npm - @varshylinc/team-management - Versions diffs - 0.1.0 → 0.2.0 - Mend

@varshylinc/team-management 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (254) hide show

package/dist/client/actions.d.ts +20 -0
package/dist/client/actions.d.ts.map +1 -0
package/dist/client/actions.js +23 -0
package/dist/client/actions.js.map +1 -0
package/dist/client/api.d.ts +74 -0
package/dist/client/api.d.ts.map +1 -0
package/dist/client/api.js +245 -0
package/dist/client/api.js.map +1 -0
package/dist/client/components/AddMemberForm.d.ts +12 -0
package/dist/client/components/AddMemberForm.d.ts.map +1 -0
package/dist/client/components/AddMemberForm.js +37 -0
package/dist/client/components/AddMemberForm.js.map +1 -0
package/dist/client/components/AuditEventRow.d.ts +7 -0
package/dist/client/components/AuditEventRow.d.ts.map +1 -0
package/dist/client/components/AuditEventRow.js +20 -0
package/dist/client/components/AuditEventRow.js.map +1 -0
package/dist/client/components/CascadePreview.d.ts +11 -0
package/dist/client/components/CascadePreview.d.ts.map +1 -0
package/dist/client/components/CascadePreview.js +7 -0
package/dist/client/components/CascadePreview.js.map +1 -0
package/dist/client/components/DangerZoneCard.d.ts +10 -0
package/dist/client/components/DangerZoneCard.d.ts.map +1 -0
package/dist/client/components/DangerZoneCard.js +28 -0
package/dist/client/components/DangerZoneCard.js.map +1 -0
package/dist/client/components/InvitationCodeDisplay.d.ts +7 -0
package/dist/client/components/InvitationCodeDisplay.d.ts.map +1 -0
package/dist/client/components/InvitationCodeDisplay.js +26 -0
package/dist/client/components/InvitationCodeDisplay.js.map +1 -0
package/dist/client/components/InviteForm.d.ts +7 -0
package/dist/client/components/InviteForm.d.ts.map +1 -0
package/dist/client/components/InviteForm.js +35 -0
package/dist/client/components/InviteForm.js.map +1 -0
package/dist/client/components/MemberRow.d.ts +10 -0
package/dist/client/components/MemberRow.d.ts.map +1 -0
package/dist/client/components/MemberRow.js +17 -0
package/dist/client/components/MemberRow.js.map +1 -0
package/dist/client/components/OrgPeopleRoster.d.ts +11 -0
package/dist/client/components/OrgPeopleRoster.d.ts.map +1 -0
package/dist/client/components/OrgPeopleRoster.js +13 -0
package/dist/client/components/OrgPeopleRoster.js.map +1 -0
package/dist/client/components/PendingTransferBanner.d.ts +10 -0
package/dist/client/components/PendingTransferBanner.d.ts.map +1 -0
package/dist/client/components/PendingTransferBanner.js +48 -0
package/dist/client/components/PendingTransferBanner.js.map +1 -0
package/dist/client/components/PlaceholderCard.d.ts +7 -0
package/dist/client/components/PlaceholderCard.d.ts.map +1 -0
package/dist/client/components/PlaceholderCard.js +15 -0
package/dist/client/components/PlaceholderCard.js.map +1 -0
package/dist/client/components/RoleBadge.d.ts +5 -0
package/dist/client/components/RoleBadge.d.ts.map +1 -0
package/dist/client/components/RoleBadge.js +17 -0
package/dist/client/components/RoleBadge.js.map +1 -0
package/dist/client/components/RoleSelect.d.ts +10 -0
package/dist/client/components/RoleSelect.d.ts.map +1 -0
package/dist/client/components/RoleSelect.js +12 -0
package/dist/client/components/RoleSelect.js.map +1 -0
package/dist/client/components/SeatUsagePanel.d.ts +6 -0
package/dist/client/components/SeatUsagePanel.d.ts.map +1 -0
package/dist/client/components/SeatUsagePanel.js +13 -0
package/dist/client/components/SeatUsagePanel.js.map +1 -0
package/dist/client/hooks/useCurrentMembership.d.ts +8 -0
package/dist/client/hooks/useCurrentMembership.d.ts.map +1 -0
package/dist/client/hooks/useCurrentMembership.js +20 -0
package/dist/client/hooks/useCurrentMembership.js.map +1 -0
package/dist/client/hooks/useMembers.d.ts +10 -0
package/dist/client/hooks/useMembers.d.ts.map +1 -0
package/dist/client/hooks/useMembers.js +20 -0
package/dist/client/hooks/useMembers.js.map +1 -0
package/dist/client/hooks/useOrgMembers.d.ts +20 -0
package/dist/client/hooks/useOrgMembers.d.ts.map +1 -0
package/dist/client/hooks/useOrgMembers.js +63 -0
package/dist/client/hooks/useOrgMembers.js.map +1 -0
package/dist/client/hooks/usePendingInvitations.d.ts +8 -0
package/dist/client/hooks/usePendingInvitations.d.ts.map +1 -0
package/dist/client/hooks/usePendingInvitations.js +20 -0
package/dist/client/hooks/usePendingInvitations.js.map +1 -0
package/dist/client/hooks/usePendingTransfer.d.ts +8 -0
package/dist/client/hooks/usePendingTransfer.d.ts.map +1 -0
package/dist/client/hooks/usePendingTransfer.js +23 -0
