test(auth): add registration policy route-flow integration tests

TODO.md

@@ -186,10 +186,10 @@ This file is the single source of truth for roadmap and delivery progress.
 
 ### Testing
 
-- [ ] [P1] Unit tests for content schemas and service logic
+- [x] [P1] Unit tests for content schemas and service logic
 - [ ] [P1] Component tests for admin forms (pages/media/navigation)
 - [ ] [P1] Integration tests for owner invariant and hidden support-user protection
-- [ ] [P1] Integration tests for registration allow/deny behavior
+- [x] [P1] Integration tests for registration allow/deny behavior
 - [ ] [P1] Integration tests for translated content CRUD and locale-specific validation
 - [~] [P1] E2E happy paths: create page, publish, see on public app
 - [~] [P1] E2E happy paths: media upload + artwork refinement display
@@ -280,6 +280,8 @@ This file is the single source of truth for roadmap and delivery progress.
 - [2026-02-12] Announcements/news baseline added: admin `/announcements` + `/news` management screens and public announcement rendering slots (`global_top`, `homepage`).
 - [2026-02-12] Public news routes now exist at `/news` and `/news/:slug` (detail restricted to published posts).
 - [2026-02-12] Added `e2e/happy-paths.pw.ts` covering admin login, page publish/public rendering, announcement rendering, media upload, and commission status transition.
+- [2026-02-12] Expanded unit coverage for content/domain schemas and post service behavior (`packages/content/src/domain-schemas.test.ts`, `packages/db/src/posts.test.ts`).
+- [2026-02-12] Added auth flow integration tests for `/login`, `/register`, `/welcome` to validate registration allow/deny and owner bootstrap redirects.
 
 ## How We Use This File
 

apps/admin/src/app/login/page.test.tsx

@@ -0,0 +1,67 @@
+import type { ReactElement } from "react"
+import { beforeEach, describe, expect, it, vi } from "vitest"
+
+const { redirectMock, resolveRoleFromServerContextMock, hasOwnerUserMock } = vi.hoisted(() => ({
+  redirectMock: vi.fn((path: string) => {
+    throw new Error(`REDIRECT:${path}`)
+  }),
+  resolveRoleFromServerContextMock: vi.fn(),
+  hasOwnerUserMock: vi.fn(),
+}))
+
+vi.mock("next/navigation", () => ({
+  redirect: redirectMock,
+}))
+
+vi.mock("@/lib/access-server", () => ({
+  resolveRoleFromServerContext: resolveRoleFromServerContextMock,
+}))
+
+vi.mock("@/lib/auth/server", () => ({
+  hasOwnerUser: hasOwnerUserMock,
+}))
+
+vi.mock("./login-form", () => ({
+  LoginForm: ({ mode }: { mode: string }) => ({ type: "login-form", props: { mode } }),
+}))
+
+import LoginPage from "./page"
+
+function expectRedirect(call: () => Promise<unknown>, path: string) {
+  return expect(call()).rejects.toThrow(`REDIRECT:${path}`)
+}
+
+describe("login page", () => {
+  beforeEach(() => {
+    redirectMock.mockClear()
+    resolveRoleFromServerContextMock.mockReset()
+    hasOwnerUserMock.mockReset()
+  })
+
+  it("redirects authenticated users to dashboard", async () => {
+    resolveRoleFromServerContextMock.mockResolvedValue("manager")
+
+    await expectRedirect(() => LoginPage({ searchParams: Promise.resolve({}) }), "/")
+  })
+
+  it("redirects to welcome if owner is missing", async () => {
+    resolveRoleFromServerContextMock.mockResolvedValue(null)
+    hasOwnerUserMock.mockResolvedValue(false)
+
+    await expectRedirect(
+      () => LoginPage({ searchParams: Promise.resolve({ next: "/settings" }) }),
+      "/welcome?next=%2Fsettings",
+    )
+  })
+
+  it("renders sign-in mode once owner exists", async () => {
+    resolveRoleFromServerContextMock.mockResolvedValue(null)
+    hasOwnerUserMock.mockResolvedValue(true)
+
+    const page = (await LoginPage({ searchParams: Promise.resolve({}) })) as ReactElement<{
+      mode: string
+    }>
+
+    expect(page.props.mode).toBe("signin")
+  })
+})

