@jmruthers/pace-core 0.5.108 → 0.5.110

package/src/services/__tests__/AuthService.test.ts

@@ -640,4 +640,188 @@ describe('AuthService', () => {
       expect(authService.isAuthenticated()).toBe(false);
     });
   });
+
+  describe('Automatic Session Tracking', () => {
+    beforeEach(() => {
+      // Mock rpc function for session tracking
+      (mockSupabase as any).rpc = vi.fn();
+      // Mock from().select() chain for app ID resolution
+      (mockSupabase as any).from = vi.fn().mockReturnValue({
+        select: vi.fn().mockReturnValue({
+          eq: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              single: vi.fn().mockResolvedValue({
+                data: { id: 'app-id-123' },
+                error: null
+              })
+            })
+          })
+        })
+      });
+    });
+
+    it('should track login session automatically on SIGNED_IN event', async () => {
+      const mockUser = { id: 'user-123', email: 'test@example.com' };
+      const mockSession = { access_token: 'token', user: mockUser };
+      
+      (mockSupabase as any).rpc.mockResolvedValue({ error: null });
+      
+      let authStateCallback: any;
+      mockSupabase.auth.onAuthStateChange.mockImplementation((callback) => {
+        authStateCallback = callback;
+        return { data: { subscription: { unsubscribe: vi.fn() } } };
+      });
+
+      // Initialize with appName to test app ID resolution
+      const authServiceWithApp = new AuthService(mockSupabase as any, 'TEST_APP');
+      await authServiceWithApp.initialize();
+
+      // Simulate SIGNED_IN event
+      if (authStateCallback) {
+        authStateCallback('SIGNED_IN', mockSession);
+        
+        // Wait a bit for async tracking to complete
+        await new Promise(resolve => setTimeout(resolve, 100));
+        
+        // Verify rbac_session_track was called with correct parameters
+        expect((mockSupabase as any).rpc).toHaveBeenCalledWith('rbac_session_track', expect.objectContaining({
+          p_user_id: 'user-123',
+          p_session_type: 'login',
+          p_event_id: null,
+          p_app_id: 'app-id-123', // Should be resolved from appName
+          p_user_agent: expect.any(String), // navigator.userAgent
+        }));
+      }
+
+      authServiceWithApp.cleanup();
+    });
+
+    it('should track logout session automatically on SIGNED_OUT event', async () => {
+      const mockUser = { id: 'user-123', email: 'test@example.com' };
+      const mockSession = { access_token: 'token', user: mockUser };
+      
+      (mockSupabase as any).rpc.mockResolvedValue({ error: null });
+      
+      let authStateCallback: any;
+      mockSupabase.auth.onAuthStateChange.mockImplementation((callback) => {
+        authStateCallback = callback;
+        return { data: { subscription: { unsubscribe: vi.fn() } } };
+      });
+
+      const authServiceWithApp = new AuthService(mockSupabase as any, 'TEST_APP');
+      await authServiceWithApp.initialize();
+
+      // Simulate SIGNED_OUT event
+      if (authStateCallback) {
+        authStateCallback('SIGNED_OUT', mockSession);
+        
+        // Wait a bit for async tracking to complete
+        await new Promise(resolve => setTimeout(resolve, 100));
+        
+        // Verify rbac_session_track was called with logout type
+        expect((mockSupabase as any).rpc).toHaveBeenCalledWith('rbac_session_track', expect.objectContaining({
+          p_user_id: 'user-123',
+          p_session_type: 'logout',
+        }));
+      }
+
+      authServiceWithApp.cleanup();
+    });
+
+    it('should NOT track session on TOKEN_REFRESHED event (to avoid duplicate login records)', async () => {
+      const mockUser = { id: 'user-123', email: 'test@example.com' };
+      const mockSession = { access_token: 'new_token', user: mockUser };
+      
+      (mockSupabase as any).rpc.mockResolvedValue({ error: null });
+      
+      let authStateCallback: any;
+      mockSupabase.auth.onAuthStateChange.mockImplementation((callback) => {
+        authStateCallback = callback;
+        return { data: { subscription: { unsubscribe: vi.fn() } } };
+      });
+
+      const authServiceWithApp = new AuthService(mockSupabase as any, 'TEST_APP');
+      await authServiceWithApp.initialize();
+
+      // Simulate TOKEN_REFRESHED event
+      if (authStateCallback) {
+        authStateCallback('TOKEN_REFRESHED', mockSession);
+        
+        // Wait a bit for any async operations
+        await new Promise(resolve => setTimeout(resolve, 100));
+        
+        // Verify rbac_session_track was NOT called
+        expect((mockSupabase as any).rpc).not.toHaveBeenCalled();
+      }
+
+      authServiceWithApp.cleanup();
+    });
+
+    it('should handle tracking errors gracefully without breaking authentication', async () => {
+      const mockUser = { id: 'user-123', email: 'test@example.com' };
+      const mockSession = { access_token: 'token', user: mockUser };
+      const consoleWarnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});
+      
+      (mockSupabase as any).rpc.mockRejectedValue(new Error('Tracking failed'));
+      
+      let authStateCallback: any;
+      mockSupabase.auth.onAuthStateChange.mockImplementation((callback) => {
+        authStateCallback = callback;
+        return { data: { subscription: { unsubscribe: vi.fn() } } };
+      });
+
+      const authServiceWithApp = new AuthService(mockSupabase as any, 'TEST_APP');
+      await authServiceWithApp.initialize();
+
+      // Simulate SIGNED_IN event
+      if (authStateCallback) {
+        authStateCallback('SIGNED_IN', mockSession);
+        
+        // Wait a bit for async tracking to complete
+        await new Promise(resolve => setTimeout(resolve, 100));
+        
+        // Verify error was logged but authentication still succeeded
+        // When rpc throws an exception, it goes to catch block which logs "Error tracking"
+        expect(consoleWarnSpy).toHaveBeenCalledWith(
+          expect.stringContaining('Error tracking login session'),
+          expect.anything()
+        );
+        expect(authServiceWithApp.isAuthenticated()).toBe(true);
+      }
+
+      consoleWarnSpy.mockRestore();
+      authServiceWithApp.cleanup();
+    });
+
+    it('should work without appName (app_id will be null)', async () => {
+      const mockUser = { id: 'user-123', email: 'test@example.com' };
+      const mockSession = { access_token: 'token', user: mockUser };
+      
+      (mockSupabase as any).rpc.mockResolvedValue({ error: null });
+      
+      let authStateCallback: any;
+      mockSupabase.auth.onAuthStateChange.mockImplementation((callback) => {
+        authStateCallback = callback;
+        return { data: { subscription: { unsubscribe: vi.fn() } } };
+      });
+
+      // Initialize without appName
+      await authService.initialize();
+
+      // Simulate SIGNED_IN event
+      if (authStateCallback) {
+        authStateCallback('SIGNED_IN', mockSession);
+        
+        // Wait a bit for async tracking to complete
+        await new Promise(resolve => setTimeout(resolve, 100));
+        
+        // Verify rbac_session_track was called with null app_id
+        expect((mockSupabase as any).rpc).toHaveBeenCalledWith('rbac_session_track', expect.objectContaining({
+          p_user_id: 'user-123',
+          p_session_type: 'login',
+          p_app_id: undefined, // Should be undefined when appName not provided
+        }));
+      }
+    });
+  });
 });