package/dist/client/hooks/usePendingTransfer.js.map +1 -0
package/dist/client/index.d.ts +31 -0
package/dist/client/index.d.ts.map +1 -0
package/{src/client/index.ts → dist/client/index.js} +6 -54
package/dist/client/index.js.map +1 -0
package/dist/client/pages/AuditLogPage.d.ts +6 -0
package/dist/client/pages/AuditLogPage.d.ts.map +1 -0
package/dist/client/pages/AuditLogPage.js +51 -0
package/dist/client/pages/AuditLogPage.js.map +1 -0
package/dist/client/pages/EmailChangePage.d.ts +8 -0
package/dist/client/pages/EmailChangePage.d.ts.map +1 -0
package/dist/client/pages/EmailChangePage.js +52 -0
package/dist/client/pages/EmailChangePage.js.map +1 -0
package/dist/client/pages/InvitationAcceptPage.d.ts +11 -0
package/dist/client/pages/InvitationAcceptPage.d.ts.map +1 -0
package/dist/client/pages/InvitationAcceptPage.js +42 -0
package/dist/client/pages/InvitationAcceptPage.js.map +1 -0
package/dist/client/pages/InvitationCodePage.d.ts +6 -0
package/dist/client/pages/InvitationCodePage.d.ts.map +1 -0
package/dist/client/pages/InvitationCodePage.js +28 -0
package/dist/client/pages/InvitationCodePage.js.map +1 -0
package/dist/client/pages/MembersPage.d.ts +6 -0
package/dist/client/pages/MembersPage.d.ts.map +1 -0
package/dist/client/pages/MembersPage.js +67 -0
package/dist/client/pages/MembersPage.js.map +1 -0
package/dist/client/pages/OrgPeoplePage.d.ts +14 -0
package/dist/client/pages/OrgPeoplePage.d.ts.map +1 -0
package/dist/client/pages/OrgPeoplePage.js +40 -0
package/dist/client/pages/OrgPeoplePage.js.map +1 -0
package/dist/client/pages/OrgSettingsPage.d.ts +6 -0
package/dist/client/pages/OrgSettingsPage.d.ts.map +1 -0
package/dist/client/pages/OrgSettingsPage.js +78 -0
package/dist/client/pages/OrgSettingsPage.js.map +1 -0
package/dist/client/pages/OwnershipTransferPage.d.ts +6 -0
package/dist/client/pages/OwnershipTransferPage.d.ts.map +1 -0
package/dist/client/pages/OwnershipTransferPage.js +68 -0
package/dist/client/pages/OwnershipTransferPage.js.map +1 -0
package/dist/client/pages/PasswordResetPage.d.ts +6 -0
package/dist/client/pages/PasswordResetPage.d.ts.map +1 -0
package/dist/client/pages/PasswordResetPage.js +34 -0
package/dist/client/pages/PasswordResetPage.js.map +1 -0
package/dist/client/pages/PasswordResetRequestPage.d.ts +2 -0
package/dist/client/pages/PasswordResetRequestPage.d.ts.map +1 -0
package/dist/client/pages/PasswordResetRequestPage.js +27 -0
package/dist/client/pages/PasswordResetRequestPage.js.map +1 -0
package/dist/client/pages/PlaceholderPage.d.ts +7 -0
package/dist/client/pages/PlaceholderPage.d.ts.map +1 -0
package/dist/client/pages/PlaceholderPage.js +16 -0
package/dist/client/pages/PlaceholderPage.js.map +1 -0
package/dist/client/pages/SuperAdminDashboard.d.ts +2 -0
package/dist/client/pages/SuperAdminDashboard.d.ts.map +1 -0
package/dist/client/pages/SuperAdminDashboard.js +123 -0
package/dist/client/pages/SuperAdminDashboard.js.map +1 -0
package/dist/client/theme.d.ts +12 -0
package/dist/client/theme.d.ts.map +1 -0
package/dist/client/theme.js +16 -0
package/dist/client/theme.js.map +1 -0
package/dist/client/types.d.ts +78 -0
package/dist/client/types.d.ts.map +1 -0
package/dist/client/types.js +2 -0
package/dist/client/types.js.map +1 -0
package/dist/index.d.ts +3 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +2 -1
package/dist/index.js.map +1 -1
package/dist/server/index.d.ts +2 -0
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +1 -0
package/dist/server/index.js.map +1 -1
package/dist/server/org-admin.d.ts +45 -0
package/dist/server/org-admin.d.ts.map +1 -0
package/dist/server/org-admin.js +63 -0
package/dist/server/org-admin.js.map +1 -0
package/dist/server/routes/orgs.routes.d.ts.map +1 -1
package/dist/server/routes/orgs.routes.js +81 -12
package/dist/server/routes/orgs.routes.js.map +1 -1
package/dist/server/types.d.ts +2 -0
package/dist/server/types.d.ts.map +1 -1
package/dist/server/types.js.map +1 -1
package/package.json +18 -11
package/.eslintrc.cjs +0 -18
package/CHANGELOG.md +0 -159
package/src/client/api.ts +0 -314
package/src/client/components/AuditEventRow.tsx +0 -59
package/src/client/components/CascadePreview.tsx +0 -36
package/src/client/components/DangerZoneCard.tsx +0 -103
package/src/client/components/InvitationCodeDisplay.tsx +0 -48
package/src/client/components/InviteForm.tsx +0 -77
package/src/client/components/MemberRow.tsx +0 -69
package/src/client/components/PendingTransferBanner.tsx +0 -98
package/src/client/components/PlaceholderCard.tsx +0 -26
