WEB-840: Implement Unit Test Suite for AuthenticationInterceptor

[DeathGun44]

Description

Adds the interceptor unit test suite for the codebase. Covers all 6 public methods of [AuthenticationInterceptor] with 10 test cases across 4 describe blocks - tenant header injection, Basic/Bearer auth token switching, two-factor authentication headers, and header cleanup methods.

Related issues and discussion

#WEB-840

Checklist

Please make sure these boxes are checked before submitting your pull request - thanks!

• If you have multiple commits please combine them into one commit by squashing them.

• Read and understood the contribution guidelines at web-app/.github/CONTRIBUTING.md.

Summary by CodeRabbit

• Tests
  • Added comprehensive unit tests for the authentication interceptor covering internal vs external request handling and tenant header logic.
  • Verified authorization header behavior with OAuth on/off, token prefixing, and header cleanup.
  • Included two-factor authentication token handling and end-to-end HTTP request checks to ensure consistent runtime behavior.

[coderabbitai]

Note

.coderabbit.yaml has unrecognized properties

CodeRabbit is using all valid settings from your configuration. Unrecognized properties (listed below) have been ignored and may indicate typos or deprecated fields that can be removed.

⚠️ Parsing warnings (1)

Validation error: Unrecognized key(s) in object: 'pre_merge_checks'

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: fb131b16-7a77-427e-b1ca-b42b1eb8f2c1

📥 Commits

Reviewing files that changed from the base of the PR and between b2b0eb6 and a49a93f.

📒 Files selected for processing (1)

• src/app/core/authentication/authentication.interceptor.spec.ts

---

Walkthrough

Adds a comprehensive unit test suite for AuthenticationInterceptor validating header injection/removal, tenant selection, OAuth authorization prefixing, two-factor token handling, and behavior differences between internal and external HTTP requests using HttpClientTestingModule and a mocked SettingsService.

Changes

Cohort / File(s)	Summary
AuthenticationInterceptor Test Suite src/app/core/authentication/authentication.interceptor.spec.ts	New unit tests exercising interceptor behavior: internal vs external URL handling, tenant header injection and custom tenant selection, authorization header propagation and OAuth prefix logic, Fineract-Platform-TFA-Token set/remove, and helper removal methods; uses TestBed, HttpClientTestingController, and mocked SettingsService.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'WEB-840: Implement Unit Test Suite for AuthenticationInterceptor' is clear, concise, and directly summarizes the main change - adding a comprehensive unit test suite for the AuthenticationInterceptor class.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can use Trivy to scan for security misconfigurations and secrets in Infrastructure as Code files.

Add a .trivyignore file to your project to customize which findings Trivy reports.

[coderabbitai]

🧹 Nitpick comments (1)

src/app/core/authentication/authentication.interceptor.spec.ts (1)

71-79: External URL test covers only https:// protocol.

The test verifies that https:// URLs bypass Fineract headers, but the interceptor implementation (per context snippet 1) also checks for http:// URLs. Consider adding a test case for http:// external URLs for complete coverage of the bypass logic.

💡 Optional: Add http:// external URL test

it('should pass http external URLs through without Fineract headers', async () => {
  const resultPromise = firstValueFrom(http.get('http://api.external.com/data'));

  const req = httpMock.expectOne((r) => r.url === 'http://api.external.com/data' && r.method === 'GET');
  expect(req.request.headers.has('Fineract-Platform-TenantId')).toBe(false);

  req.flush({});
  await resultPromise;
});

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/app/core/authentication/authentication.interceptor.spec.ts` around lines
71 - 79, Add a parallel test to the existing external URL spec to cover the http
protocol: create an it block similar to the https test that uses
firstValueFrom(http.get('http://api.external.com/data')), assert
httpMock.expectOne matches url 'http://api.external.com/data' and method 'GET',
verify the request.headers does not have 'Fineract-Platform-TenantId', flush an
empty response and await the promise; reference the same helpers used in the
file (firstValueFrom, http, httpMock) to mirror the https test's structure.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/app/core/authentication/authentication.interceptor.spec.ts`:
- Around line 71-79: Add a parallel test to the existing external URL spec to
cover the http protocol: create an it block similar to the https test that uses
firstValueFrom(http.get('http://api.external.com/data')), assert
httpMock.expectOne matches url 'http://api.external.com/data' and method 'GET',
verify the request.headers does not have 'Fineract-Platform-TenantId', flush an
empty response and await the promise; reference the same helpers used in the
file (firstValueFrom, http, httpMock) to mirror the https test's structure.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 112b8a8d-0928-4567-b62c-8b1f42173342

📥 Commits

Reviewing files that changed from the base of the PR and between abf9bac and b2b0eb6.

📒 Files selected for processing (1)

• src/app/core/authentication/authentication.interceptor.spec.ts

[IOhacker]

@shubhamkumar9199 please take a look

[DeathGun44]

@IOhacker @shubhamkumar9199 Happy to make changes if any!