@things-factory/auth-base 10.0.0-beta.6 → 10.0.0-beta.67

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/auth-base",
-  "version": "10.0.0-beta.6",
+  "version": "10.0.0-beta.67",
   "main": "dist-server/index.js",
   "browser": "dist-client/index.js",
   "things-factory": true,
@@ -31,11 +31,12 @@
   },
   "dependencies": {
     "@google-cloud/recaptcha-enterprise": "^5.13.0",
+    "@reduxjs/toolkit": "^2.2.5",
     "@simplewebauthn/browser": "^13.0.0",
     "@simplewebauthn/server": "^13.0.0",
-    "@things-factory/email-base": "^10.0.0-beta.6",
-    "@things-factory/env": "^10.0.0-beta.5",
-    "@things-factory/shell": "^10.0.0-beta.6",
+    "@things-factory/email-base": "^10.0.0-beta.53",
+    "@things-factory/env": "^10.0.0-beta.19",
+    "@things-factory/shell": "^10.0.0-beta.53",
     "@things-factory/utils": "^10.0.0-beta.5",
     "@types/webappsec-credential-management": "^0.6.9",
     "jsonwebtoken": "^9.0.0",
@@ -47,5 +48,5 @@
     "passport-jwt": "^4.0.0",
     "passport-local": "^1.0.0"
   },
-  "gitHead": "f8ec36e3a3ba4c0a1ebf6def7a9f379de1a49111"
+  "gitHead": "865e7545d5701bb8e0d67cd408f12267e5a0ad47"
 }

package/spec/unit/domain-owner-entity.spec.ts

@@ -0,0 +1,179 @@
+/**
+ * DomainOwner Entity Tests
+ *
+ * DomainOwner 엔티티의 저장/조회/유니크 제약/캐스케이드 테스트.
+ * EntitySchema 기반 테스트 DB를 사용하므로 실제 @things-factory/shell 의
+ * Domain/User 엔티티 대신 테스트 전용 스키마를 사용한다.
+ */
+
+import { TestDatabase } from '../../../../test/test-database'
+import { withTestTransaction } from '../../../../test/test-context'
+import {
+  domainFactory,
+  userFactory,
+  domainOwnerFactory
+} from '../../../../test/factories'
+import { DomainOwner } from '../../../../test/entities/schemas'
+
+describe('DomainOwner Entity', () => {
+  let testDb: TestDatabase
+
+  beforeAll(() => {
+    testDb = TestDatabase.getInstance()
+  })
+
+  describe('생성', () => {
+    it('기본 DomainOwner 엔트리를 저장할 수 있다', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const domain = await domainFactory.create({}, tx)
+        const user = await userFactory.create({}, tx)
+
+        const entry = await domainOwnerFactory.grant(domain, user, {}, tx)
+
+        expect(entry.id).toBeDefined()
+        expect(entry.grantedAt).toBeInstanceOf(Date)
+      })
+    })
+
+    it('grantedBy (부여자) 감사 정보를 저장한다', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const domain = await domainFactory.create({}, tx)
+        const newOwner = await userFactory.create({ name: 'Alice' }, tx)
+        const granter = await userFactory.create({ name: 'Bob the Admin' }, tx)
+
+        const entry = await domainOwnerFactory.grantBy(
+          domain,
+          newOwner,
+          granter,
+          { reason: 'initial setup' },
+          tx
+        )
+
+        const reloaded = await tx.findOne<DomainOwner>('DomainOwner', {
+          where: { id: entry.id },
+          relations: ['user', 'grantedBy', 'domain']
+        })
+
+        expect(reloaded?.user.id).toBe(newOwner.id)
+        expect(reloaded?.grantedBy?.id).toBe(granter.id)
+        expect(reloaded?.domain.id).toBe(domain.id)
+        expect(reloaded?.reason).toBe('initial setup')
+      })
+    })
+
+    it('reason 은 선택(null)적이다', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const domain = await domainFactory.create({}, tx)
+        const user = await userFactory.create({}, tx)
+
+        const entry = await domainOwnerFactory.grant(domain, user, { reason: null as any }, tx)
+
