test(auth): add coverage for local strategy unexpected error path

Adds an integration test that mocks AuthService.authenticate to throw a plain
Error (non-AppError) and verifies the server responds with 500, covering the
done(err) branch in the local passport strategy.

Author: PierreBrisorgueil

modules/auth/tests/auth.integration.tests.js

@@ -16,6 +16,7 @@ import config from '../../../config/index.js';
  */
 describe('Auth integration tests:', () => {
   let UserService = null;
+  let AuthService = null;
   let agent;
   let credentials;
   let user;
@@ -28,6 +29,7 @@ describe('Auth integration tests:', () => {
     try {
       const init = await bootstrap();
       UserService = (await import(path.resolve('./modules/users/services/users.service.js'))).default;
+      AuthService = (await import(path.resolve('./modules/auth/services/auth.service.js'))).default;
       agent = request.agent(init.app);
     } catch (err) {
       console.log(err);
@@ -794,6 +796,12 @@ describe('Auth integration tests:', () => {
       const result = await agent.get('/api/auth/reset/sometoken').expect(302);
       expect(result.headers.location).toBe('/api/password/reset/invalid');
     });
+
+    test('should return 500 when local strategy authenticate throws an unexpected error', async () => {
+      const spy = jest.spyOn(AuthService, 'authenticate').mockRejectedValueOnce(new Error('DB failure'));
+      await agent.post('/api/auth/signin').send({ email: 'a@b.com', password: 'pass' }).expect(500);
+      spy.mockRestore();
+    });
   });
 
   // Mongoose disconnect