Refactor authentication logic in members API to use getUserFromToken for user retrieval. Update error messages for better clarity and enhance tests to reflect changes in authentication handling.

2026-03-30 15:29:25 +02:00
parent 7dea265eef
commit 5eee7df7e4
2 changed files with 16 additions and 18 deletions
--- a/server/api/members.post.js
+++ b/server/api/members.post.js
@@ -1,4 +1,4 @@
-import { verifyToken, getUserById, hasAnyRole } from '../utils/auth.js'
+import { getUserFromToken, hasAnyRole } from '../utils/auth.js'
 import { saveMember } from '../utils/members.js'

 export default defineEventHandler(async (event) => {
@@ -21,21 +21,12 @@ export default defineEventHandler(async (event) => {
      })
    }

-    const decoded = verifyToken(token)
-
-    if (!decoded) {
-      throw createError({
-        statusCode: 401,
-        message: 'Ungültiges Token.'
-      })
-    }
-
-    const user = await getUserById(decoded.id)
+    const user = await getUserFromToken(token)

    if (!user) {
      throw createError({
        statusCode: 401,
-        message: 'Benutzer nicht gefunden.'
+        message: 'Nicht authentifiziert oder Benutzer nicht gefunden.'
      })
    }

--- a/tests/members-endpoints.spec.ts
+++ b/tests/members-endpoints.spec.ts
@@ -114,8 +114,7 @@ describe('Members API Endpoints', () => {
    it('verlangt Admin- oder Vorstand-Rolle', async () => {
      const event = createEvent({ cookies: { auth_token: 'token' } })
      mockSuccessReadBody(baseBody)
-      authUtils.verifyToken.mockReturnValue({ id: '2' })
-      authUtils.getUserById.mockResolvedValue({ id: '2', role: 'mitglied' })
+      authUtils.getUserFromToken.mockResolvedValue({ id: '2', role: 'mitglied' })

      await expect(membersPostHandler(event)).rejects.toMatchObject({ statusCode: 403 })
    })
@@ -123,8 +122,7 @@ describe('Members API Endpoints', () => {
    it('gibt 409 bei Duplikaten zurück', async () => {
      const event = createEvent({ cookies: { auth_token: 'token' } })
      mockSuccessReadBody(baseBody)
-      authUtils.verifyToken.mockReturnValue({ id: '2' })
-      authUtils.getUserById.mockResolvedValue({ id: '2', role: 'admin' })
+      authUtils.getUserFromToken.mockResolvedValue({ id: '2', role: 'admin' })
      memberUtils.saveMember.mockRejectedValue(new Error('existiert bereits'))

      await expect(membersPostHandler(event)).rejects.toMatchObject({ statusCode: 409 })
@@ -133,8 +131,7 @@ describe('Members API Endpoints', () => {
    it('speichert Mitglied erfolgreich', async () => {
      const event = createEvent({ cookies: { auth_token: 'token' } })
      mockSuccessReadBody(baseBody)
-      authUtils.verifyToken.mockReturnValue({ id: '2' })
-      authUtils.getUserById.mockResolvedValue({ id: '2', role: 'admin' })
+      authUtils.getUserFromToken.mockResolvedValue({ id: '2', role: 'admin' })
      memberUtils.saveMember.mockResolvedValue(true)

      const response = await membersPostHandler(event)
@@ -143,6 +140,16 @@ describe('Members API Endpoints', () => {
        hasHallKey: true
      }))
    })
+
+    it('erlaubt vorstand beim Speichern', async () => {
+      const event = createEvent({ cookies: { auth_token: 'token' } })
+      mockSuccessReadBody(baseBody)
+      authUtils.getUserFromToken.mockResolvedValue({ id: '3', role: 'vorstand' })
+      memberUtils.saveMember.mockResolvedValue(true)
+
+      const response = await membersPostHandler(event)
+      expect(response.success).toBe(true)
+    })
  })

  describe('DELETE /api/members', () => {