torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance authentication checks in CMS API endpoints; implement user role validation for admin and board access. Refactor Spielpläne API to remove unnecessary logging and improve error handling. Update tests to mock user authentication and ensure proper validation of file uploads.

Browse Source
This commit is contained in:
Torsten Schulz (local)
2025-11-10 13:18:29 +01:00
parent bde1d32b14
commit 3d6646cf31
5 changed files with 81 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tests/cms-files-endpoints.spec.ts
View File

@@ -2,6 +2,10 @@ import { beforeEach, describe, expect, it, vi } from 'vitest'
import { createEvent, mockSuccessReadBody } from './setup'
import fs from 'fs/promises'
vi.mock('../server/utils/auth.js', () => ({
getUserFromToken: vi.fn()
}))
vi.mock('multer', () => {
const single = vi.fn((field) => (req, _res, cb) => {
if (req.__mockMulterError) {
@@ -35,22 +39,26 @@ import saveCsvHandler from '../server/api/cms/save-csv.post.js'
import uploadSpielplanHandler from '../server/api/cms/upload-spielplan-pdf.post.js'
import satzungUploadHandler from '../server/api/cms/satzung-upload.post.js'
const { getUserFromToken } = await import('../server/utils/auth.js')
describe('CMS File Endpoints', () => {
beforeEach(() => {
vi.restoreAllMocks()
vi.clearAllMocks()
getUserFromToken.mockReset()
getUserFromToken.mockResolvedValue({ id: 'admin', role: 'admin' })
})
describe('POST /api/cms/save-csv', () => {
it('validiert Eingaben', async () => {
const event = createEvent()
const event = createEvent({ cookies: { auth_token: 'token' } })
mockSuccessReadBody({})
await expect(saveCsvHandler(event)).rejects.toMatchObject({ statusCode: 400 })
})
it('speichert erlaubte Datei', async () => {
const event = createEvent()
const event = createEvent({ cookies: { auth_token: 'token' } })
mockSuccessReadBody({ filename: 'mannschaften.csv', content: 'data' })
vi.spyOn(fs, 'mkdir').mockResolvedValue(undefined)
vi.spyOn(fs, 'writeFile').mockResolvedValue(undefined)
@@ -66,14 +74,16 @@ describe('CMS File Endpoints', () => {
const event = createEvent({ method: 'POST' })
event.node.req.__mockFile = { filename: 'file.pdf', originalname: 'orig.pdf', path: 'tmp', mimetype: 'application/pdf' }
event.node.req.body = { type: 'gesamt' }
getUserFromToken.mockResolvedValue(null)
await expect(uploadSpielplanHandler(event)).rejects.toMatchObject({ statusCode: 401 })
})
it('lädt PDF hoch und gibt Erfolg zurück', async () => {
const event = createEvent({ method: 'POST', headers: { authorization: 'Bearer token' } })
const event = createEvent({ method: 'POST', headers: { authorization: 'Bearer valid-token' } })
event.node.req.__mockFile = { filename: 'spielplan_gesamt.pdf', originalname: 'orig.pdf', path: 'tmp', mimetype: 'application/pdf' }
event.node.req.body = { type: 'gesamt' }
getUserFromToken.mockResolvedValue({ id: 'admin', role: 'admin' })
const response = await uploadSpielplanHandler(event)
expect(response.success).toBe(true)
@@ -83,10 +93,11 @@ describe('CMS File Endpoints', () => {
describe('POST /api/cms/satzung-upload', () => {
it('verarbeitet hochgeladene Satzung', async () => {
const event = createEvent({ method: 'POST' })
const event = createEvent({ method: 'POST', cookies: { auth_token: 'token' } })
event.node.req.__mockFile = { path: 'public/documents/satzung.pdf', filename: 'satzung.pdf', originalname: 'satzung.pdf', mimetype: 'application/pdf' }
vi.spyOn(fs, 'readFile').mockResolvedValueOnce(JSON.stringify({ seiten: {}, vorstand: { vorsitzender: { email: '' }, schriftfuehrer: { email: '' } } }))
vi.spyOn(fs, 'writeFile').mockResolvedValue(undefined)
getUserFromToken.mockResolvedValue({ id: 'admin', role: 'admin' })
const response = await satzungUploadHandler(event)
expect(response.success).toBe(true)