@backstage/backend-test-utils 0.3.3 → 0.3.4-next.2

package/dist/index.cjs.js

@@ -13,8 +13,9 @@ var textextensions = require('textextensions');
 var path = require('path');
 var backendAppApi = require('@backstage/backend-app-api');
 var backendPluginApi = require('@backstage/backend-plugin-api');
-var express = require('express');
 var errors = require('@backstage/errors');
+var cookie = require('cookie');
+var express = require('express');
 
 function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
 
@@ -74,7 +75,7 @@ async function startMysqlContainer(image) {
   const user = "root";
   const password = uuid.v4();
   const { GenericContainer } = await Promise.resolve().then(function () { return /*#__PURE__*/_interopNamespace(require('testcontainers')); });
-  const container = await new GenericContainer(image).withExposedPorts(3306).withEnv("MYSQL_ROOT_PASSWORD", password).withTmpFs({ "/var/lib/mysql": "rw" }).start();
+  const container = await new GenericContainer(image).withExposedPorts(3306).withEnvironment({ MYSQL_ROOT_PASSWORD: password }).withTmpFs({ "/var/lib/mysql": "rw" }).start();
   const host = container.getHost();
   const port = container.getMappedPort(3306);
   const stop = async () => {
@@ -112,7 +113,7 @@ async function startPostgresContainer(image) {
   const user = "postgres";
   const password = uuid.v4();
   const { GenericContainer } = await Promise.resolve().then(function () { return /*#__PURE__*/_interopNamespace(require('testcontainers')); });
-  const container = await new GenericContainer(image).withExposedPorts(5432).withEnv("POSTGRES_PASSWORD", password).withTmpFs({ "/var/lib/postgresql/data": "rw" }).start();
+  const container = await new GenericContainer(image).withExposedPorts(5432).withEnvironment({ POSTGRES_PASSWORD: password }).withTmpFs({ "/var/lib/postgresql/data": "rw" }).start();
   const host = container.getHost();
   const port = container.getMappedPort(5432);
   const stop = async () => {
@@ -181,10 +182,10 @@ const allDatabases = Object.freeze({
   }
 });
 
-var __defProp$1 = Object.defineProperty;
-var __defNormalProp$1 = (obj, key, value) => key in obj ? __defProp$1(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
-var __publicField$1 = (obj, key, value) => {
-  __defNormalProp$1(obj, typeof key !== "symbol" ? key + "" : key, value);
+var __defProp$3 = Object.defineProperty;
+var __defNormalProp$3 = (obj, key, value) => key in obj ? __defProp$3(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField$3 = (obj, key, value) => {
+  __defNormalProp$3(obj, typeof key !== "symbol" ? key + "" : key, value);
   return value;
 };
 const LARGER_POOL_CONFIG = {
@@ -195,8 +196,8 @@ const LARGER_POOL_CONFIG = {
 };
 const _TestDatabases = class _TestDatabases {
   constructor(supportedIds) {
-    __publicField$1(this, "instanceById");
-    __publicField$1(this, "supportedIds");
+    __publicField$3(this, "instanceById");
+    __publicField$3(this, "supportedIds");
     this.instanceById = /* @__PURE__ */ new Map();
     this.supportedIds = supportedIds;
   }
@@ -431,7 +432,7 @@ const _TestDatabases = class _TestDatabases {
     }
   }
 };
-__publicField$1(_TestDatabases, "defaultIds");
+__publicField$3(_TestDatabases, "defaultIds");
 let TestDatabases = _TestDatabases;
 
 function setupRequestMockHandlers(worker) {
@@ -440,63 +441,63 @@ function setupRequestMockHandlers(worker) {
   afterEach(() => worker.resetHandlers());
 }
 
