Lines 178-237javascript
178describe('cors helpers', () => {
179 it('validateOrigin normalizes and rejects paths', () => {
180 expect(validateOrigin('http://localhost:5173/')).toBe('http://localhost:5173');
181 expect(validateOrigin('*')).toBe('*');
182 expect(() => validateOrigin('not a url')).toThrow(/Invalid origin/);
183 expect(() => validateOrigin('http://x.example/path')).toThrow(/path/);
185 it('addOrigin / removeOrigin report change status', () => {
186 expect(addOrigin(['a'], 'a').changed).toBe(false);
187 expect(addOrigin(['a'], 'b')).toEqual({ origins: ['a', 'b'], changed: true });
188 expect(removeOrigin(['a'], 'b').changed).toBe(false);
189 expect(removeOrigin(['a', 'b'], 'a')).toEqual({ origins: ['b'], changed: true });
192describe('userRegister', () => {
193 const adminUrl = 'http://test-server:1234/api/raisindb/sys/default/identity-users';
194 it('uses the admin endpoint with repos + verified email', async () => {
195 const { fetchImpl, calls } = mockFetch([
196 { match: (u, m) => m === 'POST' && u === adminUrl, status: 201, body: { id: 'x', email: 'a@b.c' } },
198 await userRegister('a@b.c', { password: 'Secret12345!', repo: 'myrepo', displayName: 'A' }, fetchImpl);
MediumSecret Pattern
Hardcoded password in dist/commands/admin-commands.test.js
dist/commands/admin-commands.test.jsView on unpkg · L198 199 expect(calls).toHaveLength(1);
200 expect(calls[0].body).toEqual({
202 password: 'Secret12345!',
MediumSecret Pattern
Hardcoded password in dist/commands/admin-commands.test.js
dist/commands/admin-commands.test.jsView on unpkg · L202 204 email_verified: true,
208 it('falls back to /auth/{repo}/register when the token lacks admin access', async () => {
209 const { fetchImpl, calls } = mockFetch([
210 { match: (u, m) => m === 'POST' && u === adminUrl, status: 403, body: { message: 'forbidden' } },
212 match: (u, m) => m === 'POST' && u === 'http://test-server:1234/auth/myrepo/register',
217 await userRegister('a@b.c', { password: 'Secret12345!', repo: 'myrepo' }, fetchImpl);
MediumSecret Pattern
Hardcoded password in dist/commands/admin-commands.test.js
dist/commands/admin-commands.test.jsView on unpkg · L217 218 expect(calls).toHaveLength(2);
219 expect(calls[1].body).toMatchObject({ email: 'a@b.c', password: 'Secret12345!' });
221 it('treats 409 as success only with --exists-ok', async () => {
222 const conflict = mockFetch([
223 { match: (u, m) => m === 'POST' && u === adminUrl, status: 409, body: { message: 'EMAIL_EXISTS' } },
225 await expect(userRegister('a@b.c', { password: 'p1234567890!', repo: 'r' }, conflict.fetchImpl)).rejects.toThrow(/already exists/);
226 const conflictOk = mockFetch([
227 { match: (u, m) => m === 'POST' && u === adminUrl, status: 409, body: { message: 'EMAIL_EXISTS' } },
229 await expect(userRegister('a@b.c', { password: 'p1234567890!', repo: 'r', existsOk: true }, conflictOk.fetchImpl)).resolves.toBeUndefined();
231 it('resolvePassword: requires exactly one source and supports stdin', async () => {
232 await expect(resolvePassword({})).rejects.toThrow(/password is required/i);
233 await expect(resolvePassword({ password: 'a', passwordStdin: true })).rejects.toThrow(/mutually exclusive/);
234 await expect(resolvePassword({ passwordStdin: true }, { readStdinImpl: async () => 'pw\n' })).resolves.toBe('pw');
237describe('repo create/delete', () => {