Hartmut
b41c1d2501
CI / Architecture Guardrails (push) Successful in 2m38s
CI / Assistant Split Regression (push) Successful in 3m33s
CI / Typecheck (push) Successful in 3m51s
CI / Lint (push) Successful in 5m2s
CI / E2E Tests (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / Release Images (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI (#61) Co-authored-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com> Co-committed-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com>
122 lines
3.0 KiB
TypeScript
122 lines
3.0 KiB
TypeScript
import { beforeEach, describe, expect, it, vi } from "vitest";
|
|
import { SystemRole } from "@nexus/shared";
|
|
import {
|
|
createToolContext,
|
|
executeTool,
|
|
totpValidateMock,
|
|
} from "./assistant-tools-user-self-service-mfa-test-helpers.js";
|
|
|
|
describe("assistant user self-service MFA tools - errors", () => {
|
|
beforeEach(() => {
|
|
vi.clearAllMocks();
|
|
totpValidateMock.mockReset();
|
|
});
|
|
|
|
it("returns a stable error when enabling TOTP without a generated secret", async () => {
|
|
const ctx = createToolContext(
|
|
{
|
|
user: {
|
|
findUnique: vi.fn().mockResolvedValue({
|
|
id: "user_1",
|
|
name: "Assistant User",
|
|
email: "assistant@example.com",
|
|
totpSecret: null,
|
|
totpEnabled: false,
|
|
}),
|
|
},
|
|
},
|
|
SystemRole.ADMIN,
|
|
);
|
|
|
|
const result = await executeTool(
|
|
"verify_and_enable_totp",
|
|
JSON.stringify({ token: "123456" }),
|
|
ctx,
|
|
);
|
|
|
|
expect(JSON.parse(result.content)).toEqual({
|
|
error: "No TOTP secret generated. Call generate_totp_secret first.",
|
|
});
|
|
});
|
|
|
|
it("returns a stable error when enabling TOTP for a missing user", async () => {
|
|
const ctx = createToolContext(
|
|
{
|
|
user: {
|
|
findUnique: vi.fn().mockResolvedValue(null),
|
|
},
|
|
},
|
|
SystemRole.ADMIN,
|
|
);
|
|
|
|
const result = await executeTool(
|
|
"verify_and_enable_totp",
|
|
JSON.stringify({ token: "123456" }),
|
|
ctx,
|
|
);
|
|
|
|
expect(JSON.parse(result.content)).toEqual({
|
|
error: "User not found with the given criteria.",
|
|
});
|
|
});
|
|
|
|
it("returns a stable error when enabling TOTP that is already enabled", async () => {
|
|
const ctx = createToolContext(
|
|
{
|
|
user: {
|
|
findUnique: vi.fn().mockResolvedValue({
|
|
id: "user_1",
|
|
name: "Assistant User",
|
|
email: "assistant@example.com",
|
|
totpSecret: "MOCKSECRET",
|
|
totpEnabled: true,
|
|
}),
|
|
},
|
|
},
|
|
SystemRole.ADMIN,
|
|
);
|
|
|
|
const result = await executeTool(
|
|
"verify_and_enable_totp",
|
|
JSON.stringify({ token: "123456" }),
|
|
ctx,
|
|
);
|
|
|
|
expect(JSON.parse(result.content)).toEqual({
|
|
error: "TOTP is already enabled.",
|
|
});
|
|
});
|
|
|
|
it("returns a stable error when a provided TOTP token is invalid", async () => {
|
|
totpValidateMock.mockReturnValue(null);
|
|
|
|
const update = vi.fn();
|
|
const ctx = createToolContext(
|
|
{
|
|
user: {
|
|
findUnique: vi.fn().mockResolvedValue({
|
|
id: "user_1",
|
|
name: "Assistant User",
|
|
email: "assistant@example.com",
|
|
totpSecret: "MOCKSECRET",
|
|
totpEnabled: false,
|
|
}),
|
|
update,
|
|
},
|
|
},
|
|
SystemRole.ADMIN,
|
|
);
|
|
|
|
const result = await executeTool(
|
|
"verify_and_enable_totp",
|
|
JSON.stringify({ token: "123456" }),
|
|
ctx,
|
|
);
|
|
|
|
expect(update).not.toHaveBeenCalled();
|
|
expect(JSON.parse(result.content)).toEqual({
|
|
error: "Invalid TOTP token.",
|
|
});
|
|
});
|
|
});
|