auth

2025-12-31 19:55:43 +01:00
parent 8260bf7baf
commit 167e82a52b
66 changed files with 5124 additions and 228 deletions
--- a/core/identity/application/use-cases/ResetPasswordUseCase.test.ts
+++ b/core/identity/application/use-cases/ResetPasswordUseCase.test.ts
@@ -0,0 +1,239 @@
+import { describe, it, expect, vi, type Mock, beforeEach } from 'vitest';
+import { ResetPasswordUseCase } from './ResetPasswordUseCase';
+import { EmailAddress } from '../../domain/value-objects/EmailAddress';
+import { UserId } from '../../domain/value-objects/UserId';
+import { User } from '../../domain/entities/User';
+import type { IAuthRepository } from '../../domain/repositories/IAuthRepository';
+import type { IMagicLinkRepository } from '../../domain/repositories/IMagicLinkRepository';
+import type { IPasswordHashingService } from '../../domain/services/PasswordHashingService';
+import type { Logger, UseCaseOutputPort } from '@core/shared/application';
+import { Result } from '@core/shared/application/Result';
+
+type ResetPasswordOutput = {
+  message: string;
+};
+
+describe('ResetPasswordUseCase', () => {
+  let authRepo: {
+    findByEmail: Mock;
+    save: Mock;
+  };
+  let magicLinkRepo: {
+    findByToken: Mock;
+    markAsUsed: Mock;
+  };
+  let passwordService: {
+    hash: Mock;
+  };
+  let logger: Logger;
+  let output: UseCaseOutputPort<ResetPasswordOutput> & { present: Mock };
+  let useCase: ResetPasswordUseCase;
+
+  beforeEach(() => {
+    authRepo = {
+      findByEmail: vi.fn(),
+      save: vi.fn(),
+    };
+    magicLinkRepo = {
+      findByToken: vi.fn(),
+      markAsUsed: vi.fn(),
+    };
+    passwordService = {
+      hash: vi.fn(),
+    };
+    logger = {
+      debug: vi.fn(),
+      info: vi.fn(),
+      warn: vi.fn(),
+      error: vi.fn(),
+    } as unknown as Logger;
+    output = {
+      present: vi.fn(),
+    };
+
+    useCase = new ResetPasswordUseCase(
+      authRepo as unknown as IAuthRepository,
+      magicLinkRepo as unknown as IMagicLinkRepository,
+      passwordService as unknown as IPasswordHashingService,
+      logger,
+      output,
+    );
+  });
+
+  it('should reset password with valid token', async () => {
+    const input = {
+      token: 'valid-token-12345678901234567890123456789012',
+      newPassword: 'NewPass123!',
+    };
+
+    const user = User.create({
+      id: UserId.create(),
+      displayName: 'John Smith',
+      email: 'test@example.com',
+    });
+
+    const resetRequest = {
+      email: 'test@example.com',
+      token: input.token,
+      expiresAt: new Date(Date.now() + 60000), // 1 minute from now
+      userId: user.getId().value,
+    };
+
+    magicLinkRepo.findByToken.mockResolvedValue(resetRequest);
+    authRepo.findByEmail.mockResolvedValue(user);
+    passwordService.hash.mockResolvedValue('hashed-new-password');
+
+    const result = await useCase.execute(input);
+
+    expect(magicLinkRepo.findByToken).toHaveBeenCalledWith(input.token);
+    expect(authRepo.findByEmail).toHaveBeenCalledWith(EmailAddress.create('test@example.com'));
+    expect(passwordService.hash).toHaveBeenCalledWith(input.newPassword);
+    expect(authRepo.save).toHaveBeenCalled();
+    expect(magicLinkRepo.markAsUsed).toHaveBeenCalledWith(input.token);
+    expect(output.present).toHaveBeenCalledWith({
+      message: 'Password reset successfully. You can now log in with your new password.',
+    });
+    expect(result.isOk()).toBe(true);
+  });
+
+  it('should reject invalid token', async () => {
+    const input = {
+      token: 'invalid-token',
+      newPassword: 'NewPass123!',
+    };
+
+    magicLinkRepo.findByToken.mockResolvedValue(null);
+
+    const result = await useCase.execute(input);
+
+    expect(result.isErr()).toBe(true);