+        expect(entry.id).toBeDefined()
+      })
+    })
+  })
+
+  describe('유니크 제약', () => {
+    it('같은 (domain, user) 조합은 중복 삽입할 수 없다', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const domain = await domainFactory.create({}, tx)
+        const user = await userFactory.create({}, tx)
+
+        await domainOwnerFactory.grant(domain, user, {}, tx)
+
+        await expect(
+          domainOwnerFactory.grant(domain, user, { reason: 'duplicate' }, tx)
+        ).rejects.toThrow()
+      })
+    })
+
+    it('같은 user는 서로 다른 domain에는 owner로 등록 가능하다', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const domainA = await domainFactory.create({ name: 'A' }, tx)
+        const domainB = await domainFactory.create({ name: 'B' }, tx)
+        const user = await userFactory.create({}, tx)
+
+        const a = await domainOwnerFactory.grant(domainA, user, {}, tx)
+        const b = await domainOwnerFactory.grant(domainB, user, {}, tx)
+
+        expect(a.id).not.toBe(b.id)
+      })
+    })
+
+    it('같은 domain에 여러 user가 owner로 등록 가능하다 (멀티 오너)', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const domain = await domainFactory.create({}, tx)
+        const u1 = await userFactory.create({ name: 'U1' }, tx)
+        const u2 = await userFactory.create({ name: 'U2' }, tx)
+        const u3 = await userFactory.create({ name: 'U3' }, tx)
+
+        await domainOwnerFactory.grant(domain, u1, {}, tx)
+        await domainOwnerFactory.grant(domain, u2, {}, tx)
+        await domainOwnerFactory.grant(domain, u3, {}, tx)
+
+        const count = await tx.count('DomainOwner', {
+          where: { domain: { id: domain.id } }
+        })
+        expect(count).toBe(3)
+      })
+    })
+  })
+
+  describe('CASCADE on delete', () => {
+    it('User 삭제 시 관련 DomainOwner 엔트리가 자동 제거된다', async () => {
+      // 트랜잭션 밖에서 실행 — CASCADE 동작이 FK 제약에 달려있고
+      // sqlite 트랜잭션 롤백에서 깔끔하게 관측하기 어려움.
+      const ds = testDb.getDataSource()
+
+      const domain = await domainFactory.create({ name: 'cascade-user' })
+      const user = await userFactory.create({ name: 'to-delete' })
+      const entry = await domainOwnerFactory.grant(domain, user)
+
+      expect(
+        await ds.manager.count('DomainOwner', { where: { id: entry.id } })
+      ).toBe(1)
+
+      await ds.manager.delete('User', { id: user.id })
+
+      expect(
+        await ds.manager.count('DomainOwner', { where: { id: entry.id } })
+      ).toBe(0)
+    })
+
+    it('Domain 삭제 시 관련 DomainOwner 엔트리가 자동 제거된다', async () => {
+      const ds = testDb.getDataSource()
+
+      const domain = await domainFactory.create({ name: 'cascade-domain' })
+      const u1 = await userFactory.create({ name: 'co-owner-1' })
+      const u2 = await userFactory.create({ name: 'co-owner-2' })
+      await domainOwnerFactory.grant(domain, u1)
+      await domainOwnerFactory.grant(domain, u2)
+
+      expect(
+        await ds.manager.count('DomainOwner', {
+          where: { domain: { id: domain.id } }
+        })
+      ).toBe(2)
+
+      await ds.manager.delete('Domain', { id: domain.id })
+
+      expect(
+        await ds.manager.count('DomainOwner', {
+          where: { domain: { id: domain.id } }
+        })
+      ).toBe(0)
+    })
+  })
+})

package/spec/unit/domain-owner-granted.spec.ts

@@ -0,0 +1,215 @@
+/**
+ * domainOwnerGranted 권한 체크 로직 테스트
+ *
+ * 실제 함수(`process.domainOwnerGranted`)는 `@things-factory/shell`의
+ * getRepository(Domain)을 사용하므로 테스트 환경에서 직접 호출하기 어렵다.
