@etus/bhono-app 0.1.6 → 0.1.7

package/templates/base/tests/unit/server/services/auth.test.ts

@@ -18,6 +18,17 @@ vi.mock('@server/lib/audit', () => ({
 vi.mock('@server/db/sql', () => ({
   queryOne: vi.fn(),
   execute: vi.fn(),
+  toStringValue: (value: unknown) => {
+    if (typeof value === 'string') return value
+    if (typeof value === 'number' || typeof value === 'bigint') return String(value)
+    return ''
+  },
+  toNullableString: (value: unknown) => {
+    if (value === null || value === undefined) return null
+    if (typeof value === 'string') return value
+    if (typeof value === 'number' || typeof value === 'bigint') return String(value)
+    return null
+  },
 }))
 
 import { createAccessToken, generateRefreshToken, hashToken } from '@server/lib/tokens'
@@ -101,7 +112,7 @@ describe('authService', () => {
         email: 'existing@gmail.com',
         email_verified: true,
         name: 'Existing User',
-        picture: null,
+        picture: undefined,
         given_name: 'Existing',
         family_name: 'User',
       }
@@ -168,12 +179,478 @@ describe('authService', () => {
 
   describe('revokeRefreshToken', () => {
     it('should revoke refresh token and log logout', async () => {
-      const env = createMockEnv()
-
       await authService.revokeRefreshToken(db, 'refresh-token', mockAuthContext, 'user-1')
 
