From 5d5b2460b5c88a379b10cf302eb14b43db424219 Mon Sep 17 00:00:00 2001 From: OpenClaw Date: Fri, 6 Mar 2026 20:57:20 +0000 Subject: [PATCH 1/2] Add Playwright tests for contacts API and cleanup duplicate config files --- backend/playwright.config.js | 27 ------------------------- backend/src/__tests__/contacts.test.js | 22 ++++++++++++++++++++ backend/tests/contacts.spec.js | 28 ++++++++++++++++++++++++++ docs/runtime/pick_next_task_state.env | 4 ++-- 4 files changed, 52 insertions(+), 29 deletions(-) delete mode 100644 backend/playwright.config.js create mode 100644 backend/tests/contacts.spec.js diff --git a/backend/playwright.config.js b/backend/playwright.config.js deleted file mode 100644 index efcd928..0000000 --- a/backend/playwright.config.js +++ /dev/null @@ -1,27 +0,0 @@ -import { defineConfig, devices } from '@playwright/test'; - -export default defineConfig({ - testDir: './tests', - timeout: 30000, - expect: { - timeout: 5000 - }, - fullyParallel: true, - forbidOnly: !!process.env.CI, - retries: process.env.CI ? 2 : 0, - workers: process.env.CI ? 1 : undefined, - reporter: 'html', - use: { - actionTimeout: 0, - baseURL: 'http://localhost:3000', - trace: 'on-first-retry', - }, - projects: [ - { - name: 'chromium', - use: { - ...devices['Desktop Chrome'], - }, - }, - ], -}); \ No newline at end of file diff --git a/backend/src/__tests__/contacts.test.js b/backend/src/__tests__/contacts.test.js index cd9e126..6797ff0 100644 --- a/backend/src/__tests__/contacts.test.js +++ b/backend/src/__tests__/contacts.test.js @@ -128,4 +128,26 @@ test('POST /contacts/respond should validate requestId and accept (zod)', async }); assert.strictEqual(response.statusCode, 400); +}); + +// Test for contacts request endpoint with valid data and proper error handling +test('POST /contacts/request should handle forbidden access', async () => { + const response = await app.inject({ + method: 'POST', + url: '/contacts/request', + payload: { dealId: 1, targetUserId: 2 } + }); + + assert.strictEqual(response.statusCode, 403); // Forbidden due to no valid user context +}); + +// Test for contacts respond endpoint with valid data and proper error handling +test('POST /contacts/respond should handle forbidden access', async () => { + const response = await app.inject({ + method: 'POST', + url: '/contacts/respond', + payload: { requestId: 1, accept: true } + }); + + assert.strictEqual(response.statusCode, 403); // Forbidden due to no valid user context }); \ No newline at end of file diff --git a/backend/tests/contacts.spec.js b/backend/tests/contacts.spec.js new file mode 100644 index 0000000..b867239 --- /dev/null +++ b/backend/tests/contacts.spec.js @@ -0,0 +1,28 @@ +import { test, expect } from '@playwright/test'; + +test.describe('Contacts API', () => { + test('should get contacts (unauthenticated)', async ({ request }) => { + const response = await request.get('/contacts'); + + // Should return 401 for unauthorized access + expect(response.status()).toBe(401); + }); + + test('should validate contact data on creation', async ({ request }) => { + const invalidContact = { + name: '', + email: 'invalid-email', + phone: '' + }; + + const response = await request.post('/contacts', { + headers: { + 'Content-Type': 'application/json' + }, + data: invalidContact + }); + + // Should return 400 for invalid data + expect(response.status()).toBe(400); + }); +}); \ No newline at end of file diff --git a/docs/runtime/pick_next_task_state.env b/docs/runtime/pick_next_task_state.env index f4a59b1..eeea4e0 100644 --- a/docs/runtime/pick_next_task_state.env +++ b/docs/runtime/pick_next_task_state.env @@ -1,2 +1,2 @@ -LAST_ROUTE=auth.js -UPDATED_AT=2026-03-06T20:47:06Z +LAST_ROUTE=offers.js +UPDATED_AT=2026-03-06T20:54:13Z From 1e37764fe1fa7482c88b5165f0edc570881cf0cc Mon Sep 17 00:00:00 2001 From: OpenClaw Date: Fri, 6 Mar 2026 21:01:45 +0000 Subject: [PATCH 2/2] auto(agent): enhance profile route tests with decryption error handling --- backend/src/__tests__/profile.test.js | 39 +++++++++++++++++++++++++++ docs/runtime/pick_next_task_state.env | 4 +-- 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/backend/src/__tests__/profile.test.js b/backend/src/__tests__/profile.test.js index 96015f6..3ad7642 100644 --- a/backend/src/__tests__/profile.test.js +++ b/backend/src/__tests__/profile.test.js @@ -146,4 +146,43 @@ test('GET / should return user profile with decrypted phone', async () => { pool.query = originalQuery; decryptText = originalDecrypt; } +}); + +// Test profile route GET / with invalid decryption +test('GET / should handle decryption error gracefully', async () => { + const req = { + user: { userId: 1 } + }; + + const res = { + status: (code) => { + res.statusCode = code; + return res; + }, + json: (data) => { + res.body = data; + } + }; + + // Mock the pool.query function to simulate database fetch + const originalQuery = pool.query; + pool.query = async (sql, params) => { + if (sql.includes('SELECT id, name, email, phone_encrypted FROM users')) { + return [[{ + id: 1, + name: 'Test User', + email: 'test@example.com', + phone_encrypted: 'invalid_encrypted_data' + }]]; + } + return []; + }; + + try { + await router.get('/', req, res); + assert.strictEqual(res.statusCode, 500); + assert.deepStrictEqual(res.body, { error: 'Failed to decrypt phone number' }); + } finally { + pool.query = originalQuery; + } }); \ No newline at end of file diff --git a/docs/runtime/pick_next_task_state.env b/docs/runtime/pick_next_task_state.env index eeea4e0..dd1702b 100644 --- a/docs/runtime/pick_next_task_state.env +++ b/docs/runtime/pick_next_task_state.env @@ -1,2 +1,2 @@ -LAST_ROUTE=offers.js -UPDATED_AT=2026-03-06T20:54:13Z +LAST_ROUTE=profile.js +UPDATED_AT=2026-03-06T21:01:14Z