Merge origin/master and migrate tests to describeE2E

- Resolve merge conflicts in auth.test.ts, me.test.ts, db/schema.sql - Merge new loginRequestMiddleware tests into auth.test.ts describeE2E wrapper - Merge new authMiddleware tests into me.test.ts describeE2E wrapper - Add me.apiTokens and me.invites tests in separate describeE2E block - Migrate admin.test.ts to use describeE2E and @reviq/test-helpers - Migrate orgs.test.ts to use describeE2E and @reviq/test-helpers All e2e tests now properly use the describeE2E helper which enables SKIP_DB_TESTS environment variable support. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-12 13:19:29 +08:00
parent b2fba6e150 ebc85af62c
commit 92f7e1df09
6 changed files with 4470 additions and 57 deletions
--- a/apps/api-server/src/tests/e2e/auth.test.ts
+++ b/apps/api-server/src/tests/e2e/auth.test.ts
@@ -1515,7 +1515,6 @@ describeE2E("auth", () => {

        // Create some sessions
        await createSession(db, user.id);
-        await createSession(db, user.id);

        const token = await createPasswordReset(db, user.id);

@@ -2121,4 +2120,62 @@ describeE2E("auth", () => {
      });
    });
  });
-}); // Close outer describe.skipIf
+
+  // =============================================================================
+  // loginRequestMiddleware tests (base.ts)
+  // =============================================================================
+
+  describe("loginRequestMiddleware", () => {
+    test("rejects request with no login request cookie", async () => {
+      await withTestTransaction(getSharedDb(), async (db) => {
+        // No login request token in context
+        const ctx = createAPIContext(db);
+
+        await expect(
+          call(router.auth.webauthn.createAuthenticationOptions, undefined, {
+            context: ctx,
+          }),
+        ).rejects.toThrow("No login request found");
+      });
+    });
+
+    test("rejects request with invalid login request token", async () => {
+      await withTestTransaction(getSharedDb(), async (db) => {
+        // Invalid token that doesn't exist in DB
+        const ctx = createAPIContext(db, {
+          loginRequestToken: "invalid-login-request-token",
+        });
+
+        await expect(
+          call(router.auth.webauthn.createAuthenticationOptions, undefined, {
+            context: ctx,
+          }),
+        ).rejects.toThrow("Login request expired or not found");
+      });
+    });
+
+    test("rejects request with expired login request", async () => {
+      await withTestTransaction(getSharedDb(), async (db) => {
+        const user = await createTestUser(db, {
+          email: "expiredloginreq@example.com",
+        });
+
+        // Create an expired login request
+        const { token: loginToken } = await createLoginRequest(
+          db,
+          user.id,
+          user.email,
+          { expiresAt: new Date(Date.now() - 1000) }, // Expired
+        );
+
+        const ctx = createAPIContext(db, { loginRequestToken: loginToken });
+
+        await expect(
+          call(router.auth.webauthn.createAuthenticationOptions, undefined, {
+            context: ctx,
+          }),
+        ).rejects.toThrow("Login request expired or not found");
+      });
+    });
+  });
+}); // Close outer describeE2E