fix company login issue
Build & Deploy / Build & Push Docker Image (push) Successful in 3m8s
Test / Type Check (all packages) (push) Successful in 55s
Build & Deploy / Deploy to VPS (push) Successful in 3s
Test / API Unit Tests (push) Successful in 48s
Test / Homepage Unit Tests (push) Successful in 42s
Test / Carplace Unit Tests (push) Successful in 42s
Test / Admin Unit Tests (push) Successful in 40s
Test / Dashboard Unit Tests (push) Successful in 40s
Test / API Integration Tests (push) Successful in 1m0s
Build & Deploy / Build & Push Docker Image (push) Successful in 3m8s
Test / Type Check (all packages) (push) Successful in 55s
Build & Deploy / Deploy to VPS (push) Successful in 3s
Test / API Unit Tests (push) Successful in 48s
Test / Homepage Unit Tests (push) Successful in 42s
Test / Carplace Unit Tests (push) Successful in 42s
Test / Admin Unit Tests (push) Successful in 40s
Test / Dashboard Unit Tests (push) Successful in 40s
Test / API Integration Tests (push) Successful in 1m0s
This commit is contained in:
@@ -104,6 +104,7 @@ describe('auth.company.repo.createCompanySignup', () => {
|
||||
companyId: 'company_1',
|
||||
clerkUserId: 'local_owner_company_1',
|
||||
email: 'owner@example.com',
|
||||
emailVerified: baseInput.now,
|
||||
role: 'OWNER',
|
||||
preferredLanguage: 'fr',
|
||||
isActive: true,
|
||||
|
||||
@@ -136,6 +136,7 @@ export async function createCompanySignup(db: DbClient, input: CompanySignupInpu
|
||||
email: input.ownerEmail,
|
||||
phone: input.companyPhone,
|
||||
passwordHash: input.passwordHash,
|
||||
emailVerified: input.now,
|
||||
role: 'OWNER',
|
||||
preferredLanguage: input.preferredLanguage,
|
||||
isActive: true,
|
||||
|
||||
@@ -33,6 +33,7 @@ const employee = {
|
||||
companyId: 'company_1',
|
||||
isActive: true,
|
||||
emailVerified: true,
|
||||
emailVerificationToken: null,
|
||||
passwordHash: 'hash_old',
|
||||
company: { name: 'Atlas Cars', slug: 'atlas' },
|
||||
}
|
||||
@@ -74,8 +75,12 @@ describe('auth.employee.service edge behavior', () => {
|
||||
})
|
||||
})
|
||||
|
||||
it('rejects login for employees whose email has not been verified', async () => {
|
||||
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ ...employee, emailVerified: false } as never)
|
||||
it('rejects login for employees with a pending email verification token', async () => {
|
||||
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({
|
||||
...employee,
|
||||
emailVerified: null,
|
||||
emailVerificationToken: 'verify-token',
|
||||
} as never)
|
||||
|
||||
await expect(service.login({ email: 'agent@example.test', password: 'correct-password' })).rejects.toMatchObject({
|
||||
statusCode: 401,
|
||||
@@ -83,6 +88,25 @@ describe('auth.employee.service edge behavior', () => {
|
||||
})
|
||||
})
|
||||
|
||||
it('logs in legacy full-signup owners that were created without a verification token', async () => {
|
||||
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({
|
||||
...employee,
|
||||
role: 'OWNER',
|
||||
emailVerified: null,
|
||||
emailVerificationToken: null,
|
||||
} as never)
|
||||
|
||||
const result = await service.login({ email: 'agent@example.test', password: 'correct-password' })
|
||||
|
||||
expect(result).toMatchObject({
|
||||
token: expect.any(String),
|
||||
employee: {
|
||||
id: 'employee_1',
|
||||
role: 'OWNER',
|
||||
},
|
||||
})
|
||||
})
|
||||
|
||||
it('distinguishes employees without passwords from wrong credentials', async () => {
|
||||
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ ...employee, passwordHash: null } as never)
|
||||
|
||||
|
||||
@@ -105,7 +105,7 @@ export async function login(body: EmployeeLoginInput) {
|
||||
throw new AppError('This account does not have a password yet. Use the invitation or reset email to set one first.', 401, 'password_not_set')
|
||||
}
|
||||
|
||||
if (!employee.emailVerified) {
|
||||
if (!employee.emailVerified && employee.emailVerificationToken) {
|
||||
throw new AppError('Please verify your email address before signing in. Check your inbox for the verification link.', 401, 'email_not_verified')
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user