nest-authme 1.0.0

package/dist/generator/templates/tests/auth.controller.spec.ts.hbs

@@ -0,0 +1,189 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AuthController } from './auth.controller';
+import { AuthService } from './auth.service';
+
+describe('AuthController', () => {
+  let controller: AuthController;
+  let authService: AuthService;
+
+  const mockAuthService = {
+    login: jest.fn(),
+    register: jest.fn(),
+    changePassword: jest.fn(),
+{{#if features.emailVerification}}
+    verifyEmail: jest.fn(),
+    resendVerification: jest.fn(),
+{{/if}}
+{{#if features.resetPassword}}
+    forgotPassword: jest.fn(),
+    resetPassword: jest.fn(),
+{{/if}}
+{{#if features.refreshTokens}}
+    refreshAccessToken: jest.fn(),
+    logout: jest.fn(),
+    logoutAll: jest.fn(),
+{{/if}}
+  };
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [AuthController],
+      providers: [
+        { provide: AuthService, useValue: mockAuthService },
+      ],
+    }).compile();
+
+    controller = module.get<AuthController>(AuthController);
+    authService = module.get<AuthService>(AuthService);
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  describe('POST /auth/login', () => {
+    it('should call authService.login and return result', async () => {
+      const loginDto = { email: 'test@example.com', password: 'password123' };
+      const expectedResult = {
+        accessToken: 'mock-token',
+        user: { id: 'uuid', email: 'test@example.com' },
+      };
+      mockAuthService.login.mockResolvedValue(expectedResult);
+
+      const result = await controller.login(loginDto);
+
+      expect(authService.login).toHaveBeenCalledWith(loginDto);
+      expect(result).toEqual(expectedResult);
+    });
+  });
+
+  describe('POST /auth/register', () => {
+    it('should call authService.register and return result', async () => {
+      const registerDto = {
+        email: 'new@example.com',
+{{#if features.useUsername}}
+        username: 'newuser',
+{{/if}}
+        password: 'StrongP@ss1',
+      };
+      const expectedResult = {
+        accessToken: 'mock-token',
+        user: { id: 'uuid', email: 'new@example.com' },
+      };
+      mockAuthService.register.mockResolvedValue(expectedResult);
+
+      const result = await controller.register(registerDto);
+
+      expect(authService.register).toHaveBeenCalledWith(registerDto);
+      expect(result).toEqual(expectedResult);
+    });
+  });
+
+  describe('POST /auth/change-password', () => {
+    it('should call authService.changePassword and return success message', async () => {
+      const user = { id: 'test-uuid', email: 'test@example.com' };
+      const changePasswordDto = { currentPassword: 'old', newPassword: 'NewP@ssword1' };
+      mockAuthService.changePassword.mockResolvedValue(undefined);
+
+      const result = await controller.changePassword(user, changePasswordDto);
+
+      expect(authService.changePassword).toHaveBeenCalledWith('test-uuid', changePasswordDto);
+      expect(result).toEqual({ message: 'Password changed successfully' });
+    });
+  });
+
+{{#if features.emailVerification}}
+  describe('GET /auth/verify-email', () => {
+    it('should call authService.verifyEmail and return result', async () => {
+      mockAuthService.verifyEmail.mockResolvedValue({ message: 'Email verified successfully' });
+
+      const result = await controller.verifyEmail('valid-token');
+
+      expect(authService.verifyEmail).toHaveBeenCalledWith('valid-token');
+      expect(result).toEqual({ message: 'Email verified successfully' });
+    });
+  });
+
+  describe('POST /auth/resend-verification', () => {
+    it('should call authService.resendVerification and return result', async () => {
+      mockAuthService.resendVerification.mockResolvedValue({
+        verificationToken: 'new-token',
+        message: 'Verification token generated',
+      });
+
+      const result = await controller.resendVerification('test@example.com');
+
+      expect(authService.resendVerification).toHaveBeenCalledWith('test@example.com');
+      expect(result.verificationToken).toBeDefined();
+    });
+  });
+{{/if}}
+
+{{#if features.resetPassword}}
+  describe('POST /auth/forgot-password', () => {
