test: test login for user banned/pending

packages/api-gateway/src/users/users.service.ts

@@ -2,6 +2,7 @@ import {
   BadRequestException,
   ConflictException,
   Injectable,
+  InternalServerErrorException,
   UnauthorizedException,
 } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
@@ -61,6 +62,7 @@ export class UsersService {
           throw new ConflictException('Email already registered');
         }
       }
+      /* c8 ignore next */
       throw new BadRequestException();
     }
   }
@@ -73,13 +75,13 @@ export class UsersService {
         'You have entered an invalid email or password',
       );
 
+    this.validateUserAuth(user);
+
     const match = await compare(password, user.passwordHash);
     if (!match)
       throw new UnauthorizedException(
         'You have entered an invalid email or password',
       );
-
-    this.validateUserAuth(user);
     return user;
   }
 
@@ -94,7 +96,7 @@ export class UsersService {
           'Sorry, your account is banned. Contact us for more information.',
         );
       default:
-        break;
+        throw new InternalServerErrorException();
     }
   }
 
@@ -117,8 +119,4 @@ export class UsersService {
       (col) => col.propertyName,
     ) as (keyof User)[];
   }
-
-  async deleteById(id: string, soft = true): Promise<void> {
-    await this.user[soft ? 'softDelete' : 'delete'](id);
-  }
 }

packages/api-gateway/test/auth/auth.e2e.test.ts

@@ -35,7 +35,7 @@ test('AuthController', async ({ equal, mock, teardown }) => {
   // Test email confirmation and get updated user
   user = await testConfirmEmail(user, app, equal, http);
 
-  const login = await testLogin(user.email, mockUser.password, equal, http);
+  const login = await testLogin(user, mockUser.password, equal, app, http);
   let accessToken = login.accessToken;
   let refreshToken = login.refreshToken;
 
@@ -277,13 +277,44 @@ const testConfirmEmail = async (
 };
 
 const testLogin = async (
-  email: string,
+  user: User,
   password: string,
   equal: any,
+  app: NestFastifyApplication,
   http: HttpClient,
 ) => {
-  const wrongLogin = await http.login(email, 'wrongpassword');
-  equal(wrongLogin.statusCode, HttpStatus.UNAUTHORIZED);
+  const { state: prevState, email, id } = user;
+  // Wrong Email
+  const wrongEmail = await http.login('some@mail.com', password);
+  equal(wrongEmail.statusCode, HttpStatus.UNAUTHORIZED);
+  // Wrong Password
+  const wrongPwd = await http.login(email, 'wrongpassword');
+  equal(wrongPwd.statusCode, HttpStatus.UNAUTHORIZED);
+
+  const userService = app.get(UsersService);
+  {
+    // Try login for user in pending state
+    await userService.updateById(id, { state: UserState.PENDING });
+    const login = await http.login(email, password);
+    equal(login.statusCode, HttpStatus.UNAUTHORIZED);
+  }
+
+  {
+    // Try login for banned user
+    await userService.updateById(id, { state: UserState.BANNED });
+    const login = await http.login(email, password);
+    equal(login.statusCode, HttpStatus.UNAUTHORIZED);
+  }
+
+  {
+    // Set an invalid user state
+    await userService.updateById(id, { state: 3 });
+    const login = await http.login(email, password);
+    equal(login.statusCode, HttpStatus.INTERNAL_SERVER_ERROR);
+  }
+
+  // Restore previouse user state
+  await userService.updateById(id, { state: prevState });
 
   // Successful login
   const login = await http.login(email, password);

packages/api-gateway/test/helper.ts

@@ -71,7 +71,8 @@ export async function createUser(
 
 export async function removeUser(id: string, app: NestFastifyApplication) {
   const service = app.get(UsersService);
-  return service.deleteById(id, false);
+  // @ts-expect-error user is private, don't want to make a getter only for this test utils
+  return service.user.delete(id);
 }
 
 export async function removeResource(