maxim.dolgolyov/Learn_System
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
Learn_System/backend/tests/auth.test.js
T
Maxim Dolgolyov 2d7833cad9 test: зелёный сьют — синхрон политики пароля (8), jsdom devDep, serial-прогон 
Чинит 8 «baseline»-падений (теперь 330/330):
- auth (3): контроллер/фронт требуют пароль >=8, а схема роута (minLen:6) и тест
  (7-симв. 'pass123') устарели → схема register/profile 6→8, тест-пароли → 8 симв.
  (login/duplicate падали как следствие незарегистрированного юзера).
- page (5): jsdom не был установлен → добавлен в devDependencies.
- флакость jsdom-страниц при параллельном прогоне (фикс. wait под нагрузкой CPU) →
  npm test с --test-concurrency=1 (детерминированно; в изоляции тесты и так проходят).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 16:53:04 +03:00

93 lines
2.9 KiB
JavaScript
Raw Permalink Blame History

const { describe, it, after } = require('node:test');
const assert = require('node:assert/strict');
const { db, inject, getToken, cleanup } = require('./setup');
after(() => cleanup());
describe('Auth', () => {
it('registers a new user', async () => {
const res = await inject('POST', '/api/auth/register', {
email: 'auth1@test.com', password: 'pass1234', name: 'Auth User'
});
assert.equal(res.status, 201);
assert.ok(res.body.token);
assert.equal(res.body.user.email, 'auth1@test.com');
});
it('rejects duplicate email', async () => {
const res = await inject('POST', '/api/auth/register', {
email: 'auth1@test.com', password: 'pass1234', name: 'Dupe'
});
assert.equal(res.status, 409);
});
it('validates required fields', async () => {
const res = await inject('POST', '/api/auth/register', { email: 'x@y.z' });
assert.equal(res.status, 400);
});
it('validates email format', async () => {
const res = await inject('POST', '/api/auth/register', {
email: 'not-an-email', password: 'pass123', name: 'Bad'
});
assert.equal(res.status, 400);
});
it('validates password min length', async () => {
const res = await inject('POST', '/api/auth/register', {
email: 'short@test.com', password: '12345', name: 'Short'
});
assert.equal(res.status, 400);
});
it('logs in with correct credentials', async () => {
const res = await inject('POST', '/api/auth/login', {
email: 'auth1@test.com', password: 'pass1234'
});
assert.equal(res.status, 200);
assert.ok(res.body.token);
});
it('rejects wrong password', async () => {
const res = await inject('POST', '/api/auth/login', {
email: 'auth1@test.com', password: 'wrong'
});
assert.equal(res.status, 401);
});
it('GET /me returns user with valid token', async () => {
const { token } = await getToken();
const res = await inject('GET', '/api/auth/me', null, token);
assert.equal(res.status, 200);
assert.ok(res.body.id);
});
it('rejects request without token', async () => {
const res = await inject('GET', '/api/auth/me');
assert.equal(res.status, 401);
});
it('invalidates token after password change', async () => {
// Register
const reg = await inject('POST', '/api/auth/register', {
email: 'pwchange@test.com', password: 'old_pass123', name: 'PW Test'
});
const oldToken = reg.body.token;
// Change password
const upd = await inject('PATCH', '/api/auth/profile', {
currentPassword: 'old_pass123', newPassword: 'new_pass123'
}, oldToken);
assert.equal(upd.status, 200);
const newToken = upd.body.token;
// Old token should be rejected
const res1 = await inject('GET', '/api/auth/me', null, oldToken);
assert.equal(res1.status, 401);
// New token should work
const res2 = await inject('GET', '/api/auth/me', null, newToken);
assert.equal(res2.status, 200);
});
});
Reference in New Issue View Git Blame Copy Permalink