import { describe, it, expect, beforeEach, vi } from 'vitest' import { hash, compare } from 'bcryptjs' import { db } from '../../lib/db' // Mock database vi.mock('../../lib/db', () => ({ db: { platformUser: { findUnique: vi.fn(), }, }, })) describe('Platform Authentication', () => { beforeEach(() => { vi.clearAllMocks() }) describe('Platform User Authentication Logic', () => { it('should authenticate valid platform user with correct password', async () => { const plainPassword = 'SecurePassword123!' const hashedPassword = await hash(plainPassword, 10) const mockUser = { id: '1', email: 'admin@notso.ai', password: hashedPassword, role: 'SUPER_ADMIN', createdAt: new Date(), updatedAt: new Date(), } vi.mocked(db.platformUser.findUnique).mockResolvedValue(mockUser) // Simulate the authentication logic const user = await db.platformUser.findUnique({ where: { email: 'admin@notso.ai' } }) expect(user).toBeTruthy() expect(user?.email).toBe('admin@notso.ai') // Verify password const isValidPassword = await compare(plainPassword, user!.password) expect(isValidPassword).toBe(true) }) it('should reject invalid email', async () => { vi.mocked(db.platformUser.findUnique).mockResolvedValue(null) const user = await db.platformUser.findUnique({ where: { email: 'invalid@notso.ai' } }) expect(user).toBeNull() }) it('should reject invalid password', async () => { const correctPassword = 'SecurePassword123!' const wrongPassword = 'WrongPassword' const hashedPassword = await hash(correctPassword, 10) const mockUser = { id: '1', email: 'admin@notso.ai', password: hashedPassword, role: 'SUPER_ADMIN', createdAt: new Date(), updatedAt: new Date(), } vi.mocked(db.platformUser.findUnique).mockResolvedValue(mockUser) const user = await db.platformUser.findUnique({ where: { email: 'admin@notso.ai' } }) const isValidPassword = await compare(wrongPassword, user!.password) expect(isValidPassword).toBe(false) }) }) describe('Platform User Roles', () => { it('should support all platform user roles', async () => { const roles = ['SUPER_ADMIN', 'ADMIN', 'SUPPORT'] for (const role of roles) { const mockUser = { id: '1', email: `${role.toLowerCase()}@notso.ai`, password: await hash('SecurePassword123!', 10), role, createdAt: new Date(), updatedAt: new Date(), } vi.mocked(db.platformUser.findUnique).mockResolvedValue(mockUser) const user = await db.platformUser.findUnique({ where: { email: mockUser.email } }) expect(user?.role).toBe(role) } }) }) describe('JWT Token Structure', () => { it('should include required platform user fields', () => { // Test the expected structure of JWT tokens const expectedToken = { sub: '1', email: 'admin@notso.ai', isPlatformUser: true, platformRole: 'SUPER_ADMIN', } expect(expectedToken).toHaveProperty('sub') expect(expectedToken).toHaveProperty('email') expect(expectedToken).toHaveProperty('isPlatformUser') expect(expectedToken).toHaveProperty('platformRole') expect(expectedToken.isPlatformUser).toBe(true) }) }) describe('Session Structure', () => { it('should include platform fields in session', () => { // Test the expected structure of sessions const expectedSession = { user: { id: '1', email: 'admin@notso.ai', isPlatformUser: true, platformRole: 'SUPER_ADMIN', }, expires: new Date().toISOString(), } expect(expectedSession.user).toHaveProperty('id') expect(expectedSession.user).toHaveProperty('email') expect(expectedSession.user).toHaveProperty('isPlatformUser') expect(expectedSession.user).toHaveProperty('platformRole') expect(expectedSession.user.isPlatformUser).toBe(true) }) }) })