@jmruthers/pace-core 0.5.4 → 0.5.6

package/src/hooks/__tests__/useSecureDataAccess.unit.test.tsx

@@ -0,0 +1,537 @@
+import { renderHook, act } from '@testing-library/react';
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import { useSecureDataAccess } from '../useSecureDataAccess';
+import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
+import { useOrganisations } from '../../providers/OrganisationProvider';
+import { testDataGenerators } from '../../__tests__/helpers/test-utils';
+
+// Mock dependencies
+vi.mock('../../providers/UnifiedAuthProvider');
+vi.mock('../../providers/OrganisationProvider');
+
+const mockUseUnifiedAuth = {
+  user: null,
+  session: null,
+  supabase: null
+};
+
+const mockUseOrganisations = {
+  ensureOrganisationContext: vi.fn()
+};
+
+// Helper function to create authenticated context
+const createAuthenticatedContext = (supabase = { auth: {} }, org = { id: 'org-123' }) => {
+  const mockUser = testDataGenerators.createUser(1, { id: 'user-123' });
+  const mockSession = testDataGenerators.createSession(1, { access_token: 'test-token' });
+  
+  vi.mocked(useUnifiedAuth).mockReturnValue({
+    ...mockUseUnifiedAuth,
+    user: mockUser,
+    session: mockSession,
+    supabase
+  } as any);
+  vi.mocked(mockUseOrganisations.ensureOrganisationContext).mockReturnValue(org);
+};
+
+describe('useSecureDataAccess', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    vi.mocked(useUnifiedAuth).mockReturnValue(mockUseUnifiedAuth as any);
+    vi.mocked(useOrganisations).mockReturnValue(mockUseOrganisations as any);
+  });
+
+  describe('validateContext', () => {
+    it('should throw error when no supabase client', () => {
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      expect(() => result.current.validateContext()).toThrow('No Supabase client available');
+    });
+
+    it('should throw error when no organisation context', () => {
+      const mockSupabase = { auth: {} };
+      vi.mocked(useUnifiedAuth).mockReturnValue({
+        ...mockUseUnifiedAuth,
+        supabase: mockSupabase
+      } as any);
+      vi.mocked(mockUseOrganisations.ensureOrganisationContext).mockImplementation(() => {
+        throw new Error('Organisation context is required');
+      });
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      expect(() => result.current.validateContext()).toThrow('User must be authenticated with valid session');
+    });
+
+    it('should not throw when context is valid', () => {
+      createAuthenticatedContext();
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      expect(() => result.current.validateContext()).not.toThrow();
+    });
+  });
+
+  describe('getCurrentOrganisationId', () => {
+    it('should return organisation ID when context is valid', () => {
+      createAuthenticatedContext();
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      expect(result.current.getCurrentOrganisationId()).toBe('org-123');
+    });
+
+    it('should throw error when context is invalid', () => {
+      const mockSupabase = { auth: {} };
+      vi.mocked(useUnifiedAuth).mockReturnValue({
+        ...mockUseUnifiedAuth,
+        supabase: mockSupabase
+      } as any);
+      vi.mocked(mockUseOrganisations.ensureOrganisationContext).mockImplementation(() => {
+        throw new Error('Organisation context is required');
+      });
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      expect(() => result.current.getCurrentOrganisationId()).toThrow('User must be authenticated with valid session');
+    });
+  });
+
+  describe('secureQuery', () => {
+    it('should execute query with organisation filter', async () => {
+      // Create a mock that returns a promise when awaited
+      const mockQuery = {
+        eq: vi.fn().mockReturnThis(),
+        order: vi.fn().mockReturnThis(),
+        limit: vi.fn().mockReturnThis(),
+        range: vi.fn().mockReturnThis()
+      };
+      
+      // Create a promise that resolves to the expected data
+      const mockPromise = Promise.resolve({ data: [{ id: 1, name: 'Test' }], error: null });
+      
+      // Make the mock query chain behave like a promise
+      Object.defineProperty(mockQuery, 'then', {
+        value: mockPromise.then.bind(mockPromise),
+        writable: true,
+        configurable: true
+      });
+      
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          select: vi.fn().mockReturnValue(mockQuery)
+        })
+      };
+      
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      const data = await result.current.secureQuery('test_table', '*');
+
+      expect(data).toEqual([{ id: 1, name: 'Test' }]);