-var __defProp = Object.defineProperty;
-var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
-var __publicField = (obj, key, value) => {
-  __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+var __defProp$2 = Object.defineProperty;
+var __defNormalProp$2 = (obj, key, value) => key in obj ? __defProp$2(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField$2 = (obj, key, value) => {
+  __defNormalProp$2(obj, typeof key !== "symbol" ? key + "" : key, value);
   return value;
 };
-var __accessCheck$4 = (obj, member, msg) => {
+var __accessCheck$5 = (obj, member, msg) => {
   if (!member.has(obj))
     throw TypeError("Cannot " + msg);
 };
-var __privateGet$4 = (obj, member, getter) => {
-  __accessCheck$4(obj, member, "read from private field");
+var __privateGet$5 = (obj, member, getter) => {
+  __accessCheck$5(obj, member, "read from private field");
   return getter ? getter.call(obj) : member.get(obj);
 };
-var __privateAdd$4 = (obj, member, value) => {
+var __privateAdd$5 = (obj, member, value) => {
   if (member.has(obj))
     throw TypeError("Cannot add the same private member more than once");
   member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
 };
-var __privateSet$4 = (obj, member, value, setter) => {
-  __accessCheck$4(obj, member, "write to private field");
+var __privateSet$5 = (obj, member, value, setter) => {
+  __accessCheck$5(obj, member, "write to private field");
   setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
-var __privateMethod$3 = (obj, member, method) => {
-  __accessCheck$4(obj, member, "access private method");
+var __privateMethod$4 = (obj, member, method) => {
+  __accessCheck$5(obj, member, "access private method");
   return method;
 };
 var _root, _transformInput, transformInput_fn;
 const tmpdirMarker = Symbol("os-tmpdir-mock");
 class MockDirectoryImpl {
   constructor(root) {
-    __privateAdd$4(this, _transformInput);
-    __privateAdd$4(this, _root, void 0);
-    __publicField(this, "clear", () => {
+    __privateAdd$5(this, _transformInput);
+    __privateAdd$5(this, _root, void 0);
+    __publicField$2(this, "clear", () => {
       this.setContent({});
     });
-    __publicField(this, "remove", () => {
-      fs__default["default"].rmSync(__privateGet$4(this, _root), { recursive: true, force: true, maxRetries: 10 });
+    __publicField$2(this, "remove", () => {
+      fs__default["default"].rmSync(__privateGet$5(this, _root), { recursive: true, force: true, maxRetries: 10 });
     });
-    __privateSet$4(this, _root, root);
+    __privateSet$5(this, _root, root);
   }
   get path() {
-    return __privateGet$4(this, _root);
+    return __privateGet$5(this, _root);
   }
   resolve(...paths) {
-    return path.resolve(__privateGet$4(this, _root), ...paths);
+    return path.resolve(__privateGet$5(this, _root), ...paths);
   }
   setContent(root) {
     this.remove();
     return this.addContent(root);
   }
   addContent(root) {
-    const entries = __privateMethod$3(this, _transformInput, transformInput_fn).call(this, root);
+    const entries = __privateMethod$4(this, _transformInput, transformInput_fn).call(this, root);
     for (const entry of entries) {
-      const fullPath = path.resolve(__privateGet$4(this, _root), entry.path);
-      if (!backendCommon.isChildPath(__privateGet$4(this, _root), fullPath)) {
+      const fullPath = path.resolve(__privateGet$5(this, _root), entry.path);
+      if (!backendCommon.isChildPath(__privateGet$5(this, _root), fullPath)) {
         throw new Error(
           `Provided path must resolve to a child path of the mock directory, got '${fullPath}'`
         );
@@ -520,8 +521,8 @@ class MockDirectoryImpl {
   content(options) {
     var _a, _b;
     const shouldReadAsText = (_a = typeof (options == null ? void 0 : options.shouldReadAsText) === "boolean" ? () => options == null ? void 0 : options.shouldReadAsText : options == null ? void 0 : options.shouldReadAsText) != null ? _a : (path$1) => textextensions__default["default"].includes(path.extname(path$1).slice(1));
-    const root = path.resolve(__privateGet$4(this, _root), (_b = options == null ? void 0 : options.path) != null ? _b : "");
-    if (!backendCommon.isChildPath(__privateGet$4(this, _root), root)) {
+    const root = path.resolve(__privateGet$5(this, _root), (_b = options == null ? void 0 : options.path) != null ? _b : "");
+    if (!backendCommon.isChildPath(__privateGet$5(this, _root), root)) {
       throw new Error(
         `Provided path must resolve to a child path of the mock directory, got '${root}'`
       );
@@ -622,26 +623,26 @@ class MockIdentityService {
   }
 }
 
