Skip to content

Commit 13de791

Browse files
BccorbBccorb
committed
feat: working otp test
1 parent c327def commit 13de791

8 files changed

Lines changed: 221 additions & 38 deletions

File tree

src/controllers/otp.ts

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ export const sendPhoneOTP = async (req: Request, res: Response) => {
3939
req,
4040
metadata: { reason: 'Missing required phone.' },
4141
});
42-
return res.status(400).json({ message: 'Invalid data' });
42+
return res.status(400).json({ error: 'Invalid data' });
4343
}
4444

4545
logger.info(`Sending OTP to phone number: ${phone}`);
@@ -53,7 +53,7 @@ export const sendPhoneOTP = async (req: Request, res: Response) => {
5353
req,
5454
metadata: { reason: 'Invalid phone number.' },
5555
});
56-
return res.status(400).json({ message: 'Invalid data' });
56+
return res.status(400).json({ error: 'Invalid data' });
5757
}
5858

5959
if (!user) {
@@ -64,7 +64,7 @@ export const sendPhoneOTP = async (req: Request, res: Response) => {
6464
req,
6565
metadata: { reason: 'Missing required phone.' },
6666
});
67-
return res.status(400).json({ message: 'Invalid data' });
67+
return res.status(400).json({ error: 'Invalid data' });
6868
}
6969

7070
logger.info(`${phone} requested a phone OTP`);
@@ -91,7 +91,7 @@ export const sendPhoneOTP = async (req: Request, res: Response) => {
9191
logger.error(`Error during registration: ${String(error)}`);
9292
}
9393

94-
return res.status(500).json({ message: 'Internal server error' });
94+
return res.status(500).json({ error: 'Internal server error' });
9595
}
9696
};
9797

@@ -109,7 +109,7 @@ export const sendEmailOTP = async (req: Request, res: Response) => {
109109
req,
110110
metadata: { reason: 'Missing required user.' },
111111
});
112-
return res.status(400).json({ message: 'Invalid data.' });
112+
return res.status(400).json({ error: 'Invalid data.' });
113113
}
114114

115115
if (!email) {
@@ -120,7 +120,7 @@ export const sendEmailOTP = async (req: Request, res: Response) => {
120120
req,
121121
metadata: { reason: 'Missing required email.' },
122122
});
123-
return res.status(400).json({ message: 'Invalid data.' });
123+
return res.status(400).json({ error: 'Invalid data.' });
124124
}
125125

126126
logger.info(`Sending OTP to email: ${email}`);
@@ -133,7 +133,7 @@ export const sendEmailOTP = async (req: Request, res: Response) => {
133133
req,
134134
metadata: { reason: 'Invalid email.' },
135135
});
136-
return res.status(400).json({ message: 'Invalid data.' });
136+
return res.status(400).json({ error: 'Invalid data.' });
137137
}
138138

139139
logger.info(`${email} requested an email OTP`);
@@ -159,7 +159,7 @@ export const sendEmailOTP = async (req: Request, res: Response) => {
159159
logger.error(`Error during registration: ${String(error)}`);
160160
}
161161

162-
return res.status(500).json({ message: 'Internal server error' });
162+
return res.status(500).json({ error: 'Internal server error' });
163163
}
164164
};
165165

@@ -181,7 +181,7 @@ export const verifyPhoneNumber = async (req: Request, res: Response) => {
181181
req,
182182
metadata: { reason: 'Missing data' },
183183
});
184-
return res.status(401).json({ message: 'Failed to verify OTP' });
184+
return res.status(401).json({ error: 'Failed to verify OTP' });
185185
}
186186

187187
try {
@@ -193,7 +193,7 @@ export const verifyPhoneNumber = async (req: Request, res: Response) => {
193193
req,
194194
metadata: { reason: 'Missing data' },
195195
});
196-
return res.status(401).json({ message: 'Not Allowed.' });
196+
return res.status(401).json({ error: 'Not Allowed.' });
197197
}
198198

199199
const verificationResult = await verifyPhoneOTP(user, verificationToken);
@@ -254,11 +254,11 @@ export const verifyPhoneNumber = async (req: Request, res: Response) => {
254254
user.phoneVerificationToken
255255
} or ${user.phoneVerificationTokenExpiry} is less than ${new Date().getTime()}`,
256256
);
257-
return res.status(401).json({ message: 'Not allowed' });
257+
return res.status(401).json({ error: 'Not allowed' });
258258
}
259259
} catch (error) {
260260
logger.error(`Failed to verify OTP: ${error}`);
261-
return res.status(500).json({ message: 'Internal server error' });
261+
return res.status(500).json({ error: 'Internal server error' });
262262
}
263263
};
264264

@@ -281,7 +281,7 @@ export const verifyEmail = async (req: Request, res: Response) => {
281281
req,
282282
metadata: { reason: 'Missing data' },
283283
});
284-
return res.status(401).json({ message: 'Invalid data.' });
284+
return res.status(401).json({ error: 'Invalid data.' });
285285
}
286286