+      expect(mockSupabase.from).toHaveBeenCalledWith('test_table');
+    });
+
+    it('should handle query errors', async () => {
+      // Create a mock that returns a promise with an error
+      const mockQuery = {
+        eq: vi.fn().mockReturnThis(),
+        order: vi.fn().mockReturnThis(),
+        limit: vi.fn().mockReturnThis(),
+        range: vi.fn().mockReturnThis()
+      };
+      
+      // Create a promise that resolves to an error
+      const mockPromise = Promise.resolve({ data: null, error: new Error('Query failed') });
+      
+      // Make the mock query chain behave like a promise
+      Object.defineProperty(mockQuery, 'then', {
+        value: mockPromise.then.bind(mockPromise),
+        writable: true,
+        configurable: true
+      });
+      
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          select: vi.fn().mockReturnValue(mockQuery)
+        })
+      };
+      
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await expect(result.current.secureQuery('test_table', '*')).rejects.toThrow('Query failed');
+    });
+
+    it('should handle null/undefined filter values', async () => {
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          select: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockResolvedValue({ data: [], error: null })
+            })
+          })
+        })
+      };
+      
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      const data = await result.current.secureQuery('test_table', '*', {
+        status: 'active',
+        category: null,
+        type: undefined
+      });
+
+      expect(data).toEqual([]);
+    });
+
+    it('should return empty array when no data', async () => {
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          select: vi.fn().mockReturnValue({
+            eq: vi.fn().mockResolvedValue({ data: null, error: null })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      const data = await result.current.secureQuery('test_table', '*');
+
+      expect(data).toEqual([]);
+    });
+  });
+
+  describe('secureInsert', () => {
+    it('should insert data with organisation ID', async () => {
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          insert: vi.fn().mockReturnValue({
+            select: vi.fn().mockReturnValue({
+              single: vi.fn().mockResolvedValue({ data: { id: 1, name: 'Test', organisation_id: 'org-123' }, error: null })
+            })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      const data = await result.current.secureInsert('test_table', { name: 'Test' });
+
+      expect(data).toEqual({ id: 1, name: 'Test', organisation_id: 'org-123' });
+      expect(mockSupabase.from).toHaveBeenCalledWith('test_table');
+    });
+
+    it('should handle insert errors', async () => {
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          insert: vi.fn().mockReturnValue({
+            select: vi.fn().mockReturnValue({
+              single: vi.fn().mockResolvedValue({ data: null, error: new Error('Insert failed') })
+            })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await expect(result.current.secureInsert('test_table', { name: 'Test' })).rejects.toThrow('Insert failed');
+    });
+  });
+
+  describe('secureUpdate', () => {
+    it('should update data with organisation filter', async () => {
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          update: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockReturnValue({
+                select: vi.fn().mockResolvedValue({ data: [{ id: 1, name: 'Updated', organisation_id: 'org-123' }], error: null })
+              })
+            })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      const data = await result.current.secureUpdate('event', { name: 'Updated' }, { id: 1 });
+
+      expect(data).toEqual([{ id: 1, name: 'Updated', organisation_id: 'org-123' }]);
+    });
+
+    it('should handle update errors', async () => {
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          update: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockReturnValue({
+                select: vi.fn().mockResolvedValue({ data: null, error: new Error('Update failed') })
+              })
+            })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await expect(result.current.secureUpdate('event', { name: 'Updated' }, { id: 1 })).rejects.toThrow('Update failed');
+    });
+
+    it('should return empty array when no data updated', async () => {
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          update: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockReturnValue({
+                select: vi.fn().mockResolvedValue({ data: null, error: null })