-var __accessCheck$3 = (obj, member, msg) => {
+var __accessCheck$4 = (obj, member, msg) => {
   if (!member.has(obj))
     throw TypeError("Cannot " + msg);
 };
-var __privateGet$3 = (obj, member, getter) => {
-  __accessCheck$3(obj, member, "read from private field");
+var __privateGet$4 = (obj, member, getter) => {
+  __accessCheck$4(obj, member, "read from private field");
   return getter ? getter.call(obj) : member.get(obj);
 };
-var __privateAdd$3 = (obj, member, value) => {
+var __privateAdd$4 = (obj, member, value) => {
   if (member.has(obj))
     throw TypeError("Cannot add the same private member more than once");
   member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
 };
-var __privateSet$3 = (obj, member, value, setter) => {
-  __accessCheck$3(obj, member, "write to private field");
+var __privateSet$4 = (obj, member, value, setter) => {
+  __accessCheck$4(obj, member, "write to private field");
   setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
-var __privateMethod$2 = (obj, member, method) => {
-  __accessCheck$3(obj, member, "access private method");
+var __privateMethod$3 = (obj, member, method) => {
+  __accessCheck$4(obj, member, "access private method");
   return method;
 };
 var _level, _meta, _log, log_fn;
@@ -654,11 +655,11 @@ const levels = {
 };
 const _MockRootLoggerService = class _MockRootLoggerService {
   constructor(level, meta) {
-    __privateAdd$3(this, _log);
-    __privateAdd$3(this, _level, void 0);
-    __privateAdd$3(this, _meta, void 0);
-    __privateSet$3(this, _level, level);
-    __privateSet$3(this, _meta, meta);
+    __privateAdd$4(this, _log);
+    __privateAdd$4(this, _level, void 0);
+    __privateAdd$4(this, _meta, void 0);
+    __privateSet$4(this, _level, level);
+    __privateSet$4(this, _meta, meta);
   }
   static create(options) {
     var _a;
@@ -669,19 +670,19 @@ const _MockRootLoggerService = class _MockRootLoggerService {
     return new _MockRootLoggerService(levels[level], {});
   }
   error(message, meta) {
-    __privateMethod$2(this, _log, log_fn).call(this, "error", message, meta);
+    __privateMethod$3(this, _log, log_fn).call(this, "error", message, meta);
   }
   warn(message, meta) {
-    __privateMethod$2(this, _log, log_fn).call(this, "warn", message, meta);
+    __privateMethod$3(this, _log, log_fn).call(this, "warn", message, meta);
   }
   info(message, meta) {
-    __privateMethod$2(this, _log, log_fn).call(this, "info", message, meta);
+    __privateMethod$3(this, _log, log_fn).call(this, "info", message, meta);
   }
   debug(message, meta) {
-    __privateMethod$2(this, _log, log_fn).call(this, "debug", message, meta);
+    __privateMethod$3(this, _log, log_fn).call(this, "debug", message, meta);
   }
   child(meta) {
-    return new _MockRootLoggerService(__privateGet$3(this, _level), { ...__privateGet$3(this, _meta), ...meta });
+    return new _MockRootLoggerService(__privateGet$4(this, _level), { ...__privateGet$4(this, _meta), ...meta });
   }
 };
 _level = new WeakMap();
@@ -690,13 +691,380 @@ _log = new WeakSet();
 log_fn = function(level, message, meta) {
   var _a;
   const levelValue = (_a = levels[level]) != null ? _a : 0;
-  if (levelValue <= __privateGet$3(this, _level)) {
-    const labels = Object.entries(__privateGet$3(this, _meta)).map(([key, value]) => `${key}=${value}`).join(",");
+  if (levelValue <= __privateGet$4(this, _level)) {
+    const labels = Object.entries(__privateGet$4(this, _meta)).map(([key, value]) => `${key}=${value}`).join(",");
     console[level](`${labels} ${message}`, meta);
   }
 };
 let MockRootLoggerService = _MockRootLoggerService;
 