package/src/client/components/RoleBadge.tsx +0 -26
package/src/client/components/RoleSelect.tsx +0 -35
package/src/client/hooks/.gitkeep +0 -0
package/src/client/hooks/useCurrentMembership.ts +0 -24
package/src/client/hooks/useMembers.ts +0 -24
package/src/client/hooks/usePendingInvitations.ts +0 -24
package/src/client/hooks/usePendingTransfer.ts +0 -27
package/src/client/pages/AuditLogPage.tsx +0 -164
package/src/client/pages/EmailChangePage.tsx +0 -144
package/src/client/pages/InvitationAcceptPage.tsx +0 -163
package/src/client/pages/InvitationCodePage.tsx +0 -108
package/src/client/pages/MembersPage.tsx +0 -290
package/src/client/pages/OrgSettingsPage.tsx +0 -185
package/src/client/pages/OwnershipTransferPage.tsx +0 -163
package/src/client/pages/PasswordResetPage.tsx +0 -104
package/src/client/pages/PasswordResetRequestPage.tsx +0 -71
package/src/client/pages/PlaceholderPage.tsx +0 -20
package/src/client/pages/SuperAdminDashboard.tsx +0 -401
package/src/client/types.ts +0 -78
package/src/index.ts +0 -24
package/src/server/crypto.ts +0 -47
package/src/server/index.ts +0 -167
package/src/server/middleware/require-membership.ts +0 -48
package/src/server/middleware/require-role.ts +0 -19
package/src/server/middleware/require-super-admin.ts +0 -32
package/src/server/migrations/0001_create_tm_schema_migrations.sql +0 -13
package/src/server/migrations/0002_create_tm_organizations.sql +0 -14
package/src/server/migrations/0003_create_tm_memberships.sql +0 -24
package/src/server/migrations/0004_create_tm_invitations.sql +0 -22
package/src/server/migrations/0005_create_tm_audit_events.sql +0 -17
package/src/server/migrations/0006_create_tm_email_change_requests.sql +0 -13
package/src/server/migrations/0007_create_tm_ownership_transfers.sql +0 -22
package/src/server/migrations/0008_create_tm_super_admins.sql +0 -8
package/src/server/migrations/0009_create_tm_password_reset_requests.sql +0 -9
package/src/server/migrations/0010_create_tm_shared_access.sql +0 -8
package/src/server/migrations/0011_seed_super_admin.sql +0 -15
package/src/server/migrations/0012_create_tm_user_locks.sql +0 -7
package/src/server/routes/admin.routes.ts +0 -208
package/src/server/routes/audit.routes.ts +0 -93
package/src/server/routes/health.routes.ts +0 -46
package/src/server/routes/invitations.routes.ts +0 -252
package/src/server/routes/me.routes.ts +0 -143
package/src/server/routes/orgs.routes.ts +0 -428
package/src/server/routes/transfer.routes.ts +0 -110
package/src/server/services/.gitkeep +0 -0
package/src/server/services/audit.service.ts +0 -49
package/src/server/services/email-change.service.ts +0 -178
package/src/server/services/invitations.service.ts +0 -316
package/src/server/services/memberships.service.ts +0 -129
package/src/server/services/organizations.service.ts +0 -110
package/src/server/services/ownership.service.ts +0 -170
package/src/server/services/password-reset.service.ts +0 -94
package/src/server/services/super-admin.service.ts +0 -321
package/src/server/sql/.gitkeep +0 -0
package/src/server/types.ts +0 -145
package/src/shared/types.ts +0 -24
package/tests/integration/audit-fires.test.ts +0 -288
package/tests/integration/cascade-preview.test.ts +0 -157
package/tests/integration/email-change.test.ts +0 -190
package/tests/integration/feature-flags.test.ts +0 -213
package/tests/integration/invitations-code.test.ts +0 -218
package/tests/integration/invitations-expiry.test.ts +0 -216
package/tests/integration/invitations-resend.test.ts +0 -241
package/tests/integration/invitations-revoke.test.ts +0 -226
package/tests/integration/invitations-switch-org.test.ts +0 -156
package/tests/integration/invitations-token.test.ts +0 -221
package/tests/integration/migrations.test.ts +0 -119
package/tests/integration/only-owner-protections.test.ts +0 -130
package/tests/integration/org-lifecycle.test.ts +0 -169
package/tests/integration/ownership-transfer-cancel.test.ts +0 -171
package/tests/integration/ownership-transfer-expire.test.ts +0 -171
package/tests/integration/ownership-transfer-happy.test.ts +0 -184
package/tests/integration/ownership-transfer-locks.test.ts +0 -146
package/tests/integration/password-reset.test.ts +0 -200
package/tests/integration/super-admin-actions.test.ts +0 -180
package/tests/integration/super-admin-restrictions.test.ts +0 -209
package/tests/setup/global-setup.ts +0 -20
package/tests/unit/adapter-shape.test.ts +0 -330
package/tests/unit/role-permissions.test.ts +0 -236
package/tests/unit/validation.test.ts +0 -304
package/tsconfig.client.json +0 -13
package/tsconfig.json +0 -12
