feat: all routes complete for testing

Author: Bccorb

src/controllers/admin.ts

@@ -276,7 +276,9 @@ export const listUserSessions = async (req: Request, res: Response) => {
         userAgent: s.userAgent,
         lastUsedAt: s.lastUsedAt,
         expiresAt: s.expiresAt,
+        current: false,
       })),
+      total: sessions.length,
     });
   } catch (err) {
     logger.error(`Failed to fetch sessions: ${err}`);
@@ -330,7 +332,17 @@ export const listAllSessions = async (req: Request, res: Response) => {
     Session.count({ where }),
   ]);
 
-  return res.json({ sessions, total });
+  const response = sessions.map((session) => ({
+    id: session.id,
+    deviceName: session.deviceName,
+    ipAddress: session.ipAddress,
+    userAgent: session.userAgent,
+    lastUsedAt: session.lastUsedAt.toISOString(),
+    expiresAt: session.expiresAt.toISOString(),
+    current: false,
+  }));
+
+  return res.json({ sessions: response, total });
 };
 
 export const getDatabaseSize = async () => {

src/controllers/authentication.ts

@@ -48,7 +48,7 @@ export const login = async (req: Request, res: Response) => {
       user_agent: req.headers['user-agent'],
       metadata: { reason: 'No identifier supplied' },
     });
-    return res.status(403).json({ message: 'Not allowed' });
+    return res.status(403).json({ error: 'Not allowed' });
   }
 
   logger.info(`Login attempt with ${identifier}`);
@@ -86,7 +86,7 @@ export const login = async (req: Request, res: Response) => {
           user_agent: req.headers['user-agent'],
           metadata: { reason: `No user found for identifer: ${identifier}` },
         });
-        return res.status(403).json({ message: 'Not allowed' });
+        return res.status(403).json({ error: 'Not allowed' });
       }
     } else {
       logger.error(`Invalid identifier: ${identifier}`);
@@ -97,7 +97,7 @@ export const login = async (req: Request, res: Response) => {
         user_agent: req.headers['user-agent'],
         metadata: { reason: `No user found for identifer: ${identifier}` },
       });
-      return res.status(400).json({ message: 'Invalid data' });
+      return res.status(400).json({ error: 'Invalid data' });
     }
   } catch (error) {
     logger.error(`Failed to find a user with valid Identifier: ${error}`);
@@ -108,7 +108,7 @@ export const login = async (req: Request, res: Response) => {
       user_agent: req.headers['user-agent'],
       metadata: { reason: `No user found for identifer: ${identifier}` },
     });
-    return res.status(500).json({ message: 'Internal server error' });
+    return res.status(500).json({ error: 'Internal server error' });
   }
 
   try {
@@ -121,7 +121,7 @@ export const login = async (req: Request, res: Response) => {
         user_agent: req.headers['user-agent'],
         metadata: { reason: `No user found for identifer: ${identifier}` },
       });
-      return res.status(401).json({ message: 'Not Allowed' });
+      return res.status(401).json({ error: 'Not Allowed' });
     }
 
     // pre-auth token
@@ -137,7 +137,7 @@ export const login = async (req: Request, res: Response) => {
         metadata: { reason: `Unverified but valid user` },
       });
 
-      return res.status(401).json({ message: 'Login failed. Need to verify.' });
+      return res.status(401).json({ error: 'Login failed. Need to verify.' });
     }
 
     const credential = await Credential.findOne({ where: { userId: user.id } });
@@ -151,7 +151,7 @@ export const login = async (req: Request, res: Response) => {
         user_agent: req.headers['user-agent'],
         metadata: { reason: `No credentials ${identifier}` },
       });
-      return res.status(401).json({ message: 'Need to re-register and create passkey' });
+      return res.status(401).json({ error: 'Need to re-register and create passkey' });
     }
 
     if (token) {
@@ -178,7 +178,7 @@ export const login = async (req: Request, res: Response) => {
         ttl: parseDurationToSeconds(access_token_ttl || '15m'),
       });
     }
-    return res.status(401).json({ message: 'Login failed.' });
+    return res.status(401).json({ error: 'Login failed.' });
   } catch (error: unknown) {
     if (error instanceof Error) {
       logger.error(`Error during login for email ${error.message}`);
@@ -193,7 +193,7 @@ export const login = async (req: Request, res: Response) => {
       user_agent: req.headers['user-agent'],
       metadata: { reason: 'Catch all error' },
     });
-    return res.status(500).json({ message: 'Server error' });
+    return res.status(500).json({ error: 'Server error' });
   }
 };
 

src/controllers/internalMetrics.ts

@@ -41,6 +41,7 @@ export const getAuthEventSummary = async (req: Request, res: Response) => {
     return res.status(400).json({ message: 'Invalid query params' });
   }
 
