odac 1.4.3 → 1.4.5

package/test/Auth/verifyMagicLink.test.js

@@ -0,0 +1,281 @@
+describe('Auth.verifyMagicLink()', () => {
+  let Auth
+  let reqMock
+  let authInstance
+
+  /**
+   * Why: Builds a chainable DB mock simulating Knex's query builder pattern.
+   * Tracks all insert/update/delete calls for assertion.
+   * Supports orWhere, columnInfo, and schema — required by check(), register(), and migration helpers.
+   *
+   * @param {Array} rows - The rows the query should resolve to.
+   * @returns {object} Mock with chainable query builder and call tracker.
+   */
+  const createDbMock = (rows = []) => {
+    const tracker = {
+      deleteCalls: [],
+      firstResult: rows[0] || null,
+      insertCalls: [],
+      updateCalls: []
+    }
+
+    const chainable = () => ({
+      delete: jest.fn((...args) => {
+        tracker.deleteCalls.push(args)
+        return Promise.resolve(true)
+      }),
+      first: jest.fn(() => Promise.resolve(tracker.firstResult)),
+      insert: jest.fn(payload => {
+        tracker.insertCalls.push(payload)
+        return Promise.resolve(true)
+      }),
+      orWhere: jest.fn(() => chainable()),
+      then: cb => cb(rows),
+      update: jest.fn(payload => {
+        tracker.updateCalls.push(payload)
+        return Promise.resolve(true)
+      }),
+      where: jest.fn(() => chainable())
+    })
+
+    return {
+      // columnInfo: used by register() to detect PK column type
+      columnInfo: jest.fn(() => Promise.resolve({type: 'string'})),
+      insert: jest.fn(payload => {
+        tracker.insertCalls.push(payload)
+        return Promise.resolve(true)
+      }),
+      // orWhere: entry point used by check(where) before chaining
+      orWhere: jest.fn(() => chainable()),
+      // schema: used by migration helpers (#ensureUserTableV2, #ensureTokenTableV2)
+      schema: jest.fn(() => Promise.resolve()),
+      tracker,
+      where: jest.fn(() => chainable())
+    }
+  }
+
+  /**
+   * Why: Builds a minimal magic link record for DB mock responses.
+   *
+   * @param {object} overrides - Fields to override on the default record.
+   * @returns {object} Magic link record.
+   */
+  const createMagicRecord = (overrides = {}) => ({
+    browser: 'TestBrowser',
+    email: 'test@example.com',
+    expires_at: new Date(Date.now() + 15 * 60 * 1000),
+    id: 1,
+    ip: '127.0.0.1',
+    token_hash: 'hashed_token',
+    ...overrides
+  })
+
+  beforeEach(() => {
+    // Isolate module per test to reset the static #migrationCache Set on Auth class
+    jest.isolateModules(() => {
+      Auth = require('../../src/Auth.js')
+    })
+
+    reqMock = {
+      cookie: jest.fn((name, value) => {
+        if (value !== undefined) return
+        return null
+      }),
+      header: jest.fn(() => 'TestBrowser'),
+      host: 'example.com',
+      ip: '127.0.0.1',
+      res: {},
+      session: jest.fn(() => null),
+      ssl: false
+    }
+
+    authInstance = new Auth(reqMock)
+
+    global.Odac = {
+      Config: {
+        auth: {
+          key: 'id',
+          magicTable: 'odac_magic',
+          table: 'users',
+          token: 'odac_auth'
+        }
+      },
+      DB: {
+        fn: {now: () => new Date()},
+        nanoid: () => 'nano_' + Date.now()
+      },
+      Var: jest.fn(() => ({
+        hash: jest.fn(() => 'hashed_value'),
+        hashCheck: jest.fn(() => true),
+        is: jest.fn(() => false),
+        md5: jest.fn(() => 'md5_value')
+      }))
+    }
+  })
+
+  afterEach(() => {
+    delete global.Odac
+  })
+
+  // ─── EXISTING USER SCENARIOS ──────────────────────────────────────────────
+
+  it('should log in an existing user and return success', async () => {
+    const existingUser = {email: 'test@example.com', id: 'user_1', name: 'Test'}
+    const magicDbMock = createDbMock([createMagicRecord()])
+    // rows array is consumed by check(where) candidate query via .then()
+    const usersDbMock = createDbMock([existingUser])
+    usersDbMock.tracker.firstResult = existingUser
+    const authDbMock = createDbMock()
+
+    global.Odac.DB.odac_magic = magicDbMock
+    global.Odac.DB.users = usersDbMock
+    global.Odac.DB.odac_auth = authDbMock
+
+    const result = await authInstance.verifyMagicLink('raw_token', 'test@example.com')
+
+    expect(result.success).toBe(true)
+    expect(result.user).toEqual(existingUser)
+    // Exactly one login token must be inserted — no duplicate
+    expect(authDbMock.tracker.insertCalls.length).toBe(1)
+  })
+
+  it('should consume (delete) all magic tokens for the email after successful verification', async () => {
+    const existingUser = {email: 'test@example.com', id: 'user_1'}
+    const magicDbMock = createDbMock([createMagicRecord()])
+    const usersDbMock = createDbMock([existingUser])
+    usersDbMock.tracker.firstResult = existingUser
+
+    global.Odac.DB.odac_magic = magicDbMock
+    global.Odac.DB.users = usersDbMock
+    global.Odac.DB.odac_auth = createDbMock()
+
+    await authInstance.verifyMagicLink('raw_token', 'test@example.com')
+
+    // All magic tokens for this email must be deleted to prevent reuse