287287
if (!verificationToken) {
@@ -292,7 +292,7 @@ export const verifyEmail = async (req: Request, res: Response) => {
292292
req,
293293
metadata: { reason: 'Missing data' },
294294
});
295-
return res.status(401).json({ message: 'Invalid data' });
295+
return res.status(401).json({ error: 'Invalid data' });
296296
}
297297

298298
if (!email || !phone) {
@@ -303,7 +303,7 @@ export const verifyEmail = async (req: Request, res: Response) => {
303303
req,
304304
metadata: { reason: 'Missing data' },
305305
});
306-
return res.status(401).json({ message: 'Invalid data' });
306+
return res.status(401).json({ error: 'Invalid data' });
307307
}
308308

309309
const verificationResult = await verifyEmailOTP(user, verificationToken);
@@ -367,7 +367,7 @@ export const verifyEmail = async (req: Request, res: Response) => {
367367
);
368368
}
369369

370-
return res.status(500).json({ message: 'Internal server error' });
370+
return res.status(500).json({ error: 'Internal server error' });
371371
};
372372

373373
export const verifyLoginPhoneNumber = async (req: Request, res: Response) => {
@@ -387,7 +387,7 @@ export const verifyLoginPhoneNumber = async (req: Request, res: Response) => {
387387
req,
388388
metadata: { reason: 'Missing data' },
389389
});
390-
return res.status(401).json({ message: 'Not allowed' });
390+
return res.status(401).json({ error: 'Not allowed' });
391391
}
392392

393393
try {
@@ -399,7 +399,7 @@ export const verifyLoginPhoneNumber = async (req: Request, res: Response) => {
399399
req,
400400
metadata: { reason: 'Missing data' },
401401
});
402-
return res.status(401).json({ message: 'Not Allowed.' });
402+
return res.status(401).json({ error: 'Not Allowed.' });
403403
}
404404

405405
const verificationResult = await verifyPhoneOTP(user, verificationToken);
@@ -472,11 +472,11 @@ export const verifyLoginPhoneNumber = async (req: Request, res: Response) => {
472472
req,
473473
metadata: { reason: 'User verification failed for phone' },
474474
});
475-
return res.status(401).json({ message: 'Not allowed' });
475+
return res.status(401).json({ error: 'Not allowed' });
476476
}
477477
} catch (error) {
478478
logger.error(`Failed to verify OTP: ${error}`);
479-
return res.status(500).json({ message: 'Internal server error' });
479+
return res.status(500).json({ error: 'Internal server error' });
480480
}
481481
};
482482

@@ -499,7 +499,7 @@ export const verifyLoginEmail = async (req: Request, res: Response) => {
499499
req,
500500
metadata: { reason: 'Missing data' },
501501
});
502-
return res.status(401).json({ message: 'Not allowed' });
502+
return res.status(401).json({ error: 'Not allowed' });
503503
}
504504

505505
if (!verificationToken) {
@@ -510,7 +510,7 @@ export const verifyLoginEmail = async (req: Request, res: Response) => {
510510
req,
511511
metadata: { reason: 'Missing data' },
512512
});
513-
return res.status(401).json({ message: 'Not allowed' });
513+
return res.status(401).json({ error: 'Not allowed' });
514514
}
515515

516516
if (!email || !phone) {
@@ -521,7 +521,7 @@ export const verifyLoginEmail = async (req: Request, res: Response) => {
521521
req,
522522
metadata: { reason: 'Missing data' },
523523
});
524-
return res.status(401).json({ message: 'Not allowed' });
524+
return res.status(401).json({ error: 'Not allowed' });
525525
}
526526

527527
const verificationResult = await verifyEmailOTP(user, verificationToken);
@@ -596,5 +596,5 @@ export const verifyLoginEmail = async (req: Request, res: Response) => {
596596
});
597597
}
598598

599-
return res.status(500).json({ message: 'Internal server error' });
599+
return res.status(500).json({ error: 'Internal server error' });
600600
};

tests/factories/requestFactory.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
export function buildRegistrationRequest(overrides = {}) {
22
return {
33
email: 'test@example.com',
4-
phone: '+14155552671', // ✅ VALID
4+
phone: '+14155552671',
55
...overrides,
66
};
77
}

tests/factories/users/userFactory.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ export function buildUser(overrides: Partial<any> = {}) {
66
return {
77
id: `user-${Date.now()}`,
88
email: 'test@example.com',
9-
phone: '+14155552671', // ✅ VALID US number
9+
phone: '+14155552671',
1010
roles: ['user'],
1111
...overrides,
1212
};

