fix(portal-bff): set REDIS_URL + SESSION_* in auth.module.spec so ci:check passes on a clean runner #116

Merged
julien merged 1 commits from fix/portal-bff/auth-module-spec-env into main 2026-05-12 23:58:56 +02:00
+26 -3
View File
@@ -1,3 +1,4 @@
import { randomBytes } from 'node:crypto';
import { ConfidentialClientApplication } from '@azure/msal-node'; import { ConfidentialClientApplication } from '@azure/msal-node';
import { Test } from '@nestjs/testing'; import { Test } from '@nestjs/testing';
import { LoggerModule } from 'nestjs-pino'; import { LoggerModule } from 'nestjs-pino';
@@ -5,6 +6,13 @@ import { AuthModule } from './auth.module';
import { ENTRA_CONFIG, type EntraConfig } from './entra-config.token'; import { ENTRA_CONFIG, type EntraConfig } from './entra-config.token';
import { MSAL_CLIENT } from './msal-client.token'; import { MSAL_CLIENT } from './msal-client.token';
// AuthModule imports SessionModule (so AuthController can inject
// `UserSessionIndexService`), which transitively pulls in
// RedisModule + the session-secret / session-encryption-key
// validators. The spec has to satisfy all of those env vars or the
// test fails as soon as `compile()` walks the import graph — which
// is exactly what bit the CI on PR #115 (CI starts with a clean env;
// locally `nx test` was loading apps/portal-bff/.env and masking it).
const VALID = { const VALID = {
ENTRA_INSTANCE_URL: 'https://login.microsoftonline.com/', ENTRA_INSTANCE_URL: 'https://login.microsoftonline.com/',
ENTRA_TENANT_ID: 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee', ENTRA_TENANT_ID: 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
@@ -12,6 +20,11 @@ const VALID = {
ENTRA_CLIENT_SECRET: 's3cret-value-from-entra', ENTRA_CLIENT_SECRET: 's3cret-value-from-entra',
ENTRA_REDIRECT_URI: 'http://localhost:3000/api/auth/callback', ENTRA_REDIRECT_URI: 'http://localhost:3000/api/auth/callback',
ENTRA_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4200/', ENTRA_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4200/',
// Well-formed but unreachable Redis URL — `ioredis` opens the
// socket lazily so the module compiles without any network access.
REDIS_URL: 'redis://default:test-pass@127.0.0.1:65535/0',
SESSION_SECRET: randomBytes(32).toString('base64url'),
SESSION_ENCRYPTION_KEY: randomBytes(32).toString('base64url'),
}; };
// AuthModule's MSAL_CLIENT factory injects the Pino-backed `Logger` // AuthModule's MSAL_CLIENT factory injects the Pino-backed `Logger`
@@ -27,6 +40,7 @@ async function compile() {
describe('AuthModule', () => { describe('AuthModule', () => {
const originalEnv: Record<string, string | undefined> = {}; const originalEnv: Record<string, string | undefined> = {};
let ref: Awaited<ReturnType<typeof compile>> | undefined;
beforeEach(() => { beforeEach(() => {
for (const key of Object.keys(VALID) as Array<keyof typeof VALID>) { for (const key of Object.keys(VALID) as Array<keyof typeof VALID>) {
@@ -35,7 +49,16 @@ describe('AuthModule', () => {
} }
}); });
afterEach(() => { afterEach(async () => {
// SessionModule (transitive) opens an `ioredis` client at module
// init; explicitly disconnect so Jest doesn't hang on its
// reconnect timer between tests.
if (ref) {
const redis = ref.get<{ disconnect: () => void }>('REDIS_CLIENT');
redis.disconnect();
await ref.close();
ref = undefined;
}
for (const key of Object.keys(VALID) as Array<keyof typeof VALID>) { for (const key of Object.keys(VALID) as Array<keyof typeof VALID>) {
const saved = originalEnv[key]; const saved = originalEnv[key];
if (saved === undefined) { if (saved === undefined) {
@@ -47,14 +70,14 @@ describe('AuthModule', () => {
}); });
it('provides EntraConfig via the ENTRA_CONFIG token', async () => { it('provides EntraConfig via the ENTRA_CONFIG token', async () => {
const ref = await compile(); ref = await compile();
const config = ref.get<EntraConfig>(ENTRA_CONFIG); const config = ref.get<EntraConfig>(ENTRA_CONFIG);
expect(config.clientId).toBe(VALID.ENTRA_CLIENT_ID); expect(config.clientId).toBe(VALID.ENTRA_CLIENT_ID);
expect(config.authority).toBe(`${VALID.ENTRA_INSTANCE_URL}${VALID.ENTRA_TENANT_ID}`); expect(config.authority).toBe(`${VALID.ENTRA_INSTANCE_URL}${VALID.ENTRA_TENANT_ID}`);
}); });
it('provides a ConfidentialClientApplication via the MSAL_CLIENT token', async () => { it('provides a ConfidentialClientApplication via the MSAL_CLIENT token', async () => {
const ref = await compile(); ref = await compile();
const client = ref.get<ConfidentialClientApplication>(MSAL_CLIENT); const client = ref.get<ConfidentialClientApplication>(MSAL_CLIENT);
expect(client).toBeInstanceOf(ConfidentialClientApplication); expect(client).toBeInstanceOf(ConfidentialClientApplication);
}); });