+    expect(magicDbMock.tracker.deleteCalls.length).toBe(1)
+  })
+
+  // ─── NEW USER (AUTO-REGISTER) SCENARIOS ───────────────────────────────────
+
+  it('should NOT create duplicate odac_auth tokens when auto-registering a new user', async () => {
+    // Regression test: verifyMagicLink must not call login() a second time
+    // when register() already performed auto-login internally.
+    const newUser = {email: 'new@example.com', id: 'nano_new'}
+    const magicDbMock = createDbMock([createMagicRecord({email: 'new@example.com'})])
+
+    // Query path breakdown:
+    //   first() calls → (1) verifyMagicLink existence check: null
+    //                   (2) register unique field check: null
+    //                   (3) register post-insert retrieval: newUser
+    //   then() calls  → check(where) candidate query (used by login): always [newUser]
+    let usersFirstCallCount = 0
+    const usersDbMock = createDbMock()
+    const usersChainable = () => ({
+      delete: jest.fn(() => Promise.resolve(true)),
+      first: jest.fn(() => {
+        usersFirstCallCount++
+        return Promise.resolve(usersFirstCallCount < 3 ? null : newUser)
+      }),
+      orWhere: jest.fn(() => usersChainable()),
+      then: cb => cb([newUser]),
+      update: jest.fn(() => Promise.resolve(true)),
+      where: jest.fn(() => usersChainable())
+    })
+    usersDbMock.where = jest.fn(() => usersChainable())
+    usersDbMock.orWhere = jest.fn(() => usersChainable())
+
+    const authDbMock = createDbMock()
+
+    global.Odac.DB.odac_magic = magicDbMock
+    global.Odac.DB.users = usersDbMock
+    global.Odac.DB.odac_auth = authDbMock
+
+    const result = await authInstance.verifyMagicLink('raw_token', 'new@example.com')
+
+    expect(result.success).toBe(true)
+    // THE CRITICAL ASSERTION: register() auto-login + verifyMagicLink must produce exactly 1 token
+    expect(authDbMock.tracker.insertCalls.length).toBe(1)
+  })
+
+  it('should return the newly registered user on success', async () => {
+    const newUser = {email: 'new@example.com', id: 'nano_new'}
+    const magicDbMock = createDbMock([createMagicRecord({email: 'new@example.com'})])
+
+    let usersFirstCallCount = 0
+    const usersDbMock = createDbMock()
+    const usersChainable = () => ({
+      delete: jest.fn(() => Promise.resolve(true)),
+      first: jest.fn(() => {
+        usersFirstCallCount++
+        return Promise.resolve(usersFirstCallCount < 3 ? null : newUser)
+      }),
+      orWhere: jest.fn(() => usersChainable()),
+      then: cb => cb([newUser]),
+      update: jest.fn(() => Promise.resolve(true)),
+      where: jest.fn(() => usersChainable())
+    })
+    usersDbMock.where = jest.fn(() => usersChainable())
+    usersDbMock.orWhere = jest.fn(() => usersChainable())
+
+    global.Odac.DB.odac_magic = magicDbMock
+    global.Odac.DB.users = usersDbMock
+    global.Odac.DB.odac_auth = createDbMock()
+
+    const result = await authInstance.verifyMagicLink('raw_token', 'new@example.com')
+
+    expect(result.success).toBe(true)
+    expect(result.user).toBeDefined()
+    expect(result.user.email).toBe('new@example.com')
+  })
+
+  // ─── FAILURE SCENARIOS ────────────────────────────────────────────────────
+
+  it('should return error when tokenRaw is missing', async () => {
+    const result = await authInstance.verifyMagicLink(null, 'test@example.com')
+    expect(result.success).toBe(false)
+    expect(result.error).toBe('Invalid link')
+  })
+
+  it('should return error when email is missing', async () => {
+    const result = await authInstance.verifyMagicLink('raw_token', null)
+    expect(result.success).toBe(false)
+    expect(result.error).toBe('Invalid link')
+  })
+
+  it('should return error when no valid (non-expired) magic records exist', async () => {
+    global.Odac.DB.odac_magic = createDbMock([])
+
+    const result = await authInstance.verifyMagicLink('raw_token', 'test@example.com')
+
+    expect(result.success).toBe(false)
+    expect(result.error).toBe('Link expired or invalid')
+  })
+
+  it('should return error when token hash does not match', async () => {
+    global.Odac.Var = jest.fn(() => ({
+      hash: jest.fn(() => 'hashed_value'),
+      hashCheck: jest.fn(() => false),
+      is: jest.fn(() => false)
+    }))
+    global.Odac.DB.odac_magic = createDbMock([createMagicRecord()])
+
+    const result = await authInstance.verifyMagicLink('wrong_token', 'test@example.com')
+
+    expect(result.success).toBe(false)
+    expect(result.error).toBe('Invalid token')
+  })
+
+  it('should NOT delete magic tokens when token hash does not match', async () => {
+    global.Odac.Var = jest.fn(() => ({
+      hash: jest.fn(() => 'hashed_value'),
+      hashCheck: jest.fn(() => false),
+      is: jest.fn(() => false)
+    }))
+    const magicDbMock = createDbMock([createMagicRecord()])
+    global.Odac.DB.odac_magic = magicDbMock
+
+    await authInstance.verifyMagicLink('wrong_token', 'test@example.com')
+
+    expect(magicDbMock.tracker.deleteCalls.length).toBe(0)
+  })
+})

