diff --git a/libs/common/src/dirt/services/hibp-api.service.spec.ts b/libs/common/src/dirt/services/hibp-api.service.spec.ts index fd2a54bdd10..9e08b4d0623 100644 --- a/libs/common/src/dirt/services/hibp-api.service.spec.ts +++ b/libs/common/src/dirt/services/hibp-api.service.spec.ts @@ -35,5 +35,26 @@ describe("HibpApiService", () => { expect(result).toHaveLength(1); expect(result[0]).toBeInstanceOf(BreachAccountResponse); }); + + it("should return empty array when no breaches found (REST semantics)", async () => { + // Server now returns 200 OK with empty array [] instead of 404 + const mockResponse: any[] = []; + const username = "safe@example.com"; + + apiService.send.mockResolvedValue(mockResponse); + + const result = await sut.getHibpBreach(username); + + expect(apiService.send).toHaveBeenCalledWith( + "GET", + "/hibp/breach?username=" + encodeURIComponent(username), + null, + true, + true, + ); + expect(result).toEqual([]); + expect(result).toBeInstanceOf(Array); + expect(result).toHaveLength(0); + }); }); }); diff --git a/libs/common/src/services/audit.service.spec.ts b/libs/common/src/services/audit.service.spec.ts index b0e96eb5c5c..e653b026735 100644 --- a/libs/common/src/services/audit.service.spec.ts +++ b/libs/common/src/services/audit.service.spec.ts @@ -1,7 +1,6 @@ import { ApiService } from "../abstractions/api.service"; import { HibpApiService } from "../dirt/services/hibp-api.service"; import { CryptoFunctionService } from "../key-management/crypto/abstractions/crypto-function.service"; -import { ErrorResponse } from "../models/response/error.response"; import { AuditService } from "./audit.service"; @@ -73,14 +72,16 @@ describe("AuditService", () => { expect(mockApi.nativeFetch).toHaveBeenCalledTimes(4); }); - it("should return empty array for breachedAccounts on 404", async () => { - mockHibpApi.getHibpBreach.mockRejectedValueOnce({ statusCode: 404 } as ErrorResponse); + it("should return empty array for breachedAccounts when no breaches found", async () => { + // Server returns 200 with empty array (correct REST semantics) + mockHibpApi.getHibpBreach.mockResolvedValueOnce([]); const result = await auditService.breachedAccounts("user@example.com"); expect(result).toEqual([]); }); - it("should throw error for breachedAccounts on non-404 error", async () => { - mockHibpApi.getHibpBreach.mockRejectedValueOnce({ statusCode: 500 } as ErrorResponse); - await expect(auditService.breachedAccounts("user@example.com")).rejects.toThrow(); + it("should propagate errors from breachedAccounts", async () => { + const error = new Error("API error"); + mockHibpApi.getHibpBreach.mockRejectedValueOnce(error); + await expect(auditService.breachedAccounts("user@example.com")).rejects.toBe(error); }); }); diff --git a/libs/common/src/services/audit.service.ts b/libs/common/src/services/audit.service.ts index 0bdf45917de..7762c2cbd93 100644 --- a/libs/common/src/services/audit.service.ts +++ b/libs/common/src/services/audit.service.ts @@ -6,7 +6,6 @@ import { AuditService as AuditServiceAbstraction } from "../abstractions/audit.s import { BreachAccountResponse } from "../dirt/models/response/breach-account.response"; import { HibpApiService } from "../dirt/services/hibp-api.service"; import { CryptoFunctionService } from "../key-management/crypto/abstractions/crypto-function.service"; -import { ErrorResponse } from "../models/response/error.response"; import { Utils } from "../platform/misc/utils"; const PwnedPasswordsApi = "https://api.pwnedpasswords.com/range/"; @@ -70,14 +69,6 @@ export class AuditService implements AuditServiceAbstraction { } async breachedAccounts(username: string): Promise { - try { - return await this.hibpApiService.getHibpBreach(username); - } catch (e) { - const error = e as ErrorResponse; - if (error.statusCode === 404) { - return []; - } - throw new Error(); - } + return this.hibpApiService.getHibpBreach(username); } }