test(e2e): add coverage for agent profile, KYC, payment callbacks, media upload, and listing moderation

Fills coverage gaps for untested API endpoints: - GET /auth/profile/agent (auth + unauth) - PATCH /auth/kyc (admin-only guard tests) - POST /payments/callback/:provider (VNPay, MoMo, ZaloPay webhooks) - POST /listings/:id/media (multipart upload validation) - PATCH /listings/:id/moderate (admin-only moderation) Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-08 03:28:27 +07:00
parent cb00b12d7b
commit 7a242d7e45
5 changed files with 281 additions and 0 deletions
--- a/e2e/api/auth-kyc.spec.ts
+++ b/e2e/api/auth-kyc.spec.ts
@@ -0,0 +1,38 @@
+import { test, expect } from '../fixtures';
+
+test.describe('PATCH /auth/kyc — KYC verification (admin only)', () => {
+  test('rejects unauthenticated KYC update', async ({ request }) => {
+    const res = await request.patch('/auth/kyc', {
+      data: {
+        userId: 'some-user-id',
+        kycStatus: 'VERIFIED',
+      },
+    });
+
+    expect(res.status()).toBe(401);
+  });
+
+  test('rejects KYC update from non-admin user', async ({ authedRequest }) => {
+    const res = await authedRequest.patch('/auth/kyc', {
+      data: {
+        userId: 'some-user-id',
+        kycStatus: 'VERIFIED',
+      },
+    });
+
+    expect(res.ok()).toBeFalsy();
+    expect([401, 403]).toContain(res.status());
+  });
+
+  test('rejects KYC update with invalid status', async ({ authedRequest }) => {
+    const res = await authedRequest.patch('/auth/kyc', {
+      data: {
+        userId: 'some-user-id',
+        kycStatus: 'INVALID_STATUS',
+      },
+    });
+
+    expect(res.ok()).toBeFalsy();
+    expect([400, 401, 403]).toContain(res.status());
+  });
+});