package/test/Client/load.test.js

@@ -0,0 +1,306 @@
+describe('Odac.load()', () => {
+  let mockXhr, mockDocument, mockWindow
+
+  const setupMocks = (options = {}) => {
+    jest.resetModules()
+    mockXhr = {
+      open: jest.fn(),
+      setRequestHeader: jest.fn(),
+      send: jest.fn(),
+      getResponseHeader: jest.fn(() => null),
+      responseURL: '',
+      status: 200,
+      responseText: '{}',
+      response: '{}',
+      onload: null,
+      onerror: null
+    }
+
+    const transitionElements = options.transitionElements || []
+
+    mockDocument = {
+      getElementById: jest.fn(),
+      querySelectorAll: jest.fn(selector => {
+        if (selector === '[odac-transition]') return transitionElements
+        return []
+      }),
+      querySelector: jest.fn(),
+      addEventListener: jest.fn(),
+      removeEventListener: jest.fn(),
+      dispatchEvent: jest.fn(),
+      documentElement: {dataset: {}},
+      cookie: '',
+      readyState: 'complete',
+      startViewTransition: options.hasViewTransition
+        ? jest.fn(cb => {
+            cb()
+            return {
+              finished: Promise.resolve(),
+              ready: Promise.resolve(),
+              updateCallbackDone: Promise.resolve()
+            }
+          })
+        : undefined,
+      createElement: jest.fn(tag => {
+        const el = {
+          setAttribute: jest.fn(),
+          style: {},
+          appendChild: jest.fn(),
+          parentNode: {insertBefore: jest.fn()},
+          _innerHTML: '',
+          get value() {
+            if (tag === 'textarea') {
+              return this._innerHTML
+                .replace(/&/g, '&')
+                .replace(/&lt;/g, '<')
+                .replace(/&gt;/g, '>')
+                .replace(/&quot;/g, '"')
+                .replace(/&#039;/g, "'")
+            }
+            return ''
+          }
+        }
+        Object.defineProperty(el, 'innerHTML', {
+          get() {
+            return el._innerHTML
+          },
+          set(v) {
+            el._innerHTML = v
+          }
+        })
+        return el
+      })
+    }
+
+    mockWindow = {
+      location: {protocol: 'http:', host: 'localhost', href: 'http://localhost/', replace: jest.fn()},
+      history: {pushState: jest.fn()},
+      scrollTo: jest.fn(),
+      addEventListener: jest.fn(),
+      XMLHttpRequest: jest.fn(() => mockXhr),
+      localStorage: {getItem: jest.fn(), setItem: jest.fn(), removeItem: jest.fn()},
+      CustomEvent: jest.fn((name, detail) => ({name, detail})),
+      setTimeout: jest.fn(),
+      clearTimeout: jest.fn(),
+      requestAnimationFrame: jest.fn(cb => cb(Date.now())),
+      WebSocket: jest.fn(() => ({send: jest.fn(), close: jest.fn(), readyState: 1})),
+      FormData: jest.fn(),
+      URL: global.URL
+    }
+    mockWindow.window = mockWindow
+    mockWindow.document = mockDocument
+    mockWindow.WebSocket.OPEN = 1
+    mockWindow.WebSocket.CLOSED = 3
+    global.window = mockWindow
+    global.document = mockDocument
+    global.location = mockWindow.location
+    global.XMLHttpRequest = mockWindow.XMLHttpRequest
+    global.localStorage = mockWindow.localStorage
+    global.CustomEvent = mockWindow.CustomEvent
+    global.WebSocket = mockWindow.WebSocket
+    global.setTimeout = mockWindow.setTimeout
+    global.clearTimeout = mockWindow.clearTimeout
+    global.requestAnimationFrame = mockWindow.requestAnimationFrame
+    global.FormData = mockWindow.FormData
+    delete require.cache[require.resolve('../../client/odac.js')]
+    require('../../client/odac.js')
+  }
+
+  afterEach(() => {
+    delete global.window
+    delete global.document
+    delete global.location
