barbercollie/ReadMeABook
1
0
Fork 1
mirror of https://github.com/kikootwo/ReadMeABook.git synced 2026-06-03 21:00:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
feature-longer-torrent-timeout
ReadMeABook/tests/services/auth/local-auth-provider.test.ts
T
kikootwo af0eaceb98 Add extensible notification providers + UI/API 
Introduce a provider-based notification system and wire it through the API and admin UI. Added INotificationProvider + notification service implementation and providers (apprise, discord, ntfy, pushover), plus a GET /api/admin/notifications/providers endpoint to expose provider metadata. Refactored code to use provider type strings (removed enum coupling), updated masking/encryption calls, and simplified the test notification endpoint to accept backendId or type+config and call sendToBackend directly.

UI: NotificationsTab now fetches provider metadata and renders provider cards and dynamic config forms (fields driven by provider metadata). Added config field rendering, improved backend cards, and edit/delete actions.

APIs: New providers route, updated admin notification CRUD routes to validate provider types dynamically, updated test route schema. Added download-client categories POST API to fetch categories from clients and wired postImportCategory handling in download-client routes.

Other notable changes: BookDate now fetches Claude models dynamically from Anthropic's Models API; added paginated model fetch helper. Added ALLOW_WEAK_PASSWORD flag exposure to auth providers and password change logic. Doc updates and various tests added/updated. File-organization doc clarifies EPERM fix using stream-based copy.
2026-02-10 15:06:20 -05:00

