refactor: auth medium tests (#19583)

2025-10-17 18:19:27 +00:00 · 2025-06-27 15:35:19 -04:00 · 2025-06-27 15:35:19 -04:00 · a2a9797fab
commit a2a9797fab
parent 3d35e65f27
4 changed files with 238 additions and 148 deletions
--- a/server/test/medium.factory.ts
+++ b/server/test/medium.factory.ts
@ -5,7 +5,7 @@ import { createHash, randomBytes } from 'node:crypto';
 import { Writable } from 'node:stream';
 import { AssetFace } from 'src/database';
 import { Albums, AssetJobStatus, Assets, DB, Exif, FaceSearch, Memories, Person, Sessions } from 'src/db';
-import { AuthDto } from 'src/dtos/auth.dto';
+import { AuthDto, LoginResponseDto } from 'src/dtos/auth.dto';
 import { AlbumUserRole, AssetType, AssetVisibility, MemoryType, SourceType, SyncRequestType } from 'src/enum';
 import { AccessRepository } from 'src/repositories/access.repository';
 import { ActivityRepository } from 'src/repositories/activity.repository';
@ -17,6 +17,7 @@ import { ConfigRepository } from 'src/repositories/config.repository';
 import { CryptoRepository } from 'src/repositories/crypto.repository';
 import { DatabaseRepository } from 'src/repositories/database.repository';
 import { EmailRepository } from 'src/repositories/email.repository';
+import { EventRepository } from 'src/repositories/event.repository';
 import { JobRepository } from 'src/repositories/job.repository';
 import { LoggingRepository } from 'src/repositories/logging.repository';
 import { MemoryRepository } from 'src/repositories/memory.repository';
@ -305,6 +306,10 @@ const newMockRepository = <T>(key: ClassConstructor<T>) => {
      return automock(EmailRepository, { args: [{ setContext: () => {} }] });
    }

+    case EventRepository: {
+      return automock(EventRepository, { args: [undefined, undefined, { setContext: () => {} }] });
+    }
+
    case JobRepository: {
      return automock(JobRepository, {
        args: [
@ -461,10 +466,13 @@ const sessionInsert = ({ id = newUuid(), userId, ...session }: Partial<Insertabl
 const userInsert = (user: Partial<Insertable<UserTable>> = {}) => {
  const id = user.id || newUuid();

-  const defaults: Insertable<UserTable> = {
+  const defaults = {
    email: `${id}@immich.cloud`,
    name: `User ${id}`,
    deletedAt: null,
+    isAdmin: false,
+    profileImagePath: '',
+    shouldChangePassword: true,
  };

  return { ...defaults, ...user, id };
@ -513,6 +521,24 @@ const syncStream = () => {
  return new CustomWritable();
 };