       expect(execute).toHaveBeenCalled()
       expect(logAuthEvent).toHaveBeenCalled()
     })
+
+    it('should revoke token without logging when userId is null', async () => {
+      await authService.revokeRefreshToken(db, 'refresh-token', mockAuthContext, null)
+
+      expect(execute).toHaveBeenCalled()
+      expect(logAuthEvent).not.toHaveBeenCalled()
+    })
+  })
+
+  describe('revokeAllUserTokens', () => {
+    it('should revoke all tokens for a user', async () => {
+      await authService.revokeAllUserTokens(db, 'user-1')
+
+      expect(execute).toHaveBeenCalled()
+    })
+  })
+
+  describe('getCurrentUser', () => {
+    it('should return user when found', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'user-1',
+        googleId: 'google-1',
+        email: 'user@example.com',
+        name: 'User',
+        avatarUrl: null,
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      })
+
+      const result = await authService.getCurrentUser(db, 'user-1')
+
+      expect(result.email).toBe('user@example.com')
+    })
+
+    it('should throw UnauthorizedError when user not found', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce(null)
+
+      await expect(authService.getCurrentUser(db, 'user-999')).rejects.toThrow(UnauthorizedError)
+    })
+  })
+
+  describe('findOrCreateUser edge cases', () => {
+    it('should not update user when info is unchanged', async () => {
+      const env = createMockEnv()
+      const googleUser: GoogleUserInfo = {
+        sub: 'existing_sub',
+        email: 'same@example.com',
+        email_verified: true,
+        name: 'Same Name',
+        picture: 'https://same-picture.jpg',
+        given_name: 'Same',
+        family_name: 'Name',
+      }
+
+      const userRow = {
+        id: 'user-1',
+        googleId: googleUser.sub,
+        email: googleUser.email,
+        name: googleUser.name,
+        avatarUrl: googleUser.picture,
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      }
+
+      ;(queryOne as Mock).mockResolvedValueOnce(userRow)
+
+      const result = await authService.findOrCreateUser(db, env, googleUser, mockAuthContext)
+
+      expect(result.isNewUser).toBe(false)
+      // Should only call execute for refresh token insert and login log
+      expect(execute).toHaveBeenCalled()
+    })
+
+    it('should update user when email changes', async () => {
+      const env = createMockEnv()
+      const googleUser: GoogleUserInfo = {
+        sub: 'existing_sub',
+        email: 'new-email@example.com',
+        email_verified: true,
+        name: 'Same Name',
+        picture: 'https://same-picture.jpg',
+        given_name: 'Same',
+        family_name: 'Name',
+      }
+
+      const userRow = {
+        id: 'user-1',
+        googleId: googleUser.sub,
+        email: 'old@example.com',
+        name: googleUser.name,
+        avatarUrl: googleUser.picture,
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      }
+
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce(userRow)
+        .mockResolvedValueOnce({ ...userRow, email: googleUser.email })
+
+      const result = await authService.findOrCreateUser(db, env, googleUser, mockAuthContext)
+
+      expect(result.isNewUser).toBe(false)
+      expect(execute).toHaveBeenCalled()
+    })
+
+    it('should handle null picture', async () => {
+      const env = createMockEnv()
+      const googleUser: GoogleUserInfo = {
+        sub: 'new_google_sub',
+        email: 'user@example.com',
+        email_verified: true,
+        name: 'User',
+        picture: undefined,
+        given_name: 'User',
+        family_name: '',
+      }
+
+      const userRow = {
+        id: 'user-new',
+        googleId: googleUser.sub,
+        email: googleUser.email,
+        name: googleUser.name,
+        avatarUrl: null,
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      }
+
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce(userRow)
+
+      const result = await authService.findOrCreateUser(db, env, googleUser, mockAuthContext)
+
+      expect(result.isNewUser).toBe(true)
+    })
+  })
+
+  describe('refreshAccessToken edge cases', () => {
+    it('should throw when user is inactive', async () => {
+      const env = createMockEnv()
+
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce({ id: 'token-1', userId: 'user-1', tokenHash: 'hashed-token' })
+        .mockResolvedValueOnce({
+          id: 'user-1',
+          googleId: 'google-1',
+          email: 'user@example.com',
+          name: 'User',
+          avatarUrl: null,
+          status: 'inactive',
+          providerIds: JSON.stringify(['google']),
+          isSuperAdmin: 0,
+          createdAt: new Date().toISOString(),
+          updatedAt: new Date().toISOString(),
+          deletedAt: null,
+        })
+
+      await expect(
+        authService.refreshAccessToken(db, env, 'refresh-token', mockAuthContext)
+      ).rejects.toThrow('User not found or inactive')
+    })
+
+    it('should throw when user not found after token found', async () => {
+      const env = createMockEnv()
+
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce({ id: 'token-1', userId: 'user-1', tokenHash: 'hashed-token' })
+        .mockResolvedValueOnce(null)
+
+      await expect(
+        authService.refreshAccessToken(db, env, 'refresh-token', mockAuthContext)
+      ).rejects.toThrow('User not found or inactive')
+    })
+  })
+
+  describe('mapUserRow edge cases', () => {
+    it('should handle isSuperAdmin as string "1"', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'user-1',
+        googleId: 'google-1',
+        email: 'user@example.com',
+        name: 'User',
+        avatarUrl: null,
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: '1',
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      })
+
+      const result = await authService.getCurrentUser(db, 'user-1')
+
+      expect(result.isSuperAdmin).toBe(true)
+    })
+
+    it('should handle isSuperAdmin as string "true"', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'user-1',
+        googleId: 'google-1',
+        email: 'user@example.com',
+        name: 'User',
+        avatarUrl: null,
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: 'true',
