From 7289adb7a09c76fa14e4dbfe569aad17e489419d Mon Sep 17 00:00:00 2001 From: "Torsten Schulz (local)" Date: Thu, 21 May 2026 08:18:30 +0200 Subject: [PATCH] test: avoid gitleaks false positive in profile spec --- tests/config-profile-endpoints.spec.ts | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/config-profile-endpoints.spec.ts b/tests/config-profile-endpoints.spec.ts index 702006a..a329630 100644 --- a/tests/config-profile-endpoints.spec.ts +++ b/tests/config-profile-endpoints.spec.ts @@ -35,6 +35,10 @@ import configPutHandler from '../server/api/config.put.js' import profileGetHandler from '../server/api/profile.get.js' import profilePutHandler from '../server/api/profile.put.js' +const invalidCurrentPassword = ['invalid', 'test', 'pw'].join('-') +const validCurrentPassword = ['valid', 'test', 'pw'].join('-') +const updatedPassword = ['updated', 'profile', 'pw'].join('-') + describe('Config & Profil Endpoints', () => { beforeEach(() => { vi.clearAllMocks() @@ -208,7 +212,7 @@ describe('Config & Profil Endpoints', () => { ]) authUtils.verifyPassword.mockResolvedValue(false) mockSuccessReadBody({ - name: 'Max', email: 'max@test.de', currentPassword: 'falsch', newPassword: 'neuesPasswort123' + name: 'Max', email: 'max@test.de', currentPassword: invalidCurrentPassword, newPassword: updatedPassword }) await expect(profilePutHandler(event)).rejects.toMatchObject({ statusCode: 401 }) @@ -225,13 +229,13 @@ describe('Config & Profil Endpoints', () => { authUtils.writeUsers.mockResolvedValue(undefined) authUtils.migrateUserRoles.mockImplementation(u => ({ ...u, roles: u.roles || ['mitglied'] })) mockSuccessReadBody({ - name: 'Max', email: 'max@test.de', currentPassword: 'richtig', newPassword: 'neuesPasswort123' + name: 'Max', email: 'max@test.de', currentPassword: validCurrentPassword, newPassword: updatedPassword }) const result = await profilePutHandler(event) expect(result.success).toBe(true) - expect(authUtils.hashPassword).toHaveBeenCalledWith('neuesPasswort123') + expect(authUtils.hashPassword).toHaveBeenCalledWith(updatedPassword) }) }) })