feat: SMTP full ENV override, password reset flow, and E2E email testing

- SMTP: SMTP_HOST/PORT/USER/FROM/TLS now all have ENV override support (previously only SMTP_PASSWORD was env-aware). ENV takes priority over DB. - docker-compose.yml: forward all SMTP_* env vars to app container + add Mailhog service (ports 1025 SMTP / 8025 HTTP, always available in dev) - Password reset: PasswordResetToken Prisma model + authRouter with requestPasswordReset (timing-safe, no email enumeration) + resetPassword - UI: /auth/forgot-password, /auth/reset-password/[token] pages + "Forgot password?" link on sign-in page - E2E: Mailhog helpers (getLatestEmailTo, clearMailhog, extractUrlFromEmail) + invite-flow.spec.ts + password-reset.spec.ts Co-Authored-By: claude-flow <ruv@ruv.net>
2026-04-02 08:55:39 +02:00
parent e5ecea81c5
commit fceceeee4b
14 changed files with 1030 additions and 11 deletions
@@ -0,0 +1,160 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import nodemailer from "nodemailer";
+
+const { findUnique, sendMail, createTransport } = vi.hoisted(() => {
+  const sendMail = vi.fn().mockResolvedValue({ messageId: "test" });
+  return {
+    findUnique: vi.fn(),
+    sendMail,
+    createTransport: vi.fn(() => ({ sendMail })),
+  };
+});
+
+vi.mock("@capakraken/db", () => ({
+  prisma: {
+    systemSettings: { findUnique },
+  },
+}));
+
+vi.mock("nodemailer", () => ({
+  default: { createTransport },
+}));
+
+vi.mock("../lib/logger.js", () => ({
+  logger: { error: vi.fn(), warn: vi.fn(), info: vi.fn(), debug: vi.fn() },
+}));
+
+// Re-import after mocks are set up
+const { sendEmail } = await import("../lib/email.js");
+
+describe("SMTP ENV overrides", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    // Default DB row — used as fallback
+    findUnique.mockResolvedValue({
+      smtpHost: "db-smtp.example.com",
+      smtpPort: 587,
+      smtpUser: "db-user@example.com",
+      smtpPassword: "db-password",
+      smtpFrom: "db-from@example.com",
+      smtpTls: true,
+    });
+    sendMail.mockResolvedValue({ messageId: "ok" });
+  });
+
+  afterEach(() => {
+    vi.unstubAllEnvs();
+  });
+
+  it("SMTP_HOST env overrides DB smtpHost", async () => {
+    vi.stubEnv("SMTP_HOST", "env-smtp.example.com");
+
+    await sendEmail({ to: "user@test.com", subject: "Test", text: "Hello" });
+
+    expect(nodemailer.createTransport).toHaveBeenCalledWith(
+      expect.objectContaining({ host: "env-smtp.example.com" }),
+    );
+  });
+
+  it("SMTP_PORT env overrides DB smtpPort (parsed as integer)", async () => {
+    vi.stubEnv("SMTP_PORT", "1025");
+
+    await sendEmail({ to: "user@test.com", subject: "Test", text: "Hello" });
+
+    expect(nodemailer.createTransport).toHaveBeenCalledWith(
+      expect.objectContaining({ port: 1025 }),
+    );
+  });
+
+  it("SMTP_TLS=false sets secure: false", async () => {
+    vi.stubEnv("SMTP_TLS", "false");
+
+    await sendEmail({ to: "user@test.com", subject: "Test", text: "Hello" });
+
+    expect(nodemailer.createTransport).toHaveBeenCalledWith(
+      expect.objectContaining({ secure: false }),
+    );
+  });
+
+  it("SMTP_TLS=true sets secure: true", async () => {
+    vi.stubEnv("SMTP_TLS", "true");
+
+    await sendEmail({ to: "user@test.com", subject: "Test", text: "Hello" });
+
+    expect(nodemailer.createTransport).toHaveBeenCalledWith(
+      expect.objectContaining({ secure: true }),
+    );
+  });
+
+  it("no SMTP_USER → auth uses DB user; with SMTP_USER env → auth uses env user", async () => {
+    vi.stubEnv("SMTP_USER", "env-user@example.com");
+
+    await sendEmail({ to: "user@test.com", subject: "Test", text: "Hello" });
+
+    expect(nodemailer.createTransport).toHaveBeenCalledWith(
+      expect.objectContaining({
+        auth: expect.objectContaining({ user: "env-user@example.com" }),
+      }),
+    );
+  });
+
+  it("no SMTP_USER and no SMTP_PASSWORD → auth is undefined (Mailhog scenario)", async () => {
+    // Clear all user/password from both ENV and DB
+    vi.stubEnv("SMTP_HOST", "mailhog");
+    vi.stubEnv("SMTP_PORT", "1025");
+    vi.stubEnv("SMTP_TLS", "false");
+    // Explicitly no SMTP_USER / SMTP_PASSWORD
+    findUnique.mockResolvedValue({
+      smtpHost: null,
+      smtpPort: null,
+      smtpUser: null,
+      smtpPassword: null,
+      smtpFrom: "noreply@capakraken.app",
+      smtpTls: null,
+    });
+
+    await sendEmail({ to: "user@test.com", subject: "Test", text: "Hello" });
+
+    expect(nodemailer.createTransport).toHaveBeenCalledWith(
+      expect.objectContaining({ auth: undefined }),
+    );
+  });
+
+  it("DB values are used when no ENV overrides are set", async () => {
+    await sendEmail({ to: "user@test.com", subject: "Test", text: "Hello" });
+
+    expect(nodemailer.createTransport).toHaveBeenCalledWith({
+      host: "db-smtp.example.com",
+      port: 587,
+      secure: true,
+      auth: { user: "db-user@example.com", pass: "db-password" },
+    });
+  });
+
+  it("ENV overrides take priority over DB for all SMTP fields simultaneously", async () => {
+    vi.stubEnv("SMTP_HOST", "mailhog");
+    vi.stubEnv("SMTP_PORT", "1025");
+    vi.stubEnv("SMTP_USER", "");        // empty string = no override
+    vi.stubEnv("SMTP_TLS", "false");
+    vi.stubEnv("SMTP_PASSWORD", "");    // empty = no override
+
+    findUnique.mockResolvedValue({
+      smtpHost: "db-smtp.example.com",
+      smtpPort: 587,
+      smtpUser: "db-user@example.com",
+      smtpPassword: "db-password",
+      smtpFrom: "from@example.com",
+      smtpTls: true,
+    });
+
+    await sendEmail({ to: "user@test.com", subject: "Test", text: "Hello" });
+
+    expect(nodemailer.createTransport).toHaveBeenCalledWith(
+      expect.objectContaining({
+        host: "mailhog",
+        port: 1025,
+        secure: false,
+      }),
+    );
+  });
+});