immich-app · jrasm91 · Feb 4, 2026 · Feb 4, 2026
diff --git a/open-api/immich-openapi-specs.json b/open-api/immich-openapi-specs.json
@@ -15760,7 +15760,7 @@
             "type": "string"
           },
           "duplicateId": {
-            "description": "Duplicate asset ID",
+            "description": "Duplicate ID",
             "nullable": true,
             "type": "string"
           },
@@ -19038,6 +19038,7 @@
               "format": "uuid",
               "type": "string"
             },
+            "minItems": 1,
             "type": "array"
           }
         },
@@ -19128,6 +19129,7 @@
               "format": "uuid",
               "type": "string"
             },
+            "minItems": 1,
             "type": "array"
           },
           "readAt": {
@@ -25069,6 +25071,12 @@
             "description": "User password",
             "type": "string"
           },
+          "pinCode": {
+            "description": "PIN code",
+            "example": "123456",
+            "nullable": true,
+            "type": "string"
+          },
           "quotaSizeInBytes": {
             "description": "Storage quota in bytes",
             "format": "int64",

diff --git a/open-api/typescript-sdk/src/fetch-client.ts b/open-api/typescript-sdk/src/fetch-client.ts
@@ -233,6 +233,8 @@ export type UserAdminCreateDto = {
     notify?: boolean;
     /** User password */
     password: string;
+    /** PIN code */
+    pinCode?: string | null;
     /** Storage quota in bytes */
     quotaSizeInBytes?: number | null;
     /** Require password change on next login */
@@ -822,7 +824,7 @@ export type AssetBulkUpdateDto = {
     dateTimeRelative?: number;
     /** Asset description */
     description?: string;
-    /** Duplicate asset ID */
+    /** Duplicate ID */
     duplicateId?: string | null;
     /** Asset IDs to update */
     ids: string[];

@@ -24,6 +24,34 @@ describe(AssetController.name, () => {
       await request(ctx.getHttpServer()).put(`/assets`);
       expect(ctx.authenticate).toHaveBeenCalled();
     });
+
+    it('should require a valid uuid', async () => {
+      const { status, body } = await request(ctx.getHttpServer())
+        .put(`/assets`)
+        .send({ ids: ['123'] });
+
+      expect(status).toBe(400);
+      expect(body).toEqual(factory.responses.badRequest(['each value in ids must be a UUID']));
+    });
+
+    it('should require duplicateId to be a string', async () => {
+      const id = factory.uuid();
+      const { status, body } = await request(ctx.getHttpServer())
+        .put(`/assets`)
+        .send({ ids: [id], duplicateId: true });
+
+      expect(status).toBe(400);
+      expect(body).toEqual(factory.responses.badRequest(['duplicateId must be a string']));
+    });
+
+    it('should accept a null duplicateId', async () => {
+      const id = factory.uuid();
+      await request(ctx.getHttpServer())
+        .put(`/assets`)
+        .send({ ids: [id], duplicateId: null });
+
+      expect(service.updateAll).toHaveBeenCalledWith(undefined, expect.objectContaining({ duplicateId: null }));
+    });
   });
 
   describe('DELETE /assets', () => {

@@ -0,0 +1,36 @@
+import { NotificationAdminController } from 'src/controllers/notification-admin.controller';
+import { NotificationAdminService } from 'src/services/notification-admin.service';
+import request from 'supertest';
+import { factory } from 'test/small.factory';
+import { ControllerContext, controllerSetup, mockBaseService } from 'test/utils';
+
+describe(NotificationAdminController.name, () => {
+  let ctx: ControllerContext;
+  const service = mockBaseService(NotificationAdminService);
+
+  beforeAll(async () => {
+    ctx = await controllerSetup(NotificationAdminController, [
+      { provide: NotificationAdminService, useValue: service },
+    ]);
+    return () => ctx.close();
+  });
+
+  beforeEach(() => {
+    service.resetAllMocks();
+    ctx.reset();
+  });
+
+  describe('POST /admin/notifications', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).post('/admin/notifications');
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+
+    it('should accept a null readAt', async () => {
+      await request(ctx.getHttpServer())
+        .post(`/admin/notifications`)
+        .send({ title: 'Test', userId: factory.uuid(), readAt: null });
+      expect(service.create).toHaveBeenCalledWith(undefined, expect.objectContaining({ readAt: null }));
+    });
+  });
+});
@@ -37,9 +37,33 @@ describe(NotificationController.name, () => {
 
