From 00d01bdaf4458271cd922101c108f996055dd88d Mon Sep 17 00:00:00 2001 From: root Date: Thu, 2 Jul 2026 19:23:26 -0400 Subject: [PATCH] fix company login issue --- .../modules/auth/auth.company.repo.test.ts | 1 + .../api/src/modules/auth/auth.company.repo.ts | 1 + .../auth/auth.employee.service.edge.test.ts | 28 +++++++++++++++++-- .../src/modules/auth/auth.employee.service.ts | 2 +- 4 files changed, 29 insertions(+), 3 deletions(-) diff --git a/apps/api/src/modules/auth/auth.company.repo.test.ts b/apps/api/src/modules/auth/auth.company.repo.test.ts index 78a53de..c69a80e 100644 --- a/apps/api/src/modules/auth/auth.company.repo.test.ts +++ b/apps/api/src/modules/auth/auth.company.repo.test.ts @@ -104,6 +104,7 @@ describe('auth.company.repo.createCompanySignup', () => { companyId: 'company_1', clerkUserId: 'local_owner_company_1', email: 'owner@example.com', + emailVerified: baseInput.now, role: 'OWNER', preferredLanguage: 'fr', isActive: true, diff --git a/apps/api/src/modules/auth/auth.company.repo.ts b/apps/api/src/modules/auth/auth.company.repo.ts index 4da8026..e7ad7e9 100644 --- a/apps/api/src/modules/auth/auth.company.repo.ts +++ b/apps/api/src/modules/auth/auth.company.repo.ts @@ -136,6 +136,7 @@ export async function createCompanySignup(db: DbClient, input: CompanySignupInpu email: input.ownerEmail, phone: input.companyPhone, passwordHash: input.passwordHash, + emailVerified: input.now, role: 'OWNER', preferredLanguage: input.preferredLanguage, isActive: true, diff --git a/apps/api/src/modules/auth/auth.employee.service.edge.test.ts b/apps/api/src/modules/auth/auth.employee.service.edge.test.ts index 6f6ec4f..d7f3688 100644 --- a/apps/api/src/modules/auth/auth.employee.service.edge.test.ts +++ b/apps/api/src/modules/auth/auth.employee.service.edge.test.ts @@ -33,6 +33,7 @@ const employee = { companyId: 'company_1', isActive: true, emailVerified: true, + emailVerificationToken: null, passwordHash: 'hash_old', company: { name: 'Atlas Cars', slug: 'atlas' }, } @@ -74,8 +75,12 @@ describe('auth.employee.service edge behavior', () => { }) }) - it('rejects login for employees whose email has not been verified', async () => { - vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ ...employee, emailVerified: false } as never) + it('rejects login for employees with a pending email verification token', async () => { + vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ + ...employee, + emailVerified: null, + emailVerificationToken: 'verify-token', + } as never) await expect(service.login({ email: 'agent@example.test', password: 'correct-password' })).rejects.toMatchObject({ statusCode: 401, @@ -83,6 +88,25 @@ describe('auth.employee.service edge behavior', () => { }) }) + it('logs in legacy full-signup owners that were created without a verification token', async () => { + vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ + ...employee, + role: 'OWNER', + emailVerified: null, + emailVerificationToken: null, + } as never) + + const result = await service.login({ email: 'agent@example.test', password: 'correct-password' }) + + expect(result).toMatchObject({ + token: expect.any(String), + employee: { + id: 'employee_1', + role: 'OWNER', + }, + }) + }) + it('distinguishes employees without passwords from wrong credentials', async () => { vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ ...employee, passwordHash: null } as never) diff --git a/apps/api/src/modules/auth/auth.employee.service.ts b/apps/api/src/modules/auth/auth.employee.service.ts index 40200d4..7c8b5bb 100644 --- a/apps/api/src/modules/auth/auth.employee.service.ts +++ b/apps/api/src/modules/auth/auth.employee.service.ts @@ -105,7 +105,7 @@ export async function login(body: EmployeeLoginInput) { throw new AppError('This account does not have a password yet. Use the invitation or reset email to set one first.', 401, 'password_not_set') } - if (!employee.emailVerified) { + if (!employee.emailVerified && employee.emailVerificationToken) { throw new AppError('Please verify your email address before signing in. Check your inbox for the verification link.', 401, 'email_not_verified') }