+    it('should call authService.forgotPassword and return result', async () => {
+      mockAuthService.forgotPassword.mockResolvedValue({
+        resetToken: 'reset-token',
+        message: 'Password reset token generated',
+      });
+
+      const result = await controller.forgotPassword({ email: 'test@example.com' });
+
+      expect(authService.forgotPassword).toHaveBeenCalledWith({ email: 'test@example.com' });
+      expect(result.resetToken).toBeDefined();
+    });
+  });
+
+  describe('POST /auth/reset-password', () => {
+    it('should call authService.resetPassword and return result', async () => {
+      mockAuthService.resetPassword.mockResolvedValue({ message: 'Password reset successfully' });
+
+      const result = await controller.resetPassword({ token: 'valid-token', newPassword: 'NewP@ssword1' });
+
+      expect(authService.resetPassword).toHaveBeenCalledWith({ token: 'valid-token', newPassword: 'NewP@ssword1' });
+      expect(result).toEqual({ message: 'Password reset successfully' });
+    });
+  });
+{{/if}}
+
+{{#if features.refreshTokens}}
+  describe('POST /auth/refresh', () => {
+    it('should call authService.refreshAccessToken and return result', async () => {
+      const expectedResult = {
+        accessToken: 'new-token',
+        refreshToken: 'new-refresh-token',
+        user: { id: 'uuid', email: 'test@example.com' },
+      };
+      mockAuthService.refreshAccessToken.mockResolvedValue(expectedResult);
+
+      const result = await controller.refresh('old-refresh-token');
+
+      expect(authService.refreshAccessToken).toHaveBeenCalledWith('old-refresh-token');
+      expect(result).toEqual(expectedResult);
+    });
+  });
+
+  describe('POST /auth/logout', () => {
+    it('should call authService.logout and return success message', async () => {
+      mockAuthService.logout.mockResolvedValue(undefined);
+
+      const result = await controller.logout('refresh-token');
+
+      expect(authService.logout).toHaveBeenCalledWith('refresh-token');
+      expect(result).toEqual({ message: 'Logged out successfully' });
+    });
+  });
+
+  describe('POST /auth/logout-all', () => {
+    it('should call authService.logoutAll and return success message', async () => {
+      const req = { user: { id: 'test-uuid' } };
+      mockAuthService.logoutAll.mockResolvedValue(undefined);
+
+      const result = await controller.logoutAll(req);
+
+      expect(authService.logoutAll).toHaveBeenCalledWith('test-uuid');
+      expect(result).toEqual({ message: 'Logged out from all devices' });
+    });
+  });
+{{/if}}
+});

package/dist/generator/templates/tests/auth.service.spec.ts.hbs

@@ -0,0 +1,334 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { JwtService } from '@nestjs/jwt';
+import { ConfigService } from '@nestjs/config';
+import { UnauthorizedException } from '@nestjs/common';
+import * as bcrypt from 'bcrypt';
+import { AuthService } from './auth.service';
+import { UsersService } from '../users/users.service';
+{{#if (eq orm "typeorm")}}
+{{#if features.refreshTokens}}
+import { getRepositoryToken } from '@nestjs/typeorm';
+import { RefreshToken } from '../users/entities/refresh-token.entity';
+{{/if}}
+{{/if}}
+
+jest.mock('bcrypt', () => ({
+  compare: jest.fn(),
+  hash: jest.fn(),
+}));
+
+describe('AuthService', () => {
+  let authService: AuthService;
+  let usersService: UsersService;
+  let jwtService: JwtService;
+{{#if (eq orm "typeorm")}}
+{{#if features.refreshTokens}}
+  let refreshTokenRepository: any;
+{{/if}}
+{{/if}}
+
+  const mockUser = {
+    id: 'test-uuid',
+    email: 'test@example.com',
+{{#if features.useUsername}}
+    username: 'testuser',
+{{/if}}
+    password: '$2b$10$hashedpassword',
+{{#if rbac.enabled}}
+    roles: ['User'],
+{{/if}}
+  };
+
+  const mockUsersService = {
+    findByEmail: jest.fn(),
+    findById: jest.fn(),
+    create: jest.fn(),
+    updatePassword: jest.fn(),
+{{#if features.emailVerification}}
+    setVerificationToken: jest.fn(),
+    findByVerificationToken: jest.fn(),
+    markEmailVerified: jest.fn(),
+{{/if}}
+{{#if features.resetPassword}}
+    setResetToken: jest.fn(),
+    findByResetToken: jest.fn(),
+    clearResetToken: jest.fn(),
+{{/if}}
+  };
+