+              })
+            })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      const data = await result.current.secureUpdate('event', { name: 'Updated' }, { id: 1 });
+
+      expect(data).toEqual([]);
+    });
+  });
+
+  describe('secureDelete', () => {
+    it('should delete data with organisation filter', async () => {
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          delete: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockResolvedValue({ error: null })
+            })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await result.current.secureDelete('event', { id: 1 });
+
+      expect(mockSupabase.from).toHaveBeenCalledWith('event');
+    });
+
+    it('should handle delete errors', async () => {
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          delete: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockResolvedValue({ error: new Error('Delete failed') })
+            })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await expect(result.current.secureDelete('event', { id: 1 })).rejects.toThrow('Delete failed');
+    });
+  });
+
+  describe('secureRpc', () => {
+    it('should call RPC with organisation ID', async () => {
+      const mockSupabase = {
+        rpc: vi.fn().mockResolvedValue({ data: { result: 'success' }, error: null })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      const data = await result.current.secureRpc('test_function', { param1: 'value1' });
+
+      expect(data).toEqual({ result: 'success' });
+      expect(mockSupabase.rpc).toHaveBeenCalledWith('test_function', {
+        param1: 'value1',
+        organisation_id: 'org-123'
+      });
+    });
+
+    it('should handle RPC errors', async () => {
+      const mockSupabase = {
+        rpc: vi.fn().mockResolvedValue({ data: null, error: new Error('RPC failed') })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await expect(result.current.secureRpc('test_function')).rejects.toThrow('RPC failed');
+    });
+
+    it('should call RPC without additional params', async () => {
+      const mockSupabase = {
+        rpc: vi.fn().mockResolvedValue({ data: { result: 'success' }, error: null })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await result.current.secureRpc('test_function');
+
+      expect(mockSupabase.rpc).toHaveBeenCalledWith('test_function', {
+        organisation_id: 'org-123'
+      });
+    });
+  });
+
+  describe('Logging', () => {
+    it('should log secure query operations', async () => {
+      const consoleSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          select: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockResolvedValue({ data: [], error: null })
+            })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await result.current.secureQuery('test_table', '*', { status: 'active' });
+
+      expect(consoleSpy).toHaveBeenCalledWith('[useSecureDataAccess] Executing secure query:', {
+        table: 'test_table',
+        organisationId: 'org-123',
+        filters: { status: 'active' }
+      });
+      expect(consoleSpy).toHaveBeenCalledWith('[useSecureDataAccess] Query successful:', {
+        table: 'test_table',
+        resultCount: 0
+      });
+
+      consoleSpy.mockRestore();
+    });
+
+    it('should log secure insert operations', async () => {
+      const consoleSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          insert: vi.fn().mockReturnValue({
+            select: vi.fn().mockReturnValue({
+              single: vi.fn().mockResolvedValue({ data: { id: 1 }, error: null })
+            })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await result.current.secureInsert('test_table', { name: 'Test' });
+
+      expect(consoleSpy).toHaveBeenCalledWith('[useSecureDataAccess] Executing secure insert:', {
+        table: 'test_table',
+        organisationId: 'org-123'
+      });
+      expect(consoleSpy).toHaveBeenCalledWith('[useSecureDataAccess] Insert successful:', {
+        table: 'test_table',
+        id: 1
+      });
+
+      consoleSpy.mockRestore();
+    });
+
+    it('should log secure update operations', async () => {
+      const consoleSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          update: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockReturnValue({
+                select: vi.fn().mockResolvedValue({ data: [{ id: 1 }], error: null })
+              })
+            })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await result.current.secureUpdate('event', { name: 'Updated' }, { id: 1 });
+
+      expect(consoleSpy).toHaveBeenCalledWith('[useSecureDataAccess] Executing secure update:', {