+    delete global.XMLHttpRequest
+    delete global.localStorage
+    delete global.CustomEvent
+    delete global.WebSocket
+    delete global.setTimeout
+    delete global.clearTimeout
+    delete global.requestAnimationFrame
+    delete global.FormData
+    delete global.Odac
+  })
+
+  describe('URL validation', () => {
+    beforeEach(() => setupMocks())
+
+    test('should resolve empty string to current URL and proceed with navigation', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      window.Odac.load('', jest.fn())
+      // Empty string resolves to current URL via new URL('', base) — AJAX fires normally
+      expect(mockXhr.send).toHaveBeenCalled()
+    })
+
+    test('should reject javascript: protocol URLs', () => {
+      const result = window.Odac.load('javascript:void(0)', jest.fn())
+      expect(result).toBe(false)
+    })
+
+    test('should reject data: protocol URLs', () => {
+      const result = window.Odac.load('data:text/html,test', jest.fn())
+      expect(result).toBe(false)
+    })
+
+    test('should reject vbscript: protocol URLs', () => {
+      const result = window.Odac.load('vbscript:test', jest.fn())
+      expect(result).toBe(false)
+    })
+
+    test('should reject hash-only URLs', () => {
+      const result = window.Odac.load('#section', jest.fn())
+      expect(result).toBe(false)
+    })
+
+    test('should prevent concurrent navigations', () => {
+      window.Odac.load('/page-1', jest.fn())
+      const result = window.Odac.load('/page-2', jest.fn())
+      expect(result).toBe(false)
+    })
+  })
+
+  describe('fade fallback path', () => {
+    beforeEach(() => setupMocks({hasViewTransition: false}))
+
+    test('should use fade when View Transition API is unavailable', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      window.Odac.load('/test', jest.fn())
+      expect(mockXhr.open).toHaveBeenCalledWith('GET', 'http://localhost/test', true)
+      expect(mockXhr.send).toHaveBeenCalled()
+    })
+
+    test('should fallback to window.location.replace on AJAX error', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      window.Odac.load('/error-page', jest.fn())
+      mockXhr.onerror()
+      expect(mockWindow.location.replace).toHaveBeenCalledWith('http://localhost/error-page')
+    })
+  })
+
+  describe('View Transition API path', () => {
+    let transitionElements
+
+    beforeEach(() => {
+      transitionElements = [
+        {getAttribute: jest.fn(() => 'header'), style: {}, setAttribute: jest.fn()},
+        {getAttribute: jest.fn(() => 'hero'), style: {}, setAttribute: jest.fn()}
+      ]
+      setupMocks({hasViewTransition: true, transitionElements})
+    })
+
+    test('should use View Transition API when supported and odac-transition elements exist', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      window.Odac.load('/new-page', jest.fn())
+
+      expect(transitionElements[0].style.viewTransitionName).toBe('header')
+      expect(transitionElements[1].style.viewTransitionName).toBe('hero')
+      expect(mockXhr.send).toHaveBeenCalled()
+    })
+
+    test('should call startViewTransition on successful AJAX response', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      mockXhr.responseURL = 'http://localhost/new-page'
+      mockXhr.getResponseHeader.mockImplementation(h => (h === 'Content-Type' ? 'application/json' : null))
+
+      window.Odac.load('/new-page', jest.fn())
+
+      mockXhr.responseText = JSON.stringify({title: 'New Page', output: {}})
+      mockXhr.status = 200
+      if (mockXhr.onload) mockXhr.onload()
+
+      expect(mockDocument.startViewTransition).toHaveBeenCalled()
+    })
+
