fix issues

2026-01-01 22:46:59 +01:00
parent 206a03ec48
commit 79913bb45e
336 changed files with 3932 additions and 76 deletions
--- a/apps/website/lib/blockers/AuthorizationBlocker.test.ts
+++ b/apps/website/lib/blockers/AuthorizationBlocker.test.ts
@@ -10,14 +10,30 @@ import type { SessionViewModel } from '@/lib/view-models/SessionViewModel';

 // Mock SessionViewModel factory
 function createMockSession(overrides: Partial<SessionViewModel> = {}): SessionViewModel {
-  return {
+  const baseSession = {
    isAuthenticated: true,
-    user: {
-      userId: 'user-123',
-      email: 'test@example.com',
-      displayName: 'Test User',
-      ...overrides.user,
-    },
+    userId: 'user-123',
+    email: 'test@example.com',
+    displayName: 'Test User',
+    role: undefined,
+  };
+
+  // Handle the case where overrides might have a user object
+  // (for backward compatibility with existing test patterns)
+  if (overrides.user) {
+    const { user, ...rest } = overrides;
+    return {
+      ...baseSession,
+      ...rest,
+      userId: user.userId || baseSession.userId,
+      email: user.email || baseSession.email,
+      displayName: user.displayName || baseSession.displayName,
+      role: user.role,
+    };
+  }
+
+  return {
+    ...baseSession,
    ...overrides,
  };
 }
@@ -87,15 +103,15 @@ describe('AuthorizationBlocker', () => {
      expect(blocker.canExecute()).toBe(true);
    });

-    it('should allow access when roles required but blocker is in demo mode', () => {
+    it('should deny access when user lacks required role', () => {
      const blocker = new AuthorizationBlocker(['admin']);
      const session = createMockSession();
      
      blocker.updateSession(session);
      
-      // Current behavior: always allows for authenticated users
-      expect(blocker.getReason()).toBe('enabled');
-      expect(blocker.canExecute()).toBe(true);
+      // Session has no role, so access is denied
+      expect(blocker.getReason()).toBe('unauthorized');
+      expect(blocker.canExecute()).toBe(false);
    });
  });

@@ -189,22 +205,32 @@ describe('AuthorizationBlocker', () => {

    it('should handle multiple role updates', () => {
      const blocker = new AuthorizationBlocker(['admin']);
-      const session = createMockSession();
      
-      blocker.updateSession(session);
+      // First session with admin role
+      const session1 = createMockSession({
+        user: {
+          userId: 'user-123',
+          email: 'admin@example.com',
+          displayName: 'Admin User',
+          role: 'admin',
+        },
+      });
+      blocker.updateSession(session1);
      expect(blocker.canExecute()).toBe(true);
      
-      // Update with different session
+      // Update with different session that lacks admin role
      const session2 = createMockSession({
        user: {
          userId: 'user-456',
          email: 'other@example.com',
          displayName: 'Other User',
+          role: 'user',
        },
      });
      blocker.updateSession(session2);
      
-      expect(blocker.canExecute()).toBe(true);
+      expect(blocker.canExecute()).toBe(false);
+      expect(blocker.getReason()).toBe('insufficient_role');
    });
  });