till/mana-swift-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
mana-swift-core/Tests/ManaCoreTests/AuthClientAccountTests.swift
Till JS 716509e10e v1.1.0 — Account-Lifecycle in ManaCore 
Phase 1 aus dem Native-Auth-Vollausbau-Plan (Option A, siehe
mana/docs/MANA_SWIFT.md). 7 neue AuthClient-Methoden für die
Account-Reise: register, forgotPassword, resetPassword,
resendVerification, changeEmail, changePassword, deleteAccount.

AuthError jetzt mit 19 präzisen Cases gespiegelt aus
AuthErrorCode in mana-auth/lib/auth-errors.ts, plus
AuthError.classify() als public Helper und Equatable-Conformance.

AuthClient.lastError ergänzt — strukturierter Fehler für
ManaAuthUI das den .emailNotVerified-Gate programmatisch braucht.

signIn und refreshAccessToken auf neue Klassifikation umgestellt.

Breaking: AuthError.serverError hat zusätzliches code:-Argument.
Apps (cards-native, memoro-native) sind bereits angepasst.

38/38 Tests grün (26 neu): AuthErrorClassifyTests deckt jeden
ErrorCode + Status-Heuristik + Retry-After ab, AuthClientAccountTests
deckt jede neue Methode via URLProtocol-Mock ab.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 19:22:19 +02:00

