From 416118197b6cda5199e5ec12ce74803ce1c5e8a0 Mon Sep 17 00:00:00 2001
From: mina <mina.zarkesh@polizei.niedersachsen.de>
Date: Fri, 17 Oct 2025 12:12:07 +0200
Subject: [PATCH] test Login angepasst, return fail wenn formaDaten leer

---
 src/routes/anmeldung/+page.server.ts |   8 +-
 tests/views/Anmeldung.test.ts        | 214 +++++++++++++--------------
 2 files changed, 112 insertions(+), 110 deletions(-)

diff --git a/src/routes/anmeldung/+page.server.ts b/src/routes/anmeldung/+page.server.ts
index 6d08a07..36c8c1b 100644
--- a/src/routes/anmeldung/+page.server.ts
+++ b/src/routes/anmeldung/+page.server.ts
@@ -1,6 +1,6 @@
 import { dev } from '$app/environment';
 import { loginUser, logoutUser } from '$lib/server/authService';
-import { redirect } from '@sveltejs/kit';
+import { fail, redirect } from '@sveltejs/kit';
 import { ROUTE_NAMES } from '../index.js';
 
 export const actions = {
@@ -8,9 +8,13 @@ export const actions = {
 	logout: (event) => logoutUser(event),
 	getVorgangByToken: async ({ request, cookies }) => {
 		const data = await request.formData();
-		const vorgangToken = data.get('vorgang-token') as string;
+		const vorgangToken = data.get('vorgang-token');
 		const vorgangPIN = data.get('vorgang-pin') as string;
 
+		if (!vorgangToken || !vorgangPIN) {
+			return fail(400, { message: 'Token oder PIN fehlen' });
+		}
+
 		const COOKIE_NAME = `token-${vorgangToken}`;
 		cookies.set(COOKIE_NAME, vorgangPIN, {
 			path: '/',
diff --git a/tests/views/Anmeldung.test.ts b/tests/views/Anmeldung.test.ts
index 96cf9b3..4d95808 100644
--- a/tests/views/Anmeldung.test.ts
+++ b/tests/views/Anmeldung.test.ts
@@ -1,144 +1,142 @@
 import { describe, it, expect, vi } from 'vitest';
-import { actions } from '$root/routes/anmeldung/+page.server';
-import { load } from '$root/routes/(token-based)/+layout.server'
+// import { actions } from '$root/routes/anmeldung/+page.server';
+// import { load } from '$root/routes/(token-based)/+layout.server'
+import { actions } from '../../src/routes/anmeldung/+page.server';
+import { load } from '../../src/routes/(token-based)/+layout.server';
 
 import { baseData } from '../fixtures';
 import { ROUTE_NAMES } from '../../src/routes';
 import { dev } from '$app/environment';
 import { vorgangExists, vorgangPINValidation } from '$lib/server/vorgangService';
-import { Redirect } from '@sveltejs/kit';
+import type { Redirect } from '@sveltejs/kit';
 
 vi.mock('$lib/server/vorgangService', () => ({
 	vorgangExists: vi.fn(),
-  vorgangPINValidation: vi.fn(),
+	vorgangPINValidation: vi.fn()
 }));
 
 describe('Vorgang Anzeige via Token', () => {
-  it('Setze Cookie nach erfolgreicher Eingabe', async () => {
-    // Mock formData
-    const vorgObj = baseData.vorgang;
+	it('Setze Cookie nach erfolgreicher Eingabe', async () => {
+		// Mock formData
+		const vorgObj = baseData.vorgang;
 
-    const formData = new FormData();
-    formData.set('vorgang-token', vorgObj.vorgangToken);
-    formData.set('vorgang-pin', vorgObj.vorgangPIN);
+		const formData = new FormData();
+		formData.set('vorgang-token', vorgObj.vorgangToken);
+		formData.set('vorgang-pin', vorgObj.vorgangPIN);
 
-    const mockRequest = {
-      formData: vi.fn().mockResolvedValue(formData)
-    };
+		const mockRequest = {
+			formData: vi.fn().mockResolvedValue(formData)
+		};
 
-    const cookiesSet = vi.fn();
+		const cookiesSet = vi.fn();
 
-    const event = {
-      request: mockRequest,
-      cookies: {
-        set: cookiesSet
-      }
-    };
+		const event = {
+			request: mockRequest,
+			cookies: {
+				set: cookiesSet
+			}
+		};
 
-    let thrownRedirect: Redirect | undefined;
-    try {
-      await actions.getVorgangByToken(event);
-    } catch (e) {
-      thrownRedirect = e as Redirect;
-    }
+		let thrownRedirect: Redirect | undefined;
+		try {
+			await actions.getVorgangByToken(event);
+		} catch (e) {
+			thrownRedirect = e as Redirect;
+		}
 
-    // Redirect bei erfolgreicher Eingabe
-    expect(thrownRedirect?.status).toBe(303);
-    expect(thrownRedirect?.location).toBe(ROUTE_NAMES.VORGANG(vorgObj.vorgangToken));
+		// Redirect bei erfolgreicher Eingabe
+		expect(thrownRedirect?.status).toBe(303);
+		expect(thrownRedirect?.location).toBe(ROUTE_NAMES.VORGANG(vorgObj.vorgangToken));
 
-    // Cookie wurde gesetzt
-    const COOKIE_NAME = `token-${vorgObj.vorgangToken}`
-    expect(cookiesSet).toHaveBeenCalledWith(COOKIE_NAME, vorgObj.vorgangPIN, {
-      path: '/',
+		// Cookie wurde gesetzt
+		const COOKIE_NAME = `token-${vorgObj.vorgangToken}`;
+		expect(cookiesSet).toHaveBeenCalledWith(COOKIE_NAME, vorgObj.vorgangPIN, {
+			path: '/',
 			httpOnly: true,
 			sameSite: 'strict',
 			secure: !dev
-    });
-  });
+		});
+	});
 
