vi.mock the auth module so reinitAuth() is a no-op in tests.
This decouples the tests from the BETTER_AUTH_SECRET env var.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
reinitAuth() can throw if BETTER_AUTH_SECRET is missing, causing
an unhandled rejection that returns an HTML error page instead of
JSON. Wrap both PUT and DELETE handlers in try/catch to return a
proper JSON error response.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add reinitAuth() import and calls to routes/authProvider.ts (active router)
instead of routes/admin/authProvider.ts (dead code, not imported)
- Add AbortSignal.timeout(10_000) to fetch in setup auth-provider/test endpoint
- Add .replace(/\/$/, "") to strip trailing slash from internalBaseUrl
- Delete dead routes/admin/authProvider.ts
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- GET /api/setup/status: verify showAuthProviderStep logic for all cases
(fresh install, env vars present, setup complete, DB config exists)
- POST /api/setup/auth-provider: 403 after complete, 409 if already configured,
creates config with encrypted secret, Zod validation
- POST /api/setup/auth-provider/test: 403 after complete, unreachable issuer,
valid issuer, invalid issuer (non-200)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
groombook-engineer[bot]