package/tsconfig.tsbuildinfo +0 -1
package/vitest.config.ts +0 -13

package/tests/integration/invitations-expiry.test.ts DELETED Viewed

@@ -1,216 +0,0 @@
-import { describe, it, expect, beforeAll, afterAll, beforeEach, vi } from 'vitest';
-import express from 'express';
-import request from 'supertest';
-import { Pool } from 'pg';
-import { createServerModule } from '../../src/server/index.js';
-import type { ServerModuleAdapter, OrgRole } from '../../src/server/types.js';
-const DATABASE_URL = process.env.DATABASE_URL;
-function extractToken(spy: ReturnType<typeof vi.fn>): string {
-  const callArg = spy.mock.calls[0]?.[0] as { magicLinkUrl?: string } | undefined;
-  const url = callArg?.magicLinkUrl ?? '';
-  const qs = url.includes('?') ? url.split('?')[1] : '';
-  return new URLSearchParams(qs).get('token') ?? '';
-}
-describe.skipIf(!DATABASE_URL)('Invitations – Expiry', () => {
-  let pool: Pool;
-  let app: express.Express;
-  let currentUserId: number | null = null;
-  let currentOrgId: number | null = null;
-  const sendInviteEmail = vi.fn(async () => {});
-  const testAdapter: ServerModuleAdapter = {
-    getCurrentUserId: async () => currentUserId,
-    getOrganizationIdForUser: async () => currentOrgId,
-    isUserOrgAdmin: async (userId, _orgId) => userId === 1 || userId === 2,
-    logger: { info: () => {}, warn: () => {}, error: () => {} },
-    getUserById: async (id) => {
-      const users: Record<number, { id: number; email: string; name: string }> = {
-        1: { id: 1, email: 'owner@test.com', name: 'Owner' },
-        2: { id: 2, email: 'admin@test.com', name: 'Admin' },
-        3: { id: 3, email: 'member@test.com', name: 'Member' },
-        4: { id: 4, email: 'viewer@test.com', name: 'Viewer' },
-        5: { id: 5, email: 'outsider@test.com', name: 'Outsider' },
-      };
-      return users[id] ?? null;
-    },
-    getUsersByIds: async (ids) =>
-      ids.map((id) => ({ id, email: `user${id}@test.com`, name: `User${id}` })),
-    findUserByEmail: async (email) => {
-      const map: Record<string, { id: number; email: string }> = {
-        'owner@test.com': { id: 1, email: 'owner@test.com' },
-        'admin@test.com': { id: 2, email: 'admin@test.com' },
-        'member@test.com': { id: 3, email: 'member@test.com' },
-        'outsider@test.com': { id: 5, email: 'outsider@test.com' },
-        'new@test.com': { id: 6, email: 'new@test.com' },
-      };
-      return map[email] ?? null;
-    },
-    createUserFromInvite: async ({ email }: { email: string; orgId: number; role: OrgRole }) => ({
-      id: 99,
-      email,
-    }),
-    setUserPassword: async () => {},
-    hashPassword: async (p) => `h:${p}`,
-    verifyPassword: async (p, h) => h === `h:${p}`,
-    invalidateAllUserSessions: async () => {},
-    sendInviteEmail,
-    sendOwnershipTransferEmail: async () => {},
-    sendEmailChangeVerification: async () => {},
-    sendEmailChangeOldNotice: async () => {},
-    sendEmailChangedFinalNotice: async () => {},
-    sendPasswordResetEmail: async () => {},
-    sendOrgDeletionNotice: async () => {},
-    emitNotification: async () => {},
-  };
-  beforeAll(async () => {
-    pool = new Pool({ connectionString: DATABASE_URL });
-    const serverModule = createServerModule({ adapter: testAdapter, pool, features: {
-      enableInvites: true,
-      enableAuditLog: false,
-    } });
-    await pool.query(`DELETE FROM tm_memberships WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_organizations WHERE id = 1`);
-    await pool.query(
-      `INSERT INTO tm_organizations (id, name, slug, owner_user_id, settings) VALUES (1, 'Test Org', 'test-org', 1, '{}')`
-    );
-    await pool.query(
-      `INSERT INTO tm_memberships (org_id, user_id, role) VALUES (1, 1, 'owner'), (1, 2, 'admin'), (1, 3, 'member'), (1, 4, 'viewer')`
-    );
-    app = express();
-    app.use(express.json());
-    app.use(serverModule.router);
-  });
-  afterAll(async () => {
-    await pool.query(`DELETE FROM tm_invitations WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_memberships WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_organizations WHERE id = 1`);
-    await pool.end();
-  });
-  beforeEach(async () => {
-    currentUserId = null;
-    currentOrgId = null;
-    sendInviteEmail.mockClear();
-    await pool.query(`DELETE FROM tm_invitations WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_memberships WHERE org_id = 1 AND user_id = 5`);
-  });
-  it('Accepting a token where expires_at is in the past → 410 or 400', async () => {
