fix company login issue
Build & Deploy / Build & Push Docker Image (push) Successful in 3m8s
Test / Type Check (all packages) (push) Successful in 55s
Build & Deploy / Deploy to VPS (push) Successful in 3s
Test / API Unit Tests (push) Successful in 48s
Test / Homepage Unit Tests (push) Successful in 42s
Test / Carplace Unit Tests (push) Successful in 42s
Test / Admin Unit Tests (push) Successful in 40s
Test / Dashboard Unit Tests (push) Successful in 40s
Test / API Integration Tests (push) Successful in 1m0s

This commit is contained in:
root
2026-07-02 19:23:26 -04:00
parent 68bf9ca610
commit 00d01bdaf4
4 changed files with 29 additions and 3 deletions
@@ -104,6 +104,7 @@ describe('auth.company.repo.createCompanySignup', () => {
companyId: 'company_1',
clerkUserId: 'local_owner_company_1',
email: 'owner@example.com',
emailVerified: baseInput.now,
role: 'OWNER',
preferredLanguage: 'fr',
isActive: true,
@@ -136,6 +136,7 @@ export async function createCompanySignup(db: DbClient, input: CompanySignupInpu
email: input.ownerEmail,
phone: input.companyPhone,
passwordHash: input.passwordHash,
emailVerified: input.now,
role: 'OWNER',
preferredLanguage: input.preferredLanguage,
isActive: true,
@@ -33,6 +33,7 @@ const employee = {
companyId: 'company_1',
isActive: true,
emailVerified: true,
emailVerificationToken: null,
passwordHash: 'hash_old',
company: { name: 'Atlas Cars', slug: 'atlas' },
}
@@ -74,8 +75,12 @@ describe('auth.employee.service edge behavior', () => {
})
})
it('rejects login for employees whose email has not been verified', async () => {
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ ...employee, emailVerified: false } as never)
it('rejects login for employees with a pending email verification token', async () => {
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({
...employee,
emailVerified: null,
emailVerificationToken: 'verify-token',
} as never)
await expect(service.login({ email: 'agent@example.test', password: 'correct-password' })).rejects.toMatchObject({
statusCode: 401,
@@ -83,6 +88,25 @@ describe('auth.employee.service edge behavior', () => {
})
})
it('logs in legacy full-signup owners that were created without a verification token', async () => {
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({
...employee,
role: 'OWNER',
emailVerified: null,
emailVerificationToken: null,
} as never)
const result = await service.login({ email: 'agent@example.test', password: 'correct-password' })
expect(result).toMatchObject({
token: expect.any(String),
employee: {
id: 'employee_1',
role: 'OWNER',
},
})
})
it('distinguishes employees without passwords from wrong credentials', async () => {
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ ...employee, passwordHash: null } as never)
@@ -105,7 +105,7 @@ export async function login(body: EmployeeLoginInput) {
throw new AppError('This account does not have a password yet. Use the invitation or reset email to set one first.', 401, 'password_not_set')
}
if (!employee.emailVerified) {
if (!employee.emailVerified && employee.emailVerificationToken) {
throw new AppError('Please verify your email address before signing in. Check your inbox for the verification link.', 401, 'email_not_verified')
}