test: raise frontend coverage baselines

adminfront/src/lib/adminApi.contract.test.ts

@@ -0,0 +1,185 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+const apiClient = {
+  get: vi.fn(),
+  post: vi.fn(),
+  put: vi.fn(),
+  patch: vi.fn(),
+  delete: vi.fn(),
+};
+
+const fetchAllCursorPages = vi.fn(async () => ({
+  items: [{ id: "tenant-1", name: "Tenant", slug: "tenant" }],
+  total: 1,
+}));
+
+vi.mock("./apiClient", () => ({
+  default: apiClient,
+}));
+
+vi.mock("./auth", () => ({
+  userManager: {
+    getUser: vi.fn(async () => ({ access_token: "access-token" })),
+  },
+}));
+
+vi.mock("../../../common/core/pagination", () => ({
+  fetchAllCursorPages,
+}));
+
+describe("adminApi endpoint contracts", () => {
+  beforeEach(() => {
+    apiClient.get.mockReset();
+    apiClient.post.mockReset();
+    apiClient.put.mockReset();
+    apiClient.patch.mockReset();
+    apiClient.delete.mockReset();
+
+    apiClient.get.mockResolvedValue({
+      data: { ok: true },
+      headers: { "content-disposition": 'attachment; filename="export.csv"' },
+    });
+    apiClient.post.mockResolvedValue({ data: { ok: true } });
+    apiClient.put.mockResolvedValue({ data: { ok: true } });
+    apiClient.patch.mockResolvedValue({ data: { ok: true } });
+    apiClient.delete.mockResolvedValue({ data: { ok: true } });
+    fetchAllCursorPages.mockClear();
+    window.localStorage.clear();
+  });
+
+  it("routes read APIs to their documented admin endpoints", async () => {
+    const adminApi = await import("./adminApi");
+
+    await adminApi.fetchAuditLogs(10, "cursor-a");
+    await adminApi.fetchAdminOverviewStats();
+    await adminApi.fetchDataIntegrityReport();
+    await adminApi.fetchOrphanUserLoginIDs();
+    await adminApi.fetchUserProjectionStatus();
+    await adminApi.fetchAdminRPUsageDaily({
+      days: 30,
+      period: "week",
+      tenantId: "tenant-1",
+    });
+    await adminApi.fetchTenants(25, 50, "parent-1", "cursor-b");
+    await adminApi.fetchAllTenants({ pageSize: 200, parentId: "parent-1" });
+    await adminApi.fetchTenant("tenant-1");
+    await adminApi.fetchTenantAdmins("tenant-1");
+    await adminApi.fetchTenantOwners("tenant-1");
+    await adminApi.fetchGroups("tenant-1");
+    await adminApi.fetchGroup("tenant-1", "group-1");
+    await adminApi.fetchGroupRoles("tenant-1", "group-1");
+    await adminApi.fetchApiKeys(20, 40);
+    await adminApi.fetchUsers(30, 60, "admin", "tenant");
+    await adminApi.fetchUser("user-1");
+    await adminApi.fetchWorksmobileOverview("tenant-1");
+    await adminApi.fetchWorksmobileComparison("tenant-1", true);
+    await adminApi.downloadWorksmobileInitialPasswordsCSV("tenant-1");
+    await adminApi.fetchPasswordPolicy();
+    await adminApi.fetchUserRpHistory("user-1");
+    await adminApi.fetchMe();
+    await adminApi.fetchRelyingParties("tenant-1");
+    await adminApi.fetchAllRelyingParties();
+    await adminApi.fetchRelyingParty("client-1");
+    await adminApi.fetchRPOwners("client-1");
+
+    expect(apiClient.get).toHaveBeenCalledWith("/v1/audit", {
+      params: { limit: 10, cursor: "cursor-a" },
+    });
+    expect(apiClient.get).toHaveBeenCalledWith("/v1/admin/tenants", {
+      params: {
+        limit: 25,
+        offset: 50,
+        parentId: "parent-1",
+        cursor: "cursor-b",
+      },
+    });
+    expect(fetchAllCursorPages).toHaveBeenCalledWith(
+      expect.objectContaining({
+        path: "/v1/admin/tenants",
+        pageSize: 200,
+        params: { parentId: "parent-1" },
+      }),
+    );
+    expect(apiClient.get).toHaveBeenCalledWith(
+      "/v1/admin/tenants/tenant-1/worksmobile/comparison",
+      { params: { includeMatched: true } },
+    );
+    expect(await adminApi.exportTenantsCSV(true, "parent-1")).toMatchObject({
+      filename: "export.csv",
+    });
+    expect(