-    currentUserId = 1;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    const token = extractToken(sendInviteEmail);
-    expect(token).toBeTruthy();
-    await pool.query(
-      `UPDATE tm_invitations SET expires_at = NOW() - INTERVAL '1 day' WHERE id = $1`,
-      [inviteId]
-    );
-    currentUserId = 5;
-    currentOrgId = null;
-    const res = await request(app)
-      .post('/invitations/accept/token')
-      .send({ token });
-    expect([400, 404, 410]).toContain(res.status);
-  });
-  it('Accepting a code where expires_at is in the past → 410 or 400', async () => {
-    currentUserId = 1;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    const codeRes = await request(app).get(`/orgs/1/invitations/${inviteId}/code`);
-    expect(codeRes.status).toBe(200);
-    const code = codeRes.body.code;
-    await pool.query(
-      `UPDATE tm_invitations SET expires_at = NOW() - INTERVAL '1 day' WHERE id = $1`,
-      [inviteId]
-    );
-    currentUserId = 5;
-    currentOrgId = null;
-    const res = await request(app)
-      .post('/invitations/accept/code')
-      .send({ email: 'outsider@test.com', code });
-    expect([400, 404, 410]).toContain(res.status);
-  });
-  it('Expired invite appears as expired in invitation list', async () => {
-    currentUserId = 1;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    await pool.query(
-      `UPDATE tm_invitations SET expires_at = NOW() - INTERVAL '1 day' WHERE id = $1`,
-      [inviteId]
-    );
-    // Expired invites are excluded from the pending list — that's acceptable behaviour
-    const listRes = await request(app).get('/orgs/1/invitations');
-    expect(listRes.status).toBe(200);
-    const invitations = listRes.body.invitations ?? listRes.body;
-    expect(Array.isArray(invitations)).toBe(true);
-    // Expired invites are filtered out from the pending list — not found is acceptable
-    const found = Array.isArray(invitations)
-      ? invitations.find((inv: { id: number }) => inv.id === inviteId)
-      : null;
-    // Either the expired invite is not in the list (correct behavior), or it has a status indicator
-    if (found) {
-      expect(['expired', 'pending'].includes(found.status) || found.isExpired === true).toBe(true);
-    }
-    // Not found is the expected behavior (pending list filters out expired invites)
-  });
-  it('Non-expired invite is in the pending list', async () => {
-    currentUserId = 1;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    const listRes = await request(app).get('/orgs/1/invitations');
-    expect(listRes.status).toBe(200);
-    const invitations = listRes.body.invitations ?? listRes.body;
-    const found = Array.isArray(invitations)
-      ? invitations.find((inv: { id: number }) => inv.id === inviteId)
-      : null;
-    expect(found).toBeDefined();
-    // The pending list returns invitations with status: 'pending'
-    expect(found?.status).toBe('pending');
-  });
-});

package/tests/integration/invitations-resend.test.ts DELETED Viewed

@@ -1,241 +0,0 @@
-import { describe, it, expect, beforeAll, afterAll, beforeEach, vi } from 'vitest';
-import express from 'express';
-import request from 'supertest';
-import { Pool } from 'pg';
-import { createServerModule } from '../../src/server/index.js';
-import type { ServerModuleAdapter, OrgRole } from '../../src/server/types.js';
-const DATABASE_URL = process.env.DATABASE_URL;
-function extractToken(spy: ReturnType<typeof vi.fn>): string {
-  const callArg = spy.mock.calls[0]?.[0] as { magicLinkUrl?: string } | undefined;
-  const url = callArg?.magicLinkUrl ?? '';
-  const qs = url.includes('?') ? url.split('?')[1] : '';
-  return new URLSearchParams(qs).get('token') ?? '';
-}
-describe.skipIf(!DATABASE_URL)('Invitations – Resend', () => {
-  let pool: Pool;
-  let app: express.Express;
-  let currentUserId: number | null = null;
-  let currentOrgId: number | null = null;
-  const sendInviteEmail = vi.fn(async () => {});
-  const testAdapter: ServerModuleAdapter = {
-    getCurrentUserId: async () => currentUserId,
-    getOrganizationIdForUser: async () => currentOrgId,
-    isUserOrgAdmin: async (userId, _orgId) => userId === 1 || userId === 2,
-    logger: { info: () => {}, warn: () => {}, error: () => {} },
-    getUserById: async (id) => {
-      const users: Record<number, { id: number; email: string; name: string }> = {
-        1: { id: 1, email: 'owner@test.com', name: 'Owner' },
-        2: { id: 2, email: 'admin@test.com', name: 'Admin' },
