@atproto/pds 0.5.12 → 0.5.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
- package/dist/api/app/bsky/notification/index.js +2 -0
- package/dist/api/app/bsky/notification/index.js.map +1 -1
- package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
- package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
- package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
- package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
- package/package.json +42 -38
- package/build.templates.cjs +0 -22
- package/example.env +0 -42
- package/jest.config.cjs +0 -27
- package/src/account-manager/account-manager.ts +0 -916
- package/src/account-manager/db/index.ts +0 -21
- package/src/account-manager/db/migrations/001-init.ts +0 -115
- package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
- package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
- package/src/account-manager/db/migrations/004-oauth.ts +0 -122
- package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
- package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
- package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
- package/src/account-manager/db/migrations/index.ts +0 -17
- package/src/account-manager/db/schema/account-device.ts +0 -14
- package/src/account-manager/db/schema/account.ts +0 -16
- package/src/account-manager/db/schema/actor.ts +0 -17
- package/src/account-manager/db/schema/app-password.ts +0 -13
- package/src/account-manager/db/schema/authorization-request.ts +0 -30
- package/src/account-manager/db/schema/authorized-client.ts +0 -23
- package/src/account-manager/db/schema/device.ts +0 -18
- package/src/account-manager/db/schema/email-token.ts +0 -19
- package/src/account-manager/db/schema/index.ts +0 -43
- package/src/account-manager/db/schema/invite-code.ts +0 -24
- package/src/account-manager/db/schema/lexicon.ts +0 -15
- package/src/account-manager/db/schema/refresh-token.ts +0 -11
- package/src/account-manager/db/schema/repo-root.ts +0 -12
- package/src/account-manager/db/schema/token.ts +0 -38
- package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
- package/src/account-manager/helpers/account-device.ts +0 -63
- package/src/account-manager/helpers/account.ts +0 -355
- package/src/account-manager/helpers/auth.ts +0 -222
- package/src/account-manager/helpers/authorization-request.ts +0 -90
- package/src/account-manager/helpers/authorized-client.ts +0 -75
- package/src/account-manager/helpers/device.ts +0 -47
- package/src/account-manager/helpers/email-token.ts +0 -87
- package/src/account-manager/helpers/invite.ts +0 -263
- package/src/account-manager/helpers/lexicon.ts +0 -67
- package/src/account-manager/helpers/password.ts +0 -136
- package/src/account-manager/helpers/repo.ts +0 -24
- package/src/account-manager/helpers/scrypt.ts +0 -53
- package/src/account-manager/helpers/token.ts +0 -158
- package/src/account-manager/helpers/used-refresh-token.ts +0 -30
- package/src/account-manager/oauth-store.ts +0 -880
- package/src/account-manager/scope-reference-getter.ts +0 -106
- package/src/actor-store/actor-store-reader.ts +0 -45
- package/src/actor-store/actor-store-resources.ts +0 -8
- package/src/actor-store/actor-store-transactor.ts +0 -31
- package/src/actor-store/actor-store-writer.ts +0 -17
- package/src/actor-store/actor-store.ts +0 -210
- package/src/actor-store/blob/reader.ts +0 -160
- package/src/actor-store/blob/transactor.ts +0 -383
- package/src/actor-store/db/index.ts +0 -20
- package/src/actor-store/db/migrations/001-init.ts +0 -105
- package/src/actor-store/db/migrations/index.ts +0 -5
- package/src/actor-store/db/schema/account-pref.ts +0 -11
- package/src/actor-store/db/schema/backlink.ts +0 -9
- package/src/actor-store/db/schema/blob.ts +0 -14
- package/src/actor-store/db/schema/index.ts +0 -23
- package/src/actor-store/db/schema/record-blob.ts +0 -8
- package/src/actor-store/db/schema/record.ts +0 -14
- package/src/actor-store/db/schema/repo-block.ts +0 -10
- package/src/actor-store/db/schema/repo-root.ts +0 -10
- package/src/actor-store/migrate.ts +0 -39
- package/src/actor-store/preference/reader.ts +0 -48
- package/src/actor-store/preference/transactor.ts +0 -55
- package/src/actor-store/preference/util.ts +0 -39
- package/src/actor-store/record/reader.ts +0 -374
- package/src/actor-store/record/transactor.ts +0 -111
- package/src/actor-store/repo/reader.ts +0 -31
- package/src/actor-store/repo/sql-repo-reader.ts +0 -150
- package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
- package/src/actor-store/repo/transactor.ts +0 -227
- package/src/api/app/bsky/actor/getPreferences.ts +0 -57
- package/src/api/app/bsky/actor/getProfile.ts +0 -41
- package/src/api/app/bsky/actor/getProfiles.ts +0 -51
- package/src/api/app/bsky/actor/index.ts +0 -13
- package/src/api/app/bsky/actor/putPreferences.ts +0 -62
- package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
- package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
- package/src/api/app/bsky/feed/getFeed.ts +0 -47
- package/src/api/app/bsky/feed/getPostThread.ts +0 -251
- package/src/api/app/bsky/feed/getTimeline.ts +0 -50
- package/src/api/app/bsky/feed/index.ts +0 -15
- package/src/api/app/bsky/index.ts +0 -11
- package/src/api/app/bsky/notification/index.ts +0 -7
- package/src/api/app/bsky/notification/registerPush.ts +0 -71
- package/src/api/app/bsky/util/resolver.ts +0 -20
- package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
- package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
- package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
- package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
- package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