apps/admin/src/app/register/page.test.tsx

@@ -0,0 +1,91 @@
+import type { ReactElement } from "react"
+import { beforeEach, describe, expect, it, vi } from "vitest"
+
+const {
+  redirectMock,
+  resolveRoleFromServerContextMock,
+  hasOwnerUserMock,
+  isSelfRegistrationEnabledMock,
+} = vi.hoisted(() => ({
+  redirectMock: vi.fn((path: string) => {
+    throw new Error(`REDIRECT:${path}`)
+  }),
+  resolveRoleFromServerContextMock: vi.fn(),
+  hasOwnerUserMock: vi.fn(),
+  isSelfRegistrationEnabledMock: vi.fn(),
+}))
+
+vi.mock("next/navigation", () => ({
+  redirect: redirectMock,
+}))
+
+vi.mock("@/lib/access-server", () => ({
+  resolveRoleFromServerContext: resolveRoleFromServerContextMock,
+}))
+
+vi.mock("@/lib/auth/server", () => ({
+  hasOwnerUser: hasOwnerUserMock,
+  isSelfRegistrationEnabled: isSelfRegistrationEnabledMock,
+}))
+
+vi.mock("@/app/login/login-form", () => ({
+  LoginForm: ({ mode }: { mode: string }) => ({ type: "login-form", props: { mode } }),
+}))
+
+import RegisterPage from "./page"
+
+function expectRedirect(call: () => Promise<unknown>, path: string) {
+  return expect(call()).rejects.toThrow(`REDIRECT:${path}`)
+}
+
+describe("register page", () => {
+  beforeEach(() => {
+    redirectMock.mockClear()
+    resolveRoleFromServerContextMock.mockReset()
+    hasOwnerUserMock.mockReset()
+    isSelfRegistrationEnabledMock.mockReset()
+  })
+
+  it("redirects authenticated users to dashboard", async () => {
+    resolveRoleFromServerContextMock.mockResolvedValue("admin")
+
+    await expectRedirect(
+      () => RegisterPage({ searchParams: Promise.resolve({ next: "/pages" }) }),
+      "/",
+    )
+  })
+
+  it("redirects to welcome when no owner exists", async () => {
+    resolveRoleFromServerContextMock.mockResolvedValue(null)
+    hasOwnerUserMock.mockResolvedValue(false)
+
+    await expectRedirect(
+      () => RegisterPage({ searchParams: Promise.resolve({ next: "/pages" }) }),
+      "/welcome?next=%2Fpages",
+    )
+  })
+
+  it("shows disabled mode when self registration is off", async () => {
+    resolveRoleFromServerContextMock.mockResolvedValue(null)
+    hasOwnerUserMock.mockResolvedValue(true)
+    isSelfRegistrationEnabledMock.mockResolvedValue(false)
+
+    const page = (await RegisterPage({ searchParams: Promise.resolve({}) })) as ReactElement<{
+      mode: string
+    }>
+
+    expect(page.props.mode).toBe("signup-disabled")
+  })
+
+  it("shows sign-up mode when self registration is enabled", async () => {
+    resolveRoleFromServerContextMock.mockResolvedValue(null)
+    hasOwnerUserMock.mockResolvedValue(true)
+    isSelfRegistrationEnabledMock.mockResolvedValue(true)
+
+    const page = (await RegisterPage({ searchParams: Promise.resolve({}) })) as ReactElement<{
+      mode: string
+    }>
+
+    expect(page.props.mode).toBe("signup-user")
+  })
+})

apps/admin/src/app/welcome/page.test.tsx

@@ -0,0 +1,70 @@
+import type { ReactElement } from "react"
+import { beforeEach, describe, expect, it, vi } from "vitest"
+
+const { redirectMock, resolveRoleFromServerContextMock, hasOwnerUserMock } = vi.hoisted(() => ({
+  redirectMock: vi.fn((path: string) => {
+    throw new Error(`REDIRECT:${path}`)
+  }),
+  resolveRoleFromServerContextMock: vi.fn(),
+  hasOwnerUserMock: vi.fn(),
+}))
+
+vi.mock("next/navigation", () => ({
+  redirect: redirectMock,
+}))
+
+vi.mock("@/lib/access-server", () => ({
+  resolveRoleFromServerContext: resolveRoleFromServerContextMock,
+}))
+
+vi.mock("@/lib/auth/server", () => ({
+  hasOwnerUser: hasOwnerUserMock,
+}))
+
+vi.mock("@/app/login/login-form", () => ({
+  LoginForm: ({ mode }: { mode: string }) => ({ type: "login-form", props: { mode } }),
+}))
+
+import WelcomePage from "./page"
+
+function expectRedirect(call: () => Promise<unknown>, path: string) {
+  return expect(call()).rejects.toThrow(`REDIRECT:${path}`)
+}
+
+describe("welcome page", () => {
+  beforeEach(() => {
+    redirectMock.mockClear()
+    resolveRoleFromServerContextMock.mockReset()
+    hasOwnerUserMock.mockReset()
+  })
+
+  it("redirects authenticated users to dashboard", async () => {
+    resolveRoleFromServerContextMock.mockResolvedValue("admin")
+
+    await expectRedirect(
+      () => WelcomePage({ searchParams: Promise.resolve({ next: "/media" }) }),
+      "/",
+    )
+  })
+
+  it("redirects to login after owner exists", async () => {
+    resolveRoleFromServerContextMock.mockResolvedValue(null)
+    hasOwnerUserMock.mockResolvedValue(true)
+
+    await expectRedirect(
+      () => WelcomePage({ searchParams: Promise.resolve({ next: "/media" }) }),
+      "/login?next=%2Fmedia",
+    )
+  })
+
+  it("renders owner sign-up mode when owner is missing", async () => {
+    resolveRoleFromServerContextMock.mockResolvedValue(null)
+    hasOwnerUserMock.mockResolvedValue(false)
+
+    const page = (await WelcomePage({ searchParams: Promise.resolve({}) })) as ReactElement<{
+      mode: string
+    }>
+
+    expect(page.props.mode).toBe("signup-owner")
+  })
+})

