Jackie/rentall-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed tests and package vulnerabilities

Browse Source
This commit is contained in:
jackiettran
2026-01-17 11:12:40 -05:00
parent cf97dffbfb
commit f58178a253
12 changed files with 4432 additions and 2412 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
backend/tests/unit/middleware/csrf.test.js
View File

@@ -106,16 +106,6 @@ describe('CSRF Middleware', () => {
expect(res.status).not.toHaveBeenCalled();
});
it('should validate token from query parameters', () => {
req.query.csrfToken = 'mock-token-123';
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(next).toHaveBeenCalled();
expect(res.status).not.toHaveBeenCalled();
});
it('should prefer header token over body token', () => {
req.headers['x-csrf-token'] = 'mock-token-123';
req.body.csrfToken = 'different-token';
@@ -126,25 +116,6 @@ describe('CSRF Middleware', () => {
expect(next).toHaveBeenCalled();
});
it('should prefer header token over query token', () => {
req.headers['x-csrf-token'] = 'mock-token-123';
req.query.csrfToken = 'different-token';
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(next).toHaveBeenCalled();
});
it('should prefer body token over query token', () => {
req.body.csrfToken = 'mock-token-123';
req.query.csrfToken = 'different-token';
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(next).toHaveBeenCalled();
});
});
describe('Missing tokens', () => {

21
backend/tests/unit/models/User.verification.test.js
View File

@@ -3,6 +3,27 @@ const crypto = require('crypto');
// Mock crypto module
jest.mock('crypto');
// Mock the logger to prevent winston-daily-rotate-file issues
jest.mock('../../../utils/logger', () => ({
error: jest.fn(),
info: jest.fn(),
warn: jest.fn(),
debug: jest.fn(),
withRequestId: jest.fn(() => ({
error: jest.fn(),
info: jest.fn(),
warn: jest.fn(),
debug: jest.fn(),
})),
}));
// Mock TwoFactorService to prevent otplib loading
jest.mock('../../../services/TwoFactorService', () => ({
generateSecret: jest.fn(),
verifyToken: jest.fn(),
generateQRCode: jest.fn(),
}));
// Mock the entire models module
jest.mock('../../../models', () => {
const mockUser = {