fix: add emailVerified to employee test fixture and add unverified-employee negative test

Root cause: the employee fixture used by the 'logs in active employees with a
signed token and company context' test did not include emailVerified: true,
so the auth.employee.service.login guard at line 108 correctly rejected the
login with 401 email_not_verified.

Changes:
- Added emailVerified: true to the shared employee fixture
- Added a new negative test that verifies login rejects employees with
  emailVerified: false (401 email_not_verified)

The production email-verification guard in auth.employee.service.ts remains
unchanged and strictly enforced.
This commit is contained in:
root
2026-06-29 00:33:33 -04:00
parent 6de0690b76
commit a8472ddeed
@@ -32,6 +32,7 @@ const employee = {
preferredLanguage: 'fr',
companyId: 'company_1',
isActive: true,
emailVerified: true,
passwordHash: 'hash_old',
company: { name: 'Atlas Cars', slug: 'atlas' },
}
@@ -73,6 +74,15 @@ describe('auth.employee.service edge behavior', () => {
})
})
it('rejects login for employees whose email has not been verified', async () => {
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ ...employee, emailVerified: false } as never)
await expect(service.login({ email: 'agent@example.test', password: 'correct-password' })).rejects.toMatchObject({
statusCode: 401,
error: 'email_not_verified',
})
})
it('distinguishes employees without passwords from wrong credentials', async () => {
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ ...employee, passwordHash: null } as never)