320 lines
12 KiB
Swift
Raw Blame History

import Foundation
import Testing
@testable import ManaCore
@Suite("AuthClient+Account", .serialized)
@MainActor
struct AuthClientAccountTests {
// MARK: - Fixtures
private static func makeClient() -> (AuthClient, URLSession) {
let configuration = URLSessionConfiguration.ephemeral
configuration.protocolClasses = [MockURLProtocol.self]
let session = URLSession(configuration: configuration)
let config = DefaultManaAppConfig(
authBaseURL: URL(string: "https://auth.test")!,
keychainService: "ev.mana.test.\(UUID().uuidString)",
keychainAccessGroup: nil
)
return (AuthClient(config: config, session: session), session)
}
private func recordedBody(_ request: URLRequest) -> [String: Any] {
// URLSession verschiebt den Body in den BodyStream wenn er nicht
// klein-genug ist ephemeral-Session lässt ihn als httpBody.
guard let body = request.httpBody ?? request.bodyStreamData(),
let json = try? JSONSerialization.jsonObject(with: body) as? [String: Any]
else { return [:] }
return json
}
// MARK: - register
@Test("register schickt POST /api/v1/auth/register mit JSON-Body")
func registerSendsCorrectRequest() async throws {
let (client, _) = Self.makeClient()
MockURLProtocol.handler = { request in
#expect(request.httpMethod == "POST")
#expect(request.url?.path == "/api/v1/auth/register")
#expect(request.value(forHTTPHeaderField: "Content-Type") == "application/json")
return (200, Data(#"{"user":{"id":"u1","email":"new@x.de"}}"#.utf8))
}
try await client.register(
email: "new@x.de",
password: "Aa-123456789",
name: "Neu",
sourceAppUrl: URL(string: "https://cardecky.mana.how/auth/verify")
)
// Mit requireEmailVerification:true gibt es noch keine Session.
if case .signedIn = client.status {
Issue.record("Expected not-signed-in after register without tokens")
}
}
@Test("register mit Token-Antwort führt direkt zu signedIn")
func registerWithTokensSignsIn() async throws {
let (client, _) = Self.makeClient()
// gültiger HS256-Header.payload (exp 2_000_000_000).sig JWT.expiry()
// läuft danach nicht in den Refresh-Pfad.
let access =
"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1MSIsImV4cCI6MjAwMDAwMDAwMH0.sig"
let refresh = "refresh-token-value"
MockURLProtocol.handler = { _ in
(200, Data(#"""
{"user":{"id":"u1","email":"new@x.de"},"accessToken":"\#(access)","refreshToken":"\#(refresh)"}
"""#.utf8))
}
try await client.register(email: "new@x.de", password: "Aa-123456789")
#expect(client.status == .signedIn(email: "new@x.de"))
}
@Test("register mit existierender Email wirft emailAlreadyRegistered")
func registerEmailAlreadyRegistered() async {
let (client, _) = Self.makeClient()
MockURLProtocol.handler = { _ in
(409, Data(#"{"error":"EMAIL_ALREADY_REGISTERED","status":409}"#.utf8))
}
await #expect(throws: AuthError.emailAlreadyRegistered) {
try await client.register(email: "old@x.de", password: "Aa-123456789")
}
}
@Test("register mit leerer Email wirft validation ohne Server-Call")
func registerValidatesEmptyEmail() async {
let (client, _) = Self.makeClient()
MockURLProtocol.handler = { _ in
Issue.record("Server darf nicht aufgerufen werden")
return (500, Data())
}
await #expect(throws: (any Error).self) {
try await client.register(email: " ", password: "Aa-123456789")
}
}
// MARK: - forgotPassword
@Test("forgotPassword schickt email + redirectTo")
func forgotPasswordPayload() async throws {
let (client, _) = Self.makeClient()
let capturedURL = MockURLProtocol.Capture()
MockURLProtocol.handler = { request in
capturedURL.store(request)
return (200, Data(#"{"success":true}"#.utf8))
}
try await client.forgotPassword(
email: "user@x.de",
resetUniversalLink: URL(string: "https://cardecky.mana.how/auth/reset")!
)
let captured = try #require(capturedURL.request)
let json = recordedBody(captured)
#expect(json["email"] as? String == "user@x.de")
#expect(json["redirectTo"] as? String == "https://cardecky.mana.how/auth/reset")
#expect(captured.url?.path == "/api/v1/auth/forgot-password")
}
// MARK: - resetPassword
@Test("resetPassword schickt token + newPassword")
func resetPasswordPayload() async throws {
let (client, _) = Self.makeClient()
let captured = MockURLProtocol.Capture()
MockURLProtocol.handler = { request in
captured.store(request)
return (200, Data(#"{"success":true}"#.utf8))
}
try await client.resetPassword(token: "tok123", newPassword: "Neu-987654321")
let request = try #require(captured.request)
let json = recordedBody(request)
#expect(json["token"] as? String == "tok123")
#expect(json["newPassword"] as? String == "Neu-987654321")
#expect(request.url?.path == "/api/v1/auth/reset-password")
}
@Test("resetPassword mit abgelaufenem Token wirft tokenExpired")
func resetPasswordTokenExpired() async {
let (client, _) = Self.makeClient()
MockURLProtocol.handler = { _ in
(400, Data(#"{"error":"TOKEN_EXPIRED","status":400}"#.utf8))
}
await #expect(throws: AuthError.tokenExpired) {
try await client.resetPassword(token: "old", newPassword: "Neu-987654321")
}
}
// MARK: - resendVerification
@Test("resendVerification schickt email + sourceAppUrl")
func resendVerificationPayload() async throws {
