Files
Termix/src/backend/tests/utils/user-encryption-migration-store.test.ts
T
LukeGus 7f43932429 refactor(tests): move backend tests into src/backend/tests mirror tree
Backend *.test.ts files (and the test-support harness) no longer sit next
to source files; they live under src/backend/tests/ mirroring the source
layout. Imports rewritten accordingly; CLAUDE.md convention updated.
2026-07-16 04:31:29 -05:00

109 lines
3.1 KiB
TypeScript

import { describe, expect, it, vi } from "vitest";
import { RawSqliteUserEncryptionMigrationStore } from "../../utils/user-encryption-migration-store.js";
describe("RawSqliteUserEncryptionMigrationStore", () => {
function createDb() {
const all = vi.fn(() => [{ id: 1 }]);
const get = vi.fn(() => ({ id: "user-1" }));
const run = vi.fn();
const prepare = vi.fn(() => ({ all, get, run }));
return { db: { prepare }, all, get, run };
}
it("owns legacy user encryption migration reads", () => {
const { db, all, get } = createDb();
const store = new RawSqliteUserEncryptionMigrationStore(db);
expect(store.listHostRecords("user-1")).toEqual([{ id: 1 }]);
expect(store.listCredentialRecords("user-1")).toEqual([{ id: 1 }]);
expect(store.getUserRecord("user-1")).toEqual({ id: "user-1" });
expect(db.prepare).toHaveBeenCalledWith(
"SELECT * FROM ssh_data WHERE user_id = ?",
);
expect(db.prepare).toHaveBeenCalledWith(
"SELECT * FROM ssh_credentials WHERE user_id = ?",
);
expect(db.prepare).toHaveBeenCalledWith("SELECT * FROM users WHERE id = ?");
expect(all).toHaveBeenCalledWith("user-1");
expect(get).toHaveBeenCalledWith("user-1");
});
it("owns legacy sensitive field update statements", () => {
const { db, run } = createDb();
const store = new RawSqliteUserEncryptionMigrationStore(db);
store.updateHostSensitiveFields(12, {
password: "p",
key: "k",
key_password: "kp",
key_type: "ed25519",
autostart_password: "ap",
autostart_key: "ak",
autostart_key_password: "akp",
sudo_password: "sp",
});
store.updateCredentialSensitiveFields(13, {
password: "p",
key: "k",
key_password: "kp",
private_key: "priv",
public_key: "pub",
key_type: "rsa",
});
store.updateUserSensitiveFields("user-1", {
totp_secret: "totp",
totp_backup_codes: "codes",
client_secret: "client",
oidc_identifier: "oidc",
});
expect(db.prepare).toHaveBeenCalledWith(
expect.stringContaining("UPDATE ssh_data"),
);
expect(db.prepare).toHaveBeenCalledWith(
expect.stringContaining("UPDATE ssh_credentials"),
);
expect(db.prepare).toHaveBeenCalledWith(
expect.stringContaining("UPDATE users"),
);
expect(run).toHaveBeenCalledWith(
"p",
"k",
"kp",
"ed25519",
"ap",
"ak",
"akp",
"sp",
12,
);
expect(run).toHaveBeenCalledWith("p", "k", "kp", "priv", "pub", "rsa", 13);
expect(run).toHaveBeenCalledWith(
"totp",
"codes",
"client",
"oidc",
"user-1",
);
});
it("owns password-reset dynamic field updates", () => {
const { db, run } = createDb();
const store = new RawSqliteUserEncryptionMigrationStore(db);
store.updatePasswordResetFields(
"ssh_credentials",
99,
["password", "key"],
{ password: "p", key: "k" },
);
expect(db.prepare).toHaveBeenCalledWith(
"UPDATE ssh_credentials SET password = ?, key = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?",
);
expect(run).toHaveBeenCalledWith("p", "k", 99);
});
});