- package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
- package/src/api/com/atproto/admin/index.ts +0 -31
- package/src/api/com/atproto/admin/sendEmail.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
- package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
- package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
- package/src/api/com/atproto/admin/util.ts +0 -66
- package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
- package/src/api/com/atproto/identity/index.ts +0 -17
- package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
- package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
- package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
- package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
- package/src/api/com/atproto/identity/updateHandle.ts +0 -66
- package/src/api/com/atproto/index.ts +0 -19
- package/src/api/com/atproto/moderation/createReport.ts +0 -41
- package/src/api/com/atproto/moderation/index.ts +0 -7
- package/src/api/com/atproto/repo/applyWrites.ts +0 -226
- package/src/api/com/atproto/repo/createRecord.ts +0 -143
- package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
- package/src/api/com/atproto/repo/describeRepo.ts +0 -43
- package/src/api/com/atproto/repo/getRecord.ts +0 -40
- package/src/api/com/atproto/repo/importRepo.ts +0 -101
- package/src/api/com/atproto/repo/index.ts +0 -25
- package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
- package/src/api/com/atproto/repo/listRecords.ts +0 -36
- package/src/api/com/atproto/repo/putRecord.ts +0 -211
- package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
- package/src/api/com/atproto/server/activateAccount.ts +0 -37
- package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
- package/src/api/com/atproto/server/confirmEmail.ts +0 -39
- package/src/api/com/atproto/server/createAccount.ts +0 -327
- package/src/api/com/atproto/server/createAppPassword.ts +0 -53
- package/src/api/com/atproto/server/createInviteCode.ts +0 -38
- package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
- package/src/api/com/atproto/server/createSession.ts +0 -97
- package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
- package/src/api/com/atproto/server/deleteAccount.ts +0 -85
- package/src/api/com/atproto/server/deleteSession.ts +0 -23
- package/src/api/com/atproto/server/describeServer.ts +0 -29
- package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
- package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
- package/src/api/com/atproto/server/getSession.ts +0 -80
- package/src/api/com/atproto/server/index.ts +0 -55
- package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
- package/src/api/com/atproto/server/refreshSession.ts +0 -72
- package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
- package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
- package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
- package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
- package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
- package/src/api/com/atproto/server/resetPassword.ts +0 -50
- package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
- package/src/api/com/atproto/server/updateEmail.ts +0 -52
- package/src/api/com/atproto/server/util.ts +0 -136
- package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
- package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
- package/src/api/com/atproto/sync/getBlob.ts +0 -61
- package/src/api/com/atproto/sync/getBlocks.ts +0 -37
- package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
- package/src/api/com/atproto/sync/getRecord.ts +0 -49
- package/src/api/com/atproto/sync/getRepo.ts +0 -75
- package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
- package/src/api/com/atproto/sync/index.ts +0 -27
- package/src/api/com/atproto/sync/listBlobs.ts +0 -33
- package/src/api/com/atproto/sync/listRepos.ts +0 -74
- package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
- package/src/api/com/atproto/sync/util.ts +0 -37
- package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
- package/src/api/com/atproto/temp/index.ts +0 -7
- package/src/api/index.ts +0 -10
- package/src/api/proxy.ts +0 -44
- package/src/app-view.ts +0 -24
- package/src/auth-output.ts +0 -52
- package/src/auth-routes.ts +0 -64
- package/src/auth-scope.ts +0 -40
- package/src/auth-verifier.ts +0 -668
- package/src/background.ts +0 -65
- package/src/basic-routes.ts +0 -52
- package/src/bsky-app-view.ts +0 -33
- package/src/config/config.ts +0 -553
- package/src/config/env.ts +0 -167
- package/src/config/index.ts +0 -3
- package/src/config/secrets.ts +0 -54
- package/src/context.ts +0 -523
- package/src/crawlers.ts +0 -46
- package/src/db/cast.ts +0 -52
- package/src/db/db.ts +0 -140
- package/src/db/index.ts +0 -4
- package/src/db/migrator.ts +0 -40
- package/src/db/pagination.ts +0 -132
- package/src/db/tables/moderation.ts +0 -80
- package/src/db/util.ts +0 -108
- package/src/did-cache/db/index.ts +0 -21
- package/src/did-cache/db/migrations.ts +0 -17
- package/src/did-cache/db/schema.ts +0 -9
- package/src/did-cache/index.ts +0 -131
- package/src/disk-blobstore.ts +0 -172
- package/src/error.ts +0 -19
- package/src/handle/explicit-slurs.ts +0 -22
- package/src/handle/index.ts +0 -49
- package/src/handle/reserved.ts +0 -1059
- package/src/image/image-url-builder.ts +0 -16
- package/src/index.ts +0 -189
- package/src/lexicons.ts +0 -4
- package/src/logger.ts +0 -35
- package/src/mailer/index.ts +0 -111
- package/src/mailer/moderation.ts +0 -33
- package/src/mailer/templates/confirm-email.d.ts +0 -4
- package/src/mailer/templates/confirm-email.hbs +0 -158
- package/src/mailer/templates/delete-account.d.ts +0 -4