+  const mockJwtService = {
+    sign: jest.fn().mockReturnValue('mock-jwt-token'),
+    verify: jest.fn(),
+  };
+
+  const mockConfigService = {
+    get: jest.fn((key: string, defaultValue?: string) => {
+      const config: Record<string, string> = {
+        BCRYPT_ROUNDS: '10',
+        JWT_SECRET: 'test-secret',
+      };
+      return config[key] || defaultValue;
+    }),
+  };
+
+{{#if (eq orm "typeorm")}}
+{{#if features.refreshTokens}}
+  const mockRefreshTokenRepository = {
+    create: jest.fn(),
+    save: jest.fn(),
+    findOne: jest.fn(),
+    remove: jest.fn(),
+    delete: jest.fn(),
+  };
+{{/if}}
+{{/if}}
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        AuthService,
+        { provide: UsersService, useValue: mockUsersService },
+        { provide: JwtService, useValue: mockJwtService },
+        { provide: ConfigService, useValue: mockConfigService },
+{{#if (eq orm "typeorm")}}
+{{#if features.refreshTokens}}
+        { provide: getRepositoryToken(RefreshToken), useValue: mockRefreshTokenRepository },
+{{/if}}
+{{/if}}
+      ],
+    }).compile();
+
+    authService = module.get<AuthService>(AuthService);
+    usersService = module.get<UsersService>(UsersService);
+    jwtService = module.get<JwtService>(JwtService);
+{{#if (eq orm "typeorm")}}
+{{#if features.refreshTokens}}
+    refreshTokenRepository = module.get(getRepositoryToken(RefreshToken));
+{{/if}}
+{{/if}}
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  describe('validateUser', () => {
+    it('should return user without password for valid credentials', async () => {
+      mockUsersService.findByEmail.mockResolvedValue(mockUser);
+      (bcrypt.compare as jest.Mock).mockResolvedValue(true);
+
+      const result = await authService.validateUser('test@example.com', 'password123');
+
+      expect(result).toBeDefined();
+      expect(result.email).toBe('test@example.com');
+      expect(result.password).toBeUndefined();
+    });
+
+    it('should return null if user not found', async () => {
+      mockUsersService.findByEmail.mockResolvedValue(null);
+
+      const result = await authService.validateUser('wrong@example.com', 'password123');
+
+      expect(result).toBeNull();
+    });
+
+    it('should return null if password is invalid', async () => {
+      mockUsersService.findByEmail.mockResolvedValue(mockUser);
+      (bcrypt.compare as jest.Mock).mockResolvedValue(false);
+
+      const result = await authService.validateUser('test@example.com', 'wrongpassword');
+
+      expect(result).toBeNull();
+    });
+  });
+
+  describe('login', () => {
+    it('should return access token and user for valid credentials', async () => {
+      mockUsersService.findByEmail.mockResolvedValue(mockUser);
+      (bcrypt.compare as jest.Mock).mockResolvedValue(true);
+{{#if features.refreshTokens}}
+      mockJwtService.sign.mockReturnValue('mock-jwt-token');
+{{#if (eq orm "typeorm")}}
+      mockRefreshTokenRepository.create.mockReturnValue({ token: 'mock-refresh-token' });
+      mockRefreshTokenRepository.save.mockResolvedValue({ token: 'mock-refresh-token' });
+{{/if}}
+{{/if}}
+
+      const result = await authService.login({ email: 'test@example.com', password: 'password123' });
+
+      expect(result.accessToken).toBeDefined();
+      expect(result.user.email).toBe('test@example.com');
+    });
+
+    it('should throw UnauthorizedException for invalid credentials', async () => {
+      mockUsersService.findByEmail.mockResolvedValue(null);
+
+      await expect(
+        authService.login({ email: 'wrong@example.com', password: 'wrongpassword' }),
+      ).rejects.toThrow(UnauthorizedException);
+    });
+  });
+
+  describe('register', () => {
+    it('should create user and return access token', async () => {
+      const newUser = { ...mockUser };
+      mockUsersService.create.mockResolvedValue(newUser);
+      (bcrypt.hash as jest.Mock).mockResolvedValue('$2b$10$hashedpassword');
+{{#if features.refreshTokens}}
+      mockJwtService.sign.mockReturnValue('mock-jwt-token');
+{{#if (eq orm "typeorm")}}
+      mockRefreshTokenRepository.create.mockReturnValue({ token: 'mock-refresh-token' });
+      mockRefreshTokenRepository.save.mockResolvedValue({ token: 'mock-refresh-token' });