+      await adminApi.exportUsersCSV("admin", "tenant", true),
+    ).toMatchObject({
+      filename: "export.csv",
+    });
+  });
+
+  it("routes mutation APIs to their documented admin endpoints", async () => {
+    const adminApi = await import("./adminApi");
+
+    await adminApi.deleteOrphanUserLoginIDs(["orphan-1"]);
+    await adminApi.reconcileUserProjection();
+    await adminApi.resetUserProjection();
+    await adminApi.createTenant({ name: "Tenant", slug: "tenant" });
+    await adminApi.updateTenant("tenant-1", { status: "inactive" });
+    await adminApi.deleteTenant("tenant-1");
+    await adminApi.deleteTenantsBulk(["tenant-1"]);
+    await adminApi.importTenantsCSV(new File(["name"], "tenants.csv"));
+    await adminApi.approveTenant("tenant-1");
+    await adminApi.addTenantAdmin("tenant-1", "user-1");
+    await adminApi.removeTenantAdmin("tenant-1", "user-1");
+    await adminApi.addTenantOwner("tenant-1", "user-1");
+    await adminApi.removeTenantOwner("tenant-1", "user-1");
+    await adminApi.createGroup("tenant-1", { name: "Group" });
+    await adminApi.deleteGroup("tenant-1", "group-1");
+    await adminApi.addGroupMember("tenant-1", "group-1", "user-1");
+    await adminApi.removeGroupMember("tenant-1", "group-1", "user-1");
+    await adminApi.assignGroupRole("tenant-1", "group-1", "tenant-2", "owner");
+    await adminApi.removeGroupRole("tenant-1", "group-1", "tenant-2", "owner");
+    await adminApi.createApiKey({ name: "key", scopes: ["read"] });
+    await adminApi.updateApiKeyScopes("key-1", { scopes: ["write"] });
+    await adminApi.rotateApiKeySecret("key-1");
+    await adminApi.deleteApiKey("key-1");
+    await adminApi.createUser({ email: "user@example.com", name: "User" });
+    await adminApi.bulkCreateUsers([
+      { email: "user@example.com", name: "User", metadata: {} },
+    ]);
+    await adminApi.enqueueWorksmobileBackfillDryRun("tenant-1");
+    await adminApi.enqueueWorksmobileOrgUnitSync("tenant-1", "org/unit");
+    await adminApi.enqueueWorksmobileOrgUnitDelete("tenant-1", "org/unit");
+    await adminApi.enqueueWorksmobileUserSync("tenant-1", "user-1");
+    await adminApi.retryWorksmobileJob("tenant-1", "job-1");
+    await adminApi.bulkUpdateUsers({ userIds: ["user-1"], status: "inactive" });
+    await adminApi.bulkDeleteUsers(["user-1"]);
+    await adminApi.updateUser("user-1", { status: "active" });
+    await adminApi.deleteUser("user-1");
+    await adminApi.createRelyingParty("tenant-1", {
+      client_name: "RP",
+      redirect_uris: ["https://rp.example/callback"],
+    });
+    await adminApi.updateRelyingParty("client-1", {
+      client_name: "RP",
+      redirect_uris: ["https://rp.example/callback"],
+    });
+    await adminApi.deleteRelyingParty("client-1");
+    await adminApi.addRPOwner("client-1", "User:user-1");
+    await adminApi.removeRPOwner("client-1", "User:user-1");
+
+    expect(apiClient.delete).toHaveBeenCalledWith(
+      "/v1/admin/integrity/orphan-user-login-ids",
+      { data: { ids: ["orphan-1"] } },
+    );
+    expect(apiClient.post).toHaveBeenCalledWith(
+      "/v1/admin/projections/users/reconcile",
+    );
+    expect(apiClient.put).toHaveBeenCalledWith("/v1/admin/users/user-1", {
+      status: "active",
+    });
+    expect(apiClient.post).toHaveBeenCalledWith(
+      "/v1/admin/tenants/tenant-1/worksmobile/orgunits/org%2Funit/sync",
+    );
+    expect(apiClient.delete).toHaveBeenCalledWith(
+      "/v1/admin/relying-parties/client-1/owners/User:user-1",
+    );
+  });
+});

adminfront/src/lib/tenantTree.ts

@@ -24,7 +24,7 @@ export function buildTenantFullTree(
     });
   }
 
-  const visitedDuringBuild = new Set<string>();
+  const _visitedDuringBuild = new Set<string>();
   // Build initial children relations and prevent simple cycles
   for (const t of allTenants) {
     if (t.parentId && t.parentId !== t.id) {