+    const error = result.unwrapErr();
+    expect(error.code).toBe('INVALID_TOKEN');
+  });
+
+  it('should reject expired token', async () => {
+    const input = {
+      token: 'expired-token-12345678901234567890123456789012',
+      newPassword: 'NewPass123!',
+    };
+
+    const resetRequest = {
+      email: 'test@example.com',
+      token: input.token,
+      expiresAt: new Date(Date.now() - 60000), // 1 minute ago
+      userId: 'user-123',
+    };
+
+    magicLinkRepo.findByToken.mockResolvedValue(resetRequest);
+
+    const result = await useCase.execute(input);
+
+    expect(result.isErr()).toBe(true);
+    const error = result.unwrapErr();
+    expect(error.code).toBe('EXPIRED_TOKEN');
+  });
+
+  it('should reject weak password', async () => {
+    const input = {
+      token: 'valid-token-12345678901234567890123456789012',
+      newPassword: 'weak',
+    };
+
+    const result = await useCase.execute(input);
+
+    expect(result.isErr()).toBe(true);
+    const error = result.unwrapErr();
+    expect(error.code).toBe('WEAK_PASSWORD');
+  });
+
+  it('should reject password without uppercase', async () => {
+    const input = {
+      token: 'valid-token-12345678901234567890123456789012',
+      newPassword: 'newpass123!',
+    };
+
+    const result = await useCase.execute(input);
+
+    expect(result.isErr()).toBe(true);
+    const error = result.unwrapErr();
+    expect(error.code).toBe('WEAK_PASSWORD');
+  });
+
+  it('should reject password without number', async () => {
+    const input = {
+      token: 'valid-token-12345678901234567890123456789012',
+      newPassword: 'NewPass!',
+    };
+
+    const result = await useCase.execute(input);
+
+    expect(result.isErr()).toBe(true);
+    const error = result.unwrapErr();
+    expect(error.code).toBe('WEAK_PASSWORD');
+  });
+
+  it('should reject password shorter than 8 characters', async () => {
+    const input = {
+      token: 'valid-token-12345678901234567890123456789012',
+      newPassword: 'New1!',
+    };
+
+    const result = await useCase.execute(input);
+
+    expect(result.isErr()).toBe(true);
+    const error = result.unwrapErr();
+    expect(error.code).toBe('WEAK_PASSWORD');
+  });
+
+  it('should handle user no longer exists', async () => {
+    const input = {
+      token: 'valid-token-12345678901234567890123456789012',
+      newPassword: 'NewPass123!',
+    };
+
+    const resetRequest = {
+      email: 'deleted@example.com',
+      token: input.token,
+      expiresAt: new Date(Date.now() + 60000),
+      userId: 'user-123',
+    };
+
+    magicLinkRepo.findByToken.mockResolvedValue(resetRequest);
+    authRepo.findByEmail.mockResolvedValue(null);
+
+    const result = await useCase.execute(input);
+
+    expect(result.isErr()).toBe(true);
+    const error = result.unwrapErr();
+    expect(error.code).toBe('INVALID_TOKEN');
+  });
+
+  it('should handle token format validation', async () => {
+    const input = {
+      token: 'short',
+      newPassword: 'NewPass123!',
+    };
+
+    const result = await useCase.execute(input);
+
+    expect(result.isErr()).toBe(true);
+    const error = result.unwrapErr();
+    expect(error.code).toBe('INVALID_TOKEN');
+  });
+
+  it('should handle repository errors', async () => {
+    const input = {
+      token: 'valid-token-12345678901234567890123456789012',
+      newPassword: 'NewPass123!',
+    };
+
+    magicLinkRepo.findByToken.mockRejectedValue(new Error('Database error'));
+
+    const result = await useCase.execute(input);
+
+    expect(result.isErr()).toBe(true);
+    const error = result.unwrapErr();
+    expect(error.code).toBe('REPOSITORY_ERROR');
+    expect(error.details.message).toContain('Database error');
+  });
+});