+        table: 'event',
+        organisationId: 'org-123',
+        filters: { id: 1 }
+      });
+      expect(consoleSpy).toHaveBeenCalledWith('[useSecureDataAccess] Update successful:', {
+        table: 'event',
+        updatedCount: 1
+      });
+
+      consoleSpy.mockRestore();
+    });
+
+    it('should log secure delete operations', async () => {
+      const consoleSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+      const mockSupabase = {
+        from: vi.fn().mockReturnValue({
+          delete: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockResolvedValue({ error: null })
+            })
+          })
+        })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await result.current.secureDelete('test_table', { id: 1 });
+
+      expect(consoleSpy).toHaveBeenCalledWith('[useSecureDataAccess] Executing secure delete:', {
+        table: 'test_table',
+        organisationId: 'org-123',
+        filters: { id: 1 }
+      });
+      expect(consoleSpy).toHaveBeenCalledWith('[useSecureDataAccess] Delete successful:', {
+        table: 'test_table'
+      });
+
+      consoleSpy.mockRestore();
+    });
+
+    it('should log secure RPC operations', async () => {
+      const consoleSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+      const mockSupabase = {
+        rpc: vi.fn().mockResolvedValue({ data: { result: 'success' }, error: null })
+      };
+      createAuthenticatedContext(mockSupabase);
+
+      const { result } = renderHook(() => useSecureDataAccess());
+
+      await result.current.secureRpc('test_function', { param1: 'value1' });
+
+      expect(consoleSpy).toHaveBeenCalledWith('[useSecureDataAccess] Executing secure RPC:', {
+        functionName: 'test_function',
+        organisationId: 'org-123'
+      });
+      expect(consoleSpy).toHaveBeenCalledWith('[useSecureDataAccess] RPC successful:', {
+        functionName: 'test_function'
+      });
+
+      consoleSpy.mockRestore();
+    });
+  });
+}); 

package/src/hooks/__tests__/useToast.unit.test.tsx

@@ -0,0 +1,62 @@
+
+import { renderHook, act } from '@testing-library/react';
+import { describe, it, expect, beforeEach } from 'vitest';
+import { useToast, reset } from '../useToast';
+
+describe('useToast', () => {
+  beforeEach(() => {
+    reset();
+  });
+
+  it('should add a toast', () => {
+    const { result } = renderHook(() => useToast());
+
+    act(() => {
+      result.current.toast({
+        title: 'Test Toast',
+        description: 'This is a test toast',
+      });
+    });
+
+    expect(result.current.toasts).toHaveLength(1);
+    expect(result.current.toasts[0]).toMatchObject({
+      title: 'Test Toast',
+      description: 'This is a test toast',
+    });
+  });
+
+  it('should dismiss a toast', () => {
+    const { result } = renderHook(() => useToast());
+
+    let dismissFn: (() => void) | undefined;
+
+    act(() => {
+      const response = result.current.toast({
+        title: 'Test Toast',
+      });
+      dismissFn = response.dismiss;
+    });
+
+    expect(result.current.toasts).toHaveLength(1);
+
+    act(() => {
+      dismissFn?.();
+    });
+
+    expect(result.current.toasts[0].open).toBe(false);
+  });
+
+  it('should limit the number of toasts', () => {
+    const { result } = renderHook(() => useToast());
+
+    act(() => {
+      for (let i = 0; i < 10; i++) {
+        result.current.toast({
+          title: `Toast ${i}`,
+        });
+      }
+    });
+
+    expect(result.current.toasts.length).toBeLessThanOrEqual(5);
+  });
+});

package/src/hooks/__tests__/useZodForm.unit.test.tsx

@@ -0,0 +1,37 @@
+
+import { renderHook } from '@testing-library/react';
+import { describe, it, expect } from 'vitest';
+import { useZodForm } from '../useZodForm';
+import { z } from 'zod';
+
+const testSchema = z.object({
+  name: z.string().min(1, 'Name is required'),
+  email: z.string().email('Invalid email'),
+});
+
+describe('useZodForm', () => {
+  it('should initialize with schema validation', () => {
+    const { result } = renderHook(() =>
+      useZodForm({
+        schema: testSchema,
+        defaultValues: { name: '', email: '' },
+      })
+    );
+
+    expect(result.current.formState).toBeDefined();
+    expect(result.current.register).toBeDefined();
+    expect(result.current.handleSubmit).toBeDefined();
+  });
+
+  it('should validate form data', async () => {
+    const { result } = renderHook(() =>
+      useZodForm({
+        schema: testSchema,
+        defaultValues: { name: '', email: '' },
+      })
+    );
+
+    const isValid = await result.current.trigger();
+    expect(isValid).toBe(false);
+  });
+});