tests/integration/otp/otp.spec.ts

Lines changed: 146 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,146 @@
1+
import request from 'supertest';
2+
import { describe, it, expect, beforeAll, beforeEach, vi } from 'vitest';
3+
import { createApp } from '../../../src/app';
4+
import { Application } from 'express';
5+
6+
vi.mock('../../../src/models/authEvents.js', () => ({
7+
AuthEvent: {
8+
create: vi.fn(),
9+
},
10+
}));
11+
12+
vi.mock('../../src/utils/otp.js', () => ({
13+
generatePhoneOTP: vi.fn(),
14+
generateEmailOTP: vi.fn(),
15+
verifyPhoneOTP: vi.fn(),
16+
verifyEmailOTP: vi.fn(),
17+
}));
18+
19+
vi.mock('../../src/models/sessions.js', () => ({
20+
Session: {
21+
create: vi.fn(),
22+
},
23+
}));
24+
25+
vi.mock('../../src/lib/token.js', () => ({
26+
signEphemeralToken: vi.fn(),
27+
signAccessToken: vi.fn(),
28+
generateRefreshToken: vi.fn(),
29+
hashRefreshToken: vi.fn(),
30+
}));
31+
32+
import {
33+
generatePhoneOTP,
34+
generateEmailOTP,
35+
verifyPhoneOTP,
36+
verifyEmailOTP,
37+
} from '../../../src/utils/otp.js';
38+
39+
import { signEphemeralToken, signAccessToken } from '../../../src/lib/token.js';
40+
import { Session } from '../../../src/models/sessions.js';
41+
42+
let app: Application;
43+
44+
beforeAll(async () => {
45+
app = await createApp();
46+
});
47+
48+
beforeEach(() => {
49+
vi.clearAllMocks();
50+
51+
(signEphemeralToken as any).mockResolvedValue('ephemeral-token');
52+
(signAccessToken as any).mockResolvedValue('access-token');
53+
(Session.create as any).mockResolvedValue({ id: 'session-1' });
54+
});
55+
56+
describe('OTP - Generate', () => {
57+
it('generates phone OTP', async () => {
58+
const res = await request(app).get('/otp/generate-phone-otp');
59+
60+
expect(res.status).toBe(200);
61+
expect(generatePhoneOTP).toHaveBeenCalled();
62+
expect(res.body.message).toBe('success');
63+
});
64+
65+
it('generates email OTP', async () => {
66+
const res = await request(app).get('/otp/generate-email-otp');
67+
68+
expect(res.status).toBe(200);
69+
expect(generateEmailOTP).toHaveBeenCalled();
70+
});
71+
});
72+
73+
describe('OTP - Verify Phone', () => {
74+
it('fails when token missing', async () => {
75+
const res = await request(app).post('/otp/verify-phone-otp').send({});
76+
77+
expect(res.status).toBe(400);
78+
});
79+
80+
it('fails when OTP invalid', async () => {
81+
(verifyPhoneOTP as any).mockResolvedValue({
82+
user: {},
83+
verified: false,
84+
});
85+
86+
const res = await request(app)
87+
.post('/otp/verify-phone-otp')
88+
.send({ verificationToken: 'wrong' });
89+
90+
expect(res.status).toBe(401);
91+
});
92+
93+
it('succeeds when OTP valid', async () => {
94+
(verifyPhoneOTP as any).mockResolvedValue({
95+
user: {
96+
id: 'user-1',
97+
emailVerified: true,
98+
phoneVerified: true,
99+
verified: true,
100+
roles: ['user'],
101+
},
102+
verified: true,
103+
});
104+
105+
const res = await request(app)
106+
.post('/otp/verify-phone-otp')
107+
.send({ verificationToken: '123456' });
108+
109+
expect(res.status).toBe(200);
110+
expect(Session.create).toHaveBeenCalled();
111+
expect(signAccessToken).toHaveBeenCalled();
112+
});
113+
});
114+
115+
describe('OTP - Verify Email', () => {
116+
it('fails when OTP invalid', async () => {
117+
(verifyEmailOTP as any).mockResolvedValue({
118+
user: {},
119+
verified: false,
120+
});
121+
122+
const res = await request(app).post('/otp/verify-email-otp').send({ verificationToken: 'bad' });
123+
124+
expect(res.status).toBe(500); // matches your controller behavior
125+
});
126+
127+
it('succeeds when OTP valid', async () => {
128+
(verifyEmailOTP as any).mockResolvedValue({
129+
user: {
130+
id: 'user-1',
131+
emailVerified: true,
132+
phoneVerified: true,
133+
verified: true,
134+
roles: ['user'],
135+
},
136+
verified: true,
137+
});
138+
139+
const res = await request(app)
140+
.post('/otp/verify-email-otp')
141+
.send({ verificationToken: '123456' });
142+
143+
expect(res.status).toBe(200);
144+
expect(Session.create).toHaveBeenCalled();
145+
});
146+
});

0 commit comments

Comments
 (0)