feat: vitest setup + auth middleware — token invalide et absent → 401

2026-03-14 23:19:45 +01:00
parent 01d347bce3
commit 9f53193c7c
4 changed files with 1851 additions and 5 deletions
--- a/backend/tests/auth.middleware.test.ts
+++ b/backend/tests/auth.middleware.test.ts
@@ -0,0 +1,54 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+import express, { Request, Response } from "express";
+import request from "supertest";
+import cookieParser from "cookie-parser";
+import { requireAuth } from "../src/middleware/auth.middleware";
+
+function buildApp() {
+  const app = express();
+  app.use(express.json());
+  app.use(cookieParser());
+  app.get("/protected", requireAuth, (_req: Request, res: Response) => {
+    res.json({ success: true });
+  });
+  return app;
+}
+
+describe("requireAuth middleware", () => {
+  beforeEach(() => {
+    process.env.SUPER_OAUTH_URL = "http://fake-oauth";
+  });
+
+  afterEach(() => {
+    vi.unstubAllGlobals();
+    delete process.env.SUPER_OAUTH_URL;
+  });
+
+  it("retourne 401 quand le token est invalide (SuperOAuth répond valid: false)", async () => {
+    vi.stubGlobal(
+      "fetch",
+      vi.fn().mockResolvedValue({
+        ok: true,
+        json: async () => ({ success: true, data: { valid: false } }),
+      })
+    );
+
+    const res = await request(buildApp())
+      .get("/protected")
+      .set("Authorization", "Bearer invalid-token");
+
+    expect(res.status).toBe(401);
+    expect(res.body.error).toBeDefined();
+  });
+
+  it("retourne 401 quand aucun cookie ni header Authorization", async () => {
+    const fetchMock = vi.fn();
+    vi.stubGlobal("fetch", fetchMock);
+
+    const res = await request(buildApp()).get("/protected");
+
+    expect(res.status).toBe(401);
+    expect(res.body.message).toBe("Access token required");
+    expect(fetchMock).not.toHaveBeenCalled();
+  });
+});