add attendance
This commit is contained in:
Chris Chen
@@ -0,0 +1,63 @@
|
||||
import { TestBed } from '@angular/core/testing';
|
||||
import { HttpClient, provideHttpClient, withInterceptors } from '@angular/common/http';
|
||||
import { provideHttpClientTesting, HttpTestingController } from '@angular/common/http/testing';
|
||||
import { Router } from '@angular/router';
|
||||
import { authInterceptor } from './auth.interceptor';
|
||||
import { AuthService } from '../../shared/services/auth.service';
|
||||
import { ApiConfigService } from '../services/api-config.service';
|
||||
|
||||
describe('authInterceptor', () => {
|
||||
let http: HttpClient;
|
||||
let httpMock: HttpTestingController;
|
||||
let apiConfig: ApiConfigService;
|
||||
let router: jasmine.SpyObj<Router>;
|
||||
|
||||
beforeEach(() => {
|
||||
router = jasmine.createSpyObj<Router>('Router', ['navigate']);
|
||||
TestBed.configureTestingModule({
|
||||
providers: [
|
||||
provideHttpClient(withInterceptors([authInterceptor])),
|
||||
provideHttpClientTesting(),
|
||||
AuthService,
|
||||
ApiConfigService,
|
||||
{ provide: Router, useValue: router },
|
||||
],
|
||||
});
|
||||
http = TestBed.inject(HttpClient);
|
||||
httpMock = TestBed.inject(HttpTestingController);
|
||||
apiConfig = TestBed.inject(ApiConfigService);
|
||||
});
|
||||
|
||||
afterEach(() => httpMock.verify());
|
||||
|
||||
it('does NOT redirect to login when a public auth request (refresh) returns 401', () => {
|
||||
// Startup session-restore: an unauthenticated visitor has no refresh cookie, so
|
||||
// POST /auth/refresh returns 401. This must NOT bounce them to /login — public
|
||||
// routes like /attendance need to stay put. refresh() handles its own 401.
|
||||
http.post(`${apiConfig.authUrl}/refresh`, {}).subscribe({ error: () => {} });
|
||||
httpMock.expectOne(`${apiConfig.authUrl}/refresh`).flush(
|
||||
{ message: 'No cookie' },
|
||||
{ status: 401, statusText: 'Unauthorized' },
|
||||
);
|
||||
|
||||
expect(router.navigate).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('redirects to login when a protected request returns 401 after refresh fails', () => {
|
||||
http.get(`${apiConfig.getBaseUrl()}/expenses`).subscribe({ error: () => {} });
|
||||
|
||||
// Original protected call 401s -> interceptor attempts a silent refresh...
|
||||
httpMock.expectOne(`${apiConfig.getBaseUrl()}/expenses`).flush(
|
||||
null, { status: 401, statusText: 'Unauthorized' },
|
||||
);
|
||||
// ...refresh also 401s (no valid cookie) -> genuine auth failure.
|
||||
httpMock.expectOne(`${apiConfig.authUrl}/refresh`).flush(
|
||||
null, { status: 401, statusText: 'Unauthorized' },
|
||||
);
|
||||
|
||||
expect(router.navigate).toHaveBeenCalledWith(['/login']);
|
||||
|
||||
// logout() fires a fire-and-forget POST /auth/logout; flush it so verify() stays clean.
|
||||
httpMock.expectOne(`${apiConfig.authUrl}/logout`).flush(null, { status: 204, statusText: 'No Content' });
|
||||
});
|
||||
});
|
||||
@@ -39,7 +39,11 @@ export const authInterceptor: HttpInterceptorFn = (req, next) => {
|
||||
);
|
||||
}
|
||||
|
||||
if (error.status === 401) {
|
||||
// Redirect on a genuine auth failure, but NOT for the public auth endpoints
|
||||
// (login / refresh / logout). The startup session-restore POSTs /auth/refresh on
|
||||
// every page load; for an unauthenticated visitor that 401s, and bouncing them to
|
||||
// /login here would break public routes like /attendance. refresh() handles its own 401.
|
||||
if (error.status === 401 && !isPublicAuthRequest(req, apiConfig)) {
|
||||
authService.logout();
|
||||
router.navigate(['/login']);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user