+ * 동일한 동작을 하는 로직을 재현해 양쪽 경로(legacy cache + join table)를
+ * 모두 검증한다.
+ */
+
+import { EntityManager } from 'typeorm'
+import { TestDatabase } from '../../../../test/test-database'
+import { withTestTransaction } from '../../../../test/test-context'
+import {
+  domainFactory,
+  userFactory,
+  domainOwnerFactory
+} from '../../../../test/factories'
+import { Domain, User } from '../../../../test/entities/schemas'
+
+/**
+ * `packages/auth-base/server/middlewares/domain-authenticate-middleware.ts`
+ * 의 `process.domainOwnerGranted` 와 동일한 로직.
+ */
+async function domainOwnerGranted(
+  manager: EntityManager,
+  domain: Domain | null | undefined,
+  user: User | null | undefined
+): Promise<boolean> {
+  if (!user || !domain) return false
+  if (domain.owner === user.id) return true
+
+  return manager
+    .createQueryBuilder()
+    .select('ow')
+    .from('DomainOwner', 'ow')
+    .where('ow.domain_id = :domainId AND ow.user_id = :userId', {
+      domainId: domain.id,
+      userId: user.id
+    })
+    .getExists()
+}
+
+describe('domainOwnerGranted 권한 체크', () => {
+  let testDb: TestDatabase
+
+  beforeAll(() => {
+    testDb = TestDatabase.getInstance()
+  })
+
+  describe('Null/빈 값 방어', () => {
+    it('user가 없으면 false', async () => {
+      await withTestTransaction(async context => {
+        const { tx, domain } = context.state
+        expect(await domainOwnerGranted(tx, domain, null)).toBe(false)
+        expect(await domainOwnerGranted(tx, domain, undefined)).toBe(false)
+      })
+    })
+
+    it('domain이 없으면 false', async () => {
+      await withTestTransaction(async context => {
+        const { tx, user } = context.state
+        expect(await domainOwnerGranted(tx, null, user)).toBe(false)
+        expect(await domainOwnerGranted(tx, undefined, user)).toBe(false)
+      })
+    })
+
+    it('둘 다 없으면 false', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+        expect(await domainOwnerGranted(tx, null, null)).toBe(false)
+      })
+    })
+  })
+
+  describe('(1) 하위 호환: Domain.owner 캐시 필드', () => {
+    it('Domain.owner === user.id 이면 true', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const user = await userFactory.create({}, tx)
+        const domain = await domainFactory.create({ owner: user.id }, tx)
+
+        expect(await domainOwnerGranted(tx, domain, user)).toBe(true)
+      })
+    })
+
+    it('Domain.owner 와 user.id 가 다르고 join 테이블에도 없으면 false', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const ownerUser = await userFactory.create({ name: 'owner' }, tx)
+        const otherUser = await userFactory.create({ name: 'other' }, tx)
+        const domain = await domainFactory.create({ owner: ownerUser.id }, tx)
+
+        expect(await domainOwnerGranted(tx, domain, otherUser)).toBe(false)
+      })
+    })
+  })
+
+  describe('(2) DomainOwner 조인 테이블', () => {
+    it('테이블에 엔트리가 있으면 true (legacy cache 없이도)', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const domain = await domainFactory.create({}, tx) // owner = null
+        const user = await userFactory.create({}, tx)
+        await domainOwnerFactory.grant(domain, user, {}, tx)
+
+        expect(await domainOwnerGranted(tx, domain, user)).toBe(true)
+      })
+    })
+
+    it('엔트리가 없으면 false', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const domain = await domainFactory.create({}, tx)
+        const user = await userFactory.create({}, tx)
+
+        expect(await domainOwnerGranted(tx, domain, user)).toBe(false)
+      })
+    })
+