+  // TODO: need to parse these for valid time ranges
   const { from, to } = parsed.data;
 
   const where: WhereOptions<AuthEventAttributes> =

src/controllers/sessions.ts

@@ -33,8 +33,8 @@ export const listSessions = async (req: Request, res: Response) => {
     deviceName: session.deviceName,
     ipAddress: session.ipAddress,
     userAgent: session.userAgent,
-    lastUsedAt: session.lastUsedAt.toISOString(),
-    expiresAt: session.expiresAt.toISOString(),
+    lastUsedAt: session.lastUsedAt,
+    expiresAt: session.expiresAt,
     current: session.id === currentSessionId,
   }));
 

src/controllers/webauthn.ts

@@ -126,6 +126,7 @@ const verifyWebAuthnRegistration = async (req: Request, res: Response) => {
     }
 
     if (!verifiedUser.email || !attestationResponse) {
+      logger.warn('Missing verified user email or attestation response');
       await AuthEvent.create({
         user_id: null,
         type: 'registration_failed',
@@ -154,6 +155,7 @@ const verifyWebAuthnRegistration = async (req: Request, res: Response) => {
 
     const expectedChallenge = user.challenge;
     if (!expectedChallenge) {
+      logger.error('Unexpected user challegnge supplied.');
       await AuthEvent.create({
         user_id: user.id,
         type: 'registration_suspicous',
@@ -223,6 +225,7 @@ const verifyWebAuthnRegistration = async (req: Request, res: Response) => {
     await user.update({
       challenge: null,
       lastLogin: new Date(),
+      verified: true,
     });
 
     logger.info(`Passkey credential saved successfully for user: ${verifiedUser.email}`);
@@ -253,11 +256,6 @@ const verifyWebAuthnRegistration = async (req: Request, res: Response) => {
 
     const token = await signAccessToken(session.id, user.id, user.roles);
 
-    user.challenge = '';
-    user.verified = true;
-
-    await user.save();
-
     if (token && refreshToken) {
       await AuthEvent.create({
         user_id: user.id,
@@ -287,9 +285,10 @@ const verifyWebAuthnRegistration = async (req: Request, res: Response) => {
         refreshTtl: parseDurationToSeconds(refresh_token_ttl || '1h'),
       });
     }
+    return res.status(500).json({ error: 'Unknown error verifying passkey' });
   } catch (err) {
     logger.error(`Error in verifyWebAuthnRegistration: ${err}`);
-    return res.status(500).json({ message: 'Unknown error verifying passkey' });
+    return res.status(500).json({ error: 'Unknown error verifying passkey' });
   }
 };
 
@@ -338,7 +337,7 @@ const generateWebAuthn = async (req: Request, res: Response) => {
         user_agent: req.headers['user-agent'],
         metadata: { reason: 'No credentials' },
       });
-      logger.info('Valid user with no credentials');
+      logger.error('Valid user with no credentials');
       return res.status(401).send('Credentials not found');
     }
 
@@ -392,6 +391,7 @@ const verifyWebAuthn = async (req: Request, res: Response) => {
 
   try {
     const { assertionResponse } = req.body;
+
     const email = verifiedUser.email;
     const phone = verifiedUser.phone;
     let user = verifiedUser;
@@ -409,14 +409,15 @@ const verifyWebAuthn = async (req: Request, res: Response) => {
     }
 
     if (!user || !user.challenge) {
+      logger.error('User or user challenge missing');
       await AuthEventService.log({
         userId: user.id,
         type: 'webauthn_login_failed',
         req,
         metadata: { reason: 'No user or user challenge' },
       });
 
-      return res.status(401).json({ message: 'Authentication failed.' });
+      return res.status(401).json({ error: 'Authentication failed.' });
     }
 
     const cred = await Credential.findOne({
@@ -433,7 +434,7 @@ const verifyWebAuthn = async (req: Request, res: Response) => {
         metadata: { reason: 'No credential' },
       });
 
-      return res.status(401).json({ message: 'Authentication failed.' });
+      return res.status(401).json({ error: 'Authentication failed.' });
     }
 
     const expectedChallenge = user.challenge;
@@ -467,7 +468,7 @@ const verifyWebAuthn = async (req: Request, res: Response) => {
         metadata: { reason: 'Incorrect passkey' },
       });
 
