import { describe, it, expect, beforeEach, vi } from 'vitest' import { randomUUID } from 'node:crypto' // Stub the social-identity verifiers so Google/Apple tests don't need real // id_tokens. Each test passes the synthetic payload directly via the // id_token string and the mock returns it parsed. vi.mock('../../src/services/social-identity.service.js', () => ({ verifyGoogleIdToken: vi.fn(async (idToken) => JSON.parse(idToken)), verifyAppleIdToken: vi.fn(async (idToken) => JSON.parse(idToken)), })) const { completeCustomerPhoneSignIn, signInWithGoogle, signInWithApple, } = await import('../../src/services/auth.service.js') const { db, resetDb } = await import('../helpers/db.js') const { createCustomer } = await import('../helpers/fixtures.js') // Phase 4 §2.1 — Anonymous → existing-user merge breadcrumb. // // `resetDb` does NOT truncate the customers table (see helpers/db.js); each // test must use a phone that's unique across runs to avoid colliding with rows // left behind by prior runs. const uniquePhone = () => { const digits = randomUUID().replace(/[^0-9]/g, '').slice(0, 11).padEnd(11, '0') return `+628${digits}` } describe('completeCustomerPhoneSignIn — Phase 4 §2.1 merge breadcrumb', () => { beforeEach(async () => { await resetDb() }) // --- Case 4: no anon prefix, new phone --- it('creates a fresh identified customer with null display_name (no anon, new phone)', async () => { const phone = uniquePhone() const { profile } = await completeCustomerPhoneSignIn({ phone, anonymousCustomerId: null, deviceInfo: {}, }) expect(profile.phone).toBe(phone) expect(profile.display_name).toBeNull() expect(profile.is_anonymous).toBe(false) expect(profile.account_belongs_to).toBeNull() }) // --- Case 3: anon prefix, new phone → upgrade in place --- it('upgrades the anon row in place, preserving display_name (anon, new phone)', async () => { const phone = uniquePhone() const anon = await createCustomer({ callName: 'Bujak', isAnonymous: true }) const { profile } = await completeCustomerPhoneSignIn({ phone, anonymousCustomerId: anon.id, deviceInfo: {}, }) expect(profile.id).toBe(anon.id) // same row, upgraded expect(profile.phone).toBe(phone) expect(profile.display_name).toBe('Bujak') // preserved via COALESCE expect(profile.is_anonymous).toBe(false) expect(profile.account_belongs_to).toBeNull() // no merge // No new customer row was created. const sql = db() const [{ count }] = await sql`SELECT COUNT(*)::int AS count FROM customers WHERE phone = ${phone}` expect(count).toBe(1) }) // --- Case 1: anon prefix, existing phone → stamp breadcrumb, return existing --- it('stamps account_belongs_to on the anon row and returns the existing customer (anon, existing phone)', async () => { const phone = uniquePhone() const existing = await createCustomer({ callName: 'Wati', phone, isAnonymous: false }) const anon = await createCustomer({ callName: 'Bujak', isAnonymous: true }) const { profile, tokens } = await completeCustomerPhoneSignIn({ phone, anonymousCustomerId: anon.id, deviceInfo: {}, }) // The session logs in AS the existing user. expect(profile.id).toBe(existing.id) expect(profile.display_name).toBe('Wati') // existing's name, overwrites local expect(profile.phone).toBe(phone) expect(profile.account_belongs_to).toBeNull() // existing row is the target, not stamped // Token claims point at the existing user (so subsequent requests act as them). expect(tokens.access_token).toBeDefined() // Anon row stays intact, now carries the merge breadcrumb. const sql = db() const [anonRow] = await sql`SELECT id, display_name, account_belongs_to, is_anonymous FROM customers WHERE id = ${anon.id}` expect(anonRow).toBeDefined() // not deleted expect(anonRow.display_name).toBe('Bujak') // preserved expect(anonRow.account_belongs_to).toBe(existing.id) // breadcrumb stamped expect(anonRow.is_anonymous).toBe(true) // still anon (for later reconciliation) }) // --- Case 2a: no anon prefix, existing phone → return existing, no stamping --- it('returns the existing customer as-is when no anon prefix (existing phone, fresh app)', async () => { const phone = uniquePhone() const existing = await createCustomer({ callName: 'Wati', phone, isAnonymous: false }) const { profile } = await completeCustomerPhoneSignIn({ phone, anonymousCustomerId: null, deviceInfo: {}, }) expect(profile.id).toBe(existing.id) expect(profile.display_name).toBe('Wati') expect(profile.account_belongs_to).toBeNull() }) // --- Case 