- package/src/mailer/templates/delete-account.hbs +0 -156
- package/src/mailer/templates/plc-operation.d.ts +0 -4
- package/src/mailer/templates/plc-operation.hbs +0 -153
- package/src/mailer/templates/reset-password.d.ts +0 -4
- package/src/mailer/templates/reset-password.hbs +0 -154
- package/src/mailer/templates/update-email.d.ts +0 -4
- package/src/mailer/templates/update-email.hbs +0 -153
- package/src/mailer/templates.ts +0 -17
- package/src/pipethrough.ts +0 -716
- package/src/rate-limits.ts +0 -59
- package/src/read-after-write/index.ts +0 -3
- package/src/read-after-write/types.ts +0 -35
- package/src/read-after-write/util.ts +0 -101
- package/src/read-after-write/viewer.ts +0 -290
- package/src/redis.ts +0 -25
- package/src/repo/index.ts +0 -2
- package/src/repo/prepare.ts +0 -266
- package/src/repo/types.ts +0 -65
- package/src/scripts/README.md +0 -40
- package/src/scripts/index.ts +0 -20
- package/src/scripts/publish-identity.ts +0 -60
- package/src/scripts/rebuild-repo.ts +0 -119
- package/src/scripts/rotate-keys.ts +0 -146
- package/src/scripts/sequencer-recovery/index.ts +0 -23
- package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
- package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
- package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
- package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
- package/src/scripts/util.ts +0 -7
- package/src/sequencer/db/index.ts +0 -21
- package/src/sequencer/db/migrations/001-init.ts +0 -35
- package/src/sequencer/db/migrations/index.ts +0 -5
- package/src/sequencer/db/schema.ts +0 -19
- package/src/sequencer/events.ts +0 -199
- package/src/sequencer/index.ts +0 -3
- package/src/sequencer/outbox.ts +0 -123
- package/src/sequencer/sequencer.ts +0 -290
- package/src/util/compression.ts +0 -16
- package/src/util/debug.ts +0 -10
- package/src/util/http.ts +0 -31
- package/src/util/types.ts +0 -7
- package/src/well-known.ts +0 -30
- package/test.env +0 -2
- package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
- package/tests/_oauth_client_assets_middleware.ts +0 -23
- package/tests/_puppeteer.ts +0 -147
- package/tests/_types.d.ts +0 -16
- package/tests/_util.ts +0 -191
- package/tests/account-deactivation.test.ts +0 -204
- package/tests/account-deletion.test.ts +0 -300
- package/tests/account-manager.test.ts +0 -462
- package/tests/account-migration.test.ts +0 -221
- package/tests/account-status.test.ts +0 -206
- package/tests/account.test.ts +0 -595
- package/tests/app-passwords.test.ts +0 -262
- package/tests/auth.test.ts +0 -405
- package/tests/blob-deletes.test.ts +0 -204
- package/tests/create-post.test.ts +0 -79
- package/tests/crud.test.ts +0 -1595
- package/tests/db.test.ts +0 -170
- package/tests/email-confirmation.test.ts +0 -227
- package/tests/entryway-mock.ts +0 -323
- package/tests/entryway.test.ts +0 -145
- package/tests/file-uploads.test.ts +0 -301
- package/tests/get-service-auth.test.ts +0 -81
- package/tests/handle-validation.test.ts +0 -56
- package/tests/handles.test.ts +0 -274
- package/tests/invite-codes.test.ts +0 -367
- package/tests/invites-admin.test.ts +0 -252
- package/tests/moderation.test.ts +0 -280
- package/tests/moderator-auth.test.ts +0 -177
- package/tests/oauth.test.ts +0 -334
- package/tests/plc-operations.test.ts +0 -239
- package/tests/preferences.test.ts +0 -352
- package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
- package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
- package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
- package/tests/proxied/admin.test.ts +0 -340
- package/tests/proxied/feedgen.test.ts +0 -66
- package/tests/proxied/notif.test.ts +0 -85
- package/tests/proxied/procedures.test.ts +0 -175
- package/tests/proxied/proxy-catchall.test.ts +0 -256
- package/tests/proxied/proxy-header.test.ts +0 -239
- package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
- package/tests/proxied/read-after-write.test.ts +0 -382
- package/tests/proxied/views.test.ts +0 -608
- package/tests/races.test.ts +0 -89
- package/tests/rate-limits.test.ts +0 -70
- package/tests/recovery.test.ts +0 -180
- package/tests/seeds/basic.ts +0 -165
- package/tests/seeds/follows.ts +0 -57
- package/tests/seeds/likes.ts +0 -14
- package/tests/seeds/reposts.ts +0 -18
- package/tests/seeds/thread.ts +0 -40
- package/tests/seeds/users-bulk.ts +0 -246
- package/tests/seeds/users.ts +0 -67
- package/tests/sequencer.test.ts +0 -251
- package/tests/server.test.ts +0 -151
- package/tests/sync/invertible-ops.test.ts +0 -99
- package/tests/sync/list.test.ts +0 -43
- package/tests/sync/subscribe-repos.test.ts +0 -672
- package/tests/sync/sync.test.ts +0 -316
- package/tests/takedown-appeal.test.ts +0 -166
- package/tsconfig.build.json +0 -9
- package/tsconfig.build.tsbuildinfo +0 -1
- package/tsconfig.json +0 -7
- package/tsconfig.tests.json +0 -8
package/tests/oauth.test.ts
DELETED
|
@@ -1,334 +0,0 @@
|
|
|
1
|
-
import { once } from 'node:events'
|
|
2
|
-
import { Server, createServer } from 'node:http'
|
|
3
|
-
import { AddressInfo } from 'node:net'
|
|
4
|
-
import { jest } from '@jest/globals'
|
|
5
|
-
import { type Browser, launch } from 'puppeteer'
|
|
6
|
-
import { TestNetworkNoAppView } from '@atproto/dev-env'
|
|
7
|
-
import { oauthClientAssetsMiddleware } from './_oauth_client_assets_middleware.js'
|
|
8
|
-
import { PageHelper } from './_puppeteer.js'
|
|
9
|
-
|
|
10
|
-
describe('oauth', () => {
|
|
11
|
-
let browser: Browser
|
|
12
|
-
let network: TestNetworkNoAppView
|
|
13
|
-
let server: Server
|
|
14
|
-
|
|
15
|
-
let appUrl: string
|
|
16
|
-
|
|
17
|
-
// @NOTE We are using another language than "en" as default language to
|
|
18
|
-
// test the language negotiation.
