fix(test): un-skip 10 integration tests — WorkOS class mock, 404→403, DB subscription seed (#3321–3323)#3333
Merged
Conversation
… DB subscription seed (#3321–3323) Closes #3321 Closes #3322 Closes #3323 Three root causes fixed: 1. @workos-inc/node class mock + env var priming (join-request-approval, personal-workspace-restrictions): Route handlers call `new WorkOS()` directly; mocking workos-client.js singleton had no effect. Added `vi.mock('@workos-inc/node', () => ({ WorkOS: class {...} }))` so every constructor call returns shared mock methods. Env vars primed in vi.hoisted so AUTH_ENABLED resolves true before module load. Re-established listOrganizationMemberships.mockImplementation in beforeEach because vi.clearAllMocks() wipes all implementations. 2. 404→403 assertion (self-service-delete): Handler checks WorkOS membership before org existence — correct security behaviour that prevents org-ID enumeration. Updated test to assert 403 + 'Access denied'. 3. DB subscription seed instead of stripe-client mock (self-service-delete, admin-endpoints): OrganizationDatabase.getSubscriptionInfo reads subscription_status from the DB row; mocking the stripe-client import had no effect. Seeding subscription_status='active' directly exercises the real code path without requiring a Stripe customer ID. https://claude.ai/code/session_016BZcwrfqhmnHT3mSWZ5cBN
This was referenced Apr 26, 2026
personal-workspace-restrictions.test.ts: - Comment said "Re-establish after clearAllMocks" but no clearAllMocks() exists in this file; corrected to "Reset per-test" - Add DELETE from invitation_seat_types in afterEach: the invitation test (newly un-skipped) inserts a row there and the table has no FK to organizations, so org cleanup did not cascade; stale rows would cause future invitation tests to fail the seat-limit check https://claude.ai/code/session_016BZcwrfqhmnHT3mSWZ5cBN
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #3321
Closes #3322
Closes #3323
Summary
Un-skips 10 integration tests across 4 files by fixing three distinct root causes:
@workos-inc/nodeclass mock + env var priming (join-request-approval.test.ts,personal-workspace-restrictions.test.ts): Route handlers callnew WorkOS()directly at request time — mocking theworkos-client.jssingleton had no effect on handler-constructed instances. Addedvi.mock('@workos-inc/node', () => ({ WorkOS: class { ... } }))so every constructor call returns shared mock methods. WorkOS env vars (WORKOS_API_KEY,WORKOS_CLIENT_ID,WORKOS_COOKIE_PASSWORD) are now primed insidevi.hoistedsoAUTH_ENABLEDresolves totruebeforeorganizations.tsloads and callsnew WorkOS(). Re-establishedlistOrganizationMemberships.mockImplementationinbeforeEachbecausevi.clearAllMocks()wipes all implementations.404→403 assertion (
self-service-delete.test.ts): The handler checks WorkOS membership before org existence — correct security behavior that prevents org-ID enumeration by probing deletions. Updated the test description and assertion to expect403 Access deniedfor a non-existent org where the user has no membership.DB subscription seed instead of stripe-client mock (
self-service-delete.test.ts,admin-endpoints.test.ts):OrganizationDatabase.getSubscriptionInforeadssubscription_statusfrom the DB row; mocking thestripe-clientimport had no effect on this code path. Tests now seedsubscription_status = 'active'directly in theorganizationstable and omitstripe_customer_id, sogetSubscriptionInfoshort-circuits on the local DB value without ever consulting Stripe.Non-breaking justification
Test-only changes. No production code, protocol schema, or API surface modified. No migrations. Changeset is
--empty(no package version bump).Pre-PR review
mockImplementation(without reset) in join-request-approval is correct sincevi.clearAllMocks()already ran; confirmed personal-workspace-restrictions usesmockReset()correctly; confirmed admin-endpoints needs no WorkOS mock; confirmed is_personal flag test is unaffected (direct DB query)requireAdmin(no WorkOS call); response body shapes verified (has_active_subscription: true,subscription_status: 'active'); DB-seed-only approach sufficient for the subscription guardhttps://claude.ai/code/session_016BZcwrfqhmnHT3mSWZ5cBN
Generated by Claude Code