+    test('should apply transition names to elements before snapshot', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      window.Odac.load('/page', jest.fn())
+
+      expect(transitionElements[0].getAttribute).toHaveBeenCalledWith('odac-transition')
+      expect(transitionElements[0].style.viewTransitionName).toBe('header')
+      expect(transitionElements[1].getAttribute).toHaveBeenCalledWith('odac-transition')
+      expect(transitionElements[1].style.viewTransitionName).toBe('hero')
+    })
+
+    test('should fall back to full page load on skeleton change', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      mockXhr.responseURL = 'http://localhost/new-skeleton'
+      mockXhr.getResponseHeader.mockImplementation(h => (h === 'Content-Type' ? 'application/json' : null))
+
+      window.Odac.load('/new-skeleton', jest.fn())
+
+      mockXhr.responseText = JSON.stringify({skeletonChanged: true})
+      mockXhr.status = 200
+      if (mockXhr.onload) mockXhr.onload()
+
+      expect(mockDocument.startViewTransition).not.toHaveBeenCalled()
+      expect(mockWindow.location.href).toBe('http://localhost/new-skeleton')
+    })
+
+    test('should clean transition names on AJAX error', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      window.Odac.load('/fail', jest.fn())
+
+      mockXhr.onerror()
+
+      expect(transitionElements[0].style.viewTransitionName).toBe('')
+      expect(transitionElements[1].style.viewTransitionName).toBe('')
+    })
+  })
+
+  describe('fade fallback when no odac-transition elements', () => {
+    beforeEach(() => setupMocks({hasViewTransition: true, transitionElements: []}))
+
+    test('should use fade path when API exists but no odac-transition elements found', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      window.Odac.load('/page', jest.fn())
+
+      expect(mockDocument.startViewTransition).not.toHaveBeenCalled()
+      expect(mockXhr.send).toHaveBeenCalled()
+    })
+  })
+
+  describe('title HTML entity decoding', () => {
+    beforeEach(() => setupMocks({hasViewTransition: false}))
+
+    test('should decode HTML entities in title during fade navigation', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      mockXhr.responseURL = 'http://localhost/products'
+      mockXhr.getResponseHeader.mockImplementation(h => (h === 'Content-Type' ? 'application/json' : null))
+
+      window.Odac.load('/products', jest.fn())
+
+      mockXhr.responseText = JSON.stringify({title: 'Tom &amp; Jerry', output: {}})
+      mockXhr.status = 200
+      mockXhr.onload()
+
+      expect(mockDocument.title).toBe('Tom & Jerry')
+    })
+
+    test('should decode multiple HTML entities in title', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      mockXhr.responseURL = 'http://localhost/page'
+      mockXhr.getResponseHeader.mockImplementation(h => (h === 'Content-Type' ? 'application/json' : null))
+
+      window.Odac.load('/page', jest.fn())
+
+      mockXhr.responseText = JSON.stringify({title: '&lt;ODAC&gt; &amp; &quot;Framework&quot;', output: {}})
+      mockXhr.status = 200
+      mockXhr.onload()
+
+      expect(mockDocument.title).toBe('<ODAC> & "Framework"')
+    })
+
+    test('should handle title without entities unchanged', () => {
+      jest.spyOn(window.Odac, 'token').mockReturnValue('mock-token')
+      mockXhr.responseURL = 'http://localhost/simple'
+      mockXhr.getResponseHeader.mockImplementation(h => (h === 'Content-Type' ? 'application/json' : null))
+
+      window.Odac.load('/simple', jest.fn())
+
+      mockXhr.responseText = JSON.stringify({title: 'Simple Page Title', output: {}})
+      mockXhr.status = 200
+      mockXhr.onload()
+
+      expect(mockDocument.title).toBe('Simple Page Title')
+    })
+  })
+})

