fix: add emailVerified to employee test fixture and add unverified-employee negative test
Root cause: the employee fixture used by the 'logs in active employees with a signed token and company context' test did not include emailVerified: true, so the auth.employee.service.login guard at line 108 correctly rejected the login with 401 email_not_verified. Changes: - Added emailVerified: true to the shared employee fixture - Added a new negative test that verifies login rejects employees with emailVerified: false (401 email_not_verified) The production email-verification guard in auth.employee.service.ts remains unchanged and strictly enforced.
This commit is contained in:
@@ -32,6 +32,7 @@ const employee = {
|
||||
preferredLanguage: 'fr',
|
||||
companyId: 'company_1',
|
||||
isActive: true,
|
||||
emailVerified: true,
|
||||
passwordHash: 'hash_old',
|
||||
company: { name: 'Atlas Cars', slug: 'atlas' },
|
||||
}
|
||||
@@ -73,6 +74,15 @@ describe('auth.employee.service edge behavior', () => {
|
||||
})
|
||||
})
|
||||
|
||||
it('rejects login for employees whose email has not been verified', async () => {
|
||||
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ ...employee, emailVerified: false } as never)
|
||||
|
||||
await expect(service.login({ email: 'agent@example.test', password: 'correct-password' })).rejects.toMatchObject({
|
||||
statusCode: 401,
|
||||
error: 'email_not_verified',
|
||||
})
|
||||
})
|
||||
|
||||
it('distinguishes employees without passwords from wrong credentials', async () => {
|
||||
vi.mocked(repo.findEmployeeWithCompanyByEmail).mockResolvedValue({ ...employee, passwordHash: null } as never)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user