-  it('Schlägt fehl wenn keine Daten übergeben werden', async () => {
-    const formData = new FormData(); // no data
-
-    const mockRequest = {
-      formData: vi.fn().mockResolvedValue(formData)
-    };
-
-    const cookiesSet = vi.fn();
-
-    const event = {
-      request: mockRequest,
-      cookies: {
-        set: cookiesSet
-      }
-    };
-
-    const result = await actions.getVorgangByToken(event);
-
-    expect(result).toBeUndefined();
-
-    // Cookie wird nicht gesetzt
-    expect(cookiesSet).not.toHaveBeenCalled();
-  });
+	it('Schlägt fehl wenn keine Daten übergeben werden', async () => {
+		const formData = new FormData(); // no data
+		const mockRequest = {
+			formData: vi.fn().mockResolvedValue(formData)
+		};
+		const cookiesSet = vi.fn();
+		const event = {
+			request: mockRequest,
+			cookies: {
+				set: cookiesSet
+			}
+		};
+		const result = await actions.getVorgangByToken(event);
+		expect(result.status).toBe(400);
+		expect(result.data.message).toMatch(/fehlen|ungültig/i);
+		// Cookie wird nicht gesetzt
+		expect(cookiesSet).not.toHaveBeenCalled();
+	});
+	it.todo('Überprüfe was passiert, wenn Eingabe falsch, bzw. nicht im System passend gefunden');
 });
 
 describe('Teste Guard', () => {
-  it('Lese Cookie aus', async () => {
-    const vorgObj = baseData.vorgang;
+	it('Lese Cookie aus', async () => {
+		const vorgObj = baseData.vorgang;
 
-    const COOKIE_NAME = `token-${vorgObj.vorgangToken}`
-    const cookiesGet = vi.fn().mockImplementation((key: string) => {
-      if (key === COOKIE_NAME) return vorgObj.vorgangPIN;
-      return undefined;
-    });
+		const COOKIE_NAME = `token-${vorgObj.vorgangToken}`;
+		const cookiesGet = vi.fn().mockImplementation((key: string) => {
+			if (key === COOKIE_NAME) return vorgObj.vorgangPIN;
+			return undefined;
+		});
 
+		// mocked objects
+		const event = {
+			cookies: {
+				get: cookiesGet
+			},
+			locals: {},
+			params: { vorgang: vorgObj.vorgangToken }
+		};
+		vi.mocked(vorgangExists).mockReturnValueOnce(true);
+		vi.mocked(vorgangPINValidation).mockReturnValueOnce(true);
 
-    // mocked objects
-    const event = {
-      cookies: {
-        get: cookiesGet
-      },
-      locals: {},
-      params: {vorgang: vorgObj.vorgangToken}
-    };
-    vi.mocked(vorgangExists).mockReturnValueOnce(true);
-    vi.mocked(vorgangPINValidation).mockReturnValueOnce(true);
+		await load(event);
 
-    await load(event);
+		expect(cookiesGet).toHaveBeenCalledWith(COOKIE_NAME);
+	});
 
-    expect(cookiesGet).toHaveBeenCalledWith(COOKIE_NAME);
-  });
+	it('Kein Cookie gesetzt', async () => {
+		const vorgObj = baseData.vorgang;
 
-  it('Kein Cookie gesetzt', async () => {
-    const vorgObj = baseData.vorgang;
+		const COOKIE_NAME = `token-${vorgObj.vorgangToken}`;
+		const cookiesGet = vi.fn().mockImplementation((key: string) => {
+			if (key === COOKIE_NAME) return vorgObj.vorgangPIN;
+			return undefined;
+		});
 
-    const COOKIE_NAME = `token-${vorgObj.vorgangToken}`
-    const cookiesGet = vi.fn().mockImplementation((key: string) => {
-      if (key === COOKIE_NAME) return vorgObj.vorgangPIN;
-      return undefined;
-    });
+		// mocked objects
+		const event = {
+			cookies: {
+				get: cookiesGet
+			},
+			locals: {},
+			params: { vorgang: vorgObj.vorgangToken }
+		};
+		vi.mocked(vorgangExists).mockReturnValueOnce(true);
+		vi.mocked(vorgangPINValidation).mockReturnValueOnce(false);
 
+		let thrownRedirect;
+		try {
+			await load(event);
+			throw new Error('Function did not throw');
+		} catch (e) {
+			thrownRedirect = e;
+		}
+		expect(thrownRedirect?.status).toBe(303);
+		expect(thrownRedirect?.location).toBe(
+			ROUTE_NAMES.ANMELDUNG_VORGANG_PARAM(vorgObj.vorgangToken)
+		);
 
-    // mocked objects
-    const event = {
-      cookies: {
-        get: cookiesGet
-      },
-      locals: {},
-      params: {vorgang: vorgObj.vorgangToken}
-    };
-    vi.mocked(vorgangExists).mockReturnValueOnce(true);
-    vi.mocked(vorgangPINValidation).mockReturnValueOnce(false);
-
-    let thrownRedirect;
-    try {
-      await load(event);
-      throw new Error('Function did not throw')
-    } catch (e) {
-      thrownRedirect = e;
-    }
-    expect(thrownRedirect?.status).toBe(303);
-    expect(thrownRedirect?.location).toBe(ROUTE_NAMES.ANMELDUNG_VORGANG_PARAM(vorgObj.vorgangToken));
-
-    expect(cookiesGet).toHaveBeenCalledWith(COOKIE_NAME);
-  });
+		expect(cookiesGet).toHaveBeenCalledWith(COOKIE_NAME);
+	});
 });