package/src/types/database.ts

@@ -387,26 +387,38 @@ export interface Database {
         Row: {
           id: string;
           user_id: string;
-          email: string | null;
-          app_id: string | null;
+          email: string;  // NOT NULL in schema
           event_id: string | null;
-          created_at: string;
+          login_timestamp: string;  // Changed from created_at to login_timestamp
+          session_id: string;  // NOT NULL in schema
+          user_agent: string | null;
+          ip_address: string | null;
+          organisation_id: string;  // NOT NULL in schema
+          app_id: string | null;  // Added in migration
         };
         Insert: {
           id?: string;
           user_id: string;
-          email?: string | null;
-          app_id?: string | null;
+          email: string;  // Required, NOT NULL
           event_id?: string | null;
-          created_at?: string;
+          login_timestamp?: string;
+          session_id: string;  // Required, NOT NULL
+          user_agent?: string | null;
+          ip_address?: string | null;
+          organisation_id: string;  // Required, NOT NULL
+          app_id?: string | null;
         };
         Update: {
           id?: string;
           user_id?: string;
-          email?: string | null;
-          app_id?: string | null;
+          email?: string;
           event_id?: string | null;
-          created_at?: string;
+          login_timestamp?: string;
+          session_id?: string;
+          user_agent?: string | null;
+          ip_address?: string | null;
+          organisation_id?: string;
+          app_id?: string | null;
         };
       };
       rbac_audit_events: {

