Refactor authentication logic in members API to use getUserFromToken for user retrieval. Update error messages for better clarity and enhance tests to reflect changes in authentication handling.

2026-03-30 15:29:25 +02:00
parent 7dea265eef
commit 5eee7df7e4
2 changed files with 16 additions and 18 deletions
--- a/server/api/members.post.js
+++ b/server/api/members.post.js
@@ -1,4 +1,4 @@
-import { verifyToken, getUserById, hasAnyRole } from '../utils/auth.js'
+import { getUserFromToken, hasAnyRole } from '../utils/auth.js'
 import { saveMember } from '../utils/members.js'
 export default defineEventHandler(async (event) => {
@@ -21,21 +21,12 @@ export default defineEventHandler(async (event) => {
      })
    }
-    const decoded = verifyToken(token)
+    const user = await getUserFromToken(token)
    if (!decoded) {
      throw createError({
        statusCode: 401,
        message: 'Ungültiges Token.'
      })
    }
    const user = await getUserById(decoded.id)
    if (!user) {
      throw createError({
        statusCode: 401,
-        message: 'Benutzer nicht gefunden.'
+        message: 'Nicht authentifiziert oder Benutzer nicht gefunden.'
      })
    }
--- a/tests/members-endpoints.spec.ts
+++ b/tests/members-endpoints.spec.ts
@@ -114,8 +114,7 @@ describe('Members API Endpoints', () => {
    it('verlangt Admin- oder Vorstand-Rolle', async () => {
      const event = createEvent({ cookies: { auth_token: 'token' } })
      mockSuccessReadBody(baseBody)
-      authUtils.verifyToken.mockReturnValue({ id: '2' })
+      authUtils.getUserFromToken.mockResolvedValue({ id: '2', role: 'mitglied' })
      authUtils.getUserById.mockResolvedValue({ id: '2', role: 'mitglied' })
      await expect(membersPostHandler(event)).rejects.toMatchObject({ statusCode: 403 })
    })
@@ -123,8 +122,7 @@ describe('Members API Endpoints', () => {
    it('gibt 409 bei Duplikaten zurück', async () => {
      const event = createEvent({ cookies: { auth_token: 'token' } })
      mockSuccessReadBody(baseBody)
-      authUtils.verifyToken.mockReturnValue({ id: '2' })
+      authUtils.getUserFromToken.mockResolvedValue({ id: '2', role: 'admin' })
      authUtils.getUserById.mockResolvedValue({ id: '2', role: 'admin' })
      memberUtils.saveMember.mockRejectedValue(new Error('existiert bereits'))
      await expect(membersPostHandler(event)).rejects.toMatchObject({ statusCode: 409 })
@@ -133,8 +131,7 @@ describe('Members API Endpoints', () => {
    it('speichert Mitglied erfolgreich', async () => {
      const event = createEvent({ cookies: { auth_token: 'token' } })
      mockSuccessReadBody(baseBody)
-      authUtils.verifyToken.mockReturnValue({ id: '2' })
+      authUtils.getUserFromToken.mockResolvedValue({ id: '2', role: 'admin' })
      authUtils.getUserById.mockResolvedValue({ id: '2', role: 'admin' })
      memberUtils.saveMember.mockResolvedValue(true)
      const response = await membersPostHandler(event)
@@ -143,6 +140,16 @@ describe('Members API Endpoints', () => {
        hasHallKey: true
      }))
    })
    it('erlaubt vorstand beim Speichern', async () => {
      const event = createEvent({ cookies: { auth_token: 'token' } })
      mockSuccessReadBody(baseBody)
      authUtils.getUserFromToken.mockResolvedValue({ id: '3', role: 'vorstand' })
      memberUtils.saveMember.mockResolvedValue(true)
      const response = await membersPostHandler(event)
      expect(response.success).toBe(true)
    })
  })
  describe('DELETE /api/members', () => {