+{{/if}}
+{{/if}}
+
+      const result = await authService.register({
+        email: 'new@example.com',
+{{#if features.useUsername}}
+        username: 'newuser',
+{{/if}}
+        password: 'StrongP@ss1',
+      });
+
+      expect(result.accessToken).toBeDefined();
+      expect(result.user.email).toBe('test@example.com');
+      expect(mockUsersService.create).toHaveBeenCalled();
+    });
+  });
+
+  describe('changePassword', () => {
+    it('should update password when current password is valid', async () => {
+      mockUsersService.findById.mockResolvedValue(mockUser);
+      (bcrypt.compare as jest.Mock).mockResolvedValue(true);
+      (bcrypt.hash as jest.Mock).mockResolvedValue('$2b$10$newhashedpassword');
+      mockUsersService.updatePassword.mockResolvedValue(undefined);
+
+      await authService.changePassword('test-uuid', {
+        currentPassword: 'oldpassword',
+        newPassword: 'NewP@ssword1',
+      });
+
+      expect(mockUsersService.updatePassword).toHaveBeenCalledWith('test-uuid', '$2b$10$newhashedpassword');
+    });
+
+    it('should throw UnauthorizedException for wrong current password', async () => {
+      mockUsersService.findById.mockResolvedValue(mockUser);
+      (bcrypt.compare as jest.Mock).mockResolvedValue(false);
+
+      await expect(
+        authService.changePassword('test-uuid', {
+          currentPassword: 'wrongpassword',
+          newPassword: 'NewP@ssword1',
+        }),
+      ).rejects.toThrow(UnauthorizedException);
+    });
+
+    it('should throw UnauthorizedException if user not found', async () => {
+      mockUsersService.findById.mockResolvedValue(null);
+
+      await expect(
+        authService.changePassword('nonexistent-uuid', {
+          currentPassword: 'oldpassword',
+          newPassword: 'NewP@ssword1',
+        }),
+      ).rejects.toThrow(UnauthorizedException);
+    });
+  });
+
+{{#if features.emailVerification}}
+  describe('verifyEmail', () => {
+    it('should verify email with valid token', async () => {
+      mockUsersService.findByVerificationToken.mockResolvedValue(mockUser);
+      mockUsersService.markEmailVerified.mockResolvedValue(undefined);
+
+      const result = await authService.verifyEmail('valid-token');
+
+      expect(result.message).toBe('Email verified successfully');
+      expect(mockUsersService.markEmailVerified).toHaveBeenCalledWith('test-uuid');
+    });
+
+    it('should throw NotFoundException for invalid token', async () => {
+      mockUsersService.findByVerificationToken.mockResolvedValue(null);
+
+      await expect(authService.verifyEmail('invalid-token')).rejects.toThrow();
+    });
+  });
+
+  describe('resendVerification', () => {
+    it('should generate new verification token', async () => {
+      mockUsersService.findByEmail.mockResolvedValue({ ...mockUser, isEmailVerified: false });
+      mockUsersService.setVerificationToken.mockResolvedValue(undefined);
+
+      const result = await authService.resendVerification('test@example.com');
+
+      expect(result.verificationToken).toBeDefined();
+      expect(mockUsersService.setVerificationToken).toHaveBeenCalled();
+    });
+  });
+{{/if}}
+
+{{#if features.resetPassword}}
+  describe('forgotPassword', () => {
+    it('should generate reset token for existing user', async () => {
+      mockUsersService.findByEmail.mockResolvedValue(mockUser);
+      mockUsersService.setResetToken.mockResolvedValue(undefined);
+
+      const result = await authService.forgotPassword({ email: 'test@example.com' });
+
+      expect(result.resetToken).toBeDefined();
+      expect(mockUsersService.setResetToken).toHaveBeenCalled();
+    });
+
+    it('should return success even if user not found (prevent enumeration)', async () => {
+      mockUsersService.findByEmail.mockResolvedValue(null);
+
+      const result = await authService.forgotPassword({ email: 'unknown@example.com' });
+
+      expect(result.message).toBeDefined();
+    });
+  });
+
+  describe('resetPassword', () => {
+    it('should reset password with valid token', async () => {
+      const futureDate = new Date();
+      futureDate.setHours(futureDate.getHours() + 1);
