From 5eee7df7e46a0943b62070a57ec644b9b6d20f2b Mon Sep 17 00:00:00 2001 From: "Torsten Schulz (local)" Date: Mon, 30 Mar 2026 15:29:25 +0200 Subject: [PATCH] Refactor authentication logic in members API to use getUserFromToken for user retrieval. Update error messages for better clarity and enhance tests to reflect changes in authentication handling. --- server/api/members.post.js | 15 +++------------ tests/members-endpoints.spec.ts | 19 +++++++++++++------ 2 files changed, 16 insertions(+), 18 deletions(-) diff --git a/server/api/members.post.js b/server/api/members.post.js index ccd669d..18298e8 100644 --- a/server/api/members.post.js +++ b/server/api/members.post.js @@ -1,4 +1,4 @@ -import { verifyToken, getUserById, hasAnyRole } from '../utils/auth.js' +import { getUserFromToken, hasAnyRole } from '../utils/auth.js' import { saveMember } from '../utils/members.js' export default defineEventHandler(async (event) => { @@ -21,21 +21,12 @@ export default defineEventHandler(async (event) => { }) } - const decoded = verifyToken(token) - - if (!decoded) { - throw createError({ - statusCode: 401, - message: 'Ungültiges Token.' - }) - } - - const user = await getUserById(decoded.id) + const user = await getUserFromToken(token) if (!user) { throw createError({ statusCode: 401, - message: 'Benutzer nicht gefunden.' + message: 'Nicht authentifiziert oder Benutzer nicht gefunden.' }) } diff --git a/tests/members-endpoints.spec.ts b/tests/members-endpoints.spec.ts index f2f7b68..0445e9e 100644 --- a/tests/members-endpoints.spec.ts +++ b/tests/members-endpoints.spec.ts @@ -114,8 +114,7 @@ describe('Members API Endpoints', () => { it('verlangt Admin- oder Vorstand-Rolle', async () => { const event = createEvent({ cookies: { auth_token: 'token' } }) mockSuccessReadBody(baseBody) - authUtils.verifyToken.mockReturnValue({ id: '2' }) - authUtils.getUserById.mockResolvedValue({ id: '2', role: 'mitglied' }) + authUtils.getUserFromToken.mockResolvedValue({ id: '2', role: 'mitglied' }) await expect(membersPostHandler(event)).rejects.toMatchObject({ statusCode: 403 }) }) @@ -123,8 +122,7 @@ describe('Members API Endpoints', () => { it('gibt 409 bei Duplikaten zurück', async () => { const event = createEvent({ cookies: { auth_token: 'token' } }) mockSuccessReadBody(baseBody) - authUtils.verifyToken.mockReturnValue({ id: '2' }) - authUtils.getUserById.mockResolvedValue({ id: '2', role: 'admin' }) + authUtils.getUserFromToken.mockResolvedValue({ id: '2', role: 'admin' }) memberUtils.saveMember.mockRejectedValue(new Error('existiert bereits')) await expect(membersPostHandler(event)).rejects.toMatchObject({ statusCode: 409 }) @@ -133,8 +131,7 @@ describe('Members API Endpoints', () => { it('speichert Mitglied erfolgreich', async () => { const event = createEvent({ cookies: { auth_token: 'token' } }) mockSuccessReadBody(baseBody) - authUtils.verifyToken.mockReturnValue({ id: '2' }) - authUtils.getUserById.mockResolvedValue({ id: '2', role: 'admin' }) + authUtils.getUserFromToken.mockResolvedValue({ id: '2', role: 'admin' }) memberUtils.saveMember.mockResolvedValue(true) const response = await membersPostHandler(event) @@ -143,6 +140,16 @@ describe('Members API Endpoints', () => { hasHallKey: true })) }) + + it('erlaubt vorstand beim Speichern', async () => { + const event = createEvent({ cookies: { auth_token: 'token' } }) + mockSuccessReadBody(baseBody) + authUtils.getUserFromToken.mockResolvedValue({ id: '3', role: 'vorstand' }) + memberUtils.saveMember.mockResolvedValue(true) + + const response = await membersPostHandler(event) + expect(response.success).toBe(true) + }) }) describe('DELETE /api/members', () => {