|
|
19
|
-
const languages = ['fr-BE', 'fr', 'en-US', 'en']
|
|
20
|
-
|
|
21
|
-
beforeAll(async () => {
|
|
22
|
-
browser = await launch({
|
|
23
|
-
browser: 'chrome', // "firefox"
|
|
24
|
-
|
|
25
|
-
// For debugging:
|
|
26
|
-
// headless: false,
|
|
27
|
-
// devtools: true,
|
|
28
|
-
// slowMo: 25,
|
|
29
|
-
})
|
|
30
|
-
|
|
31
|
-
network = await TestNetworkNoAppView.create({
|
|
32
|
-
dbPostgresSchema: 'oauth',
|
|
33
|
-
})
|
|
34
|
-
|
|
35
|
-
const sc = network.getSeedClient()
|
|
36
|
-
|
|
37
|
-
await sc.createAccount('alice', {
|
|
38
|
-
email: 'alice@test.com',
|
|
39
|
-
handle: 'alice.test',
|
|
40
|
-
password: 'alice-pass',
|
|
41
|
-
})
|
|
42
|
-
|
|
43
|
-
server = createServer(oauthClientAssetsMiddleware)
|
|
44
|
-
server.listen(0)
|
|
45
|
-
await once(server, 'listening')
|
|
46
|
-
|
|
47
|
-
const { port } = server.address() as AddressInfo
|
|
48
|
-
|
|
49
|
-
appUrl = `http://127.0.0.1:${port}?${new URLSearchParams({
|
|
50
|
-
plc_directory_url: network.plc.url,
|
|
51
|
-
handle_resolver: network.pds.url,
|
|
52
|
-
sign_up_url: network.pds.url,
|
|
53
|
-
env: 'test',
|
|
54
|
-
scope: `account:email identity:* repo:*`,
|
|
55
|
-
})}`
|
|
56
|
-
})
|
|
57
|
-
|
|
58
|
-
afterAll(async () => {
|
|
59
|
-
await server?.close()
|
|
60
|
-
await network?.close()
|
|
61
|
-
await browser?.close()
|
|
62
|
-
})
|
|
63
|
-
|
|
64
|
-
// This uses prompt=create under the hood:
|
|
65
|
-
it('Allows to sign-up through OAuth', async () => {
|
|
66
|
-
await using page = await PageHelper.from(browser, { languages })
|
|
67
|
-
|
|
68
|
-
await page.goto(appUrl)
|
|
69
|
-
|
|
70
|
-
await page.assertTitle('OAuth Client Example')
|
|
71
|
-
|
|
72
|
-
await page.navigationClick(`Sign up with ${new URL(network.pds.url).host}`)
|
|
73
|
-
|
|
74
|
-
await page.assertTitle('Inscription')
|
|
75
|
-
|
|
76
|
-
await page.typeInInput('handle', 'bob')
|
|
77
|
-
|
|
78
|
-
await page.clickOnText('Suivant')
|
|
79
|
-
|
|
80
|
-
await page.typeInInput('email', 'bob@test.com')
|
|
81
|
-
await page.typeInInput('password', 'bob-pass')
|
|
82
|
-
|
|
83
|
-
await page.clickOnText('Inscription')
|
|
84
|
-
|
|
85
|
-
await page.ensureTextVisibility(
|
|
86
|
-
`L'application demande un contrôle total sur votre identité, ce qui signifie qu'elle pourrait casser de façon permanente, ou même usurper, votre compte. N'autorisez l'accès qu'aux applications auxquelles vous faites vraiment confiance.`,
|
|
87
|
-
)
|
|
88
|
-
|
|
89
|
-
// Make sure the new account is propagated to the PLC directory, allowing
|
|
90
|
-
// the client to resolve the account's did
|
|
91
|
-
await network.processAll()
|
|
92
|
-
|
|
93
|
-
await page.navigationClick('Autoriser')
|
|
94
|
-
|
|
95
|
-
await page.assertTitle('OAuth Client Example')
|
|
96
|
-
|
|
97
|
-
await page.ensureTextVisibility('Token info', 'h2')
|
|
98
|
-
|
|
99
|
-
await page.clickOnAriaLabel('User menu')
|
|
100
|
-
|
|
101
|
-
await page.clickOnText('Sign out')
|
|
102
|
-
|
|
103
|
-
await page.waitForNetworkIdle()
|
|
104
|
-
})
|
|
105
|
-
|
|
106
|
-
it('Allows canceling the OAuth flow', async () => {
|
|
107
|
-
await using page = await PageHelper.from(browser, { languages })
|
|
108
|
-
|
|
109
|
-
await page.goto(appUrl)
|
|
110
|
-
|
|
111
|
-
await page.assertTitle('OAuth Client Example')
|
|
112
|
-
|
|
113
|
-
await page.navigationClick(`Login with ${new URL(network.pds.url).host}`)
|
|
114
|
-
|
|
115
|
-
await page.assertTitle('Se connecter')
|
|
116
|
-
|
|
117
|
-
// Cancel the OAuth flow:
|
|
118
|
-
await page.navigationClick('Annuler')
|
|
119
|
-
|
|
120
|
-
await page.assertTitle('OAuth Client Example')
|
|
121
|
-
|
|
122
|
-
await page.ensureTextVisibility('Login with the Atmosphere', 'h2')
|
|
123
|
-
|
|
124
|
-
await page.waitForNetworkIdle()
|
|
125
|
-
})
|
|
126
|
-
|
|
127
|
-
it('allows resetting the password', async () => {
|
|
128
|
-
const sendTemplateMock = jest
|
|
129
|
-
.spyOn(network.pds.ctx.mailer, 'sendResetPassword')
|
|
130
|
-
.mockImplementation(async () => {
|
|
131
|
-
// noop
|
|
132
|
-
})
|
|
133
|
-
|
|
134
|
-
await using page = await PageHelper.from(browser, { languages })
|
|
135
|
-
|
|
136
|
-
await page.goto(appUrl)
|
|
137
|
-
|
|
138
|
-
await page.assertTitle('OAuth Client Example')
|
|
139
|
-
|
|
140
|
-
const input = await page.typeInInput('identifier', 'alice.test')
|
|
141
|
-
|
|
142
|
-
await page.navigationAction(async () => input.press('Enter'))
|
|
143
|
-
|
|
144
|
-
await page.assertTitle('Connexion')
|
|
145
|
-
|
|
146
|
-
await page.clickOnText('Oublié ?')
