Merge remote-tracking branch 'origin/feat/endpoints-beschermen-met-authenticatie-#105' into feat/endpoints-beschermen-met-authenticatie-#105

# Conflicts: # backend/src/middleware/auth/checks/auth-checks.ts # backend/src/middleware/auth/checks/class-auth-checks.ts # backend/src/routes/teachers.ts # frontend/src/views/assignments/UserAssignments.vue
2025-05-15 20:58:21 +02:00 · 2025-05-15 20:58:21 +02:00 · 7da52284e6
commit 7da52284e6
parent fc0d3b5c84 7e2160f70d
40 changed files with 1042 additions and 541 deletions
--- a/backend/src/middleware/auth/checks/auth-checks.ts
+++ b/backend/src/middleware/auth/checks/auth-checks.ts
@ -4,6 +4,7 @@ import * as express from 'express';
 import { RequestHandler } from 'express';
 import { UnauthorizedException } from '../../../exceptions/unauthorized-exception.js';
 import { ForbiddenException } from '../../../exceptions/forbidden-exception.js';
+import { envVars, getEnvVar } from '../../../util/envVars.js';
 import {AccountType} from "@dwengo-1/common/util/account-types";

 /**
@ -15,6 +16,17 @@ import {AccountType} from "@dwengo-1/common/util/account-types";
 export function authorize<P, ResBody, ReqBody, ReqQuery, Locals extends Record<string, unknown>>(
    accessCondition: (auth: AuthenticationInfo, req: AuthenticatedRequest<P, ResBody, ReqBody, ReqQuery, Locals>) => boolean | Promise<boolean>
 ): RequestHandler<P, ResBody, ReqBody, ReqQuery, Locals> {
+    // Bypass authentication during testing
+    if (getEnvVar(envVars.RunMode) === 'test') {
+        return async (
+            _req: AuthenticatedRequest<P, ResBody, ReqBody, ReqQuery, Locals>,
+            _res: express.Response,
+            next: express.NextFunction
+        ): Promise<void> => {
+            next();
+        };
+    }
+
    return async (
        req: AuthenticatedRequest<P, ResBody, ReqBody, ReqQuery, Locals>,
        _res: express.Response,