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      })
+
+      const result = await authService.getCurrentUser(db, 'user-1')
+
+      expect(result.isSuperAdmin).toBe(true)
+    })
+
+    it('should handle isSuperAdmin as boolean true', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'user-1',
+        googleId: 'google-1',
+        email: 'user@example.com',
+        name: 'User',
+        avatarUrl: null,
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: true,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      })
+
+      const result = await authService.getCurrentUser(db, 'user-1')
+
+      expect(result.isSuperAdmin).toBe(true)
+    })
+
+    it('should handle providerIds as array', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'user-1',
+        googleId: 'google-1',
+        email: 'user@example.com',
+        name: 'User',
+        avatarUrl: null,
+        status: 'active',
+        providerIds: ['google', 'github'],
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      })
+
+      const result = await authService.getCurrentUser(db, 'user-1')
+
+      expect(result.providerIds).toEqual(['google', 'github'])
+    })
+
+    it('should handle invalid JSON in providerIds', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'user-1',
+        googleId: 'google-1',
+        email: 'user@example.com',
+        name: 'User',
+        avatarUrl: null,
+        status: 'active',
+        providerIds: 'not-valid-json',
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      })
+
+      const result = await authService.getCurrentUser(db, 'user-1')
+
+      expect(result.providerIds).toEqual([])
+    })
+
+    it('should handle non-array JSON in providerIds', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'user-1',
+        googleId: 'google-1',
+        email: 'user@example.com',
+        name: 'User',
+        avatarUrl: null,
+        status: 'active',
+        providerIds: JSON.stringify({ type: 'object' }),
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      })
+
+      const result = await authService.getCurrentUser(db, 'user-1')
+
+      expect(result.providerIds).toEqual([])
+    })
+
+    it('should handle null providerIds', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'user-1',
+        googleId: 'google-1',
+        email: 'user@example.com',
+        name: 'User',
+        avatarUrl: null,
+        status: 'active',
+        providerIds: null,
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      })
+
+      const result = await authService.getCurrentUser(db, 'user-1')
+
+      expect(result.providerIds).toEqual([])
+    })
+
+    it('should handle avatarUrl present', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'user-1',
+        googleId: 'google-1',
+        email: 'user@example.com',
+        name: 'User',
+        avatarUrl: 'https://example.com/avatar.jpg',
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      })
+
+      const result = await authService.getCurrentUser(db, 'user-1')
+
+      expect(result).toBeDefined()
+    })
+
+    it('should handle deletedAt present', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'user-1',
+        googleId: 'google-1',
+        email: 'user@example.com',
+        name: 'User',
+        avatarUrl: null,
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: new Date().toISOString(),
+      })
+
+      const result = await authService.getCurrentUser(db, 'user-1')
+
+      expect(result.deletedAt).not.toBeNull()
+    })
+  })
+
+  describe('findOrCreateUser failure cases', () => {
+    it('should throw when user creation fails', async () => {
+      const env = createMockEnv()
+      const googleUser: GoogleUserInfo = {
+        sub: 'new_google_sub',
+        email: 'user@example.com',
+        email_verified: true,
+        name: 'User',
+        picture: undefined,
+        given_name: 'User',
+        family_name: '',
+      }
+
+      // First call: no existing user found
+      // Second call: insertUserSql returns null (user creation fails)
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce(null)
+
+      await expect(
+        authService.findOrCreateUser(db, env, googleUser, mockAuthContext)
+      ).rejects.toThrow('Failed to create user')
+    })
+
+    it('should update user when name changes', async () => {
+      const env = createMockEnv()
+      const googleUser: GoogleUserInfo = {
+        sub: 'existing_sub',
+        email: 'same@example.com',
+        email_verified: true,
+        name: 'New Name',
+        picture: 'https://same-picture.jpg',
+        given_name: 'New',
+        family_name: 'Name',
+      }
+
+      const userRow = {
+        id: 'user-1',
+        googleId: googleUser.sub,
+        email: googleUser.email,
+        name: 'Old Name',
+        avatarUrl: googleUser.picture,
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      }
+
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce(userRow)
+        .mockResolvedValueOnce({ ...userRow, name: googleUser.name })
+
+      const result = await authService.findOrCreateUser(db, env, googleUser, mockAuthContext)
+
+      expect(result.isNewUser).toBe(false)
+      expect(execute).toHaveBeenCalled()
+    })
+
+    it('should update user when avatar changes', async () => {
+      const env = createMockEnv()
+      const googleUser: GoogleUserInfo = {
+        sub: 'existing_sub',
+        email: 'same@example.com',
+        email_verified: true,
+        name: 'Same Name',
+        picture: 'https://new-picture.jpg',
+        given_name: 'Same',
+        family_name: 'Name',
+      }
+
+      const userRow = {
+        id: 'user-1',
+        googleId: googleUser.sub,
+        email: googleUser.email,
+        name: googleUser.name,
+        avatarUrl: 'https://old-picture.jpg',
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      }
+
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce(userRow)
+        .mockResolvedValueOnce({ ...userRow, avatarUrl: googleUser.picture })
+
+      const result = await authService.findOrCreateUser(db, env, googleUser, mockAuthContext)
+
+      expect(result.isNewUser).toBe(false)
+      expect(execute).toHaveBeenCalled()
+    })
   })
 })