+    it('다른 도메인의 owner 엔트리로는 현재 도메인 owner 권한이 생기지 않는다', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const domainA = await domainFactory.create({ name: 'A' }, tx)
+        const domainB = await domainFactory.create({ name: 'B' }, tx)
+        const user = await userFactory.create({}, tx)
+
+        await domainOwnerFactory.grant(domainA, user, {}, tx)
+
+        expect(await domainOwnerGranted(tx, domainA, user)).toBe(true)
+        expect(await domainOwnerGranted(tx, domainB, user)).toBe(false)
+      })
+    })
+
+    it('같은 도메인의 다른 user는 owner가 아니다', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const domain = await domainFactory.create({}, tx)
+        const ownerUser = await userFactory.create({ name: 'owner' }, tx)
+        const memberUser = await userFactory.create({ name: 'member' }, tx)
+
+        await domainOwnerFactory.grant(domain, ownerUser, {}, tx)
+
+        expect(await domainOwnerGranted(tx, domain, ownerUser)).toBe(true)
+        expect(await domainOwnerGranted(tx, domain, memberUser)).toBe(false)
+      })
+    })
+
+    it('멀티 오너 — 각각이 독립적으로 owner로 인정된다', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const domain = await domainFactory.create({}, tx)
+        const u1 = await userFactory.create({ name: 'U1' }, tx)
+        const u2 = await userFactory.create({ name: 'U2' }, tx)
+        const u3 = await userFactory.create({ name: 'U3' }, tx)
+
+        await domainOwnerFactory.grant(domain, u1, {}, tx)
+        await domainOwnerFactory.grant(domain, u2, {}, tx)
+        await domainOwnerFactory.grant(domain, u3, {}, tx)
+
+        expect(await domainOwnerGranted(tx, domain, u1)).toBe(true)
+        expect(await domainOwnerGranted(tx, domain, u2)).toBe(true)
+        expect(await domainOwnerGranted(tx, domain, u3)).toBe(true)
+      })
+    })
+  })
+
+  describe('양쪽 경로 OR 동작', () => {
+    it('legacy cache 경로만 만족해도 true', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const user = await userFactory.create({}, tx)
+        const domain = await domainFactory.create({ owner: user.id }, tx)
+        // join table에 엔트리 없음
+
+        expect(await domainOwnerGranted(tx, domain, user)).toBe(true)
+      })
+    })
+
+    it('join table 경로만 만족해도 true (cache가 다른 user여도)', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const cachedUser = await userFactory.create({ name: 'cached' }, tx)
+        const newOwner = await userFactory.create({ name: 'new-owner' }, tx)
+        const domain = await domainFactory.create({ owner: cachedUser.id }, tx)
+
+        await domainOwnerFactory.grant(domain, newOwner, {}, tx)
+
+        expect(await domainOwnerGranted(tx, domain, newOwner)).toBe(true)
+        // 기존 캐시된 유저도 여전히 owner
+        expect(await domainOwnerGranted(tx, domain, cachedUser)).toBe(true)
+      })
+    })
+
+    it('양쪽 모두 만족하면 true (중복 허용 — cache와 table에 같은 사람)', async () => {
+      await withTestTransaction(async context => {
+        const { tx } = context.state
+
+        const user = await userFactory.create({}, tx)
+        const domain = await domainFactory.create({ owner: user.id }, tx)
+        await domainOwnerFactory.grant(domain, user, {}, tx)
+
+        expect(await domainOwnerGranted(tx, domain, user)).toBe(true)
+      })
+    })
+  })
+})

package/spec/unit/domain-owner-migration.spec.ts

@@ -0,0 +1,236 @@
+/**
+ * MigrateDomainOwnersToTable 마이그레이션 로직 테스트
+ *
+ * 마이그레이션의 핵심 동작:
+ * - Domain.owner가 있는 모든 도메인을 순회
+ * - DomainOwner 테이블에 동일 (domain, user) 쌍이 없으면 삽입
+ * - 이미 존재하면 skip (idempotent)
+ * - Domain.owner 는 건드리지 않음 (데이터 유실 방지)
+ *
+ * 실제 마이그레이션 클래스는 `@things-factory/shell` 의 getRepository에
+ * 의존하므로, 동일한 로직을 테스트 스키마 기반으로 재현한다.
