97 lines
2.7 KiB
TypeScript
97 lines
2.7 KiB
TypeScript
import { beforeEach, describe, expect, it, vi } from "vitest";
|
|
import { SystemRole } from "@capakraken/shared";
|
|
import {
|
|
createToolContext,
|
|
executeTool,
|
|
totpValidateMock,
|
|
} from "./assistant-tools-user-self-service-mfa-test-helpers.js";
|
|
|
|
describe("assistant user self-service MFA tools - enable flow", () => {
|
|
beforeEach(() => {
|
|
vi.clearAllMocks();
|
|
totpValidateMock.mockReset();
|
|
});
|
|
|
|
it("generates a TOTP secret through the real user router path", async () => {
|
|
const db = {
|
|
user: {
|
|
update: vi.fn().mockResolvedValue({}),
|
|
},
|
|
};
|
|
const ctx = createToolContext(db, SystemRole.ADMIN);
|
|
|
|
const result = await executeTool("generate_totp_secret", "{}", ctx);
|
|
|
|
expect(db.user.update).toHaveBeenCalledWith({
|
|
where: { id: "user_1" },
|
|
data: { totpSecret: "MOCKSECRET" },
|
|
});
|
|
expect(JSON.parse(result.content)).toEqual({
|
|
success: true,
|
|
secret: "MOCKSECRET",
|
|
uri: "otpauth://mock",
|
|
message: "Generated a new MFA TOTP secret.",
|
|
});
|
|
expect(result.action).toEqual({
|
|
type: "invalidate",
|
|
scope: ["user"],
|
|
});
|
|
});
|
|
|
|
it("enables TOTP through the real user router path when the token is valid", async () => {
|
|
totpValidateMock.mockReturnValue(0);
|
|
|
|
const db = {
|
|
user: {
|
|
findUnique: vi.fn().mockResolvedValue({
|
|
id: "user_1",
|
|
name: "Assistant User",
|
|
email: "assistant@example.com",
|
|
totpSecret: "MOCKSECRET",
|
|
totpEnabled: false,
|
|
}),
|
|
update: vi.fn().mockResolvedValue({}),
|
|
},
|
|
auditLog: {
|
|
create: vi.fn().mockResolvedValue({ id: "audit_1" }),
|
|
},
|
|
};
|
|
const ctx = createToolContext(db, SystemRole.ADMIN);
|
|
|
|
const result = await executeTool(
|
|
"verify_and_enable_totp",
|
|
JSON.stringify({ token: "123456" }),
|
|
ctx,
|
|
);
|
|
|
|
expect(db.user.findUnique).toHaveBeenCalledWith({
|
|
where: { id: "user_1" },
|
|
select: { id: true, name: true, email: true, totpSecret: true, totpEnabled: true },
|
|
});
|
|
expect(db.user.update).toHaveBeenCalledWith({
|
|
where: { id: "user_1" },
|
|
data: { totpEnabled: true },
|
|
});
|
|
expect(db.auditLog.create).toHaveBeenCalledWith({
|
|
data: expect.objectContaining({
|
|
entityType: "User",
|
|
entityId: "user_1",
|
|
action: "UPDATE",
|
|
userId: "user_1",
|
|
source: "ui",
|
|
entityName: "Assistant User (assistant@example.com)",
|
|
summary: "Enabled TOTP MFA",
|
|
}),
|
|
});
|
|
expect(JSON.parse(result.content)).toEqual({
|
|
success: true,
|
|
enabled: true,
|
|
message: "Enabled MFA TOTP.",
|
|
});
|
|
expect(result.action).toEqual({
|
|
type: "invalidate",
|
|
scope: ["user"],
|
|
});
|
|
});
|
|
});
|