+const DEFAULT_MOCK_USER_ENTITY_REF = "user:default/mock";
+const DEFAULT_MOCK_SERVICE_SUBJECT = "external:test-service";
+const MOCK_AUTH_COOKIE = "backstage-auth";
+const MOCK_NONE_TOKEN = "mock-none-token";
+const MOCK_USER_TOKEN = "mock-user-token";
+const MOCK_USER_TOKEN_PREFIX = "mock-user-token:";
+const MOCK_INVALID_USER_TOKEN = "mock-invalid-user-token";
+const MOCK_USER_LIMITED_TOKEN_PREFIX = "mock-limited-user-token:";
+const MOCK_INVALID_USER_LIMITED_TOKEN = "mock-invalid-limited-user-token";
+const MOCK_SERVICE_TOKEN = "mock-service-token";
+const MOCK_SERVICE_TOKEN_PREFIX = "mock-service-token:";
+const MOCK_INVALID_SERVICE_TOKEN = "mock-invalid-service-token";
+function validateUserEntityRef(ref) {
+  if (!ref.match(/^.+:.+\/.+$/)) {
+    throw new TypeError(
+      `Invalid user entity reference '${ref}', expected <kind>:<namespace>/<name>`
+    );
+  }
+}
+exports.mockCredentials = void 0;
+((mockCredentials2) => {
+  function none() {
+    return {
+      $$type: "@backstage/BackstageCredentials",
+      principal: { type: "none" }
+    };
+  }
+  mockCredentials2.none = none;
+  ((none2) => {
+    function header() {
+      return `Bearer ${MOCK_NONE_TOKEN}`;
+    }
+    none2.header = header;
+  })(none = mockCredentials2.none || (mockCredentials2.none = {}));
+  function user(userEntityRef = DEFAULT_MOCK_USER_ENTITY_REF) {
+    validateUserEntityRef(userEntityRef);
+    return {
+      $$type: "@backstage/BackstageCredentials",
+      principal: { type: "user", userEntityRef }
+    };
+  }
+  mockCredentials2.user = user;
+  ((user2) => {
+    function token(userEntityRef) {
+      if (userEntityRef) {
+        validateUserEntityRef(userEntityRef);
+        return `${MOCK_USER_TOKEN_PREFIX}${JSON.stringify({
+          sub: userEntityRef
+        })}`;
+      }
+      return MOCK_USER_TOKEN;
+    }
+    user2.token = token;
+    function header(userEntityRef) {
+      return `Bearer ${token(userEntityRef)}`;
+    }
+    user2.header = header;
+    function invalidToken() {
+      return MOCK_INVALID_USER_TOKEN;
+    }
+    user2.invalidToken = invalidToken;
+    function invalidHeader() {
+      return `Bearer ${invalidToken()}`;
+    }
+    user2.invalidHeader = invalidHeader;
+  })(user = mockCredentials2.user || (mockCredentials2.user = {}));
+  function limitedUser(userEntityRef = DEFAULT_MOCK_USER_ENTITY_REF) {
+    return user(userEntityRef);
+  }
+  mockCredentials2.limitedUser = limitedUser;
+  ((limitedUser2) => {
+    function token(userEntityRef = DEFAULT_MOCK_USER_ENTITY_REF) {
+      validateUserEntityRef(userEntityRef);
+      return `${MOCK_USER_LIMITED_TOKEN_PREFIX}${JSON.stringify({
+        sub: userEntityRef
+      })}`;
+    }
+    limitedUser2.token = token;
+    function cookie(userEntityRef) {
+      return `${MOCK_AUTH_COOKIE}=${token(userEntityRef)}`;
+    }
+    limitedUser2.cookie = cookie;
+    function invalidToken() {
+      return MOCK_INVALID_USER_LIMITED_TOKEN;
+    }
+    limitedUser2.invalidToken = invalidToken;
+    function invalidCookie() {
+      return `${MOCK_AUTH_COOKIE}=${invalidToken()}`;