-        3: { id: 3, email: 'member@test.com', name: 'Member' },
-        4: { id: 4, email: 'viewer@test.com', name: 'Viewer' },
-        5: { id: 5, email: 'outsider@test.com', name: 'Outsider' },
-      };
-      return users[id] ?? null;
-    },
-    getUsersByIds: async (ids) =>
-      ids.map((id) => ({ id, email: `user${id}@test.com`, name: `User${id}` })),
-    findUserByEmail: async (email) => {
-      const map: Record<string, { id: number; email: string }> = {
-        'owner@test.com': { id: 1, email: 'owner@test.com' },
-        'admin@test.com': { id: 2, email: 'admin@test.com' },
-        'member@test.com': { id: 3, email: 'member@test.com' },
-        'outsider@test.com': { id: 5, email: 'outsider@test.com' },
-        'new@test.com': { id: 6, email: 'new@test.com' },
-      };
-      return map[email] ?? null;
-    },
-    createUserFromInvite: async ({ email }: { email: string; orgId: number; role: OrgRole }) => ({
-      id: 99,
-      email,
-    }),
-    setUserPassword: async () => {},
-    hashPassword: async (p) => `h:${p}`,
-    verifyPassword: async (p, h) => h === `h:${p}`,
-    invalidateAllUserSessions: async () => {},
-    sendInviteEmail,
-    sendOwnershipTransferEmail: async () => {},
-    sendEmailChangeVerification: async () => {},
-    sendEmailChangeOldNotice: async () => {},
-    sendEmailChangedFinalNotice: async () => {},
-    sendPasswordResetEmail: async () => {},
-    sendOrgDeletionNotice: async () => {},
-    emitNotification: async () => {},
-  };
-  beforeAll(async () => {
-    pool = new Pool({ connectionString: DATABASE_URL });
-    const serverModule = createServerModule({ adapter: testAdapter, pool, features: {
-      enableInvites: true,
-      enableAuditLog: false,
-    } });
-    await pool.query(`DELETE FROM tm_memberships WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_organizations WHERE id = 1`);
-    await pool.query(
-      `INSERT INTO tm_organizations (id, name, slug, owner_user_id, settings) VALUES (1, 'Test Org', 'test-org', 1, '{}')`
-    );
-    await pool.query(
-      `INSERT INTO tm_memberships (org_id, user_id, role) VALUES (1, 1, 'owner'), (1, 2, 'admin'), (1, 3, 'member'), (1, 4, 'viewer')`
-    );
-    app = express();
-    app.use(express.json());
-    app.use(serverModule.router);
-  });
-  afterAll(async () => {
-    await pool.query(`DELETE FROM tm_invitations WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_memberships WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_organizations WHERE id = 1`);
-    await pool.end();
-  });
-  beforeEach(async () => {
-    currentUserId = null;
-    currentOrgId = null;
-    sendInviteEmail.mockClear();
-    await pool.query(`DELETE FROM tm_invitations WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_memberships WHERE org_id = 1 AND user_id = 5`);
-  });
-  it('POST /orgs/1/invitations/:id/resend as admin → 200', async () => {
-    currentUserId = 2;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    const resendRes = await request(app).post(`/orgs/1/invitations/${inviteId}/resend`);
-    expect(resendRes.status).toBe(200);
-  });
-  it('Old token is invalidated after resend — using old token → 404 or 400', async () => {
-    currentUserId = 2;
-    currentOrgId = 1;
-    // Create and capture original token
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    const oldToken = extractToken(sendInviteEmail);
-    expect(oldToken).toBeTruthy();
-    sendInviteEmail.mockClear();
-    // Resend — should regenerate token
-    const resendRes = await request(app).post(`/orgs/1/invitations/${inviteId}/resend`);
-    expect(resendRes.status).toBe(200);
-    const newToken = extractToken(sendInviteEmail);
-    expect(newToken).toBeTruthy();
-    if (newToken !== oldToken) {
-      // Token was rotated — old token should fail
-      currentUserId = 5;
-      currentOrgId = null;
-      const acceptRes = await request(app)
-        .post('/invitations/accept/token')
-        .send({ token: oldToken });
-      expect([400, 404, 410]).toContain(acceptRes.status);
-    } else {
-      // Token not rotated — new token still works
-      currentUserId = 5;
-      currentOrgId = null;
-      const acceptRes = await request(app)
-        .post('/invitations/accept/token')
-        .send({ token: newToken });
-      expect(acceptRes.status).toBe(200);
-    }
-  });
-  it('New token after resend is valid and can be accepted', async () => {
-    currentUserId = 2;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    sendInviteEmail.mockClear();
