import { afterEach, describe, expect, test, vi } from "vitest"; import { changeExternalPassword, loginExternal, normalizeSession } from "./auth.js"; afterEach(() => { vi.unstubAllGlobals(); }); describe("normalizeSession", () => { test("normalizes account objects, fixed app and capabilities without stringifying objects", () => { expect(normalizeSession({ account: { id: "ext-1", username: "fami-manager" }, app: { appCode: "fami", appName: "Fami", logoUrl: "https://media.example.com/fami.png" }, capabilities: ["user:list"], passwordChangeRequired: true })).toEqual(expect.objectContaining({ account: "fami-manager", appCode: "fami", appName: "Fami", logoUrl: "https://media.example.com/fami.png", capabilities: ["user:list"], passwordChangeRequired: true })); }); test("merges permission aliases from root and bound user", () => { const session = normalizeSession({ appCode: "lalu", permissions: ["host:list"], user: { permissions: ["team:view"], username: "lalu-ops" } }); expect(session.capabilities).toEqual(["host:list", "team:view"]); }); test("keeps the external account separate from the linked App user", () => { const session = normalizeSession({ account: { id: "external-account-8", username: "fami-manager" }, app: { appCode: "fami", appName: "Fami" }, user: { userId: "app-user-9", username: "App Nickname" } }); expect(session.account).toBe("fami-manager"); expect(session.displayName).toBe("App Nickname"); expect(session.id).toBe("external-account-8"); }); }); describe("external auth API contract", () => { test("login sends only account and password so the server resolves the App", async () => { const fetchMock = vi.fn(async () => jsonResponse({ code: 0, data: { account: "fami-manager", appCode: "fami" } })); vi.stubGlobal("fetch", fetchMock); await loginExternal({ account: " fami-manager ", appCode: "must-not-be-sent", password: " password bytes " }); expect(fetchMock.mock.calls[0][0]).toBe("/api/v1/external/auth/login"); expect(JSON.parse(fetchMock.mock.calls[0][1].body)).toEqual({ account: "fami-manager", password: " password bytes " }); }); test("change-password sends currentPassword and never oldPassword", async () => { const fetchMock = vi.fn(async () => jsonResponse({ code: 0, data: {} })); vi.stubGlobal("fetch", fetchMock); await changeExternalPassword({ newPassword: "new-password", oldPassword: "current-password" }); expect(JSON.parse(fetchMock.mock.calls[0][1].body)).toEqual({ currentPassword: "current-password", newPassword: "new-password" }); }); }); function jsonResponse(body, status = 200) { return new Response(JSON.stringify(body), { headers: { "content-type": "application/json" }, status }); }