|
|
147
|
-
|
|
148
|
-
await page.assertTitle('Mot de passe oublié')
|
|
149
|
-
|
|
150
|
-
await page.typeInInput('email', 'alice@test.com')
|
|
151
|
-
|
|
152
|
-
expect(sendTemplateMock).toHaveBeenCalledTimes(0)
|
|
153
|
-
|
|
154
|
-
await page.clickOnText('Suivant')
|
|
155
|
-
|
|
156
|
-
await page.assertTitle('Réinitialiser le mot de passe')
|
|
157
|
-
|
|
158
|
-
expect(sendTemplateMock).toHaveBeenCalledTimes(1)
|
|
159
|
-
|
|
160
|
-
const [params] = sendTemplateMock.mock.lastCall!
|
|
161
|
-
expect(params).toEqual({
|
|
162
|
-
handle: 'alice.test',
|
|
163
|
-
locale: 'fr',
|
|
164
|
-
token: expect.any(String),
|
|
165
|
-
})
|
|
166
|
-
|
|
167
|
-
await page.typeInInput('code', params.token)
|
|
168
|
-
|
|
169
|
-
await page.typeInInput('password', 'alice-new-pass')
|
|
170
|
-
|
|
171
|
-
await page.clickOnText('Suivant')
|
|
172
|
-
|
|
173
|
-
await page.assertTitle('Mot de passe mis à jour')
|
|
174
|
-
|
|
175
|
-
await page.ensureTextVisibility('Mot de passe mis à jour !', 'h2')
|
|
176
|
-
|
|
177
|
-
sendTemplateMock.mockRestore()
|
|
178
|
-
})
|
|
179
|
-
|
|
180
|
-
it('Allows to sign-in through OAuth', async () => {
|
|
181
|
-
await using page = await PageHelper.from(browser, { languages })
|
|
182
|
-
|
|
183
|
-
await page.goto(appUrl)
|
|
184
|
-
|
|
185
|
-
await page.assertTitle('OAuth Client Example')
|
|
186
|
-
|
|
187
|
-
const input = await page.typeInInput('identifier', 'alice.test')
|
|
188
|
-
|
|
189
|
-
await page.navigationAction(async () => input.press('Enter'))
|
|
190
|
-
|
|
191
|
-
await page.assertTitle('Connexion')
|
|
192
|
-
|
|
193
|
-
await page.typeInInput('password', 'alice-new-pass')
|
|
194
|
-
|
|
195
|
-
// Make sure the warning is visible
|
|
196
|
-
await page.ensureTextVisibility('Avertissement', 'h3')
|
|
197
|
-
|
|
198
|
-
await page.clickOn(
|
|
199
|
-
'label::-p-text(Se souvenir de ce compte sur cet appareil)',
|
|
200
|
-
)
|
|
201
|
-
|
|
202
|
-
await page.clickOnText('Se connecter')
|
|
203
|
-
|
|
204
|
-
await page.assertTitle('Autoriser')
|
|
205
|
-
|
|
206
|
-
await page.navigationClick('Autoriser')
|
|
207
|
-
|
|
208
|
-
await page.assertTitle('OAuth Client Example')
|
|
209
|
-
|
|
210
|
-
await page.ensureTextVisibility('Token info', 'h2')
|
|
211
|
-
|
|
212
|
-
await page.clickOnAriaLabel('User menu')
|
|
213
|
-
|
|
214
|
-
await page.clickOnText('Sign out')
|
|
215
|
-
|
|
216
|
-
await page.waitForNetworkIdle()
|
|
217
|
-
})
|
|
218
|
-
|
|
219
|
-
it('remembers the session', async () => {
|
|
220
|
-
await using page = await PageHelper.from(browser, { languages })
|
|
221
|
-
|
|
222
|
-
await page.goto(appUrl)
|
|
223
|
-
|
|
224
|
-
await page.assertTitle('OAuth Client Example')
|
|
225
|
-
|
|
226
|
-
const input = await page.typeInInput('identifier', 'alice.test')
|
|
227
|
-
|
|
228
|
-
await page.navigationAction(async () => input.press('Enter'))
|
|
229
|
-
|
|
230
|
-
await page.assertTitle('Autoriser')
|
|
231
|
-
|
|
232
|
-
await page.navigationClick('Autoriser')
|
|
233
|
-
|
|
234
|
-
await page.assertTitle('OAuth Client Example')
|
|
235
|
-
|
|
236
|
-
await page.ensureTextVisibility('Token info', 'h2')
|
|
237
|
-
|
|
238
|
-
await page.clickOnAriaLabel('User menu')
|
|
239
|
-
|
|
240
|
-
await page.clickOnText('Sign out')
|
|
241
|
-
|
|
242
|
-
await page.waitForNetworkIdle()
|
|
243
|
-
})
|
|
244
|
-
|
|
245
|
-
it('revokes OAuth sessions on deactivation & requires re-activation on sign-in', async () => {
|
|
246
|
-
await using page = await PageHelper.from(browser, { languages })
|
|
247
|
-
|
|
248
|
-
// Sign into the client (the device session is remembered, so the flow
|
|
249
|
-
// jumps straight to the consent screen).
