/** * @fileoverview Tests for public login MCP tools * Tests all public authentication and login endpoints */ import { describe, test, expect, beforeEach, afterEach } from "@jest/globals"; import { mockFactory } from "../mocks/mockFactory.js"; import { ToolGenerator } from "../../src/tools/ToolGenerator.js"; describe("Public Login Tools", () => { let mockEnv; let toolGenerator; beforeEach(() => { // Create mock environment mockEnv = mockFactory.createMockEnvironment({ authTypes: ["public"], enableHttpMocks: true, enableAuthMocks: true, }); toolGenerator = mockEnv.toolGenerator; }); afterEach(() => { mockFactory.resetAllMocks(); }); describe("public_create_login", () => { test("should successfully login with valid credentials", async () => { // Setup const toolName = "public_create_login"; const parameters = { username: "validuser", password: "validpassword", }; // Mock successful login response mockFactory.httpMocks.mockRequest("POST", "/api/login", { status: 200, data: { success: true, token: "mock_login_token_123", user: { id: "user_123", username: "validuser", email: "test@example.com", }, }, }); // Execute const result = await toolGenerator.executeTool(toolName, parameters); // Assert expect(result.success).toBe(true); expect(result.data).toBeDefined(); // Verify HTTP request was made const requestHistory = mockFactory.httpMocks.getRequestHistory(); const loginRequest = requestHistory.find( (req) => req.method === "POST" && req.url === "/api/login" ); expect(loginRequest).toBeDefined(); }); test("should fail with invalid credentials", async () => { // Setup const toolName = "public_create_login"; const parameters = { username: "invaliduser", password: "wrongpassword", }; // Mock failed login response mockFactory.httpMocks.mockRequest("POST", "/api/login", null, true, { response: { status: 401, data: { error: "Invalid credentials" }, }, }); // Execute & Assert await expect( toolGenerator.executeTool(toolName, parameters) ).rejects.toThrow(); }); test("should validate required parameters", async () => { const toolName = "public_create_login"; // Test missing username await expect( toolGenerator.executeTool(toolName, { password: "test" }) ).rejects.toThrow(); // Test missing password await expect( toolGenerator.executeTool(toolName, { username: "test" }) ).rejects.toThrow(); // Test empty parameters await expect(toolGenerator.executeTool(toolName, {})).rejects.toThrow(); }); }); describe("public_create_frontendlogin", () => { test("should successfully login patient", async () => { // Setup const toolName = "public_create_frontendlogin"; const parameters = { email: "patient@test.com", password: "patientpassword", }; // Mock successful patient login mockFactory.httpMocks.mockRequest("POST", "/api/frontend/login", { status: 200, data: { success: true, token: "mock_patient_token_456", user: { id: "patient_456", email: "patient@test.com", role: "patient", }, }, }); // Execute const result = await toolGenerator.executeTool(toolName, parameters); // Assert expect(result.success).toBe(true); expect(result.data.user.role).toBe("patient"); }); test("should validate email format", async () => { const toolName = "public_create_frontendlogin"; const parameters = { email: "invalid-email", password: "password", }; // Execute & Assert await expect( toolGenerator.executeTool(toolName, parameters) ).rejects.toThrow(); }); }); describe("public_create_adminlogin", () => { test("should successfully login admin", async () => { // Setup const toolName = "public_create_adminlogin"; const parameters = { email: "admin@test.com", password: "adminpassword", }; // Mock successful admin login mockFactory.httpMocks.mockRequest("POST", "/api/admin/login", { status: 200, data: { success: true, token: "mock_admin_token_789", user: { id: "admin_789", email: "admin@test.com", role: "admin", }, }, }); // Execute const result = await toolGenerator.executeTool(toolName, parameters); // Assert expect(result.success).toBe(true); expect(result.data.user.role).toBe("admin"); }); }); describe("public_create_loginPartnerApi", () => { test("should successfully login partner", async () => { // Setup const toolName = "public_create_loginPartnerApi"; const parameters = { email: "partner@test.com", password: "partnerpassword", }; // Mock successful partner login mockFactory.httpMocks.mockRequest("POST", "/api/login-partner-api", { status: 200, data: { success: true, token: "mock_partner_token_101", user: { id: "partner_101", email: "partner@test.com", role: "partner", }, }, }); // Execute const result = await toolGenerator.executeTool(toolName, parameters); // Assert expect(result.success).toBe(true); expect(result.data.user.role).toBe("partner"); }); }); describe("public_create_affiliateLoginApi", () => { test("should successfully login affiliate", async () => { // Setup const toolName = "public_create_affiliateLoginApi"; const parameters = { email: "affiliate@test.com", password: "affiliatepassword", }; // Mock successful affiliate login mockFactory.httpMocks.mockRequest("POST", "/api/affiliate-login-api", { status: 200, data: { success: true, token: "mock_affiliate_token_202", user: { id: "affiliate_202", email: "affiliate@test.com", role: "affiliate", }, }, }); // Execute const result = await toolGenerator.executeTool(toolName, parameters); // Assert expect(result.success).toBe(true); expect(result.data.user.role).toBe("affiliate"); }); }); describe("public_create_networklogin", () => { test("should successfully login network user", async () => { // Setup const toolName = "public_create_networklogin"; const parameters = { email: "network@test.com", password: "networkpassword", }; // Mock successful network login mockFactory.httpMocks.mockRequest("POST", "/api/network/login", { status: 200, data: { success: true, token: "mock_network_token_303", user: { id: "network_303", email: "network@test.com", role: "network", }, }, }); // Execute const result = await toolGenerator.executeTool(toolName, parameters); // Assert expect(result.success).toBe(true); expect(result.data.user.role).toBe("network"); }); }); describe("Login Security Tests", () => { test("should handle rate limiting", async () => { const toolName = "public_create_login"; const parameters = { username: "testuser", password: "testpassword", }; // Mock rate limit response mockFactory.httpMocks.mockRequest("POST", "/api/login", null, true, { response: { status: 429, data: { error: "Too many login attempts" }, }, }); // Execute & Assert await expect( toolGenerator.executeTool(toolName, parameters) ).rejects.toThrow(); }); test("should handle server errors gracefully", async () => { const toolName = "public_create_login"; const parameters = { username: "testuser", password: "testpassword", }; // Mock server error mockFactory.httpMocks.mockRequest("POST", "/api/login", null, true, { response: { status: 500, data: { error: "Internal server error" }, }, }); // Execute & Assert await expect( toolGenerator.executeTool(toolName, parameters) ).rejects.toThrow(); }); test("should not log sensitive information", async () => { const toolName = "public_create_login"; const parameters = { username: "testuser", password: "secretpassword", }; // Mock successful login mockFactory.httpMocks.mockRequest("POST", "/api/login", { status: 200, data: { success: true, token: "token123" }, }); // Execute await toolGenerator.executeTool(toolName, parameters); // Verify password is not in request history const requestHistory = mockFactory.httpMocks.getRequestHistory(); const loginRequest = requestHistory.find( (req) => req.method === "POST" && req.url === "/api/login" ); // Password should be redacted or not logged in plain text expect(JSON.stringify(loginRequest)).not.toContain("secretpassword"); }); }); });