mirror of
https://github.com/Termix-SSH/Termix.git
synced 2026-07-17 05:43:36 +00:00
ef4969dd35
Repositories are now the only data path. Replaces the 41 current-*-repository wrapper files, the DATABASE_LAYER_REPOSITORY_ROLLOUT flag/alias map and the unused database/runtime adapter with repositories/factory.ts, a plain DatabaseContext type and an in-memory TestSqliteDatabase test harness.
80 lines
2.7 KiB
TypeScript
80 lines
2.7 KiB
TypeScript
import { beforeEach, describe, expect, it, vi } from "vitest";
|
|
import { CredentialSystemEncryptionMigration } from "./credential-system-encryption-migration.js";
|
|
import { DataCrypto } from "./data-crypto.js";
|
|
import { FieldCrypto } from "./field-crypto.js";
|
|
import { SystemCrypto } from "./system-crypto.js";
|
|
|
|
const credentialRepository = {
|
|
listMissingSystemEncryptionByUserId: vi.fn(),
|
|
updateSystemEncryptionForUser: vi.fn(),
|
|
};
|
|
|
|
const sharedCredentialRepository = {
|
|
markNeedsReEncryptionByOriginalCredentialId: vi.fn(),
|
|
};
|
|
|
|
vi.mock("../database/repositories/factory.js", () => ({
|
|
createCurrentCredentialRepository: vi.fn(() => credentialRepository),
|
|
createCurrentSharedCredentialRepository: vi.fn(
|
|
() => sharedCredentialRepository,
|
|
),
|
|
}));
|
|
|
|
describe("CredentialSystemEncryptionMigration", () => {
|
|
beforeEach(() => {
|
|
vi.restoreAllMocks();
|
|
credentialRepository.listMissingSystemEncryptionByUserId.mockReset();
|
|
credentialRepository.updateSystemEncryptionForUser.mockReset();
|
|
sharedCredentialRepository.markNeedsReEncryptionByOriginalCredentialId.mockReset();
|
|
});
|
|
|
|
it("migrates missing credential system-key copies through repositories", async () => {
|
|
vi.spyOn(DataCrypto, "getUserDataKey").mockReturnValue(
|
|
Buffer.from("user-key"),
|
|
);
|
|
vi.spyOn(
|
|
SystemCrypto.getInstance(),
|
|
"getCredentialSharingKey",
|
|
).mockResolvedValue(Buffer.from("system-key"));
|
|
vi.spyOn(FieldCrypto, "decryptField").mockImplementation(
|
|
(_value, _key, _recordId, fieldName) => `plain-${fieldName}`,
|
|
);
|
|
vi.spyOn(FieldCrypto, "encryptField").mockImplementation(
|
|
(value, _key, _recordId, fieldName) => `system-${fieldName}-${value}`,
|
|
);
|
|
credentialRepository.listMissingSystemEncryptionByUserId.mockResolvedValue([
|
|
{
|
|
id: 123,
|
|
userId: "user-1",
|
|
password: "encrypted-password",
|
|
key: "encrypted-key",
|
|
keyPassword: "encrypted-key-password",
|
|
},
|
|
]);
|
|
|
|
await expect(
|
|
new CredentialSystemEncryptionMigration().migrateUserCredentials(
|
|
"user-1",
|
|
),
|
|
).resolves.toEqual({ migrated: 1, failed: 0, skipped: 0 });
|
|
|
|
expect(
|
|
credentialRepository.listMissingSystemEncryptionByUserId,
|
|
).toHaveBeenCalledWith("user-1");
|
|
expect(
|
|
credentialRepository.updateSystemEncryptionForUser,
|
|
).toHaveBeenCalledWith(
|
|
"user-1",
|
|
123,
|
|
expect.objectContaining({
|
|
systemPassword: "system-password-plain-password",
|
|
systemKey: "system-key-plain-key",
|
|
systemKeyPassword: "system-key_password-plain-keyPassword",
|
|
}),
|
|
);
|
|
expect(
|
|
sharedCredentialRepository.markNeedsReEncryptionByOriginalCredentialId,
|
|
).toHaveBeenCalledWith(123);
|
|
});
|
|
});
|