marcel/familienarchiv
1
0
Fork 0
Code Issues 114 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
82e81e159a44370e7894c25b889053eb4d23e37c
familienarchiv/frontend/src/hooks.server.test.ts
Marcel 1f4e8a5958 test(auth): userGroup hook redirect + cookie cleanup coverage 
Four new tests against the composed handle (with sequence stubbed to return
the head function): backend 401 on a private path redirects to
/login?reason=expired; backend 401 on /login does NOT redirect (no loop);
missing fa_session passes through without a backend call; 200 attaches the
user to event.locals. Closes the hook-coverage gap flagged by Sara S1.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-17 22:50:41 +02:00

153 lines
5.1 KiB
TypeScript
Raw Blame History

import { describe, it, expect, vi, beforeEach } from 'vitest';
vi.mock('@sentry/sveltekit', () => ({
init: vi.fn(),
handleErrorWithSentry: (fn: (args: unknown) => unknown) => fn,
lastEventId: vi.fn(() => 'sentry-event-id-abc123')
}));
class RedirectMarker {
constructor(
public status: number,
public location: string
) {}
}
vi.mock('@sveltejs/kit', () => ({
redirect: vi.fn((status: number, location: string) => new RedirectMarker(status, location)),
isRedirect: (e: unknown) => e instanceof RedirectMarker
}));
vi.mock('@sveltejs/kit/hooks', () => ({ sequence: vi.fn((...fns: unknown[]) => fns[0]) }));
vi.mock('$lib/paraglide/server', () => ({ paraglideMiddleware: vi.fn() }));
vi.mock('$lib/paraglide/runtime', () => ({ cookieName: 'locale', cookieMaxAge: 86400 }));
vi.mock('$lib/shared/server/locale', () => ({ detectLocale: vi.fn(() => 'de') }));
vi.mock('process', () => ({ env: { API_INTERNAL_URL: 'http://backend:8080' } }));
const makeEvent = () => ({
url: { pathname: '/documents/123' },
locals: {}
});
describe('hooks.server handleError', () => {
beforeEach(() => {
vi.resetModules();
});
it('returns Sentry lastEventId as errorId', async () => {
const Sentry = await import('@sentry/sveltekit');
vi.mocked(Sentry.lastEventId).mockReturnValue('sentry-event-id-abc123');
const { handleError } = await import('./hooks.server');
const result = (handleError as (args: unknown) => { message: string; errorId: string })({
error: new Error('boom'),
event: makeEvent(),
status: 500,
message: 'Internal Error'
});
expect(result.errorId).toBe('sentry-event-id-abc123');
expect(result.message).toBe('An unexpected error occurred');
});
it('falls back to crypto.randomUUID when lastEventId returns undefined', async () => {
const Sentry = await import('@sentry/sveltekit');
vi.mocked(Sentry.lastEventId).mockReturnValue(undefined);
const { handleError } = await import('./hooks.server');
const result = (handleError as (args: unknown) => { message: string; errorId: string })({
error: new Error('boom'),
event: makeEvent(),
status: 500,
message: 'Internal Error'
});
expect(result.errorId).toMatch(
/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
);
expect(result.message).toBe('An unexpected error occurred');
});
});
interface UserGroupEvent {
url: URL;
cookies: { get: ReturnType<typeof vi.fn>; delete: ReturnType<typeof vi.fn> };
locals: { user?: unknown };
request: Request;
}
function makeUserGroupEvent(pathname: string, sessionId?: string): UserGroupEvent {
return {
url: new URL(`http://localhost${pathname}`),
cookies: {
get: vi.fn((name: string) => (name === 'fa_session' ? sessionId : undefined)),
delete: vi.fn()
},
locals: {},
request: new Request(`http://localhost${pathname}`)
};
}
describe('hooks.server userGroup (session lookup + 401 handling)', () => {
beforeEach(() => {
vi.resetModules();
vi.stubGlobal('fetch', vi.fn());
});
it('redirects to /login?reason=expired when backend rejects the session on a non-public path', async () => {
vi.mocked(fetch).mockResolvedValue(new Response(null, { status: 401 }));
const { handle } = await import('./hooks.server');
const event = makeUserGroupEvent('/documents/123', 'stale-session');
const resolve = vi.fn();
await expect((handle as (a: unknown) => unknown)({ event, resolve })).rejects.toMatchObject({
status: 302,
location: '/login?reason=expired'
});
expect(event.cookies.delete).toHaveBeenCalledWith('fa_session', { path: '/' });
expect(resolve).not.toHaveBeenCalled();
});
it('does not redirect when backend 401 fires on a public path (no /login → /login loop)', async () => {
vi.mocked(fetch).mockResolvedValue(new Response(null, { status: 401 }));
const { handle } = await import('./hooks.server');
const event = makeUserGroupEvent('/login', 'stale-session');
const resolve = vi.fn().mockResolvedValue(new Response());
await (handle as (a: unknown) => Promise<unknown>)({ event, resolve });
expect(event.cookies.delete).toHaveBeenCalledWith('fa_session', { path: '/' });
expect(resolve).toHaveBeenCalledWith(event);
});
it('passes through when no fa_session cookie is present', async () => {
const { handle } = await import('./hooks.server');
const event = makeUserGroupEvent('/documents/123', undefined);
const resolve = vi.fn().mockResolvedValue(new Response());
await (handle as (a: unknown) => Promise<unknown>)({ event, resolve });
expect(fetch).not.toHaveBeenCalled();
expect(resolve).toHaveBeenCalledWith(event);
});
it('attaches the user to locals when backend returns 200', async () => {
vi.mocked(fetch).mockResolvedValue(
new Response(JSON.stringify({ id: 'u1', email: 'a@b.de' }), {
status: 200,
headers: { 'Content-Type': 'application/json' }
})
);
const { handle } = await import('./hooks.server');
const event = makeUserGroupEvent('/documents/123', 'valid-session');
const resolve = vi.fn().mockResolvedValue(new Response());
await (handle as (a: unknown) => Promise<unknown>)({ event, resolve });
expect((event.locals as { user: { email: string } }).user.email).toBe('a@b.de');
});
});
Reference in New Issue View Git Blame Copy Permalink