+ */
+
+import { EntityManager } from 'typeorm'
+import { TestDatabase } from '../../../../test/test-database'
+import {
+  domainFactory,
+  userFactory,
+  domainOwnerFactory
+} from '../../../../test/factories'
+import { Domain, DomainOwner, User } from '../../../../test/entities/schemas'
+
+const MIGRATION_REASON = 'migrated from legacy single-owner field'
+
+/** up: legacy Domain.owner → DomainOwner 테이블 이관 */
+async function migrationUp(
+  manager: EntityManager
+): Promise<{ migrated: number; skipped: number }> {
+  const domainRepo = manager.getRepository<Domain>('Domain')
+  const ownerRepo = manager.getRepository<DomainOwner>('DomainOwner')
+
+  const domains = await domainRepo
+    .createQueryBuilder('d')
+    .where('d.owner IS NOT NULL')
+    .getMany()
+
+  let migrated = 0
+  let skipped = 0
+
+  for (const domain of domains) {
+    if (!domain.owner) continue
+
+    const existing = await ownerRepo.findOne({
+      where: { domain: { id: domain.id }, user: { id: domain.owner } }
+    })
+    if (existing) {
+      skipped++
+      continue
+    }
+
+    const entry = ownerRepo.create({
+      domain: { id: domain.id } as Domain,
+      user: { id: domain.owner } as unknown as User,
+      reason: MIGRATION_REASON
+    } as Partial<DomainOwner>)
+    await ownerRepo.save(entry)
+    migrated++
+  }
+
+  return { migrated, skipped }
+}
+
+/** down: reason 이 'migrated from legacy...'인 엔트리만 삭제 */
+async function migrationDown(manager: EntityManager): Promise<number> {
+  const result = await manager
+    .createQueryBuilder()
+    .delete()
+    .from('DomainOwner')
+    .where('reason = :reason', { reason: MIGRATION_REASON })
+    .execute()
+  return result.affected ?? 0
+}
+
+describe('MigrateDomainOwnersToTable', () => {
+  let testDb: TestDatabase
+
+  beforeAll(() => {
+    testDb = TestDatabase.getInstance()
+  })
+
+  describe('up()', () => {
+    it('Domain.owner 가 있는 도메인을 DomainOwner 테이블에 이관한다', async () => {
+      const ds = testDb.getDataSource()
+
+      const u1 = await userFactory.create({ name: 'legacy-owner-1' })
+      const u2 = await userFactory.create({ name: 'legacy-owner-2' })
+      await domainFactory.create({ name: 'D1', owner: u1.id })
+      await domainFactory.create({ name: 'D2', owner: u2.id })
+
+      const result = await migrationUp(ds.manager)
+
+      expect(result.migrated).toBeGreaterThanOrEqual(2)
+
+      const total = await ds.manager.count('DomainOwner', {
+        where: { reason: MIGRATION_REASON }
+      })
+      expect(total).toBeGreaterThanOrEqual(2)
+    })
+
+    it('Domain.owner 가 null인 도메인은 건드리지 않는다', async () => {
+      const ds = testDb.getDataSource()
+
+      await domainFactory.create({ name: 'no-owner-domain', owner: null as any })
+
+      const beforeCount = await ds.manager.count('DomainOwner')
+      await migrationUp(ds.manager)
+      const afterCount = await ds.manager.count('DomainOwner')
+
+      // no-owner-domain 에 대해서는 아무것도 생성되지 않음
+      expect(afterCount).toBe(beforeCount)
+    })
+
+    it('이미 DomainOwner 엔트리가 있는 경우 skip 된다 (idempotent)', async () => {
+      const ds = testDb.getDataSource()
+
+      const user = await userFactory.create({ name: 'already-migrated' })
+      const domain = await domainFactory.create({
+        name: 'idempotent-domain',
+        owner: user.id
+      })
+      await domainOwnerFactory.grant(domain, user, { reason: 'added manually' })
+
+      const result = await migrationUp(ds.manager)
+      expect(result.skipped).toBeGreaterThanOrEqual(1)
+
+      // 엔트리 수는 하나로 유지 (중복 생성 안 됨)
+      const count = await ds.manager.count('DomainOwner', {
