From 4341a08ab0b6fc531cbecc5787882fec703791fd Mon Sep 17 00:00:00 2001
From: Purnendu <purnendumishra129th@gmail.com>
Date: Sat, 1 Feb 2025 04:45:09 +0530
Subject: [PATCH] added test cases for verifyRole Query

---
 src/resolvers/Query/verifyRole.ts        |  24 ++--
 tests/resolvers/Query/verifyRole.spec.ts | 153 +++++++++++++++++++++++
 2 files changed, 167 insertions(+), 10 deletions(-)
 create mode 100644 tests/resolvers/Query/verifyRole.spec.ts

diff --git a/src/resolvers/Query/verifyRole.ts b/src/resolvers/Query/verifyRole.ts
index 65af0d5a775..96a392cb7df 100644
--- a/src/resolvers/Query/verifyRole.ts
+++ b/src/resolvers/Query/verifyRole.ts
@@ -29,11 +29,9 @@ export const verifyRole: QueryResolvers["verifyRole"] = async (
   try {
     // Extract token from the Authorization header
     const authHeader = req.headers.authorization;
-    // console.debug("Authorization header detected.") // OR remove entirely
     if (!authHeader) {
       return { role: "", isAuthorized: false };
     }
-
     const token = authHeader.startsWith("Bearer ")
       ? authHeader.split(" ")[1]
       : authHeader;
@@ -59,15 +57,22 @@ export const verifyRole: QueryResolvers["verifyRole"] = async (
         tokenVersion: process.env.TOKEN_VERSION
           ? parseInt(process.env.TOKEN_VERSION)
           : 0,
-      }).lean();
-
-    let role = "";
-    if (appUserProfile?.isSuperAdmin) {
-      role = "admin";
-    } else {
-      role = "user";
+      });
+    if (appUserProfile == null || appUserProfile == undefined) {
+      throw new Error("User profile not found");
     }
 
