import { signal } from '@angular/core'; import { TestBed } from '@angular/core/testing'; import { AuthService } from './auth.service'; import { authenticatedGuard } from './authenticated.guard'; class FakeAuth extends AuthService { readonly isAuthenticated = signal(false); readonly bsn = signal(undefined); login(): void { /* spied in tests */ } logout(): void { /* noop */ } } function runGuard(authenticated: boolean) { const auth = new FakeAuth(); auth.isAuthenticated.set(authenticated); const loginSpy = vi.spyOn(auth, 'login'); TestBed.configureTestingModule({ providers: [{ provide: AuthService, useValue: auth }], }); const result = TestBed.runInInjectionContext(() => authenticatedGuard(null as never, null as never), ); return { result, loginSpy }; } describe('authenticatedGuard', () => { it('allows the route for an authenticated user', () => { const { result, loginSpy } = runGuard(true); expect(result).toBe(true); expect(loginSpy).not.toHaveBeenCalled(); }); it('blocks and starts DigiD login when not authenticated', () => { const { result, loginSpy } = runGuard(false); expect(result).toBe(false); expect(loginSpy).toHaveBeenCalledTimes(1); }); });