|
|
250
|
-
await page.goto(appUrl)
|
|
251
|
-
|
|
252
|
-
await page.assertTitle('OAuth Client Example')
|
|
253
|
-
|
|
254
|
-
await page.navigationAction(async () => {
|
|
255
|
-
const input = await page.typeInInput('identifier', 'alice.test')
|
|
256
|
-
await input.press('Enter')
|
|
257
|
-
})
|
|
258
|
-
|
|
259
|
-
await page.assertTitle('Autoriser')
|
|
260
|
-
|
|
261
|
-
await page.navigationClick('Autoriser')
|
|
262
|
-
|
|
263
|
-
await page.assertTitle('OAuth Client Example')
|
|
264
|
-
|
|
265
|
-
await page.ensureTextVisibility('Token info', 'h2')
|
|
266
|
-
|
|
267
|
-
// While the client page is still open, deactivate the account through
|
|
268
|
-
// the account manager in another page.
|
|
269
|
-
{
|
|
270
|
-
await using accountPage = await PageHelper.from(browser, { languages })
|
|
271
|
-
|
|
272
|
-
await accountPage.goto(new URL('/account', network.pds.url))
|
|
273
|
-
|
|
274
|
-
await accountPage.assertTitle('Mon compte Atmosphère')
|
|
275
|
-
|
|
276
|
-
await accountPage.clickOnText('Compte utilisateur', 'a')
|
|
277
|
-
|
|
278
|
-
await accountPage.clickOnText('Désactiver le compte')
|
|
279
|
-
|
|
280
|
-
await accountPage.clickOnText('Oui, désactiver')
|
|
281
|
-
|
|
282
|
-
await accountPage.waitForNetworkIdle()
|
|
283
|
-
|
|
284
|
-
await accountPage.ensureTextVisibility('Réactiver le compte', 'span')
|
|
285
|
-
|
|
286
|
-
await network.processAll()
|
|
287
|
-
}
|
|
288
|
-
|
|
289
|
-
// Back in the client: deactivation revoked every OAuth session, so
|
|
290
|
-
// refreshing the credentials logs the user out.
|
|
291
|
-
await page.clickOnText('refresh').catch((_err) => {
|
|
292
|
-
// The OAuth app may have refreshed the session on it's own, causing the
|
|
293
|
-
// page to reset before the click is processed, which throws an error.
|
|
294
|
-
})
|
|
295
|
-
|
|
296
|
-
await page.waitForNetworkIdle()
|
|
297
|
-
|
|
298
|
-
await page.ensureTextVisibility('Login with the Atmosphere', 'h2')
|
|
299
|
-
|
|
300
|
-
// Signing back in with the deactivated account asks the user to
|
|
301
|
-
// re-activate it before the flow can proceed.
|
|
302
|
-
// @NOTE The PDS is used directly as issuer (rather than resolving the
|
|
303
|
-
// handle) because handle resolution does not work for deactivated
|
|
304
|
-
// accounts.
|
|
305
|
-
|
|
306
|
-
await page.navigationClick(`Login with ${new URL(network.pds.url).host}`)
|
|
307
|
-
|
|
308
|
-
await page.ensureTextVisibility('Se connecter en tant que...')
|
|
309
|
-
|
|
310
|
-
await page.clickOnText('alice.test', 'span')
|
|
311
|
-
|
|
312
|
-
await page.assertTitle('Heureux de vous revoir!')
|
|
313
|
-
|
|
314
|
-
await page.ensureTextVisibility('Vous avez précédemment désactivé')
|
|
315
|
-
|
|
316
|
-
await page.clickOnText('Oui, réactiver mon compte')
|
|
317
|
-
|
|
318
|
-
// Deactivation also cleared the authorized clients, so consent is
|
|
319
|
-
// required again.
|
|
320
|
-
await page.assertTitle('Autoriser')
|
|
321
|
-
|
|
322
|
-
await page.navigationClick('Autoriser')
|
|
323
|
-
|
|
324
|
-
await page.assertTitle('OAuth Client Example')
|
|
325
|
-
|
|
326
|
-
await page.ensureTextVisibility('Token info', 'h2')
|
|
327
|
-
|
|
328
|
-
await page.clickOnAriaLabel('User menu')
|
|
329
|
-
|
|
330
|
-
await page.clickOnText('Sign out')
|
|
331
|
-
|
|
332
|
-
await page.waitForNetworkIdle()
|
|
333
|
-
})
|
|
334
|
-
})
|
|
@@ -1,239 +0,0 @@
|
|
|
1
|
-
import assert from 'node:assert'
|
|
2
|
-
import { EventEmitter, once } from 'node:events'
|
|
3
|
-
import * as plc from '@did-plc/lib'
|
|
4
|
-
import { SendMailOptions } from 'nodemailer'
|
|
5
|
-
import { AtpAgent } from '@atproto/api'
|
|
6
|
-
import { check } from '@atproto/common'
|
|
7
|
-
import { Secp256k1Keypair } from '@atproto/crypto'
|
|
8
|
-
import { SeedClient, TestNetworkNoAppView, basicSeed } from '@atproto/dev-env'
|
|
9
|
-
import type { DidString } from '@atproto/syntax'
|
|
10
|
-
import { AppContext } from '../src/index.js'
|
|
11
|
-
|
|
12
|
-
describe('plc operations', () => {
|
|
13
|
-
