Skip to content

🧪[test] GET /api/auth/me - Karate tests#414

Merged
sotoJ24 merged 2 commits into
safetrustcr:mainfrom
robertocarlous:test/408-karate-auth-me-roles
Jul 1, 2026
Merged

🧪[test] GET /api/auth/me - Karate tests#414
sotoJ24 merged 2 commits into
safetrustcr:mainfrom
robertocarlous:test/408-karate-auth-me-roles

Conversation

@robertocarlous

@robertocarlous robertocarlous commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Closes #408

Description:

Adds an authenticated endpoint that reads public.user_roles and returns the user’s roles plus a dashboard redirect path.

Summary

Adds webhook/src/routes/auth/me.handler.js to query user_roles joined with roles
Registers GET /api/auth/me in the auth router (protected by existing Firebase auth middleware)
Returns { user: { id, email, roles }, redirect } with mapping:
host / admin → /dashboard/escrow-dashboard
guest / no role → /dashboard/guest

Summary by CodeRabbit

  • Tests
    • Added a new Karate feature spec covering GET /api/auth/me role-based dashboard redirects.
    • Verifies host/guest/admin users receive the expected single role and redirect path, including persistence of role mappings.
    • Covers users without role mappings and unauthenticated/invalid-token requests returning the expected error responses.
  • Chores
    • Expanded the test user seed fixture with additional role-specific accounts for the new scenarios.

@drips-wave

drips-wave Bot commented Jun 25, 2026

Copy link
Copy Markdown

@robertocarlous Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@coderabbitai

coderabbitai Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e58e06bd-5faf-4dd3-a57c-8bb034431d19

📥 Commits

Reviewing files that changed from the base of the PR and between dc4749e and 40bb642.

📒 Files selected for processing (1)
  • tests/karate/features/auth/roles.feature
🚧 Files skipped from review as they are similar to previous changes (1)
  • tests/karate/features/auth/roles.feature

📝 Walkthrough

Walkthrough

Adds Karate coverage for GET /api/auth/me role resolution, redirect targets, missing-role fallback, and unauthorized responses. Also extends the test seed data with additional users used by the new scenarios.

Changes

GET /api/auth/me role coverage

Layer / File(s) Summary
Seed users and background setup
tests/karate/features/auth/roles.feature, tests/karate/fixtures/seed-test-users.sql
Defines the host, guest, and admin test identities, seeds matching users and role links, and adds the new test-user rows to the fixture.
Role redirects and stored roles
tests/karate/features/auth/roles.feature
Exercises GET /api/auth/me for host, guest, and admin users, checks the returned roles, validates redirect targets, and verifies the stored role names through database queries.
No-role redirect
tests/karate/features/auth/roles.feature
Creates a user without role mappings, checks that response.user.roles is empty, and confirms the default redirect path.
Unauthorized responses
tests/karate/features/auth/roles.feature
Checks missing-token and invalid-token requests return 401 with the expected error and message fields.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

  • #409 — The new Karate scenarios and seed data directly cover GET /api/auth/me role lookup and redirect behavior described there.

Poem

A rabbit hopped by, ears held high,
For roles now tell who lands where nigh.
Host, guest, admin—each path is set,
And tokenless paws meet a firm no-get.
🐰🥕

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the new Karate tests for GET /api/auth/me.
Linked Issues check ✅ Passed The feature file and SQL fixture cover host, guest, admin, no-role, and 401 cases required by #408.
Out of Scope Changes check ✅ Passed The changes stay within the requested Karate test and seed fixture scope.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/karate/features/auth/roles.feature`:
- Around line 32-37: The role assertions in the auth/roles feature are too loose
and should verify the exact role set returned by `/api/auth/me` and stored in
`user_roles`. Update the scenarios that use `response.user.roles contains
'host'` and the DB checks around `db.query(...)` so they assert the full
expected single-role list rather than only checking membership or the first row.
Use the affected scenario blocks in the roles.feature file to ensure `roles`
matches exactly one of `host`, `guest`, or `admin`, with no extra roles present.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6e691f84-4153-4d57-abfa-1295e034c79a

📥 Commits

Reviewing files that changed from the base of the PR and between e05201b and dc4749e.

📒 Files selected for processing (2)
  • tests/karate/features/auth/roles.feature
  • tests/karate/fixtures/seed-test-users.sql

Comment thread tests/karate/features/auth/roles.feature Outdated
@sotoJ24 sotoJ24 self-requested a review July 1, 2026 03:36

@sotoJ24 sotoJ24 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job dear @robertocarlous

@sotoJ24 sotoJ24 merged commit 6cac251 into safetrustcr:main Jul 1, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

🧪[test] GET /api/auth/me - Karate tests

2 participants