-    const resendRes = await request(app).post(`/orgs/1/invitations/${inviteId}/resend`);
-    expect(resendRes.status).toBe(200);
-    const newToken = extractToken(sendInviteEmail);
-    expect(newToken).toBeTruthy();
-    currentUserId = 5;
-    currentOrgId = null;
-    const acceptRes = await request(app)
-      .post('/invitations/accept/token')
-      .send({ token: newToken });
-    expect(acceptRes.status).toBe(200);
-    const membershipRow = await pool.query(
-      `SELECT * FROM tm_memberships WHERE org_id = 1 AND user_id = 5`
-    );
-    expect(membershipRow.rows.length).toBe(1);
-  });
-  it('New code after resend is valid', async () => {
-    currentUserId = 2;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    await request(app).post(`/orgs/1/invitations/${inviteId}/resend`);
-    const codeRes = await request(app).get(`/orgs/1/invitations/${inviteId}/code`);
-    expect(codeRes.status).toBe(200);
-    const newCode = codeRes.body.code;
-    expect(/^\d{6}$/.test(String(newCode))).toBe(true);
-    currentUserId = 5;
-    currentOrgId = null;
-    const acceptRes = await request(app)
-      .post('/invitations/accept/code')
-      .send({ email: 'outsider@test.com', code: newCode });
-    expect(acceptRes.status).toBe(200);
-  });
-  it('POST /orgs/1/invitations/:id/resend as member (non-admin) → 403', async () => {
-    currentUserId = 2;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    currentUserId = 3;
-    currentOrgId = 1;
-    const resendRes = await request(app).post(`/orgs/1/invitations/${inviteId}/resend`);
-    expect(resendRes.status).toBe(403);
-  });
-});

package/tests/integration/invitations-revoke.test.ts DELETED Viewed

@@ -1,226 +0,0 @@
-import { describe, it, expect, beforeAll, afterAll, beforeEach, vi } from 'vitest';
-import express from 'express';
-import request from 'supertest';
-import { Pool } from 'pg';
-import { createServerModule } from '../../src/server/index.js';
-import type { ServerModuleAdapter, OrgRole } from '../../src/server/types.js';
-const DATABASE_URL = process.env.DATABASE_URL;
-function extractToken(spy: ReturnType<typeof vi.fn>): string {
-  const callArg = spy.mock.calls[0]?.[0] as { magicLinkUrl?: string } | undefined;
-  const url = callArg?.magicLinkUrl ?? '';
-  const qs = url.includes('?') ? url.split('?')[1] : '';
-  return new URLSearchParams(qs).get('token') ?? '';
-}
-describe.skipIf(!DATABASE_URL)('Invitations – Revoke', () => {
-  let pool: Pool;
-  let app: express.Express;
-  let currentUserId: number | null = null;
-  let currentOrgId: number | null = null;
-  const sendInviteEmail = vi.fn(async () => {});
-  const testAdapter: ServerModuleAdapter = {
-    getCurrentUserId: async () => currentUserId,
-    getOrganizationIdForUser: async () => currentOrgId,
-    isUserOrgAdmin: async (userId, _orgId) => userId === 1 || userId === 2,
-    logger: { info: () => {}, warn: () => {}, error: () => {} },
-    getUserById: async (id) => {
-      const users: Record<number, { id: number; email: string; name: string }> = {
-        1: { id: 1, email: 'owner@test.com', name: 'Owner' },
-        2: { id: 2, email: 'admin@test.com', name: 'Admin' },
-        3: { id: 3, email: 'member@test.com', name: 'Member' },
-        4: { id: 4, email: 'viewer@test.com', name: 'Viewer' },
-        5: { id: 5, email: 'outsider@test.com', name: 'Outsider' },
-      };
-      return users[id] ?? null;
-    },
-    getUsersByIds: async (ids) =>
-      ids.map((id) => ({ id, email: `user${id}@test.com`, name: `User${id}` })),
-    findUserByEmail: async (email) => {
-      const map: Record<string, { id: number; email: string }> = {
-        'owner@test.com': { id: 1, email: 'owner@test.com' },
-        'admin@test.com': { id: 2, email: 'admin@test.com' },
-        'member@test.com': { id: 3, email: 'member@test.com' },
-        'outsider@test.com': { id: 5, email: 'outsider@test.com' },
-        'new@test.com': { id: 6, email: 'new@test.com' },
-      };
-      return map[email] ?? null;
-    },
-    createUserFromInvite: async ({ email }: { email: string; orgId: number; role: OrgRole }) => ({
-      id: 99,
-      email,
-    }),
-    setUserPassword: async () => {},
-    hashPassword: async (p) => `h:${p}`,
-    verifyPassword: async (p, h) => h === `h:${p}`,
-    invalidateAllUserSessions: async () => {},
-    sendInviteEmail,
-    sendOwnershipTransferEmail: async () => {},
-    sendEmailChangeVerification: async () => {},
-    sendEmailChangeOldNotice: async () => {},
