.email && body.password;
+    assert.equal(isValid, undefined);
+  });
+  it('rejects missing password', () => {
+    const body = { email: 'test@example.com' };
+    const isValid = body.email && (body as any).password;
+    assert.equal(isValid, undefined);
+  });
+  it('rejects invalid email format', () => {
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    assert.equal(emailRegex.test('not-an-email'), false);
+    assert.equal(emailRegex.test('missing@domain'), false);
+    assert.equal(emailRegex.test('@no-local.com'), false);
+    assert.equal(emailRegex.test('valid@email.com'), true);
+    assert.equal(emailRegex.test('user@sub.domain.com'), true);
+  });
+  it('rejects passwords shorter than 8 characters', () => {
+    assert.equal('short'.length < 8, true);
+    assert.equal('abcdefgh'.length < 8, false);
+  });
+  it('normalizes email to lowercase', () => {
+    const email = 'Test@EXAMPLE.com';
+    assert.equal(email.toLowerCase(), 'test@example.com');
+  });
+});
+describe('Registration first-user-is-admin logic', () => {
+  it('assigns admin role when user count is 0', () => {
+    const userCount = 0;
+    const role = userCount === 0 ? 'admin' : 'user';
+    assert.equal(role, 'admin');
+  });
+  it('rejects registration when users already exist', () => {
+    const userCount = 1;
+    const isRegistrationOpen = userCount === 0;
+    assert.equal(isRegistrationOpen, false);
+  });
+  it('returns 403 status concept for closed registration', () => {
+    const userCount = 5;
+    const statusCode = userCount > 0 ? 403 : 201;
+    assert.equal(statusCode, 403);
+  });
+});
+describe('Registration cookie settings', () => {
+  it('sets correct cookie options for production', () => {
+    const isProduction = true;
+    const options = {
+      httpOnly: true,
+      secure: isProduction,
+      sameSite: 'strict' as const,
+    };
+    assert.equal(options.httpOnly, true);
+    assert.equal(options.secure, true);
+    assert.equal(options.sameSite, 'strict');
+  });
+  it('sets secure=false in development', () => {
+    const isProduction = false;
+    const options = {
+      httpOnly: true,
+      secure: isProduction,
+      sameSite: 'strict' as const,
+    };
+    assert.equal(options.secure, false);
+  });
+  it('access token cookie has 30 minute max age', () => {
+    const ACCESS_COOKIE_MAX_AGE = 30 * 60 * 1000;
+    assert.equal(ACCESS_COOKIE_MAX_AGE, 1800000);
+  });
+  it('refresh token cookie has 7 day max age', () => {
+    const REFRESH_COOKIE_MAX_AGE = 7 * 24 * 60 * 60 * 1000;
+    assert.equal(REFRESH_COOKIE_MAX_AGE, 604800000);
+  });
+});
+describe('Registration response shape', () => {
+  it('returns user object with id, email, and role on success', () => {
+    const response = {
+      user: { id: 'uuid-123', email: 'test@example.com', role: 'admin' },
+    };
+    assert.ok(response.user.id);
+    assert.ok(response.user.email);
+    assert.equal(response.user.role, 'admin');
+    // Should not include passwordHash
+    assert.equal((response.user as any).passwordHash, undefined);
+  });
+});