fix: resolve failing backend tests for auth routes and user model (#278)

[JayRathore10]

🔧 Fix: Resolve failing backend test suites for Auth Routes and User Model (#278)

📌 Overview

This PR fixes multiple failing backend test cases related to Auth Routes and the User Model. The root cause was incorrect usage of Mongoose middleware, which caused errors during user creation and authentication flows.

---

🐛 Issues Identified

• ❌ TypeError: next is not a function in User model pre-save hook
• ❌ Signup route returning 500 instead of 201
• ❌ Login and authentication tests failing due to user creation issues
• ❌ Password hashing not functioning correctly

---

✅ Fixes Implemented

• ✔ Refactored Mongoose pre-save hook to use proper async/await pattern (removed next usage)
• ✔ Ensured password hashing only occurs when the password is modified
• ✔ Fixed comparePassword method for accurate authentication
• ✔ Stabilized Auth Routes test suite (signup, login, logout)
• ✔ Improved test reliability by isolating database operations

---

🧪 Test Results

• ✅ All User Model tests are now passing
• ✅ All Auth Routes tests are now passing
• ✅ No runtime errors during test execution

---

📂 Files Modified

• backend/models/User.js
• spec/user.model.spec.cjs
• spec/auth.routes.spec.cjs

---

🏷️ Open Source Context

This PR is submitted as part of GSSoC (GirlScript Summer of Code) contribution.

👤 Contributor Profile

GSSoC Profile: https://gssoc.girlscript.org/profile/e47b2f4a-f3e9-4cb4-97b5-ddd8cb15a1e9

---

🚀 Impact

This fix ensures:

• Reliable backend test execution
• Correct authentication flow
• Improved code quality and maintainability

---

Screenshot of npm run test

📎 Notes

No breaking changes introduced. Existing functionality remains intact while fixing test stability and backend logic.

Summary by CodeRabbit

• Dependencies

  • Bumped Express, Mongoose, and bcryptjs for stability and security.

• Tests

  • Added Jasmine alongside existing test tooling and improved test setup and assertions for more reliable test runs.

• Chores

  • Ensured production Docker run script is present/updated.

[netlify]

✅ Deploy Preview for github-spy ready!

Name	Link
🔨 Latest commit	df719ab
🔍 Latest deploy log	https://app.netlify.com/projects/github-spy/deploys/6a09d5686a2eb00008f7f1d3
😎 Deploy Preview	https://deploy-preview-286--github-spy.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR refactors the User model's password middleware from callback-based (next pattern) to async/await with early return, removes try/catch so errors propagate via async middleware, simplifies comparePassword to return the bcrypt promise, updates package scripts/dependencies, and modernizes model and auth tests to seed users directly and use conditional DB teardown.

Changes

User Password Middleware Modernization

Layer / File(s)	Summary
User model async password middleware backend/models/User.js	The UserSchema.pre('save') hook removes the next callback and uses early return when password is unmodified; comparePassword returns the bcrypt.compare promise directly.
Package.json dependency and scripts updates package.json	Adds a test script entry set to jasmine (duplicate test key present), ensures docker:prod, adds express and bumps mongoose to ^9.6.2, and bumps bcryptjs in devDependencies to ^3.0.3.
User model password behavior tests spec/user.model.spec.cjs	Connects to MongoDB without legacy options, conditionally drops DB on teardown, and updates assertions to expect(...).toBe(true/false); tests verify hashing on save, non-rehash on unrelated updates, and compare behavior.
Auth route integration tests spec/auth.routes.spec.cjs	Test app wiring updated (session config, passport init order). Lifecycle hooks simplified and conditional DB cleanup added. Tests now seed users via User.create() and validate signup, login (correct/incorrect), and logout flows.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I hopped through async night's embrace,
No more next to block my pace,
Passwords hashed, comparisons true,
Tests connect, then clean on cue,
A joyful rabbit in refactor grace 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: fixing failing backend tests for auth routes and user model, which aligns with the PR's primary objective.
Description check	✅ Passed	The description comprehensively covers the template requirements with clear sections for issues, fixes, test results, and files modified, though it omits the formal 'Related Issue' and 'How Has This Been Tested' sections.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🎉 Thank you @JayRathore10 for your contribution. Please make sure your PR follows https://github.com/GitMetricsLab/github_tracker/blob/main/CONTRIBUTING.md#-pull-request-guidelines

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Line 46: The listed auth/session libraries (bcryptjs, passport,
passport-local, express-session) are runtime backend deps but currently live in
devDependencies; edit package.json to remove these four entries from
devDependencies and add them under dependencies with their existing version
strings, then run your package manager (npm install or yarn) to update
package-lock.json/yarn.lock so production installs include them; verify no other
code references remain that assume dev-only usage and that the server starts
correctly.

In `@spec/auth.routes.spec.cjs`:
- Line 39: The test suite currently calls
mongoose.connect('mongodb://127.0.0.1:27017/github_tracker_test') which shares a
fixed database with other specs and causes teardown races when dropDatabase() is
called; change the connect call so this suite uses an isolated database name
(e.g., append a unique suffix like process.pid, Date.now(), a UUID, or the test
worker id) so that mongoose.connect(...) creates a per-suite DB and
dropDatabase() only affects that DB; update any teardown that references
dropDatabase() to operate on the same unique DB name (referencing the
mongoose.connect call and the existing dropDatabase() call to ensure they use
the same derived name).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 851efbc1-4313-46a5-a04d-fba04346b05c

📥 Commits

Reviewing files that changed from the base of the PR and between 7a15543 and 856baf6.

📒 Files selected for processing (4)

• backend/models/User.js
• package.json
• spec/auth.routes.spec.cjs
• spec/user.model.spec.cjs

[mehul-m-prajapati]

@JayRathore10 - pls resolve conflicts

[JayRathore10]

@mehul-m-prajapati

Conflicts have been resolved. Kindly check and review the PR again.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Line 15: The package.json contains a duplicate scripts.test key that
overwrites the earlier entry (the two values are "vitest" and "jasmine"); update
scripts so both test runners are preserved—either rename one (e.g. "test:unit":
"vitest" and "test:legacy": "jasmine") and keep "test" as a harness that runs
both, or make "test" a combined command (using && or a runner like npm-run-all)
that invokes "vitest" and "jasmine"; adjust the scripts object entries
(referencing scripts.test, "vitest", and "jasmine") accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5d5660d6-bb87-4509-914b-d773992c0d4c

📥 Commits

Reviewing files that changed from the base of the PR and between 856baf6 and df719ab.

📒 Files selected for processing (1)

• package.json

[JayRathore10]

@JayRathore10 - pls resolve conflicts

Conflicts have been resolved. Kindly check and review the PR again.