let network: TestNetworkNoAppView
|
|
14
|
-
let ctx: AppContext
|
|
15
|
-
let agent: AtpAgent
|
|
16
|
-
let sc: SeedClient
|
|
17
|
-
|
|
18
|
-
const mailCatcher = new EventEmitter()
|
|
19
|
-
let _origSendMail
|
|
20
|
-
|
|
21
|
-
let alice: DidString
|
|
22
|
-
|
|
23
|
-
let sampleKey: string
|
|
24
|
-
|
|
25
|
-
beforeAll(async () => {
|
|
26
|
-
network = await TestNetworkNoAppView.create({
|
|
27
|
-
dbPostgresSchema: 'plc_operations',
|
|
28
|
-
})
|
|
29
|
-
// @ts-expect-error Error due to circular dependency with the dev-env package
|
|
30
|
-
ctx = network.pds.ctx
|
|
31
|
-
const mailer = ctx.mailer
|
|
32
|
-
|
|
33
|
-
sc = network.getSeedClient()
|
|
34
|
-
agent = network.pds.getAgent()
|
|
35
|
-
|
|
36
|
-
await basicSeed(sc)
|
|
37
|
-
alice = sc.dids.alice
|
|
38
|
-
await network.processAll()
|
|
39
|
-
|
|
40
|
-
sampleKey = (await Secp256k1Keypair.create()).did()
|
|
41
|
-
|
|
42
|
-
// Catch emails for use in tests
|
|
43
|
-
_origSendMail = mailer.transporter.sendMail
|
|
44
|
-
mailer.transporter.sendMail = async (opts) => {
|
|
45
|
-
const result = await _origSendMail.call(mailer.transporter, opts)
|
|
46
|
-
mailCatcher.emit('mail', opts)
|
|
47
|
-
return result
|
|
48
|
-
}
|
|
49
|
-
})
|
|
50
|
-
|
|
51
|
-
afterAll(async () => {
|
|
52
|
-
await network?.close()
|
|
53
|
-
})
|
|
54
|
-
|
|
55
|
-
const getMailFrom = async (promise): Promise<SendMailOptions> => {
|
|
56
|
-
const result = await Promise.all([once(mailCatcher, 'mail'), promise])
|
|
57
|
-
return result[0][0]
|
|
58
|
-
}
|
|
59
|
-
|
|
60
|
-
const getTokenFromMail = (mail: SendMailOptions) =>
|
|
61
|
-
mail.html?.toString().match(/>([a-z0-9]{5}-[a-z0-9]{5})</i)?.[1]
|
|
62
|
-
|
|
63
|
-
const signOp = async (did: string, op: Partial<plc.Operation>) => {
|
|
64
|
-
const lastOp = await ctx.plcClient.getLastOp(did)
|
|
65
|
-
if (check.is(lastOp, plc.def.tombstone)) {
|
|
66
|
-
throw new Error('Did is tombstoned')
|
|
67
|
-
}
|
|
68
|
-
return plc.createUpdateOp(lastOp, ctx.plcRotationKey, (lastOp) => ({
|
|
69
|
-
...lastOp,
|
|
70
|
-
rotationKeys: op.rotationKeys ?? lastOp.rotationKeys,
|
|
71
|
-
alsoKnownAs: op.alsoKnownAs ?? lastOp.alsoKnownAs,
|
|
72
|
-
verificationMethods: op.verificationMethods ?? lastOp.verificationMethods,
|
|
73
|
-
services: op.services ?? lastOp.services,
|
|
74
|
-
}))
|
|
75
|
-
}
|
|
76
|
-
|
|
77
|
-
const expectFailedOp = async (
|
|
78
|
-
did: string,
|
|
79
|
-
op: Partial<plc.Operation>,
|
|
80
|
-
expectedErr?: string,
|
|
81
|
-
) => {
|
|
82
|
-
const operation = await signOp(did, op)
|
|
83
|
-
const attempt = agent.com.atproto.identity.submitPlcOperation(
|
|
84
|
-
{ operation },
|
|
85
|
-
{
|
|
86
|
-
encoding: 'application/json',
|
|
87
|
-
headers: sc.getHeaders(alice),
|
|
88
|
-
},
|
|
89
|
-
)
|
|
90
|
-
await expect(attempt).rejects.toThrow(expectedErr)
|
|
91
|
-
}
|
|
92
|
-
|
|
93
|
-
it("prevents submitting an operation that removes the server's rotation key", async () => {
|
|
94
|
-
await expectFailedOp(
|
|
95
|
-
alice,
|
|
96
|
-
{ rotationKeys: [sampleKey] },
|
|
97
|
-
"Rotation keys do not include server's rotation key",
|
|
98
|
-
)
|
|
99
|
-
})
|
|
100
|
-
|
|
101
|
-
it('prevents submitting an operation that incorrectly sets the signing key', async () => {
|
|
102
|
-
await expectFailedOp(
|
|
103
|
-
alice,
|
|
104
|
-
{
|
|
105
|
-
verificationMethods: {
|
|
106
|
-
atproto: sampleKey,
|
|
107
|
-
},
|
|
108
|
-
},
|
|
109
|
-
'Incorrect signing key',
|
|
110
|
-
)
|
|
111
|
-
})
|
|
112
|
-
|
|
113
|
-
it('prevents submitting an operation that incorrectly sets the handle', async () => {
|
|
114
|
-
await expectFailedOp(
|
|
115
|
-
alice,
|
|
116
|
-
{
|
|
117
|
-
alsoKnownAs: ['at://new-alice.test'],
|
|
118
|
-
},
|
|
119
|
-
'Incorrect handle in alsoKnownAs',
|
|
120
|
-
)
|
|
121
|
-
})
|
|
122
|
-
|
|
123
|
-
it('prevents submitting an operation that incorrectly sets the pds endpoint', async () => {
|
|
124
|
-
await expectFailedOp(
|
|
125
|
-
alice,
|
|
126
|
-
{
|
|
127
|
-
services: {
|
|
128
|
-
atproto_pds: {
|
|
129
|
-
