Add comprehensive e2e tests for API procedures with 100% coverage

- Add admin.test.ts: Tests for superuser operations (users, orgs, sites) - Add orgs.test.ts: Tests for org management, members, invites, sites - Expand me.test.ts: Add API tokens, invites, authMiddleware error paths - Expand auth.test.ts: Add loginRequestMiddleware tests, weak password test fix Bug fixes: - Fix countOwners() in orgs/helpers.ts to convert PostgreSQL bigint to number - Fix signup race condition by handling unique constraint violations gracefully All 283 tests pass with 100% function coverage on procedures. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-12 12:53:19 +08:00
parent 44a480179b
commit ebc85af62c
7 changed files with 4461 additions and 57 deletions
--- a/apps/api-server/src/tests/e2e/auth.test.ts
+++ b/apps/api-server/src/tests/e2e/auth.test.ts
@@ -1595,10 +1595,11 @@ describe("auth.resetPassword", () => {

      const ctx = createAPIContext(db);

+      // Password must be >=8 chars (schema) but weak enough to fail zxcvbn (score < 3)
      await expect(
        call(
          router.auth.resetPassword,
-          { token, newPassword: "weak" },
+          { token, newPassword: "password" },
          { context: ctx },
        ),
      ).rejects.toThrow();
@@ -2105,3 +2106,61 @@ describe("End-to-end login scenarios", () => {
    });
  });
 });
+
+// =============================================================================
+// loginRequestMiddleware tests (base.ts)
+// =============================================================================
+
+describe("loginRequestMiddleware", () => {
+  test("rejects request with no login request cookie", async () => {
+    await withTestTransaction(getSharedDb(), async (db) => {
+      // No login request token in context
+      const ctx = createAPIContext(db);
+
+      await expect(
+        call(router.auth.webauthn.createAuthenticationOptions, undefined, {
+          context: ctx,
+        }),
+      ).rejects.toThrow("No login request found");
+    });
+  });
+
+  test("rejects request with invalid login request token", async () => {
+    await withTestTransaction(getSharedDb(), async (db) => {
+      // Invalid token that doesn't exist in DB
+      const ctx = createAPIContext(db, {
+        loginRequestToken: "invalid-login-request-token",
+      });
+
+      await expect(
+        call(router.auth.webauthn.createAuthenticationOptions, undefined, {
+          context: ctx,
+        }),
+      ).rejects.toThrow("Login request expired or not found");
+    });
+  });
+
+  test("rejects request with expired login request", async () => {
+    await withTestTransaction(getSharedDb(), async (db) => {
+      const user = await createTestUser(db, {
+        email: "expiredloginreq@example.com",
+      });
+
+      // Create an expired login request
+      const { token: loginToken } = await createLoginRequest(
+        db,
+        user.id,
+        user.email,
+        { expiresAt: new Date(Date.now() - 1000) }, // Expired
+      );
+
+      const ctx = createAPIContext(db, { loginRequestToken: loginToken });
+
+      await expect(
+        call(router.auth.webauthn.createAuthenticationOptions, undefined, {
+          context: ctx,
+        }),
+      ).rejects.toThrow("Login request expired or not found");
+    });
+  });
+});