let (client, _) = Self.makeClient()
let captured = MockURLProtocol.Capture()
MockURLProtocol.handler = { request in
captured.store(request)
return (200, Data(#"{"success":true}"#.utf8))
}
try await client.resendVerification(
email: "user@x.de",
sourceAppUrl: URL(string: "https://cardecky.mana.how/auth/verify")
)
let request = try #require(captured.request)
let json = recordedBody(request)
#expect(json["email"] as? String == "user@x.de")
#expect(json["sourceAppUrl"] as? String == "https://cardecky.mana.how/auth/verify")
}
@Test("resendVerification mit Rate-Limit liefert retryAfter")
func resendVerificationRateLimited() async {
let (client, _) = Self.makeClient()
MockURLProtocol.handler = { _ in
(
429,
Data(#"{"error":"RATE_LIMITED","retryAfterSec":42,"status":429}"#.utf8),
["Retry-After": "42"]
)
}
do {
try await client.resendVerification(email: "user@x.de")
Issue.record("Expected throw")
} catch let AuthError.rateLimited(retryAfter) {
#expect(retryAfter == 42)
} catch {
Issue.record("Unexpected error: \(error)")
}
}
// MARK: - Authenticated calls (require signed-in state)
@Test("changeEmail ohne Login wirft notSignedIn")
func changeEmailRequiresSession() async {
let (client, _) = Self.makeClient()
await #expect(throws: AuthError.notSignedIn) {
try await client.changeEmail(newEmail: "neu@x.de")
}
}
@Test("changePassword schickt Bearer-Header wenn eingeloggt")
func changePasswordSendsBearer() async throws {
let (client, _) = Self.makeClient()
// Mock-Token im Keychain ablegen via persistSession-Helper.
let access = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1MSIsImV4cCI6MjAwMDAwMDAwMH0.sig"
try client.persistSession(email: "u@x.de", accessToken: access, refreshToken: "r")
let captured = MockURLProtocol.Capture()
MockURLProtocol.handler = { request in
captured.store(request)
return (200, Data(#"{"success":true}"#.utf8))
}
try await client.changePassword(currentPassword: "alt", newPassword: "neu")
let request = try #require(captured.request)
#expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer \(access)")
#expect(request.url?.path == "/api/v1/auth/change-password")
}
@Test("deleteAccount wiped Session bei Erfolg")
func deleteAccountClearsSession() async throws {
let (client, _) = Self.makeClient()
let access = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1MSIsImV4cCI6MjAwMDAwMDAwMH0.sig"
try client.persistSession(email: "u@x.de", accessToken: access, refreshToken: "r")
#expect(client.status == .signedIn(email: "u@x.de"))
MockURLProtocol.handler = { request in
#expect(request.httpMethod == "DELETE")
return (200, Data(#"{"success":true}"#.utf8))
}
try await client.deleteAccount(password: "pw")
#expect(client.status == .signedOut)
}
}
// MARK: - URLProtocol Mock
final class MockURLProtocol: URLProtocol, @unchecked Sendable {
/// Antwort-Tuple: (status, body) oder (status, body, headers).
typealias Response = (status: Int, body: Data, headers: [String: String])
typealias Handler = @Sendable (URLRequest) -> Any // (Int, Data) | (Int, Data, [String:String])
nonisolated(unsafe) static var handler: Handler?
/// Thread-safer Capture-Container Tests können den Request darin
/// festhalten und nach dem await aus dem Test-Body lesen.
final class Capture: @unchecked Sendable {
private let lock = NSLock()
private var stored: URLRequest?
func store(_ r: URLRequest) {
lock.lock(); defer { lock.unlock() }
stored = r
}
var request: URLRequest? {
lock.lock(); defer { lock.unlock() }
return stored
}
}
override class func canInit(with request: URLRequest) -> Bool { true }
override class func canonicalRequest(for request: URLRequest) -> URLRequest { request }
override func stopLoading() {}
override func startLoading() {
guard let handler = MockURLProtocol.handler else {
client?.urlProtocol(
self,
didFailWithError: URLError(.unknown)
)
return
}
let result = handler(request)
let status: Int
let body: Data
let headers: [String: String]
if let tuple = result as? (Int, Data, [String: String]) {
status = tuple.0; body = tuple.1; headers = tuple.2
} else if let tuple = result as? (Int, Data) {
status = tuple.0; body = tuple.1; headers = [:]
} else {
client?.urlProtocol(self, didFailWithError: URLError(.unknown))
return
}
let response = HTTPURLResponse(
url: request.url!,
statusCode: status,
httpVersion: "HTTP/1.1",
headerFields: headers
)!
client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
client?.urlProtocol(self, didLoad: body)
client?.urlProtocolDidFinishLoading(self)
}
}
extension URLRequest {
/// Liest httpBodyStream in einen Data. URLSession ephemeral-Session
/// nutzt manchmal Streams statt httpBody.
func bodyStreamData() -> Data? {
guard let stream = httpBodyStream else { return nil }
stream.open(); defer { stream.close() }
var data = Data()
let bufferSize = 1024
let buffer = UnsafeMutablePointer<UInt8>.allocate(capacity: bufferSize)
defer { buffer.deallocate() }
while stream.hasBytesAvailable {
let read = stream.read(buffer, maxLength: bufferSize)
if read <= 0 { break }
data.append(buffer, count: read)
}
return data
}
}
Reference in a new issue View git blame Copy permalink