-      return res.status(500).json({ message: 'Internal server error' });
+      return res.status(500).json({ error: 'Internal server error' });
     }
 
     if (verification.verified) {
@@ -539,7 +540,7 @@ const verifyWebAuthn = async (req: Request, res: Response) => {
         user_agent: req.headers['user-agent'],
         metadata: { reason: 'Verification failed' },
       });
-      res.status(401).send('Authentication failed');
+      res.status(401).json({ error: 'Authentication failed' });
       return;
     }
   } catch (error) {
@@ -551,7 +552,7 @@ const verifyWebAuthn = async (req: Request, res: Response) => {
       user_agent: req.headers['user-agent'],
       metadata: { reason: 'Catch all error' },
     });
-    res.status(500).json({ message: 'Internal Server error' });
+    res.status(500).json({ error: 'Internal Server error' });
     return;
   }
 };

src/routes/admin.routes.ts

@@ -9,12 +9,15 @@ import {
   getUserDetail,
   getUsers,
   listAllSessions,
+  listUserSessions,
+  revokeAllUserSessions,
   updateUser,
 } from '../controllers/admin.js';
 import { createRouter } from '../lib/createRouter.js';
 import { attachAuthMiddleware } from '../middleware/attachAuthMiddleware.js';
 import { verifyServiceToken } from '../middleware/authenticateServiceToken.js';
 import { requireAdmin } from '../middleware/requireAdmin.js';
+import { UserIdParamSchema } from '../schemas/admin.query.js';
 import { UserResponseSchema } from '../schemas/admin.responses.js';
 import { InternalErrorSchema, MessageSchema } from '../schemas/generic.responses.js';
 import { AuthEventQuerySchema, PaginationQuerySchema } from '../schemas/internal.query.js';
@@ -23,6 +26,7 @@ import {
   CredentialCountSchema,
   UsersListResponseSchema,
 } from '../schemas/internal.responses.js';
+import { SessionListResponseSchema } from '../schemas/session.responses.js';
 
 const adminRouter = createRouter('/admin');
 
@@ -154,4 +158,36 @@ adminRouter.get(
   listAllSessions,
 );
 
+adminRouter.get(
+  '/sessions/:userId',
+  {
+    middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
+    tags: ['Admin'],
+    schemas: {
+      params: UserIdParamSchema,
+      response: {
+        200: SessionListResponseSchema,
+        500: InternalErrorSchema,
+      },
+    },
+  },
+  listUserSessions,
+);
+
+adminRouter.delete(
+  '/sessions/:userId/revoke-all',
+  {
+    middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
+    tags: ['Admin'],
+    schemas: {
+      params: UserIdParamSchema,
+      response: {
+        200: MessageSchema,
+        500: InternalErrorSchema,
+      },
+    },
+  },
+  revokeAllUserSessions,
+);
+
 export default adminRouter.router;

src/routes/admin.sessions.routes.ts

@@ -119,9 +119,7 @@ describe('E2E Auth Flow', () => {
       id: 'user-1',
     });
 
-    (Session.create as any).mockResolvedValue({
-      id: 'session-2',
-    });
+    (Session.create as any).mockResolvedValue(buildSession({ id: 'session-2' }));
 
     const refreshRes = await request(app)
       .get('/sessions')

tests/e2e/authFlow.spec.ts

@@ -0,0 +1,9 @@
+function buildEvent(overrides: any = {}) {
+  return {
+    type: 'login_failed',
+    ip_address: '127.0.0.1',
+    user_agent: 'agent',
+    get: (key: string) => overrides[key],
+    ...overrides,
+  };
+}

tests/factories/authEventFactory.ts

@@ -0,0 +1,22 @@
+import { vi } from 'vitest';
+
+export function buildCredential(overrides: any = {}) {
+  return {
+    id: 'cred-1',
+    userId: 'user-1',
+    friendlyName: 'My Device',
+    transports: [],
+    deviceType: 'platform',
+    backedup: false,
+    counter: 0,
+    lastUsedAt: new Date(),
+    platform: 'web',
+    browser: 'chrome',
+    deviceInfo: 'test',
+    createdAt: new Date(),
+    publicKey: 'key',
+    update: vi.fn(),
+    destroy: vi.fn(),
+    ...overrides,
+  };
+}