fix(api): harden user self-service and resource linking

2026-03-31 21:02:36 +02:00
parent e8c0d3c3eb
commit 99db52929f
24 changed files with 2882 additions and 38 deletions
@@ -0,0 +1,102 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { SystemRole } from "@capakraken/shared";
+
+vi.mock("@capakraken/application", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("@capakraken/application")>();
+  return {
+    ...actual,
+    getDashboardBudgetForecast: vi.fn().mockResolvedValue([]),
+    getDashboardPeakTimes: vi.fn().mockResolvedValue([]),
+    listAssignmentBookings: vi.fn().mockResolvedValue([]),
+  };
+});
+
+import { executeTool } from "../router/assistant-tools.js";
+import { createToolContext } from "./assistant-tools-user-admin-test-helpers.js";
+
+describe("assistant user admin tools user create errors", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("returns a stable error when creating a user with a duplicate email", async () => {
+    const ctx = createToolContext(
+      {
+        user: {
+          findUnique: vi.fn().mockResolvedValue({
+            id: "user_existing",
+            email: "peter.parker@example.com",
+            name: "Peter Parker",
+          }),
+        },
+      },
+      SystemRole.ADMIN,
+    );
+
+    const result = await executeTool(
+      "create_user",
+      JSON.stringify({
+        email: "peter.parker@example.com",
+        name: "Peter Parker",
+        password: "secret123",
+      }),
+      ctx,
+    );
+
+    expect(JSON.parse(result.content)).toEqual(expect.objectContaining({
+      error: "User with this email already exists.",
+    }));
+  });
+
+  it("returns a stable error when creating a user without a name", async () => {
+    const ctx = createToolContext(
+      {
+        user: {
+          findUnique: vi.fn(),
+        },
+      },
+      SystemRole.ADMIN,
+    );
+
+    const result = await executeTool(
+      "create_user",
+      JSON.stringify({
+        email: "miles.morales@example.com",
+        name: "",
+        password: "secret123",
+      }),
+      ctx,
+    );
+
+    expect(JSON.parse(result.content)).toEqual(expect.objectContaining({
+      error: "Name is required.",
+    }));
+    expect(ctx.db.user.findUnique).not.toHaveBeenCalled();
+  });
+
+  it("returns a stable error when creating a user with a password that is too short", async () => {
+    const ctx = createToolContext(
+      {
+        user: {
+          findUnique: vi.fn(),
+        },
+      },
+      SystemRole.ADMIN,
+    );
+
+    const result = await executeTool(
+      "create_user",
+      JSON.stringify({
+        email: "miles.morales@example.com",
+        name: "Miles Morales",
+        password: "short",
+      }),
+      ctx,
+    );
+
+    expect(JSON.parse(result.content)).toEqual(expect.objectContaining({
+      error: "Password must be at least 8 characters.",
+    }));
+    expect(ctx.db.user.findUnique).not.toHaveBeenCalled();
+  });
+});