-    sendEmailChangedFinalNotice: async () => {},
-    sendPasswordResetEmail: async () => {},
-    sendOrgDeletionNotice: async () => {},
-    emitNotification: async () => {},
-  };
-  beforeAll(async () => {
-    pool = new Pool({ connectionString: DATABASE_URL });
-    const serverModule = createServerModule({ adapter: testAdapter, pool, features: {
-      enableInvites: true,
-      enableAuditLog: false,
-    } });
-    await pool.query(`DELETE FROM tm_memberships WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_organizations WHERE id = 1`);
-    await pool.query(
-      `INSERT INTO tm_organizations (id, name, slug, owner_user_id, settings) VALUES (1, 'Test Org', 'test-org', 1, '{}')`
-    );
-    await pool.query(
-      `INSERT INTO tm_memberships (org_id, user_id, role) VALUES (1, 1, 'owner'), (1, 2, 'admin'), (1, 3, 'member'), (1, 4, 'viewer')`
-    );
-    app = express();
-    app.use(express.json());
-    app.use(serverModule.router);
-  });
-  afterAll(async () => {
-    await pool.query(`DELETE FROM tm_invitations WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_memberships WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_organizations WHERE id = 1`);
-    await pool.end();
-  });
-  beforeEach(async () => {
-    currentUserId = null;
-    currentOrgId = null;
-    sendInviteEmail.mockClear();
-    await pool.query(`DELETE FROM tm_invitations WHERE org_id = 1`);
-    await pool.query(`DELETE FROM tm_memberships WHERE org_id = 1 AND user_id = 5`);
-  });
-  it('POST /orgs/1/invitations as admin creates invite (201)', async () => {
-    currentUserId = 2;
-    currentOrgId = 1;
-    const res = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(res.status).toBe(201);
-    const id = res.body.invitation?.id ?? res.body.id;
-    expect(id).toBeDefined();
-  });
-  it('DELETE /orgs/1/invitations/:id as admin → 200', async () => {
-    currentUserId = 2;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    const deleteRes = await request(app).delete(`/orgs/1/invitations/${inviteId}`);
-    expect(deleteRes.status).toBe(200);
-  });
-  it('Accepting a revoked invite by token → 400 or 410', async () => {
-    currentUserId = 2;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    const token = extractToken(sendInviteEmail);
-    expect(token).toBeTruthy();
-    const deleteRes = await request(app).delete(`/orgs/1/invitations/${inviteId}`);
-    expect(deleteRes.status).toBe(200);
-    currentUserId = 5;
-    currentOrgId = null;
-    const acceptRes = await request(app)
-      .post('/invitations/accept/token')
-      .send({ token });
-    expect([400, 404, 410]).toContain(acceptRes.status);
-  });
-  it('Accepting a revoked invite by code → 400 or 410', async () => {
-    currentUserId = 2;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    const codeRes = await request(app).get(`/orgs/1/invitations/${inviteId}/code`);
-    expect(codeRes.status).toBe(200);
-    const code = codeRes.body.code;
-    const deleteRes = await request(app).delete(`/orgs/1/invitations/${inviteId}`);
-    expect(deleteRes.status).toBe(200);
-    currentUserId = 5;
-    currentOrgId = null;
-    const acceptRes = await request(app)
-      .post('/invitations/accept/code')
-      .send({ email: 'outsider@test.com', code });
-    expect([400, 404, 410]).toContain(acceptRes.status);
-  });
-  it('DELETE /orgs/1/invitations/:id as member (non-admin) → 403', async () => {
-    currentUserId = 2;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    currentUserId = 3;
-    currentOrgId = 1;
-    const deleteRes = await request(app).delete(`/orgs/1/invitations/${inviteId}`);
-    expect(deleteRes.status).toBe(403);
-  });
-  it('Revoked invite no longer appears as pending in list', async () => {
-    currentUserId = 2;
-    currentOrgId = 1;
-    const createRes = await request(app)
-      .post('/orgs/1/invitations')
-      .send({ email: 'outsider@test.com', role: 'member' });
-    expect(createRes.status).toBe(201);
-    const inviteId = createRes.body.invitation?.id ?? createRes.body.id;
-    await request(app).delete(`/orgs/1/invitations/${inviteId}`);
-    const listRes = await request(app).get('/orgs/1/invitations');
-    expect(listRes.status).toBe(200);
-    const invitations = listRes.body.invitations ?? listRes.body;
-    const found = Array.isArray(invitations)
-      ? invitations.find((inv: { id: number }) => inv.id === inviteId)
-      : null;
-    if (found) {
-      expect(['revoked', 'cancelled', 'deleted']).toContain(found.status);
-    }
-  });
-});