fix(auth): fix AuthGuard unit tests after Public decorator implementation

betterclever · betterclever · commit d5483aa0d65a · 2026-01-02T13:45:33.000+05:30
- Inject and mock Reflector in AuthGuard unit tests
- Fix NestJS context mocks in tests to include getHandler and getClass
- Add test cases for Public decorator behavior in AuthGuard

Signed-off-by: betterclever &lt;paliwal.pranjal83@gmail.com&gt;
diff --git a/backend/src/auth/__tests__/auth.guard.spec.ts b/backend/src/auth/__tests__/auth.guard.spec.ts
@@ -1,6 +1,7 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from 'bun:test';
 import type { ExecutionContext } from '@nestjs/common';
 import { UnauthorizedException } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
 import type { Request } from 'express';
 
 import { AuthGuard, type RequestWithAuthContext } from '../auth.guard';
@@ -18,6 +19,9 @@ describe('AuthGuard', () => {
   let mockApiKeysService: {
     validateKey: ReturnType<typeof vi.fn>;
   };
+  let mockReflector: {
+    getAllAndOverride: ReturnType<typeof vi.fn>;
+  };
   let mockExecutionContext: ExecutionContext;
   let mockRequest: RequestWithAuthContext;
 
@@ -30,11 +34,15 @@ describe('AuthGuard', () => {
     mockApiKeysService = {
       validateKey: vi.fn(),
     };
+    mockReflector = {
+      getAllAndOverride: vi.fn(),
+    };
 
     // Create guard with mocked dependencies
     guard = new AuthGuard(
       mockAuthService as unknown as AuthService,
       mockApiKeysService as unknown as ApiKeysService,
+      mockReflector as unknown as Reflector,
     );
 
     // Setup mock request
@@ -50,6 +58,8 @@ describe('AuthGuard', () => {
       switchToHttp: vi.fn(() => ({
         getRequest: vi.fn(() => mockRequest),
       })),
+      getHandler: vi.fn(),
+      getClass: vi.fn(),
     } as unknown as ExecutionContext;
   });
 
@@ -59,6 +69,8 @@ describe('AuthGuard', () => {
         switchToHttp: vi.fn(() => ({
           getRequest: vi.fn(() => null),
         })),
+        getHandler: vi.fn(),
+        getClass: vi.fn(),
       } as unknown as ExecutionContext;
 
       const result = await guard.canActivate(contextWithoutRequest);
@@ -565,5 +577,35 @@ describe('AuthGuard', () => {
       expect(mockRequest.auth?.provider).toBe('api-key');
     });
   });
+
+  describe('Public decorator', () => {
+    it('should allow access to endpoints marked as public', async () => {
+      mockReflector.getAllAndOverride.mockReturnValue(true);
+
+      const result = await guard.canActivate(mockExecutionContext);
+
+      expect(result).toBe(true);
+      expect(mockAuthService.authenticate).not.toHaveBeenCalled();
+      expect(mockApiKeysService.validateKey).not.toHaveBeenCalled();
+      expect(mockRequest.auth).toBeUndefined();
+    });
+
+    it('should continue authentication for endpoints not marked as public', async () => {
+      mockReflector.getAllAndOverride.mockReturnValue(false);
+      mockAuthService.authenticate.mockResolvedValue({
+        userId: 'user-1',
+        organizationId: 'org-1',
+        roles: ['MEMBER'],
+        isAuthenticated: true,
+        provider: 'clerk',
+      });
+
+      const result = await guard.canActivate(mockExecutionContext);
+
+      expect(result).toBe(true);
+      expect(mockAuthService.authenticate).toHaveBeenCalled();
+      expect(mockRequest.auth?.userId).toBe('user-1');
+    });
+  });
 });
 