package/src/types/rbac-functions.ts

@@ -30,10 +30,11 @@ export interface RBACPermissionCheckResult {
 }
 
 export interface RBACPermissionsGetParams {
-  p_user_id?: UUID;
+  p_user_id: UUID; // REQUIRED - no default, must be explicitly provided
   p_organisation_id?: UUID;
   p_event_id?: string;
   p_app_id?: UUID;
+  p_page_id?: UUID;
 }
 
 export interface RBACPermissionsGetResult {

package/src/utils/__tests__/sessionTracking.unit.test.ts

@@ -27,102 +27,6 @@ describe('sessionTracking', () => {
     } as unknown as SupabaseClient;
   });
 
-    describe('trackLogin', () => {
-    it('should track login successfully', async () => {
-      const mockUser = { id: 'user-123', email: 'test@example.com' };
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: mockUser } });
-      const mockRpc = vi.fn().mockResolvedValue({ error: null });
-      
-      mockSupabase.auth.getUser = mockGetUser;
-      mockSupabase.rpc = mockRpc;
-
-      // Import the module after setting up mocks
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-
-      await trackingFunctions.trackLogin('event-123');
-
-      expect(mockGetUser).toHaveBeenCalled();
-      expect(mockRpc).toHaveBeenCalledWith('rbac_session_track', {
-        p_user_id: 'user-123',
-        p_session_type: 'login',
-        p_event_id: 'event-123',
-        p_app_id: undefined,
-        p_ip_address: undefined,
-        p_user_agent: undefined
-      });
-      expect(consoleSpy.log).toHaveBeenCalledWith('Login session tracked successfully');
-    });
-
-    it('should track login without event ID', async () => {
-      const mockUser = { id: 'user-123', email: 'test@example.com' };
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: mockUser } });
-      const mockRpc = vi.fn().mockResolvedValue({ error: null });
-      
-      mockSupabase.auth.getUser = mockGetUser;
-      mockSupabase.rpc = mockRpc;
-
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-
-      await trackingFunctions.trackLogin();
-
-      expect(mockRpc).toHaveBeenCalledWith('rbac_session_track', {
-        p_user_id: 'user-123',
-        p_session_type: 'login',
-        p_event_id: undefined,
-        p_app_id: undefined,
-        p_ip_address: undefined,
-        p_user_agent: undefined
-      });
-    });
-
-    it('should handle no authenticated user', async () => {
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: null } });
-      mockSupabase.auth.getUser = mockGetUser;
-
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-
-      await trackingFunctions.trackLogin();
-
-      expect(consoleSpy.warn).toHaveBeenCalledWith('No authenticated user found for session tracking');
-    });
-
-    it('should handle tracking error', async () => {
-      const mockUser = { id: 'user-123', email: 'test@example.com' };
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: mockUser } });
-      const mockRpc = vi.fn().mockResolvedValue({ error: { message: 'Database error' } });
-      
-      mockSupabase.auth.getUser = mockGetUser;
-      mockSupabase.rpc = mockRpc;
-
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-
-      await trackingFunctions.trackLogin();
-
-      expect(consoleSpy.error).toHaveBeenCalledWith('Failed to track login session:', { message: 'Database error' });
-    });
-
-    it('should handle unexpected errors', async () => {
-      const mockGetUser = vi.fn().mockRejectedValue(new Error('Auth error'));
-      mockSupabase.auth.getUser = mockGetUser;
-
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-
-      await trackingFunctions.trackLogin();
-
-      expect(consoleSpy.error).toHaveBeenCalledWith('Failed to track login:', expect.any(Error));
-    });
-  });
-
   describe('trackEventSwitch', () => {
     it('should track event switch successfully', async () => {
       const mockUser = { id: 'user-123', email: 'test@example.com' };
@@ -193,76 +97,6 @@ describe('sessionTracking', () => {
     });
   });
 
