test: use fresh request(app) inside describe('Logout') blocks (#3472)

[PierreBrisorgueil]

Summary

• In describe('Logout') blocks, replace the shared stateful supertest agent with a fresh request(app) per test so no cookie state leaks into later describe blocks.
• Applied to modules/home/tests/home.integration.tests.js and modules/users/tests/user.account.integration.tests.js. tasks.integration.tests.js already followed the correct pattern — kept as canonical source-of-truth.

Why

The shared agent is cookie-stateful per Express app. When a prior describe block signs up a user and then deletes it in afterEach (UserService.remove(user)), the agent keeps a stale TOKEN cookie. Subsequent describe blocks that reuse the same agent can then hit 401s or socket hang ups on the first auth-middleware call — the exact symptom the downstream trawl_node historys.integration.tests.js:199 was reporting.

Because jest drops the DB once via globalSetup but doesn't reset in-memory agent state, the failure only surfaces in full-suite runs (not when the test file is run in isolation). Fresh Mongo containers per CI run mask it; local dev sees it as flaky noise.

Pattern applied

describe('Logout', () => {
  test('unauthenticated call returns 401', async () => {
    await request(app).get('/api/...').expect(401);
  });
});

Auth-required sub-tests inside Logout blocks (e.g. admin health in home tests) continue to use explicit set('Cookie', 'TOKEN=\${jwt}') from JWT tokens minted at the suite level — no reliance on agent cookies.

Propagation

This is the devkit source-of-truth. /update-all-projects will propagate to the 6+ downstream test files that inherit this structure in:

• comes_node, trawl_node, montaine_node, ism_node, pierreb_node

Test plan

• npm run lint — clean
• npm run test:unit — 508 tests passing (unchanged)
• Changed files run together in isolation — 78/78 passing
• Full integration suite on CI (pre-existing flakiness in user.account.integration + user.admin.integration around stale-user signups is unrelated — reproduces on master without these changes)

Closes #3472

[coderabbitai]

Warning

Rate limit exceeded

@PierreBrisorgueil has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 48 minutes and 43 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 48 minutes and 43 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: fe4f8c0a-4610-4ecb-b07f-4c7e14da2083

📥 Commits

Reviewing files that changed from the base of the PR and between f8542e3 and 689847c.

📒 Files selected for processing (2)

• modules/home/tests/home.integration.tests.js
• modules/users/tests/user.account.integration.tests.js

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/logout-describe-agent-cookie-3472

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates integration tests to prevent stateful Supertest agent cookies from leaking across describe('Logout') blocks, eliminating a known source of full-suite flakiness (#3472) in devkit tests that propagate downstream.

Changes:

• Introduce an app reference captured from bootstrap() so tests can use fresh request(app) instances.
• Replace agent usage with request(app) inside describe('Logout') blocks in the affected test suites.
• Add inline comments documenting the “fresh request per test” pattern and rationale.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
modules/users/tests/user.account.integration.tests.js	Captures app from bootstrap and switches Logout-block tests to request(app) to avoid stale auth cookies.
modules/home/tests/home.integration.tests.js	Captures app from bootstrap and switches public/Logout-block tests to request(app) while keeping explicit JWT cookie headers where needed.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.85%. Comparing base (f4ba797) to head (689847c).
⚠️ Report is 11 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #3490   +/-   ##
=======================================
  Coverage   85.85%   85.85%           
=======================================
  Files         115      115           
  Lines        2919     2919           
  Branches      809      809           
=======================================
  Hits         2506     2506           
  Misses        327      327           
  Partials       86       86           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[codacy-production]

Pull Request Overview

This PR cannot be merged in its current state as it contains no code changes. The stated objective is to resolve intermittent 401 errors in CI by moving from stateful Supertest agents to fresh request instances in 'Logout' blocks. However, the files intended for modification—modules/home/tests/home.integration.tests.js and modules/users/tests/user.account.integration.tests.js—remain untouched in the diff. Please ensure all commits are pushed to the branch before proceeding.

About this PR

• The PR does not contain any code changes. While the intent to prevent state leakage in integration tests is documented, the implementation in modules/home/tests/home.integration.tests.js and modules/users/tests/user.account.integration.tests.js is missing.

Test suggestions

• Verify 'Logout' block in home.integration.tests.js uses fresh request(app) instead of shared agent
• Verify 'Logout' block in user.account.integration.tests.js uses fresh request(app) instead of shared agent
• Verify that authentication-dependent tests within those blocks use explicit Cookie headers

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify 'Logout' block in home.integration.tests.js uses fresh request(app) instead of shared agent
2. Verify 'Logout' block in user.account.integration.tests.js uses fresh request(app) instead of shared agent
3. Verify that authentication-dependent tests within those blocks use explicit Cookie headers

---

🗒️ Improve review quality by adding custom instructions

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes. Give us feedback}