+      mockUsersService.findByResetToken.mockResolvedValue({ ...mockUser, passwordResetExpires: futureDate });
+      (bcrypt.hash as jest.Mock).mockResolvedValue('$2b$10$newhashedpassword');
+      mockUsersService.updatePassword.mockResolvedValue(undefined);
+      mockUsersService.clearResetToken.mockResolvedValue(undefined);
+
+      const result = await authService.resetPassword({ token: 'valid-token', newPassword: 'NewP@ssword1' });
+
+      expect(result.message).toBe('Password reset successfully');
+      expect(mockUsersService.updatePassword).toHaveBeenCalled();
+      expect(mockUsersService.clearResetToken).toHaveBeenCalled();
+    });
+
+    it('should throw BadRequestException for invalid token', async () => {
+      mockUsersService.findByResetToken.mockResolvedValue(null);
+
+      await expect(
+        authService.resetPassword({ token: 'invalid-token', newPassword: 'NewP@ssword1' }),
+      ).rejects.toThrow();
+    });
+  });
+{{/if}}
+
+{{#if features.refreshTokens}}
+  describe('logout', () => {
+    it('should delete the refresh token', async () => {
+{{#if (eq orm "typeorm")}}
+      const storedToken = { id: '1', token: 'refresh-token' };
+      mockRefreshTokenRepository.findOne.mockResolvedValue(storedToken);
+      mockRefreshTokenRepository.remove.mockResolvedValue(undefined);
+{{/if}}
+
+      await authService.logout('refresh-token');
+
+{{#if (eq orm "typeorm")}}
+      expect(mockRefreshTokenRepository.findOne).toHaveBeenCalled();
+{{/if}}
+    });
+  });
+{{/if}}
+});

package/dist/generator/templates/users/users.controller.ts.hbs

@@ -0,0 +1,55 @@
+import { Controller, Get{{#if rbac.enabled}}, UseGuards{{/if}} } from '@nestjs/common';
+{{#if rbac.enabled}}
+import { JwtAuthGuard } from '../auth/guards/jwt-auth.guard';
+import { RolesGuard } from '../auth/guards/roles.guard';
+import { Roles } from '../auth/decorators/roles.decorator';
+{{/if}}
+{{#if features.rateLimiting}}
+import { SkipThrottle } from '@nestjs/throttler';
+{{/if}}
+{{#if features.swagger}}
+import { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth } from '@nestjs/swagger';
+{{/if}}
+import { CurrentUser } from '../auth/decorators/current-user.decorator';
+import { UsersService } from './users.service';
+
+@Controller('users')
+{{#if features.rateLimiting}}
+@SkipThrottle()
+{{/if}}
+{{#if features.swagger}}
+@ApiTags('Users')
+@ApiBearerAuth()
+{{/if}}
+{{#if rbac.enabled}}
+@UseGuards(JwtAuthGuard, RolesGuard)
+{{else}}
+@UseGuards(JwtAuthGuard)
+{{/if}}
+export class UsersController {
+  constructor(private readonly usersService: UsersService) {}
+
+  @Get('profile')
+{{#if features.swagger}}
+  @ApiOperation({ summary: 'Get current user profile' })
+  @ApiResponse({ status: 200, description: 'User profile returned' })
+  @ApiResponse({ status: 401, description: 'Unauthorized' })
+{{/if}}
+  getProfile(@CurrentUser() user: any) {
+    return user;
+  }
+
+{{#if rbac.enabled}}
+  @Get()
+  @Roles('Admin')
+{{#if features.swagger}}
+  @ApiOperation({ summary: 'Get all users (Admin only)' })
+  @ApiResponse({ status: 200, description: 'List of users returned' })
+  @ApiResponse({ status: 401, description: 'Unauthorized' })
+  @ApiResponse({ status: 403, description: 'Forbidden - Admin role required' })
+{{/if}}
+  findAll() {
+    return this.usersService.findAll();
+  }
+{{/if}}
+}

package/dist/generator/templates/users/users.module.ts.hbs

@@ -0,0 +1,31 @@
+import { Module } from '@nestjs/common';
+{{#if (eq orm "typeorm")}}
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { User } from './entities/user.entity';
+{{#if features.refreshTokens}}
+import { RefreshToken } from './entities/refresh-token.entity';
+{{/if}}
+{{else if (eq orm "prisma")}}
+import { PrismaModule } from '../prisma/prisma.module';
+{{/if}}
+import { UsersService } from './users.service';
+import { UsersController } from './users.controller';
+
+@Module({
+{{#if (eq orm "typeorm")}}
+  imports: [
+    TypeOrmModule.forFeature([
+      User,
+{{#if features.refreshTokens}}
+      RefreshToken,
+{{/if}}
+    ]),
+  ],
+{{else if (eq orm "prisma")}}
+  imports: [PrismaModule],
+{{/if}}
+  controllers: [UsersController],
+  providers: [UsersService],
+  exports: [UsersService],
+})
+export class UsersModule {}