test(#411): add missing test coverage — getAccessToken, isAdmin, null cases, getClientIp

- Add getAccessToken tests (5): null session, valid token, expired token, buffer window, undefined token - Add isAdmin tests (4): null session, true, false, undefined - Add getUserById/getUserByEmail null-return tests (2) - Add getClientIp tests via handleAuth (4): single IP, comma-separated, array, fallback - Fix pre-existing controller spec failure by adding better-auth vi.mock calls Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 12:37:11 -06:00
parent 9696e45265
commit 110e181272
3 changed files with 295 additions and 1 deletions
--- a/apps/web/src/lib/auth-client.test.ts
+++ b/apps/web/src/lib/auth-client.test.ts
@@ -31,7 +31,7 @@ vi.mock("./config", () => ({
 }));

 // Import after mocks are set up
-const { signInWithCredentials } = await import("./auth-client");
+const { signInWithCredentials, getAccessToken, isAdmin, getSession } = await import("./auth-client");

 /**
 * Helper to build a mock Response object that behaves like the Fetch API Response.
@@ -218,3 +218,147 @@ describe("signInWithCredentials PDA-friendly language compliance", (): void => {
    });
  }
 });
+
+// ────────────────────────────────────────────────────────────────────────────
+// AUTH-030: getAccessToken tests
+// ────────────────────────────────────────────────────────────────────────────
+
+describe("getAccessToken", (): void => {
+  afterEach((): void => {
+    vi.restoreAllMocks();
+  });
+
+  it("should return null when no session exists (session.data is null)", async (): Promise<void> => {
+    vi.mocked(getSession).mockResolvedValueOnce({ data: null } as any);
+
+    const result = await getAccessToken();
+
+    expect(result).toBeNull();
+  });
+
+  it("should return accessToken when session has valid, non-expired token", async (): Promise<void> => {
+    vi.mocked(getSession).mockResolvedValueOnce({
+      data: {
+        user: {
+          id: "user-1",
+          accessToken: "valid-token-abc",
+          tokenExpiresAt: Date.now() + 300_000, // 5 minutes from now
+        },
+      },
+    } as any);
+
+    const result = await getAccessToken();
+
+    expect(result).toBe("valid-token-abc");
+  });
+
+  it("should return null when token is expired (tokenExpiresAt in the past)", async (): Promise<void> => {
+    vi.mocked(getSession).mockResolvedValueOnce({
+      data: {
+        user: {
+          id: "user-1",
+          accessToken: "expired-token",
+          tokenExpiresAt: Date.now() - 120_000, // 2 minutes ago
+        },
+      },
+    } as any);
+
+    const result = await getAccessToken();
+
+    expect(result).toBeNull();
+  });
+
+  it("should return null when token expires within 60-second buffer window", async (): Promise<void> => {
+    vi.mocked(getSession).mockResolvedValueOnce({
+      data: {
+        user: {
+          id: "user-1",
+          accessToken: "almost-expired-token",
+          tokenExpiresAt: Date.now() + 30_000, // 30 seconds from now (within 60s buffer)
+        },
+      },
+    } as any);
+
+    const result = await getAccessToken();
+
+    expect(result).toBeNull();
+  });
+
+  it("should return null when accessToken is undefined on user object", async (): Promise<void> => {
+    vi.mocked(getSession).mockResolvedValueOnce({
+      data: {
+        user: {
+          id: "user-1",
+          // no accessToken property
+        },
+      },
+    } as any);
+
+    const result = await getAccessToken();
+
+    expect(result).toBeNull();
+  });
+});
+
+// ────────────────────────────────────────────────────────────────────────────
+// AUTH-030: isAdmin tests
+// ────────────────────────────────────────────────────────────────────────────
+
+describe("isAdmin", (): void => {
+  afterEach((): void => {
+    vi.restoreAllMocks();
+  });
+
+  it("should return false when no session exists", async (): Promise<void> => {
+    vi.mocked(getSession).mockResolvedValueOnce({ data: null } as any);
+
+    const result = await isAdmin();
+
+    expect(result).toBe(false);
+  });
+
+  it("should return true when user.isAdmin is true", async (): Promise<void> => {
+    vi.mocked(getSession).mockResolvedValueOnce({
+      data: {
+        user: {
+          id: "admin-1",
+          isAdmin: true,
+        },
+      },
+    } as any);
+
+    const result = await isAdmin();
+
+    expect(result).toBe(true);
+  });
+
+  it("should return false when user.isAdmin is false", async (): Promise<void> => {
+    vi.mocked(getSession).mockResolvedValueOnce({
+      data: {
+        user: {
+          id: "user-1",
+          isAdmin: false,
+        },
+      },
+    } as any);
+
+    const result = await isAdmin();
+
+    expect(result).toBe(false);
+  });
+
+  it("should return false when user.isAdmin is undefined", async (): Promise<void> => {
+    vi.mocked(getSession).mockResolvedValueOnce({
+      data: {
+        user: {
+          id: "user-1",
+          // no isAdmin property
+        },
+      },
+    } as any);
+
+    const result = await isAdmin();
+
+    expect(result).toBe(false);
+  });
+});