package/templates/base/tests/unit/server/services/invitations.test.ts

@@ -17,6 +17,17 @@ vi.mock('@server/db/sql', () => ({
   queryOne: vi.fn(),
   queryAll: vi.fn(),
   execute: vi.fn(),
+  toStringValue: (value: unknown) => {
+    if (typeof value === 'string') return value
+    if (typeof value === 'number' || typeof value === 'bigint') return String(value)
+    return ''
+  },
+  toNullableString: (value: unknown) => {
+    if (value === null || value === undefined) return null
+    if (typeof value === 'string') return value
+    if (typeof value === 'number' || typeof value === 'bigint') return String(value)
+    return null
+  },
 }))
 
 import { sendInvitationEmail } from '@server/lib/email'
@@ -60,6 +71,60 @@ describe('invitationsService', () => {
   })
 
   describe('create', () => {
+    it('should throw ForbiddenError when user has no role', async () => {
+      const env = createMockEnv()
+      const ctxWithoutRole = createMockContext({ userRole: undefined })
+
+      await expect(
+        invitationsService.create(db, env, ctxWithoutRole, {
+          email: 'invite@example.com',
+          role: 'VIEWER',
+        })
+      ).rejects.toThrow('User must have a role in this account to invite others')
+    })
+
+    it('should throw ForbiddenError when assigning higher role than own', async () => {
+      const env = createMockEnv()
+      const ctxAsViewer = createMockContext({ userRole: 'VIEWER' })
+
+      await expect(
+        invitationsService.create(db, env, ctxAsViewer, {
+          email: 'invite@example.com',
+          role: 'ADMIN',
+        })
+      ).rejects.toThrow('Cannot assign a role higher than your own')
+    })
+
+    it('should throw ConflictError when user is already a member', async () => {
+      const env = createMockEnv()
+
+      ;(queryOne as Mock).mockResolvedValueOnce({ ok: 1 })
+
+      await expect(
+        invitationsService.create(db, env, ctx, {
+          email: 'member@example.com',
+          role: 'VIEWER',
+        })
+      ).rejects.toThrow('User is already a member of this account')
+    })
+
+    it('should throw Error when account not found', async () => {
+      const env = createMockEnv()
+
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce(null)
+
+      await expect(
+        invitationsService.create(db, env, ctx, {
+          email: 'invite@example.com',
+          role: 'VIEWER',
+        })
+      ).rejects.toThrow('Account not found')
+    })
+
     it('should link existing user instead of creating invitation', async () => {
       const env = createMockEnv()
       const existingUser = createUserFixture({ id: 'user-1', email: 'user@example.com' })
@@ -161,5 +226,118 @@ describe('invitationsService', () => {
       expect(execute).toHaveBeenCalled()
       expect(logAuthEvent).toHaveBeenCalled()
     })
+
+    it('should throw NotFoundError when invitation not found', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce(null)
+
+      await expect(
+        invitationsService.accept(db, 'inv-999', 'user-1', { transactionId: 'tx' })
+      ).rejects.toThrow(NotFoundError)
+    })
+
+    it('should handle snake_case column names', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({ id: 'inv-1', account_id: 'account-456', role: 'EDITOR' })
+
+      await invitationsService.accept(db, 'inv-1', 'user-1', { transactionId: 'tx' })
+
+      expect(execute).toHaveBeenCalled()
+    })
+  })
+
+  describe('getByToken', () => {
+    it('should return null when token not found', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce(null)
+
+      const result = await invitationsService.getByToken(db, 'invalid-token')
+
+      expect(result).toBeNull()
+    })
+
+    it('should return null when invitation already accepted', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'inv-1',
+        accountId: 'account-123',
+        email: 'test@example.com',
+        role: 'VIEWER',
+        acceptedAt: new Date().toISOString(),
+        expiresAt: new Date(Date.now() + 86400000).toISOString(),
+        accountName: 'Test Account',
+      })
+
+      const result = await invitationsService.getByToken(db, 'accepted-token')
+
+      expect(result).toBeNull()
+    })
+
+    it('should return null when invitation expired', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'inv-1',
+        accountId: 'account-123',
+        email: 'test@example.com',
+        role: 'VIEWER',
+        acceptedAt: null,
+        expiresAt: new Date(Date.now() - 86400000).toISOString(),
+        accountName: 'Test Account',
+      })
+
+      const result = await invitationsService.getByToken(db, 'expired-token')
+
+      expect(result).toBeNull()
+    })
+
+    it('should return invitation when valid', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'inv-1',
+        accountId: 'account-123',
+        email: 'test@example.com',
+        role: 'VIEWER',
+        acceptedAt: null,
+        expiresAt: new Date(Date.now() + 86400000).toISOString(),
+        accountName: 'Test Account',
+      })
+
+      const result = await invitationsService.getByToken(db, 'valid-token')
+
+      expect(result).not.toBeNull()
+      expect(result?.email).toBe('test@example.com')
+    })
+
+    it('should handle snake_case column names from DB', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({
+        id: 'inv-1',
+        account_id: 'account-123',
+        email: 'test@example.com',
+        role: 'VIEWER',
+        accepted_at: null,
+        expires_at: new Date(Date.now() + 86400000).toISOString(),
+        account_name: 'Test Account',
+      })
+
+      const result = await invitationsService.getByToken(db, 'valid-token')
+
+      expect(result).not.toBeNull()
+      expect(result?.accountId).toBe('account-123')
+    })
+  })
+
+  describe('list with snake_case mapping', () => {
+    it('should handle snake_case column names', async () => {
+      ;(queryAll as Mock).mockResolvedValueOnce([
+        {
+          id: 'inv-1',
+          email: 'invite@example.com',
+          role: 'VIEWER',
+          invited_by_id: 'user-1',
+          inviter_name: 'Inviter',
+          expires_at: new Date().toISOString(),
+          created_at: new Date().toISOString(),
+        },
+      ])
+
+      const result = await invitationsService.list(db, ctx)
+
+      expect(result).toHaveLength(1)
+      expect(result[0].invitedBy.id).toBe('user-1')
+    })
   })
 })