package/test/Lang/get.test.js

@@ -1,7 +1,17 @@
-const fs = require('fs')
+const fs = require('node:fs')
 const Lang = require('../../src/Lang')
 
-jest.mock('fs')
+jest.mock('node:fs', () => ({
+  promises: {
+    mkdir: jest.fn(),
+    writeFile: jest.fn(),
+    access: jest.fn()
+  },
+  existsSync: jest.fn(),
+  mkdirSync: jest.fn(),
+  writeFileSync: jest.fn(),
+  readFileSync: jest.fn()
+}))
 
 describe('Lang.get()', () => {
   let mockOdac
@@ -22,8 +32,8 @@ describe('Lang.get()', () => {
     }
 
     fs.existsSync.mockReturnValue(false)
-    fs.mkdirSync.mockImplementation(() => {})
-    fs.writeFileSync.mockImplementation(() => {})
+    fs.promises.mkdir.mockResolvedValue()
+    fs.promises.writeFile.mockResolvedValue()
     fs.readFileSync.mockImplementation(() => {
       throw new Error('ENOENT')
     })
@@ -31,7 +41,7 @@ describe('Lang.get()', () => {
     lang = new Lang(mockOdac)
   })
 
-  it('should return matching string and support placeholders', () => {
+  it('should return matching string and support placeholders', async () => {
     fs.existsSync.mockImplementation(path => path.includes('/tr.json'))
     fs.readFileSync.mockReturnValue(
       JSON.stringify({
@@ -40,10 +50,10 @@ describe('Lang.get()', () => {
     )
 
     lang.set('tr')
-    expect(lang.get('welcome', 'Emre')).toBe('Merhaba Emre!')
+    expect(await lang.get('welcome', 'Emre')).toBe('Merhaba Emre!')
   })
 
-  it('should support numbered placeholders', () => {
+  it('should support numbered placeholders', async () => {
     fs.existsSync.mockImplementation(path => path.includes('/en.json'))
     fs.readFileSync.mockReturnValue(
       JSON.stringify({
@@ -52,14 +62,30 @@ describe('Lang.get()', () => {
     )
 
     lang.set('en')
-    expect(lang.get('order', 'A', 'B')).toBe('First: A, Second: B')
+    expect(await lang.get('order', 'A', 'B')).toBe('First: A, Second: B')
   })
 
-  it('should auto-save new keys', () => {
+  it('should auto-save new keys', async () => {
     lang.set('en')
-    const result = lang.get('new_key')
+    const result = await lang.get('new_key')
 
     expect(result).toBe('new_key')
-    expect(fs.writeFileSync).toHaveBeenCalledWith(expect.stringContaining('/en.json'), expect.stringContaining('"new_key": "new_key"'))
+    expect(fs.promises.writeFile).toHaveBeenCalledWith(expect.stringContaining('/en.json'), expect.stringContaining('"new_key": "new_key"'))
+  })
+
+  it('should set language from ACCEPT-LANGUAGE header', () => {
+    mockOdac.Request.header.mockImplementation(name => {
+      if (name === 'ACCEPT-LANGUAGE') return 'tr-TR,tr;q=0.9'
+      return null
+    })
+
+    lang.set()
+    // We check internal #lang via side effect or just trust the logic if we can't access private field easily.
+    // But we can check if it tries to read tr.json
+    fs.existsSync.mockImplementation(path => path.includes('/tr.json'))
+    fs.readFileSync.mockReturnValue('{}')
+
+    lang.set()
+    expect(fs.readFileSync).toHaveBeenCalledWith(expect.stringContaining('/tr.json'), 'utf8')
   })
 })