Problem
The test suite added in PR #141 (apps/public-api/src/__tests__/userAuth.email.test.js) does not cover the existing-unverified-user resend branch inside controller.signup (the code path that fires when a user who already registered but never verified their email tries to sign up again).
This path also generates an OTP and, without a test, could silently regress back to Math.random() without failing any tests.
Desired Change
Add a test case to the OTP generation uses CSPRNG suite that:
- Simulates a signup attempt with an already-registered but unverified email.
- Asserts that
crypto.randomInt is called with (100000, 1000000) on that code path.
Context
Identified during review of PR #141 (Fix/weak OTP generation). The main PRNG fix is complete (#105); this is a test-coverage follow-up.
PR reference: #141
Raised by: @yash-pouranik
Problem
The test suite added in PR #141 (
apps/public-api/src/__tests__/userAuth.email.test.js) does not cover the existing-unverified-user resend branch insidecontroller.signup(the code path that fires when a user who already registered but never verified their email tries to sign up again).This path also generates an OTP and, without a test, could silently regress back to
Math.random()without failing any tests.Desired Change
Add a test case to the
OTP generation uses CSPRNGsuite that:crypto.randomIntis called with(100000, 1000000)on that code path.Context
Identified during review of PR #141 (Fix/weak OTP generation). The main PRNG fix is complete (#105); this is a test-coverage follow-up.
PR reference: #141
Raised by: @yash-pouranik