-  describe('trackLogout', () => {
-    it('should track logout successfully', async () => {
-      const mockUser = { id: 'user-123', email: 'test@example.com' };
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: mockUser } });
-      const mockRpc = vi.fn().mockResolvedValue({ error: null });
-      
-      mockSupabase.auth.getUser = mockGetUser;
-      mockSupabase.rpc = mockRpc;
-
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-
-      await trackingFunctions.trackLogout();
-
-      expect(mockRpc).toHaveBeenCalledWith('rbac_session_track', {
-        p_user_id: 'user-123',
-        p_session_type: 'logout',
-        p_event_id: undefined,
-        p_app_id: undefined,
-        p_ip_address: undefined,
-        p_user_agent: undefined
-      });
-      expect(consoleSpy.log).toHaveBeenCalledWith('Logout session tracked successfully');
-    });
-
-    it('should handle no authenticated user', async () => {
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: null } });
-      mockSupabase.auth.getUser = mockGetUser;
-
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-
-      await trackingFunctions.trackLogout();
-
-      expect(consoleSpy.warn).toHaveBeenCalledWith('No authenticated user found for session tracking');
-    });
-
-    it('should handle tracking error', async () => {
-      const mockUser = { id: 'user-123', email: 'test@example.com' };
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: mockUser } });
-      const mockRpc = vi.fn().mockResolvedValue({ error: { message: 'Database error' } });
-      
-      mockSupabase.auth.getUser = mockGetUser;
-      mockSupabase.rpc = mockRpc;
-
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-
-      await trackingFunctions.trackLogout();
-
-      expect(consoleSpy.error).toHaveBeenCalledWith('Failed to track logout session:', { message: 'Database error' });
-    });
-
-    it('should handle unexpected errors', async () => {
-      const mockGetUser = vi.fn().mockRejectedValue(new Error('Auth error'));
-      mockSupabase.auth.getUser = mockGetUser;
-
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-
-      await trackingFunctions.trackLogout();
-
-      expect(consoleSpy.error).toHaveBeenCalledWith('Failed to track logout:', expect.any(Error));
-    });
-  });
-
   describe('trackSessionExpired', () => {
     it('should track session expiration successfully', async () => {
       const mockUser = { id: 'user-123', email: 'test@example.com' };
@@ -339,10 +173,11 @@ describe('sessionTracking', () => {
       const { useSessionTracking } = await import('../sessionTracking');
       const trackingWithoutApp = useSessionTracking(mockSupabase);
       
-      expect(trackingWithoutApp).toHaveProperty('trackLogin');
       expect(trackingWithoutApp).toHaveProperty('trackEventSwitch');
-      expect(trackingWithoutApp).toHaveProperty('trackLogout');
       expect(trackingWithoutApp).toHaveProperty('trackSessionExpired');
+      // trackLogin and trackLogout are no longer available (auto-tracked by UnifiedAuthProvider)
+      expect(trackingWithoutApp).not.toHaveProperty('trackLogin');
+      expect(trackingWithoutApp).not.toHaveProperty('trackLogout');
     });
 
     it('should pass undefined app name to tracking calls', async () => {
@@ -357,12 +192,12 @@ describe('sessionTracking', () => {
       const { useSessionTracking } = await import('../sessionTracking');
       const trackingWithoutApp = useSessionTracking(mockSupabase);
 
-      await trackingWithoutApp.trackLogin();
+      await trackingWithoutApp.trackEventSwitch('event-123');
 
       expect(mockRpc).toHaveBeenCalledWith('rbac_session_track', {
         p_user_id: 'user-123',
-        p_session_type: 'login',
-        p_event_id: undefined,
+        p_session_type: 'event_switch',
+        p_event_id: 'event-123',
         p_app_id: undefined,
         p_ip_address: undefined,
         p_user_agent: undefined

package/src/utils/sessionTracking.ts

@@ -2,7 +2,7 @@ import type { SupabaseClient } from '@supabase/supabase-js';
 