338 lines
12 KiB
TypeScript
Raw Permalink Blame History

/**
* Component: Local Auth Provider Tests
* Documentation: documentation/backend/services/auth.md
*/
import { beforeEach, describe, expect, it, vi } from 'vitest';
import { createPrismaMock } from '../../helpers/prisma';
const prismaMock = createPrismaMock();
const configMock = vi.hoisted(() => ({ get: vi.fn() }));
const encryptionMock = vi.hoisted(() => ({
encrypt: vi.fn((value: string) => `enc:${value}`),
decrypt: vi.fn((value: string) => value.replace('enc:', '')),
}));
const bcryptCompare = vi.fn();
const bcryptHash = vi.fn();
vi.mock('@/lib/db', () => ({
prisma: prismaMock,
}));
vi.mock('@/lib/services/config.service', () => ({
getConfigService: () => configMock,
}));
vi.mock('@/lib/services/encryption.service', () => ({
getEncryptionService: () => encryptionMock,
}));
vi.mock('bcrypt', () => ({
default: { compare: bcryptCompare, hash: bcryptHash },
compare: bcryptCompare,
hash: bcryptHash,
}));
describe('LocalAuthProvider', () => {
beforeEach(() => {
vi.clearAllMocks();
});
it('logs in approved local users with valid password', async () => {
prismaMock.user.findFirst.mockResolvedValue({
id: 'user-1',
plexId: 'local-user',
plexUsername: 'user',
role: 'user',
authProvider: 'local',
authToken: 'enc:hash',
registrationStatus: 'approved',
deletedAt: null,
});
prismaMock.user.update.mockResolvedValue({});
bcryptCompare.mockResolvedValue(true);
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.handleCallback({ username: 'user', password: 'pass' });
expect(result.success).toBe(true);
expect(result.user?.authProvider).toBe('local');
expect(result.tokens?.accessToken).toBeTruthy();
expect(result.tokens?.refreshToken).toBeTruthy();
});
it('rejects login when credentials are missing', async () => {
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.handleCallback({ username: '', password: '' });
expect(result.success).toBe(false);
expect(result.error).toContain('Username and password required');
});
it('blocks login when approval is pending', async () => {
prismaMock.user.findFirst.mockResolvedValue({
id: 'user-2',
plexId: 'local-user',
plexUsername: 'user',
role: 'user',
authProvider: 'local',
authToken: 'enc:hash',
registrationStatus: 'pending_approval',
deletedAt: null,
});
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.handleCallback({ username: 'user', password: 'pass' });
expect(result.success).toBe(false);
expect(result.requiresApproval).toBe(true);
});
it('rejects login when account is rejected', async () => {
prismaMock.user.findFirst.mockResolvedValue({
id: 'user-2b',
plexId: 'local-user',
plexUsername: 'user',
role: 'user',
authProvider: 'local',
authToken: 'enc:hash',
registrationStatus: 'rejected',
deletedAt: null,
});
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.handleCallback({ username: 'user', password: 'pass' });
expect(result.success).toBe(false);
expect(result.error).toContain('rejected');
});
it('rejects login with invalid password', async () => {
prismaMock.user.findFirst.mockResolvedValue({
id: 'user-3',
plexId: 'local-user',
plexUsername: 'user',
role: 'user',
authProvider: 'local',
authToken: 'enc:hash',
registrationStatus: 'approved',
deletedAt: null,
});
bcryptCompare.mockResolvedValue(false);
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.handleCallback({ username: 'user', password: 'bad' });
expect(result.success).toBe(false);
expect(result.error).toMatch(/invalid username or password/i);
});
it('rejects login when password hash cannot be decrypted', async () => {
prismaMock.user.findFirst.mockResolvedValue({
id: 'user-4',
plexId: 'local-user',
plexUsername: 'user',
role: 'user',
authProvider: 'local',
authToken: 'enc:hash',
registrationStatus: 'approved',
deletedAt: null,
});
encryptionMock.decrypt.mockImplementationOnce(() => {
throw new Error('decrypt failed');
});
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.handleCallback({ username: 'user', password: 'pass' });
expect(result.success).toBe(false);
expect(result.error).toMatch(/invalid username or password/i);
});
it('rejects login when user is not found', async () => {
prismaMock.user.findFirst.mockResolvedValue(null);
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.handleCallback({ username: 'user', password: 'pass' });
expect(result.success).toBe(false);
expect(result.error).toMatch(/invalid username or password/i);
});
it('blocks registration when disabled', async () => {
configMock.get.mockResolvedValueOnce('false');
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.register({ username: 'user', password: 'password123' });
expect(result.success).toBe(false);
expect(result.error).toMatch(/registration is disabled/i);
});
it('rejects short usernames or passwords on registration', async () => {
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
let result = await provider.register({ username: 'ab', password: 'password123' });
expect(result.success).toBe(false);
expect(result.error).toContain('Username');
result = await provider.register({ username: 'user', password: 'short' });
expect(result.success).toBe(false);
expect(result.error).toContain('Password');
});
it('allows short passwords when ALLOW_WEAK_PASSWORD is enabled', async () => {
process.env.ALLOW_WEAK_PASSWORD = 'true';
configMock.get.mockResolvedValueOnce('true'); // registration enabled
configMock.get.mockResolvedValueOnce('false'); // no admin approval
prismaMock.user.findFirst.mockResolvedValue(null);
prismaMock.user.count.mockResolvedValue(0);
prismaMock.user.create.mockResolvedValue({
id: 'user-1',
plexId: 'local-user',
plexUsername: 'user',
role: 'admin',
});
bcryptHash.mockResolvedValue('hash');
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.register({ username: 'user', password: 'ab' });
expect(result.success).toBe(true);
delete process.env.ALLOW_WEAK_PASSWORD;
});
it('still rejects empty passwords when ALLOW_WEAK_PASSWORD is enabled', async () => {
process.env.ALLOW_WEAK_PASSWORD = 'true';
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.register({ username: 'user', password: '' });
expect(result.success).toBe(false);
expect(result.error).toContain('required');
delete process.env.ALLOW_WEAK_PASSWORD;
});
it('rejects registration when username is taken', async () => {
configMock.get.mockResolvedValueOnce('true');
prismaMock.user.findFirst.mockResolvedValue({ id: 'user-10' });
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.register({ username: 'user', password: 'password123' });
expect(result.success).toBe(false);
expect(result.error).toContain('Username already taken');
});
it('creates admin user on first registration', async () => {
configMock.get.mockResolvedValueOnce('true'); // registration enabled
configMock.get.mockResolvedValueOnce('false'); // no admin approval
prismaMock.user.findFirst.mockResolvedValue(null);
prismaMock.user.count.mockResolvedValue(0);
prismaMock.user.create.mockResolvedValue({
id: 'user-1',
plexId: 'local-user',
plexUsername: 'user',
role: 'admin',
});
bcryptHash.mockResolvedValue('hash');
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.register({ username: 'user', password: 'password123' });
expect(result.success).toBe(true);
expect(result.user?.role).toBe('admin');
});
it('returns pending approval when admin approval is required', async () => {
configMock.get.mockResolvedValueOnce('true'); // registration enabled
configMock.get.mockResolvedValueOnce('true'); // admin approval required
prismaMock.user.findFirst.mockResolvedValue(null);
prismaMock.user.count.mockResolvedValue(2);
prismaMock.user.create.mockResolvedValue({
id: 'user-11',
plexId: 'local-user',
plexUsername: 'user',
role: 'user',
});
bcryptHash.mockResolvedValue('hash');
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const result = await provider.register({ username: 'user', password: 'password123' });
expect(result.success).toBe(false);
expect(result.requiresApproval).toBe(true);
});
it('returns false for non-local or missing users during access validation', async () => {
prismaMock.user.findUnique.mockResolvedValueOnce(null);
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const missing = await provider.validateAccess({ id: 'user-12', username: 'x' });
expect(missing).toBe(false);
prismaMock.user.findUnique.mockResolvedValueOnce({
id: 'user-13',
authProvider: 'plex',
deletedAt: null,
registrationStatus: 'approved',
});
const notLocal = await provider.validateAccess({ id: 'user-13', username: 'x' });
expect(notLocal).toBe(false);
});
it('returns null for refresh token placeholder', async () => {
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const tokens = await provider.refreshToken('refresh');
expect(tokens).toBeNull();
});
it('rejects access for deleted or unapproved users', async () => {
prismaMock.user.findUnique.mockResolvedValueOnce({
id: 'user-4',
authProvider: 'local',
deletedAt: new Date(),
registrationStatus: 'approved',
});
const { LocalAuthProvider } = await import('@/lib/services/auth/LocalAuthProvider');
const provider = new LocalAuthProvider();
const deletedAccess = await provider.validateAccess({ id: 'user-4', username: 'x' });
expect(deletedAccess).toBe(false);
prismaMock.user.findUnique.mockResolvedValueOnce({
id: 'user-5',
authProvider: 'local',
deletedAt: null,
registrationStatus: 'pending_approval',
});
const pendingAccess = await provider.validateAccess({ id: 'user-5', username: 'x' });
expect(pendingAccess).toBe(false);
});
});
Reference in New Issue View Git Blame Copy Permalink