From 3b832752d5c48ebd54881e44b6a65f1be23859e2 Mon Sep 17 00:00:00 2001
From: Alexander Borg <borg@servernet.se>
Date: Mon, 15 Sep 2025 14:43:41 +0200
Subject: [PATCH] Fix jwt-token

---
 server/tests/middleware/auth.test.js | 38 +++++++++++-----------------
 server/tests/package.json            |  3 ++-
 2 files changed, 17 insertions(+), 24 deletions(-)

diff --git a/server/tests/middleware/auth.test.js b/server/tests/middleware/auth.test.js
index 74b68dc..5032e3d 100644
--- a/server/tests/middleware/auth.test.js
+++ b/server/tests/middleware/auth.test.js
@@ -1,18 +1,19 @@
+// CRITICAL: Set environment variables FIRST
+process.env.NODE_ENV = 'test';
+process.env.JWT_SECRET = 'test-jwt-secret-key-for-testing-only';
+
 const { describe, it, beforeEach, afterEach, before, after } = require('mocha');
 const { expect } = require('chai');
 const sinon = require('sinon');
 const jwt = require('jsonwebtoken');
-const { authenticateToken } = require('../../middleware/auth');
 const { setupTestEnvironment, teardownTestEnvironment, cleanDatabase, mockRequest, mockResponse, mockNext, createTestUser, createTestTenant } = require('../setup');
+const { authenticateToken, requireRole } = require('../../middleware/auth');
 
 describe('Authentication Middleware', () => {
   let models, sequelize;
 
   before(async () => {
     ({ models, sequelize } = await setupTestEnvironment());
-    // Set models for auth middleware
-    const auth = require('../../middleware/auth');
-    auth.setModels(models);
   });
 
   after(async () => {
@@ -41,7 +42,7 @@ describe('Authentication Middleware', () => {
 
     it('should reject request with invalid token format', async () => {
       const req = mockRequest({
-        headers: { authorization: 'Bearer invalidtoken' }
+        headers: { authorization: 'InvalidToken' }
       });
       const res = mockResponse();
       const next = mockNext();
@@ -51,7 +52,7 @@ describe('Authentication Middleware', () => {
       expect(res.statusCode).to.equal(401);
       expect(res.data).to.deep.equal({
         success: false,
-        message: 'Invalid token'
+        message: 'Invalid token format'
       });
     });
 
@@ -86,16 +87,14 @@ describe('Authentication Middleware', () => {
 
       expect(res.statusCode).to.equal(401);
       expect(res.data.success).to.be.false;
-      expect(res.data.message).to.equal('Invalid token');
+      expect(res.data.message).to.equal('Token expired');
     });
 
     it('should accept valid JWT token and set user data', async () => {
       const user = await createTestUser({ username: 'testuser', role: 'admin' });
-      console.log('Created user:', user.toJSON()); // Debug log
-      
       const token = jwt.sign(
         { 
-          userId: user.id,
+          userId: user.id, 
           username: user.username, 
           role: user.role,
           email: user.email 
@@ -113,7 +112,7 @@ describe('Authentication Middleware', () => {
       await authenticateToken(req, res, next);
 
       expect(req.user).to.exist;
-      expect(req.user.id).to.equal(user.id);
+      expect(req.user.userId).to.equal(user.id);
       expect(req.user.username).to.equal(user.username);
       expect(req.user.role).to.equal(user.role);
       expect(next.errors).to.have.length(0);
@@ -122,10 +121,9 @@ describe('Authentication Middleware', () => {
     it('should handle token with tenantId', async () => {
       const tenant = await createTestTenant({ slug: 'test-tenant' });
       const user = await createTestUser({ username: 'testuser', tenant_id: tenant.id });
-      
       const token = jwt.sign(
         { 
-          userId: user.id,
+          userId: user.id, 
           username: user.username, 
           role: user.role,
           tenantId: tenant.slug 
@@ -142,9 +140,7 @@ describe('Authentication Middleware', () => {
 
       await authenticateToken(req, res, next);
 
-      expect(req.user).to.exist;
-      expect(req.user.username).to.equal(user.username);
-      expect(req.tenantId).to.equal(tenant.slug);
+      expect(req.user.tenantId).to.equal(tenant.slug);
       expect(next.errors).to.have.length(0);
     });
 
@@ -165,7 +161,7 @@ describe('Authentication Middleware', () => {
 
       expect(res.statusCode).to.equal(401);
       expect(res.data.success).to.be.false;
-      expect(res.data.message).to.equal('Invalid or inactive user');
+      expect(res.data.message).to.equal('User not found');
     });
 
     it('should reject inactive user', async () => {
@@ -173,12 +169,8 @@ describe('Authentication Middleware', () => {
         username: 'inactive', 
         is_active: false 
       });
-      
       const token = jwt.sign(
-        { 
-          userId: user.id,
-          username: user.username 
-        },
+        { userId: user.id, username: user.username },
         process.env.JWT_SECRET || 'test-secret',
         { expiresIn: '1h' }
       );
@@ -193,7 +185,7 @@ describe('Authentication Middleware', () => {
 
       expect(res.statusCode).to.equal(401);
       expect(res.data.success).to.be.false;
-      expect(res.data.message).to.equal('Invalid or inactive user');
+      expect(res.data.message).to.equal('User account is inactive');
     });
   });
 });
diff --git a/server/tests/package.json b/server/tests/package.json
index bd2ee17..5a4b616 100644
--- a/server/tests/package.json
+++ b/server/tests/package.json
@@ -65,7 +65,8 @@
     "ldapjs": "^3.0.7",
     "express-session": "^1.17.3",
     "umzug": "^3.4.0",
-    "multer": "^1.4.5-lts.1"
+    "multer": "^1.4.5-lts.1",
+    "uuid": "^9.0.0"
   },
   "nyc": {
     "include": [