 // Define the tracking parameters locally since old RBAC types are removed
 interface TrackUserSessionParams {
-  p_session_type: 'login' | 'logout' | 'event_switch' | 'session_expired';
+  p_session_type: 'event_switch' | 'session_expired';
   p_event_id?: string;
   p_app_id?: string;
   ip_address?: string;
@@ -10,10 +10,14 @@ interface TrackUserSessionParams {
 }
 
 /**
- * Hook for tracking user sessions and event interactions using the new RBAC system
+ * Hook for manual session tracking (event switches and session expiration).
+ * 
+ * Note: Login and logout tracking is automatically handled by UnifiedAuthProvider.
+ * You should only use this hook for tracking event switches or session expirations.
+ * 
  * @param supabaseClient - Supabase client instance
  * @param appName - Optional application name for tracking
- * @returns Object containing tracking functions
+ * @returns Object containing tracking functions for event switches and session expiration
  */
 export function useSessionTracking(supabaseClient: SupabaseClient, appName?: string) {
   // Resolve app name to app_id
@@ -39,45 +43,6 @@ export function useSessionTracking(supabaseClient: SupabaseClient, appName?: str
       return undefined;
     }
   };
-  /**
-   * Track a user login event
-   * @param eventId - Optional event ID to associate with the login
-   */
-  const trackLogin = async (eventId?: string) => {
-    try {
-      const { data: { user } } = await supabaseClient.auth.getUser();
-      if (!user) {
-        console.warn('No authenticated user found for session tracking');
-        return;
-      }
-
-      const appId = await resolveAppId();
-
-      const params: TrackUserSessionParams = {
-        p_session_type: 'login',
-        p_event_id: eventId,
-        p_app_id: appId
-      };
-
-      const { error } = await supabaseClient.rpc('rbac_session_track', {
-        p_user_id: user?.id,
-        p_session_type: params.p_session_type,
-        p_event_id: params.p_event_id,
-        p_app_id: params.p_app_id,
-        p_ip_address: params.ip_address,
-        p_user_agent: params.user_agent
-      });
-      
-      if (error) {
-        console.error('Failed to track login session:', error);
-      } else {
-        console.log('Login session tracked successfully');
-      }
-    } catch (error) {
-      console.error('Failed to track login:', error);
-    }
-  };
-
   /**
    * Track an event switch
    * @param eventId - ID of the event being switched to
@@ -117,43 +82,6 @@ export function useSessionTracking(supabaseClient: SupabaseClient, appName?: str
     }
   };
 
-  /**
-   * Track a user logout event
-   */
-  const trackLogout = async () => {
-    try {
-      const { data: { user } } = await supabaseClient.auth.getUser();
-      if (!user) {
-        console.warn('No authenticated user found for session tracking');
-        return;
-      }
-
-      const appId = await resolveAppId();
-
-      const params: TrackUserSessionParams = {
-        p_session_type: 'logout',
-        p_app_id: appId
-      };
-
-      const { error } = await supabaseClient.rpc('rbac_session_track', {
-        p_user_id: user?.id,
-        p_session_type: params.p_session_type,
-        p_event_id: params.p_event_id,
-        p_app_id: params.p_app_id,
-        p_ip_address: params.ip_address,
-        p_user_agent: params.user_agent
-      });
-      
-      if (error) {
-        console.error('Failed to track logout session:', error);
-      } else {
-        console.log('Logout session tracked successfully');
-      }
-    } catch (error) {
-      console.error('Failed to track logout:', error);
-    }
-  };
-
   /**
    * Track a session expiration
    */
@@ -192,9 +120,7 @@ export function useSessionTracking(supabaseClient: SupabaseClient, appName?: str
   };
 
   return {
-    trackLogin,
     trackEventSwitch,
-    trackLogout,
     trackSessionExpired
   };
 }