brief-20/backend/test/auth.e2e-spec.ts

import { INestApplication } from '@nestjs/common';
import * as request from 'supertest';
import { createTestApp, createTestUser, generateTokensForUser, cleanupTestData } from './test-utils';
import { v4 as uuidv4 } from 'uuid';

describe('AuthController (e2e)', () => {
  let app: INestApplication;
  let accessToken: string;
  let refreshToken: string;
  let testUser: any;
  let testUserId: string;

  beforeAll(async () => {
    app = await createTestApp();
    
    // Create a test user and generate tokens
    testUser = await createTestUser(app);
    testUserId = testUser.id;
    const tokens = await generateTokensForUser(app, testUserId);
    accessToken = tokens.accessToken;
    refreshToken = tokens.refreshToken;
  });

  afterAll(async () => {
    // Clean up test data
    await cleanupTestData(app, testUserId);
    await app.close();
  });

  describe('GET /api/auth/profile', () => {
    it('should return the current user profile when authenticated', () => {
      return request(app.getHttpServer())
        .get('/api/auth/profile')
        .set('Authorization', `Bearer ${accessToken}`)
        .expect(200)
        .expect((res) => {
          expect(res.body).toHaveProperty('id', testUserId);
          expect(res.body.name).toBe(testUser.name);
          expect(res.body.githubId).toBe(testUser.githubId);
        });
    });

    it('should return 401 when not authenticated', () => {
      return request(app.getHttpServer())
        .get('/api/auth/profile')
        .expect(401);
    });

    it('should return 401 with invalid token', () => {
      return request(app.getHttpServer())
        .get('/api/auth/profile')
        .set('Authorization', 'Bearer invalid-token')
        .expect(401);
    });
  });

  describe('POST /api/auth/refresh', () => {
    it('should refresh tokens with valid refresh token', () => {
      return request(app.getHttpServer())
        .post('/api/auth/refresh')
        .set('Authorization', `Bearer ${refreshToken}`)
        .expect(201)
        .expect((res) => {
          expect(res.body).toHaveProperty('accessToken');
          expect(res.body).toHaveProperty('refreshToken');
          expect(typeof res.body.accessToken).toBe('string');
          expect(typeof res.body.refreshToken).toBe('string');
          
          // Update tokens for subsequent tests
          accessToken = res.body.accessToken;
          refreshToken = res.body.refreshToken;
        });
    });

    it('should return 401 with invalid refresh token', () => {
      return request(app.getHttpServer())
        .post('/api/auth/refresh')
        .set('Authorization', 'Bearer invalid-token')
        .expect(401);
    });
  });

  // Note: We can't easily test the GitHub OAuth flow in an e2e test
  // as it requires interaction with the GitHub API
  describe('GET /api/auth/github', () => {
    it('should redirect to GitHub OAuth page', () => {
      return request(app.getHttpServer())
        .get('/api/auth/github')
        .expect(302) // Expect a redirect
        .expect((res) => {
          expect(res.headers.location).toBeDefined();
          expect(res.headers.location.startsWith('https://github.com/login/oauth')).toBe(true);
        });
    });
  });
});