fix: Implement user API enhancements with masked API keys and updated invite link handling

2026-02-25 06:14:03 +00:00
parent c156183666
commit 690480e181
8 changed files with 119 additions and 167 deletions
--- a/frontend/src/api/tests/user.test.ts
+++ b/frontend/src/api/tests/user.test.ts
@@ -0,0 +1,69 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import client from '../client'
+import { getProfile, regenerateApiKey, updateProfile } from '../user'
+
+vi.mock('../client', () => ({
+  default: {
+    get: vi.fn(),
+    post: vi.fn(),
+  },
+}))
+
+describe('user api', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it('fetches profile using masked API key fields', async () => {
+    vi.mocked(client.get).mockResolvedValueOnce({
+      data: {
+        id: 1,
+        email: 'admin@example.com',
+        name: 'Admin',
+        role: 'admin',
+        has_api_key: true,
+        api_key_masked: '********',
+      },
+    })
+
+    const profile = await getProfile()
+
+    expect(client.get).toHaveBeenCalledWith('/user/profile')
+    expect(profile.has_api_key).toBe(true)
+    expect(profile.api_key_masked).toBe('********')
+  })
+
+  it('regenerates API key and returns metadata-only response', async () => {
+    vi.mocked(client.post).mockResolvedValueOnce({
+      data: {
+        message: 'API key regenerated successfully',
+        has_api_key: true,
+        api_key_masked: '********',
+        api_key_updated: '2026-02-25T00:00:00Z',
+      },
+    })
+
+    const result = await regenerateApiKey()
+
+    expect(client.post).toHaveBeenCalledWith('/user/api-key')
+    expect(result.has_api_key).toBe(true)
+    expect(result.api_key_masked).toBe('********')
+    expect(result.api_key_updated).toBe('2026-02-25T00:00:00Z')
+  })
+
+  it('updates profile with optional current password', async () => {
+    vi.mocked(client.post).mockResolvedValueOnce({ data: { message: 'ok' } })
+
+    await updateProfile({
+      name: 'Updated Name',
+      email: 'updated@example.com',
+      current_password: 'current-password',
+    })
+
+    expect(client.post).toHaveBeenCalledWith('/user/profile', {
+      name: 'Updated Name',
+      email: 'updated@example.com',
+      current_password: 'current-password',
+    })
+  })
+})
--- a/frontend/src/api/tests/users.test.ts
+++ b/frontend/src/api/tests/users.test.ts
@@ -50,7 +50,7 @@ describe('users api', () => {
  })

  it('invites users and updates permissions', async () => {
-    vi.mocked(client.post).mockResolvedValueOnce({ data: { invite_token: 't', invite_url: 'https://charon.example.com/accept-invite?token=t' } })
+    vi.mocked(client.post).mockResolvedValueOnce({ data: { invite_token_masked: '********', invite_url: '[REDACTED]' } })
    await inviteUser({ email: 'i', permission_mode: 'allow_all' })
    expect(client.post).toHaveBeenCalledWith('/users/invite', { email: 'i', permission_mode: 'allow_all' })