   describe('PUT /notifications', () => {
     it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).get('/notifications');
+      await request(ctx.getHttpServer()).put('/notifications');
       expect(ctx.authenticate).toHaveBeenCalled();
     });
+
+    describe('ids', () => {
+      it('should require a list', async () => {
+        const { status, body } = await request(ctx.getHttpServer()).put(`/notifications`).send({ ids: true });
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest(expect.arrayContaining(['ids must be an array'])));
+      });
+
+      it('should require uuids', async () => {
+        const { status, body } = await request(ctx.getHttpServer())
+          .put(`/notifications`)
+          .send({ ids: [true] });
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest(['each value in ids must be a UUID']));
+      });
+
+      it('should accept valid uuids', async () => {
+        const id = factory.uuid();
+        await request(ctx.getHttpServer())
+          .put(`/notifications`)
+          .send({ ids: [id] });
+        expect(service.updateAll).toHaveBeenCalledWith(undefined, expect.objectContaining({ ids: [id] }));
+      });
+    });
   });
 
   describe('GET /notifications/:id', () => {
@@ -60,5 +84,11 @@ describe(NotificationController.name, () => {
       await request(ctx.getHttpServer()).put(`/notifications/${factory.uuid()}`).send({ readAt: factory.date() });
       expect(ctx.authenticate).toHaveBeenCalled();
     });
+
+    it('should accept a null readAt', async () => {
+      const id = factory.uuid();
+      await request(ctx.getHttpServer()).put(`/notifications/${id}`).send({ readAt: null });
+      expect(service.update).toHaveBeenCalledWith(undefined, id, expect.objectContaining({ readAt: null }));
+    });
   });
 });
@@ -58,6 +58,11 @@ describe(PersonController.name, () => {
       await request(ctx.getHttpServer()).post('/people').send({ birthDate: '' });
       expect(service.create).toHaveBeenCalledWith(undefined, { birthDate: null });
     });
+
+    it('should map an empty color to null', async () => {
+      await request(ctx.getHttpServer()).post('/people').send({ color: '' });
+      expect(service.create).toHaveBeenCalledWith(undefined, { color: null });
+    });
   });
 
   describe('DELETE /people', () => {

@@ -0,0 +1,34 @@
+import { SharedLinkController } from 'src/controllers/shared-link.controller';
+import { SharedLinkType } from 'src/enum';
+import { SharedLinkService } from 'src/services/shared-link.service';
+import request from 'supertest';
+import { ControllerContext, controllerSetup, mockBaseService } from 'test/utils';
+
+describe(SharedLinkController.name, () => {
+  let ctx: ControllerContext;
+  const service = mockBaseService(SharedLinkService);
+
+  beforeAll(async () => {
+    ctx = await controllerSetup(SharedLinkController, [{ provide: SharedLinkService, useValue: service }]);
+    return () => ctx.close();
+  });
+
+  beforeEach(() => {
+    service.resetAllMocks();
+    ctx.reset();
+  });
+
+  describe('POST /shared-links', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).post('/shared-links');
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+
+    it('should allow an null expiresAt', async () => {
+      await request(ctx.getHttpServer())
+        .post('/shared-links')
+        .send({ expiresAt: null, type: SharedLinkType.Individual });
+      expect(service.create).toHaveBeenCalledWith(undefined, expect.objectContaining({ expiresAt: null }));
+    });
+  });
+});
@@ -0,0 +1,73 @@
+import { TagController } from 'src/controllers/tag.controller';
+import { TagService } from 'src/services/tag.service';
+import request from 'supertest';
+import { errorDto } from 'test/medium/responses';
+import { factory } from 'test/small.factory';
+import { ControllerContext, controllerSetup, mockBaseService } from 'test/utils';
+
+describe(TagController.name, () => {
+  let ctx: ControllerContext;
+  const service = mockBaseService(TagService);
+
+  beforeAll(async () => {
+    ctx = await controllerSetup(TagController, [{ provide: TagService, useValue: service }]);
+    return () => ctx.close();
+  });
+
+  beforeEach(() => {
+    service.resetAllMocks();
+    ctx.reset();
+  });
+
+  describe('GET /tags', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).get('/tags');
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+  });
+
+  describe('POST /tags', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).post('/tags');
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+
+    it('should a null parentId', async () => {
+      await request(ctx.getHttpServer()).post(`/tags`).send({ name: 'tag', parentId: null });
+      expect(service.create).toHaveBeenCalledWith(undefined, expect.objectContaining({ parentId: null }));
+    });
+  });
+
+  describe('PUT /tags', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).put('/tags');
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+  });
+
+  describe('GET /tags/:id', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).get(`/tags/${factory.uuid()}`);
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+
+    it('should require a valid uuid', async () => {
+      const { status, body } = await request(ctx.getHttpServer()).get(`/tags/123`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest([expect.stringContaining('id must be a UUID')]));
+    });
+  });
+
+  describe('PUT /tags/:id', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).put(`/tags/${factory.uuid()}`);
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+
+    it('should allow setting a null color via an empty string', async () => {
+      const id = factory.uuid();
+      await request(ctx.getHttpServer()).put(`/tags/${id}`).send({ color: '' });
+      expect(service.update).toHaveBeenCalledWith(undefined, id, expect.objectContaining({ color: null }));
+    });
+  });
+});