email verfication after account creation, password component, added password special characters

2025-10-10 14:36:09 -04:00
parent 513347e8b7
commit 0a9b875a9d
19 changed files with 1305 additions and 86 deletions
--- a/backend/tests/unit/middleware/auth.test.js
+++ b/backend/tests/unit/middleware/auth.test.js
@@ -1,4 +1,4 @@
-const { authenticateToken } = require('../../../middleware/auth');
+const { authenticateToken, requireVerifiedEmail } = require('../../../middleware/auth');
 const jwt = require('jsonwebtoken');

 jest.mock('jsonwebtoken');
@@ -191,4 +191,161 @@ describe('Auth Middleware', () => {
      });
    });
  });
+});
+
+describe('requireVerifiedEmail Middleware', () => {
+  let req, res, next;
+
+  beforeEach(() => {
+    req = {
+      user: null
+    };
+    res = {
+      status: jest.fn().mockReturnThis(),
+      json: jest.fn()
+    };
+    next = jest.fn();
+    jest.clearAllMocks();
+  });
+
+  describe('Verified users', () => {
+    it('should call next for verified user', () => {
+      req.user = {
+        id: 1,
+        email: 'verified@test.com',
+        isVerified: true
+      };
+
+      requireVerifiedEmail(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(res.status).not.toHaveBeenCalled();
+      expect(res.json).not.toHaveBeenCalled();
+    });
+
+    it('should call next for verified OAuth user', () => {
+      req.user = {
+        id: 2,
+        email: 'google@test.com',
+        authProvider: 'google',
+        isVerified: true
+      };
+
+      requireVerifiedEmail(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(res.status).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('Unverified users', () => {
+    it('should return 403 for unverified user', () => {
+      req.user = {
+        id: 1,
+        email: 'unverified@test.com',
+        isVerified: false
+      };
+
+      requireVerifiedEmail(req, res, next);
+
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Email verification required. Please verify your email address to perform this action.',
+        code: 'EMAIL_NOT_VERIFIED'
+      });
+      expect(next).not.toHaveBeenCalled();
+    });
+
+    it('should return 403 when isVerified is null', () => {
+      req.user = {
+        id: 1,
+        email: 'test@test.com',
+        isVerified: null
+      };
+
+      requireVerifiedEmail(req, res, next);
+
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Email verification required. Please verify your email address to perform this action.',
+        code: 'EMAIL_NOT_VERIFIED'
+      });
+      expect(next).not.toHaveBeenCalled();
+    });
+
+    it('should return 403 when isVerified is undefined', () => {
+      req.user = {
+        id: 1,
+        email: 'test@test.com'
+        // isVerified is undefined
+      };
+
+      requireVerifiedEmail(req, res, next);
+
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Email verification required. Please verify your email address to perform this action.',
+        code: 'EMAIL_NOT_VERIFIED'
+      });
+      expect(next).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('No user', () => {
+    it('should return 401 when user is not set', () => {
+      req.user = null;
+
+      requireVerifiedEmail(req, res, next);
+
+      expect(res.status).toHaveBeenCalledWith(401);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Authentication required',
+        code: 'NO_AUTH'
+      });
+      expect(next).not.toHaveBeenCalled();
+    });
+
+    it('should return 401 when user is undefined', () => {
+      req.user = undefined;
+
+      requireVerifiedEmail(req, res, next);
+
+      expect(res.status).toHaveBeenCalledWith(401);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Authentication required',
+        code: 'NO_AUTH'
+      });
+      expect(next).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('Edge cases', () => {
+    it('should handle user object with extra fields', () => {
+      req.user = {
+        id: 1,
+        email: 'test@test.com',
+        isVerified: true,
+        firstName: 'Test',
+        lastName: 'User',
+        phone: '1234567890'
+      };
+
+      requireVerifiedEmail(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+    });
+
+    it('should prioritize missing user over unverified user', () => {
+      // If called without authenticateToken first
+      req.user = null;
+
+      requireVerifiedEmail(req, res, next);
+
+      expect(res.status).toHaveBeenCalledWith(401);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Authentication required',
+        code: 'NO_AUTH'
+      });
+    });
+  });
 });