+        where: {
+          domain: { id: domain.id },
+          user: { id: user.id }
+        }
+      })
+      expect(count).toBe(1)
+    })
+
+    it('두 번 연속 실행해도 안전하다 (진정한 idempotency)', async () => {
+      const ds = testDb.getDataSource()
+
+      const user = await userFactory.create({ name: 'twice-migrated' })
+      await domainFactory.create({ name: 'twice-domain', owner: user.id })
+
+      const first = await migrationUp(ds.manager)
+      const totalAfterFirst = await ds.manager.count('DomainOwner')
+
+      const second = await migrationUp(ds.manager)
+      const totalAfterSecond = await ds.manager.count('DomainOwner')
+
+      expect(second.migrated).toBe(0)
+      expect(totalAfterSecond).toBe(totalAfterFirst)
+      expect(first.migrated).toBeGreaterThan(0)
+    })
+  })
+
+  describe('down()', () => {
+    it("reason이 'migrated from legacy single-owner field' 인 엔트리만 삭제한다", async () => {
+      const ds = testDb.getDataSource()
+
+      const user = await userFactory.create({ name: 'mixed-reason-user' })
+      const domain = await domainFactory.create({
+        name: 'mixed-reason-domain',
+        owner: user.id
+      })
+      // 마이그레이션으로 생성된 엔트리
+      await migrationUp(ds.manager)
+      // 다른 reason 으로 수동 추가된 엔트리
+      const otherUser = await userFactory.create({ name: 'manual' })
+      await domainOwnerFactory.grant(domain, otherUser, { reason: 'manually added by admin' })
+
+      const beforeMigrated = await ds.manager.count('DomainOwner', {
+        where: { reason: MIGRATION_REASON }
+      })
+      const beforeOther = await ds.manager.count('DomainOwner', {
+        where: { reason: 'manually added by admin' }
+      })
+
+      expect(beforeMigrated).toBeGreaterThanOrEqual(1)
+      expect(beforeOther).toBe(1)
+
+      await migrationDown(ds.manager)
+
+      const afterMigrated = await ds.manager.count('DomainOwner', {
+        where: { reason: MIGRATION_REASON }
+      })
+      const afterOther = await ds.manager.count('DomainOwner', {
+        where: { reason: 'manually added by admin' }
+      })
+
+      expect(afterMigrated).toBe(0)
+      expect(afterOther).toBe(1) // 수동 추가된 엔트리는 보존
+    })
+
+    it('Domain.owner 필드는 down() 에서 건드리지 않는다 (데이터 유실 없음)', async () => {
+      const ds = testDb.getDataSource()
+
+      const user = await userFactory.create({ name: 'preserved' })
+      const domain = await domainFactory.create({
+        name: 'preserved-domain',
+        owner: user.id
+      })
+
+      await migrationUp(ds.manager)
+      await migrationDown(ds.manager)
+
+      const reloaded = await ds.manager.findOne<Domain>('Domain', {
+        where: { id: domain.id }
+      })
+      expect(reloaded?.owner).toBe(user.id)
+    })
+  })
+
+  describe('up → down → up 왕복', () => {
+    it('왕복 후 일관성 유지', async () => {
+      const ds = testDb.getDataSource()
+
+      const user = await userFactory.create({ name: 'roundtrip' })
+      await domainFactory.create({ name: 'roundtrip-domain', owner: user.id })
+
+      await migrationUp(ds.manager)
+      const afterUp1 = await ds.manager.count('DomainOwner', {
+        where: { reason: MIGRATION_REASON }
+      })
+
+      await migrationDown(ds.manager)
+      const afterDown = await ds.manager.count('DomainOwner', {
+        where: { reason: MIGRATION_REASON }
+      })
+      expect(afterDown).toBe(0)
+
+      await migrationUp(ds.manager)
+      const afterUp2 = await ds.manager.count('DomainOwner', {
+        where: { reason: MIGRATION_REASON }
+      })
+      expect(afterUp2).toBe(afterUp1)
+    })
+  })
+})