2b: anon id === existing's id (user re-verifying own phone) --- // No-op merge. account_belongs_to stays null; no self-reference is created. it('does not self-stamp when the anon id equals the existing customer id (re-verify)', async () => { const phone = uniquePhone() const existing = await createCustomer({ callName: 'Wati', phone, isAnonymous: false }) const { profile } = await completeCustomerPhoneSignIn({ phone, anonymousCustomerId: existing.id, // same id as the existing row deviceInfo: {}, }) expect(profile.id).toBe(existing.id) expect(profile.account_belongs_to).toBeNull() // Verify nothing self-referenced. const sql = db() const [row] = await sql`SELECT account_belongs_to FROM customers WHERE id = ${existing.id}` expect(row.account_belongs_to).toBeNull() }) // --- Google: stamp breadcrumb on existing-different-id (parity with phone) --- it('Google: stamps account_belongs_to when existing google_sub differs from anon (Case 1)', async () => { const googleSub = `g-${randomUUID()}` const [existing] = await db()` INSERT INTO customers (display_name, is_anonymous, google_sub, email) VALUES ('Wati', false, ${googleSub}, 'wati@example.com') RETURNING ${db()`id, display_name, is_anonymous, phone, email, google_sub, apple_sub, usp_seen, account_belongs_to, created_at`} ` const anon = await createCustomer({ callName: 'Bujak', isAnonymous: true }) const { profile } = await signInWithGoogle({ idToken: JSON.stringify({ sub: googleSub, email: 'wati@example.com' }), anonymousCustomerId: anon.id, deviceInfo: {}, }) expect(profile.id).toBe(existing.id) expect(profile.display_name).toBe('Wati') const [anonRow] = await db()`SELECT account_belongs_to FROM customers WHERE id = ${anon.id}` expect(anonRow.account_belongs_to).toBe(existing.id) }) // --- Google: upgrade-in-place when google_sub is new --- it('Google: upgrades anon in place when google_sub is new, preserving display_name (Case 3)', async () => { const googleSub = `g-${randomUUID()}` const anon = await createCustomer({ callName: 'Bujak', isAnonymous: true }) const { profile } = await signInWithGoogle({ idToken: JSON.stringify({ sub: googleSub, email: 'bujak@example.com' }), anonymousCustomerId: anon.id, deviceInfo: {}, }) expect(profile.id).toBe(anon.id) expect(profile.google_sub).toBe(googleSub) expect(profile.email).toBe('bujak@example.com') expect(profile.display_name).toBe('Bujak') expect(profile.is_anonymous).toBe(false) expect(profile.account_belongs_to).toBeNull() }) // --- Apple: stamp breadcrumb on existing-different-id (parity with phone) --- it('Apple: stamps account_belongs_to when existing apple_sub differs from anon (Case 1)', async () => { const appleSub = `a-${randomUUID()}` const [existing] = await db()` INSERT INTO customers (display_name, is_anonymous, apple_sub, email) VALUES ('Wati', false, ${appleSub}, 'wati@apple.example') RETURNING ${db()`id, display_name, is_anonymous, phone, email, google_sub, apple_sub, usp_seen, account_belongs_to, created_at`} ` const anon = await createCustomer({ callName: 'Bujak', isAnonymous: true }) const { profile } = await signInWithApple({ idToken: JSON.stringify({ sub: appleSub, email: 'wati@apple.example' }), anonymousCustomerId: anon.id, deviceInfo: {}, }) expect(profile.id).toBe(existing.id) expect(profile.display_name).toBe('Wati') const [anonRow] = await db()`SELECT account_belongs_to FROM customers WHERE id = ${anon.id}` expect(anonRow.account_belongs_to).toBe(existing.id) }) // --- Multi-merge: same anon path used twice for the same existing user accumulates without conflict --- it('handles multiple anon rows pointing at the same existing user (multi-merge accumulation)', async () => { const phone = uniquePhone() const existing = await createCustomer({ callName: 'Wati', phone, isAnonymous: false }) const anon1 = await createCustomer({ callName: 'Bujak', isAnonymous: true }) const anon2 = await createCustomer({ callName: 'Bendoyo', isAnonymous: true }) await completeCustomerPhoneSignIn({ phone, anonymousCustomerId: anon1.id, deviceInfo: {} }) await completeCustomerPhoneSignIn({ phone, anonymousCustomerId: anon2.id, deviceInfo: {} }) const sql = db() const rows = await sql`SELECT id, account_belongs_to FROM customers WHERE id IN (${anon1.id}, ${anon2.id}) ORDER BY display_name` expect(rows).toHaveLength(2) for (const row of rows) { expect(row.account_belongs_to).toBe(existing.id) } }) })