type: 'AtprotoPersonalDataServer',
|
|
130
|
-
endpoint: 'https://example.com',
|
|
131
|
-
},
|
|
132
|
-
},
|
|
133
|
-
},
|
|
134
|
-
'Incorrect endpoint on atproto_pds service',
|
|
135
|
-
)
|
|
136
|
-
})
|
|
137
|
-
|
|
138
|
-
it('prevents submitting an operation that incorrectly sets the pds service type', async () => {
|
|
139
|
-
await expectFailedOp(
|
|
140
|
-
alice,
|
|
141
|
-
{
|
|
142
|
-
services: {
|
|
143
|
-
atproto_pds: {
|
|
144
|
-
type: 'NotAPersonalDataServer',
|
|
145
|
-
endpoint: ctx.cfg.service.publicUrl,
|
|
146
|
-
},
|
|
147
|
-
},
|
|
148
|
-
},
|
|
149
|
-
'Incorrect type on atproto_pds service',
|
|
150
|
-
)
|
|
151
|
-
})
|
|
152
|
-
|
|
153
|
-
it('does not allow signing plc operation without a token', async () => {
|
|
154
|
-
const attempt = agent.com.atproto.identity.signPlcOperation(
|
|
155
|
-
{
|
|
156
|
-
rotationKeys: [sampleKey],
|
|
157
|
-
},
|
|
158
|
-
{ encoding: 'application/json', headers: sc.getHeaders(alice) },
|
|
159
|
-
)
|
|
160
|
-
await expect(attempt).rejects.toThrow(
|
|
161
|
-
'email confirmation token required to sign PLC operations',
|
|
162
|
-
)
|
|
163
|
-
})
|
|
164
|
-
|
|
165
|
-
let token: string
|
|
166
|
-
|
|
167
|
-
it('requests a plc signature', async () => {
|
|
168
|
-
const mail = await getMailFrom(
|
|
169
|
-
agent.api.com.atproto.identity.requestPlcOperationSignature(undefined, {
|
|
170
|
-
headers: sc.getHeaders(alice),
|
|
171
|
-
}),
|
|
172
|
-
)
|
|
173
|
-
|
|
174
|
-
expect(mail.to).toEqual(sc.accounts[alice].email)
|
|
175
|
-
expect(mail.html).toContain('PLC update requested')
|
|
176
|
-
|
|
177
|
-
const gotToken = getTokenFromMail(mail)
|
|
178
|
-
assert(gotToken)
|
|
179
|
-
token = gotToken
|
|
180
|
-
})
|
|
181
|
-
|
|
182
|
-
it('does not sign a plc operation with a bad token', async () => {
|
|
183
|
-
const attempt = agent.api.com.atproto.identity.signPlcOperation(
|
|
184
|
-
{
|
|
185
|
-
token: '123456',
|
|
186
|
-
rotationKeys: [sampleKey],
|
|
187
|
-
},
|
|
188
|
-
{ encoding: 'application/json', headers: sc.getHeaders(alice) },
|
|
189
|
-
)
|
|
190
|
-
await expect(attempt).rejects.toThrow('Token is invalid')
|
|
191
|
-
})
|
|
192
|
-
|
|
193
|
-
let operation: any
|
|
194
|
-
|
|
195
|
-
it('signs a plc operation with a valid token', async () => {
|
|
196
|
-
const res = await agent.api.com.atproto.identity.signPlcOperation(
|
|
197
|
-
{
|
|
198
|
-
token,
|
|
199
|
-
rotationKeys: [sampleKey, ctx.plcRotationKey.did()],
|
|
200
|
-
},
|
|
201
|
-
{ encoding: 'application/json', headers: sc.getHeaders(alice) },
|
|
202
|
-
)
|
|
203
|
-
const currData = await ctx.plcClient.getDocumentData(alice)
|
|
204
|
-
expect(res.data.operation['alsoKnownAs']).toEqual(currData.alsoKnownAs)
|
|
205
|
-
expect(res.data.operation['verificationMethods']).toEqual(
|
|
206
|
-
currData.verificationMethods,
|
|
207
|
-
)
|
|
208
|
-
expect(res.data.operation['services']).toEqual(currData.services)
|
|
209
|
-
expect(res.data.operation['rotationKeys']).toEqual([
|
|
210
|
-
sampleKey,
|
|
211
|
-
ctx.plcRotationKey.did(),
|
|
212
|
-
])
|
|
213
|
-
operation = res.data.operation
|
|
214
|
-
})
|
|
215
|
-
|
|
216
|
-
it('submits a valid operation', async () => {
|
|
217
|
-
await agent.com.atproto.identity.submitPlcOperation(
|
|
218
|
-
{ operation },
|
|
219
|
-
{
|
|
220
|
-
encoding: 'application/json',
|
|
221
|
-
headers: sc.getHeaders(alice),
|
|
222
|
-
},
|
|
223
|
-
)
|
|
224
|
-
const didData = await ctx.plcClient.getDocumentData(alice)
|
|
225
|
-
expect(didData.rotationKeys).toEqual([sampleKey, ctx.plcRotationKey.did()])
|
|
226
|
-
})
|
|
227
|
-
|
|
228
|
-
it('emits an identity event after a valid operation', async () => {
|
|
229
|
-
const lastEvt = await ctx.sequencer.db.db
|
|
230
|
-
.selectFrom('repo_seq')
|
|
231
|
-
.selectAll()
|
|
232
|
-
.orderBy('repo_seq.seq', 'desc')
|
|
233
|
-
.limit(1)
|
|
234
|
-
.executeTakeFirst()
|
|
235
|
-
assert(lastEvt)
|
|
236
|
-
expect(lastEvt.did).toBe(alice)
|
|
237
|
-
expect(lastEvt.eventType).toBe('identity')
|
|
238
|
-
})
|
|
239
|
-
})
|