+const loginDetails = () => {
+  return { isSecure: false, clientIp: '', deviceType: '', deviceOS: '' };
+};
+
+const loginResponse = (): LoginResponseDto => {
+  const user = userInsert({});
+  return {
+    accessToken: 'access-token',
+    userId: user.id,
+    userEmail: user.email,
+    name: user.name,
+    profileImagePath: user.profileImagePath,
+    isAdmin: user.isAdmin,
+    shouldChangePassword: user.shouldChangePassword,
+    isOnboarded: false,
+  };
+};
+
 export const mediumFactory = {
  assetInsert,
  assetFaceInsert,
@ -524,4 +550,6 @@ export const mediumFactory = {
  syncStream,
  userInsert,
  memoryInsert,
+  loginDetails,
+  loginResponse,
 };
--- a/server/test/medium/specs/services/auth.service.spec.ts
+++ b/server/test/medium/specs/services/auth.service.spec.ts
@ -0,0 +1,163 @@
+import { BadRequestException } from '@nestjs/common';
+import { hash } from 'bcrypt';
+import { Kysely } from 'kysely';
+import { DB } from 'src/db';
+import { AuthType } from 'src/enum';
+import { AccessRepository } from 'src/repositories/access.repository';
+import { ConfigRepository } from 'src/repositories/config.repository';
+import { CryptoRepository } from 'src/repositories/crypto.repository';
+import { DatabaseRepository } from 'src/repositories/database.repository';
+import { EventRepository } from 'src/repositories/event.repository';
+import { LoggingRepository } from 'src/repositories/logging.repository';
+import { SessionRepository } from 'src/repositories/session.repository';
+import { StorageRepository } from 'src/repositories/storage.repository';
+import { SystemMetadataRepository } from 'src/repositories/system-metadata.repository';
+import { UserRepository } from 'src/repositories/user.repository';
+import { AuthService } from 'src/services/auth.service';
+import { mediumFactory, newMediumService } from 'test/medium.factory';
+import { factory } from 'test/small.factory';
+import { getKyselyDB } from 'test/utils';
+
+let defaultDatabase: Kysely<DB>;
+
+const setup = (db?: Kysely<DB>) => {
+  return newMediumService(AuthService, {
+    database: db || defaultDatabase,
+    real: [
+      AccessRepository,
+      ConfigRepository,
+      CryptoRepository,
+      DatabaseRepository,
+      SessionRepository,
+      SystemMetadataRepository,
+      UserRepository,
+    ],
+    mock: [LoggingRepository, StorageRepository, EventRepository],
+  });
+};
+
+beforeAll(async () => {
+  defaultDatabase = await getKyselyDB();
+});
+
+describe(AuthService.name, () => {
+  describe('adminSignUp', () => {
+    it(`should sign up the admin`, async () => {
+      const { sut } = setup();
+      const dto = { name: 'Admin', email: 'admin@immich.cloud', password: 'password' };
+
+      await expect(sut.adminSignUp(dto)).resolves.toEqual(
+        expect.objectContaining({
+          id: expect.any(String),
+          email: dto.email,
+          name: dto.name,
+          isAdmin: true,
+        }),
+      );
+    });
+
+    it('should not allow a second admin to sign up', async () => {
+      const { sut, ctx } = setup();
+      await ctx.newUser({ isAdmin: true });
+      const dto = { name: 'Admin', email: 'admin@immich.cloud', password: 'password' };
+
+      const response = sut.adminSignUp(dto);
+      await expect(response).rejects.toThrow(BadRequestException);
+      await expect(response).rejects.toThrow('The server already has an admin');
+    });
+  });
+
+  describe('login', () => {
+    it('should reject an incorrect password', async () => {
+      const { sut, ctx } = setup();
+      const password = 'password';
+      const passwordHashed = await hash(password, 10);
+      const { user } = await ctx.newUser({ password: passwordHashed });
+      const dto = { email: user.email, password: 'wrong-password' };
+
+      await expect(sut.login(dto, mediumFactory.loginDetails())).rejects.toThrow('Incorrect email or password');
+    });
+
+    it('should accept a correct password and return a login response', async () => {
+      const { sut, ctx } = setup();
+      const password = 'password';
+      const passwordHashed = await hash(password, 10);
+      const { user } = await ctx.newUser({ password: passwordHashed });
+      const dto = { email: user.email, password };
+
+      await expect(sut.login(dto, mediumFactory.loginDetails())).resolves.toEqual({
+        accessToken: expect.any(String),
+        isAdmin: user.isAdmin,
+        isOnboarded: false,
+        name: user.name,
+        profileImagePath: user.profileImagePath,
+        userId: user.id,
+        userEmail: user.email,
+        shouldChangePassword: user.shouldChangePassword,
+      });
+    });
+  });
+
+  describe('logout', () => {
+    it('should logout', async () => {
+      const { sut } = setup();
+      const auth = factory.auth();
+      await expect(sut.logout(auth, AuthType.PASSWORD)).resolves.toEqual({
+        successful: true,
+        redirectUri: '/auth/login?autoLaunch=0',
+      });
+    });
+
+    it('should cleanup the session', async () => {
+      const { sut, ctx } = setup();
+      const sessionRepo = ctx.get(SessionRepository);
+      const eventRepo = ctx.getMock(EventRepository);
+      const { user } = await ctx.newUser();
+      const { session } = await ctx.newSession({ userId: user.id });
+      const auth = factory.auth({ session, user });
+      eventRepo.emit.mockResolvedValue();
+
+      await expect(sessionRepo.get(session.id)).resolves.toEqual(expect.objectContaining({ id: session.id }));
+      await expect(sut.logout(auth, AuthType.PASSWORD)).resolves.toEqual({
+        successful: true,
+        redirectUri: '/auth/login?autoLaunch=0',
+      });
+      await expect(sessionRepo.get(session.id)).resolves.toBeUndefined();
+    });
+  });
+
+  describe('changePassword', () => {
+    it('should change the password and login with it', async () => {
+      const { sut, ctx } = setup();
+      const dto = { password: 'password', newPassword: 'new-password' };
+      const passwordHashed = await hash(dto.password, 10);
+      const { user } = await ctx.newUser({ password: passwordHashed });
+      const auth = factory.auth({ user });
+
+      const response = await sut.changePassword(auth, dto);
+      expect(response).toEqual(
+        expect.objectContaining({
+          id: user.id,
+          email: user.email,
+        }),
+      );
+      expect((response as any).password).not.toBeDefined();
+
+      await expect(
+        sut.login({ email: user.email, password: dto.newPassword }, mediumFactory.loginDetails()),
+      ).resolves.toBeDefined();
+    });
+
+    it('should validate the current password', async () => {
+      const { sut, ctx } = setup();
+      const dto = { password: 'wrong-password', newPassword: 'new-password' };
+      const passwordHashed = await hash('password', 10);
+      const { user } = await ctx.newUser({ password: passwordHashed });
+      const auth = factory.auth({ user });
+
+      const response = sut.changePassword(auth, dto);
+      await expect(response).rejects.toThrow(BadRequestException);
+      await expect(response).rejects.toThrow('Wrong password');
+    });
+  });
+});