change description of test case: load() now returns undefined if not logged-in

src/lib/components/Header.svelte

@@ -21,7 +21,7 @@
 			<h1 class="text-3xl text-slate-400 font-bold">Tatort</h1>
 			<div class="lg:flex lg:justify-end w-48">
 				{#if data.user}
-					<form method="POST" action="{ROUTE_NAMES.ANMELDUNG_LOGOUT}">
+					<form method="POST" action="{ROUTE_NAMES.LOGOUT}">
 						<input type="hidden" />
 						<button type="submit" class="text-sm font-semibold leading-6 text-gray-900"
 							><span

src/lib/server/authService.ts

@@ -12,7 +12,8 @@ export const loginUser = async ({ request, cookies }: { request: Request; cookie
 
 	const token = authenticate(user, password);
 
-	if (!token) return fail(400, { user, incorrect: true });
+	if (!token) return fail(400, { user, incorrect: true,
+								message: "Ungültige Zugangsdaten" });
 
 	cookies.set(COOKIE_NAME, token, {
 		path: ROUTE_NAMES.ROOT,

src/routes/(angemeldet)/+layout.server.ts

@@ -1,4 +1,4 @@
-import { redirect, type ServerLoadEvent } from '@sveltejs/kit';
+import { type ServerLoadEvent } from '@sveltejs/kit';
 import type { PageServerLoad } from '../anmeldung/$types';
 
 import { ROUTE_NAMES } from '..';

src/routes/(angemeldet)/+page.server.ts

@@ -1,5 +1,6 @@
-import { loginUser } from '$lib/server/authService';
+import { loginUser, logoutUser } from '$lib/server/authService';
 
 export const actions = {
-	default: ({ request, cookies }) => loginUser({ request, cookies }),
+	login: ({ request, cookies }) => loginUser({ request, cookies }),
+	logout: (event) => logoutUser(event),
 } as const;

src/routes/(angemeldet)/+page.svelte

@@ -72,7 +72,7 @@
 		<div class="relative mt-5 bg-gray-50 rounded-xl shadow-xl p-3 pt-1">
 			<div class="mt-10">
 
-<form method="POST">
+<form action="{ROUTE_NAMES.LOGIN}" method="POST">
 						<div>
 							<label for="user" class="text-sm font-medium leading-6 text-gray-900">Name</label>
 							<div class="mt-2">
@@ -103,7 +103,7 @@
 							</div>
 						</div>
 						{#if form?.incorrect}
-						Wrong credentials
+							<p class="block text-sm leading-6 text-red-900 mt-2">{form.message}</p>
 						{/if}
 						<div class="flex justify-end">
 							<Button type="submit" class="mt-5">Anmelden</Button>

src/routes/(angemeldet)/list/+page.server.ts

@@ -1,7 +1,12 @@
 import { getVorgaenge } from '$lib/server/vorgangService';
 import type { PageServerLoad } from '../../(token-based)/view/$types';
+import { error } from '@sveltejs/kit';
+
+export const load: PageServerLoad = async (event) => {
+	if (!event.locals.user) {
+		error(404, 'Not Found')
+	}
 
-export const load: PageServerLoad = async () => {
 	const vorgangList = getVorgaenge();
 
 	return {

src/routes/(angemeldet)/upload/+page.server.ts

@@ -1,6 +1,6 @@
 import { Readable } from 'stream';
 import { BUCKET, client } from '$lib/minio';
-import { fail } from '@sveltejs/kit';
+import { fail, error } from '@sveltejs/kit';
 import { v4 as uuidv4 } from 'uuid';
 
 import { db } from '$lib/server/dbService';
@@ -123,3 +123,10 @@ export const actions = {
 		return { etag, error };
 	}
 };
+
+
+export const load: PageServerLoad = async (event) => {
+	if (!event.locals.user) {
+		error(404, 'Not found')
+	}
+};

src/routes/(angemeldet)/user-management/+page.server.ts

@@ -0,0 +1,8 @@
+import type { PageServerLoad } from '../../(token-based)/view/$types';
+import { error } from '@sveltejs/kit';
+
+export const load: PageServerLoad = async (event) => {
+	if (!event.locals.user) {
+		error(404, 'Not Found')
+	}
+};

src/routes/index.ts

@@ -16,8 +16,8 @@ export const ROUTE_NAMES = {
 
 	// Anmeldung: actions
 	ANMELDUNG: '/anmeldung',
-	ANMELDUNG_LOGIN: '/anmeldung?/login',
-	ANMELDUNG_LOGOUT: '/anmeldung?/logout',
+	LOGIN: '/?/login',
+	LOGOUT: '/?/logout',
 	ANMELDUNG_GET_VORGANG_BY_TOKEN: '/anmeldung?/getVorgangByToken',
 	ANMELDUNG_VORGANG_PARAM: (vorgangToken: string) => `/anmeldung?vorgang=${vorgangToken}`
 };

tests/views/Anmeldung.test.ts

@@ -27,6 +27,7 @@ describe('Vorgang Anzeige via Token', () => {
 		const mockRequest = {
 			formData: vi.fn().mockResolvedValue(formData)
 		};
+		vi.mocked(vorgangPINValidation).mockReturnValueOnce(true);
 
 		const cookiesSet = vi.fn();
 
@@ -39,7 +40,7 @@ describe('Vorgang Anzeige via Token', () => {
 
 		let thrownRedirect: Redirect | undefined;
 		try {
-			await actions.getVorgangByToken(event);
+			await actions.default(event);
 		} catch (e) {
 			thrownRedirect = e as Redirect;
 		}
@@ -70,9 +71,9 @@ describe('Vorgang Anzeige via Token', () => {
 				set: cookiesSet
 			}
 		};
-		const result = await actions.getVorgangByToken(event);
+		const result = await actions.default(event);
 		expect(result.status).toBe(400);
-		expect(result.data.message).toMatch(/fehlen|ungültig/i);
+		expect(result.data.message).toMatch(/PIN eingeben/i);
 		// Cookie wird nicht gesetzt
 		expect(cookiesSet).not.toHaveBeenCalled();
 	});

tests/views/Layout.test.ts

@@ -4,7 +4,7 @@ import { ROUTE_NAMES } from '../../src/routes';
 import { baseData, mockEvent } from '../fixtures';
 
 describe('+layout.server load(): Teste korrekte URL', () => {
-	test('Werfe redirect zu /anmeldung wenn User nicht eingeloggt', async () => {
+	test('Werfe keinen Redirect und gebe nichts zurück', async () => {
 		const mockEvent = {
 			locals: {
 				user: null