+    let role = "user"; // Default role
+    if (appUserProfile) {
+      if (appUserProfile.isSuperAdmin) {
+        role = "superAdmin";
+      } else if (
+        appUserProfile.adminFor &&
+        appUserProfile.adminFor.length > 0
+      ) {
+        role = "admin";
+      }
+    }
     return {
       role: role,
       isAuthorized: true,
@@ -78,7 +83,6 @@ export const verifyRole: QueryResolvers["verifyRole"] = async (
       "Token verification failed:",
       error instanceof Error ? error.message : "Unknown error",
     );
-
     // Return specific error status
     const isJwtError = error instanceof jwt.JsonWebTokenError;
     return {
diff --git a/tests/resolvers/Query/verifyRole.spec.ts b/tests/resolvers/Query/verifyRole.spec.ts
new file mode 100644
index 00000000000..6bf4eec3717
--- /dev/null
+++ b/tests/resolvers/Query/verifyRole.spec.ts
@@ -0,0 +1,153 @@
+import type { Mock } from "vitest";
+import { describe, test, expect, vi, beforeEach } from "vitest";
+import jwt from "jsonwebtoken";
+import { verifyRole } from "../../../src/resolvers/Query/verifyRole";
+import { AppUserProfile } from "../../../src/models/AppUserProfile";
+
+// Mock environment variables
+process.env.ACCESS_TOKEN_SECRET = "test_secret";
+process.env.DEFAULT_LANGUAGE_CODE = "en";
+process.env.TOKEN_VERSION = "0";
+// Mock database call
+vi.mock("../../../src/models/AppUserProfile", () => ({
+  AppUserProfile: {
+    findOne: vi.fn().mockResolvedValue({
+      lean: () => ({ userId: "user123", isSuperAdmin: false, adminFor: [] }),
+    }),
+  },
+}));
+describe("verifyRole", () => {
+  let req: any;
+  beforeEach(() => {
+    req = {
+      headers: {
+        authorization: "Bearer validToken",
+      },
+    };
+    vi.restoreAllMocks(); // Reset all mocks before each test
+  });
+
+  test("should return role 'user' for a valid user token", async () => {
+    vi.spyOn(jwt, "verify").mockImplementationOnce(() => {
+      return { userId: "user123" };
+    });
+    const req = {
+      headers: {
+        authorization: "Bearer validToken",
+      },
+    };
+    (AppUserProfile.findOne as Mock).mockResolvedValue({
+      userId: "user123",
+      isSuperAdmin: false,
+      adminFor: [],
+    });
+    // Mock database call for the user
+    if (verifyRole !== undefined) {
+      const result = await verifyRole({}, {}, { req });
+      expect(result).toEqual({ role: "user", isAuthorized: true });
+    } else {
+      throw new Error("verifyRole is undefined");
+    }
+  });
+
+  test("should return role 'admin' for a valid admin token", async () => {
+    vi.spyOn(jwt, "verify").mockImplementationOnce(() => {
+      return { userId: "admin123" };
+    });
+    const req = {
+      headers: {
+        authorization: "Bearer validToken",
+      },
+    };
+    (AppUserProfile.findOne as Mock).mockResolvedValue({
+      userId: "admin123",
+      isSuperAdmin: false,
+      adminFor: ["Angel Foundation"],
+    });
+    if (verifyRole !== undefined) {
+      const result = await verifyRole({}, {}, { req });
+      expect(result).toEqual({ role: "admin", isAuthorized: true });
+    } else {
+      throw new Error("verifyRole is undefined");
+    }
+  });
+
+  test("should return role 'superAdmin' for a valid superAdmin token", async () => {
+    vi.spyOn(jwt, "verify").mockImplementationOnce(() => {
+      return { userId: "superadmin123" };
+    });
+
+    const req = {
+      headers: {
+        authorization: "Bearer validToken",
+      },
+    };
+    (AppUserProfile.findOne as Mock).mockResolvedValue({
+      userId: "superadmin123",
+      isSuperAdmin: true,
+      adminFor: [],
+    });
+    if (verifyRole !== undefined) {
+      const result = await verifyRole({}, {}, { req });
+      expect(result).toEqual({ role: "superAdmin", isAuthorized: true });
+    } else {
+      throw new Error("verifyRole is undefined");
+    }
+  });
+
+  test("should return unauthorized when user is not found in DB", async () => {
+    vi.spyOn(jwt, "verify").mockImplementationOnce(() => {
+      return { userId: "unknownUser" };
+    });
+    const req = {
+      headers: {
+        authorization: "Bearer validToken",
+      },
+    };
+    (AppUserProfile.findOne as Mock).mockResolvedValue(null);
+    if (verifyRole !== undefined) {
+      const result = await verifyRole({}, {}, { req });
+      expect(result).toEqual({
+        role: "",
+        isAuthorized: false,
+        error: "Authentication failed",
+      });
+    } else {
+      throw new Error("verifyRole is undefined");
+    }
+  });
+
+  test("should handle missing ACCESS_TOKEN_SECRET", async () => {
+    delete process.env.ACCESS_TOKEN_SECRET;
+    if (verifyRole !== undefined) {
+      const result = await verifyRole({}, {}, { req });
+      expect(result).toEqual({
+        role: "",
+        isAuthorized: false,
+        error: "Authentication failed",
+      });
+      // Restore ACCESS_TOKEN_SECRET
+      process.env.ACCESS_TOKEN_SECRET = "test_secret";
+    } else {
+      throw new Error("verifyRole is undefined");
+    }
+  });
+
+  test("should handle malformed token", async () => {
+    // Simulate a malformed token error
+    const verify = vi.fn().mockImplementation(() => {
+      throw new Error("jwt malformed");
+    });
+    vi.stubGlobal("jwt", { ...jwt, verify });
+    if (verifyRole !== undefined) {
+      const result = await verifyRole({}, {}, { req });
+      expect(result).toEqual({
+        role: "",
+        isAuthorized: false,
+        error: "Invalid token",
+      });
+    } else {
+      throw new Error("verifyRole is undefined");
+    }
+  });
+});