packages/content/src/domain-schemas.test.ts

@@ -0,0 +1,67 @@
+import { describe, expect, it } from "vitest"
+
+import {
+  createAnnouncementInputSchema,
+  createCommissionInputSchema,
+  createCustomerInputSchema,
+  createNavigationMenuInputSchema,
+  createPageInputSchema,
+  updateCommissionStatusInputSchema,
+  updateNavigationItemInputSchema,
+} from "./index"
+
+describe("domain schemas", () => {
+  it("applies announcement defaults", () => {
+    const result = createAnnouncementInputSchema.parse({
+      title: "Notice",
+      message: "Open slots",
+    })
+
+    expect(result.placement).toBe("global_top")
+    expect(result.priority).toBe(100)
+    expect(result.isVisible).toBe(true)
+  })
+
+  it("validates customer and commission payloads", () => {
+    const customer = createCustomerInputSchema.safeParse({
+      name: "Ada",
+      email: "ada@example.com",
+    })
+    const commission = createCommissionInputSchema.safeParse({
+      title: "Portrait",
+      status: "new",
+    })
+
+    expect(customer.success).toBe(true)
+    expect(commission.success).toBe(true)
+  })
+
+  it("rejects invalid commission status updates", () => {
+    const result = updateCommissionStatusInputSchema.safeParse({
+      id: "550e8400-e29b-41d4-a716-446655440000",
+      status: "invalid",
+    })
+
+    expect(result.success).toBe(false)
+  })
+
+  it("validates page and navigation payload constraints", () => {
+    const page = createPageInputSchema.safeParse({
+      title: "About",
+      slug: "about",
+      content: "About page",
+    })
+    const menu = createNavigationMenuInputSchema.safeParse({
+      name: "Primary",
+      slug: "primary",
+    })
+    const navUpdate = updateNavigationItemInputSchema.safeParse({
+      id: "550e8400-e29b-41d4-a716-446655440000",
+      sortOrder: -1,
+    })
+
+    expect(page.success).toBe(true)
+    expect(menu.success).toBe(true)
+    expect(navUpdate.success).toBe(false)
+  })
+})

packages/db/src/posts.test.ts

@@ -0,0 +1,75 @@
+import { beforeEach, describe, expect, it, vi } from "vitest"
+
+const { mockDb } = vi.hoisted(() => ({
+  mockDb: {
+    post: {
+      create: vi.fn(),
+      findMany: vi.fn(),
+      findUnique: vi.fn(),
+      update: vi.fn(),
+      delete: vi.fn(),
+    },
+  },
+}))
+
+vi.mock("./client", () => ({
+  db: mockDb,
+}))
+
+import { createPost, getPostBySlug, listPosts, updatePost } from "./posts"
+
+describe("posts service", () => {
+  beforeEach(() => {
+    for (const fn of Object.values(mockDb.post)) {
+      if (typeof fn === "function") {
+        fn.mockReset()
+      }
+    }
+  })
+
+  it("lists posts ordered by update date desc", async () => {
+    mockDb.post.findMany.mockResolvedValue([])
+
+    await listPosts()
+
+    expect(mockDb.post.findMany).toHaveBeenCalledTimes(1)
+    expect(mockDb.post.findMany.mock.calls[0]?.[0]).toMatchObject({
+      orderBy: {
+        updatedAt: "desc",
+      },
+    })
+  })
+
+  it("parses create and update payloads through crud service", async () => {
+    mockDb.post.create.mockResolvedValue({ id: "post-1" })
+    mockDb.post.findUnique.mockResolvedValue({ id: "550e8400-e29b-41d4-a716-446655440000" })
+    mockDb.post.update.mockResolvedValue({ id: "post-1" })
+
+    await createPost({
+      title: "A title",
+      slug: "a-title",
+      body: "Body",
+      status: "draft",
+    })
+
+    await updatePost("550e8400-e29b-41d4-a716-446655440000", {
+      title: "Updated",
+    })
+
+    expect(mockDb.post.create).toHaveBeenCalledTimes(1)
+    expect(mockDb.post.update).toHaveBeenCalledTimes(1)
+  })
+
+  it("finds posts by slug", async () => {
+    mockDb.post.findUnique.mockResolvedValue({ id: "post-1", slug: "hello" })
+
+    await getPostBySlug("hello")
+
+    expect(mockDb.post.findUnique).toHaveBeenCalledTimes(1)
+    expect(mockDb.post.findUnique).toHaveBeenCalledWith({
+      where: {
+        slug: "hello",
+      },
+    })
+  })
+})