matthias.lotz
6332b82c6a
- replace bearer auth with session+CSRF flow and add admin user directory - update frontend moderation flow, force password change gate, and new CLI - refresh changelog/docs/feature plan + ensure swagger dev experience
49 lines
1.3 KiB
JavaScript
49 lines
1.3 KiB
JavaScript
const { getRequest } = require('../testServer');
|
|
const { getAdminSession } = require('../utils/adminSession');
|
|
|
|
describe('Admin Auth Middleware', () => {
|
|
describe('Without Session', () => {
|
|
it('should reject requests without session cookie', async () => {
|
|
const response = await getRequest()
|
|
.get('/api/admin/deletion-log')
|
|
.expect(403);
|
|
|
|
expect(response.body).toHaveProperty('error');
|
|
expect(response.body).toHaveProperty('reason', 'SESSION_REQUIRED');
|
|
});
|
|
});
|
|
|
|
describe('With Valid Session', () => {
|
|
let adminSession;
|
|
|
|
beforeAll(async () => {
|
|
adminSession = await getAdminSession();
|
|
});
|
|
|
|
it('should allow access with valid session', async () => {
|
|
const response = await adminSession.agent
|
|
.get('/api/admin/deletion-log')
|
|
.expect(200);
|
|
|
|
expect(response.body).toHaveProperty('success');
|
|
});
|
|
|
|
it('should allow access to multiple admin endpoints', async () => {
|
|
const endpoints = [
|
|
'/api/admin/deletion-log',
|
|
'/api/admin/rate-limiter/stats',
|
|
'/api/admin/management-audit',
|
|
'/api/admin/groups'
|
|
];
|
|
|
|
for (const endpoint of endpoints) {
|
|
const response = await adminSession.agent
|
|
.get(endpoint)
|
|
.expect(200);
|
|
|
|
expect(response.body).toBeDefined();
|
|
}
|
|
});
|
|
});
|
|
});
|