+    }
+    limitedUser2.invalidCookie = invalidCookie;
+  })(limitedUser = mockCredentials2.limitedUser || (mockCredentials2.limitedUser = {}));
+  function service(subject = DEFAULT_MOCK_SERVICE_SUBJECT) {
+    return {
+      $$type: "@backstage/BackstageCredentials",
+      principal: { type: "service", subject }
+    };
+  }
+  mockCredentials2.service = service;
+  ((service2) => {
+    function token(options) {
+      if (options) {
+        const { targetPluginId, onBehalfOf } = options;
+        const oboPrincipal = onBehalfOf == null ? void 0 : onBehalfOf.principal;
+        const obo = oboPrincipal.type === "user" ? oboPrincipal.userEntityRef : void 0;
+        const subject = oboPrincipal.type === "service" ? oboPrincipal.subject : void 0;
+        return `${MOCK_SERVICE_TOKEN_PREFIX}${JSON.stringify({
+          sub: subject,
+          obo,
+          target: targetPluginId
+        })}`;
+      }
+      return MOCK_SERVICE_TOKEN;
+    }
+    service2.token = token;
+    function header(options) {
+      return `Bearer ${token(options)}`;
+    }
+    service2.header = header;
+    function invalidToken() {
+      return MOCK_INVALID_SERVICE_TOKEN;
+    }
+    service2.invalidToken = invalidToken;
+    function invalidHeader() {
+      return `Bearer ${invalidToken()}`;
+    }
+    service2.invalidHeader = invalidHeader;
+  })(service = mockCredentials2.service || (mockCredentials2.service = {}));
+})(exports.mockCredentials || (exports.mockCredentials = {}));
+
+var __defProp$1 = Object.defineProperty;
+var __defNormalProp$1 = (obj, key, value) => key in obj ? __defProp$1(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField$1 = (obj, key, value) => {
+  __defNormalProp$1(obj, typeof key !== "symbol" ? key + "" : key, value);
+  return value;
+};
+class MockAuthService {
+  constructor(options) {
+    __publicField$1(this, "pluginId");
+    __publicField$1(this, "disableDefaultAuthPolicy");
+    this.pluginId = options.pluginId;
+    this.disableDefaultAuthPolicy = options.disableDefaultAuthPolicy;
+  }
+  async authenticate(token, options) {
+    switch (token) {
+      case MOCK_USER_TOKEN:
+        return exports.mockCredentials.user();
+      case MOCK_SERVICE_TOKEN:
+        return exports.mockCredentials.service();
+      case MOCK_INVALID_USER_TOKEN:
+        throw new errors.AuthenticationError("User token is invalid");
+      case MOCK_INVALID_USER_LIMITED_TOKEN:
+        throw new errors.AuthenticationError("Limited user token is invalid");
+      case MOCK_INVALID_SERVICE_TOKEN:
+        throw new errors.AuthenticationError("Service token is invalid");
+      case "":
+        throw new errors.AuthenticationError("Token is empty");
+    }
+    if (token.startsWith(MOCK_USER_TOKEN_PREFIX)) {
+      const { sub: userEntityRef } = JSON.parse(
+        token.slice(MOCK_USER_TOKEN_PREFIX.length)
+      );
+      return exports.mockCredentials.user(userEntityRef);
+    }
+    if (token.startsWith(MOCK_USER_LIMITED_TOKEN_PREFIX)) {
+      if (!(options == null ? void 0 : options.allowLimitedAccess)) {
+        throw new errors.AuthenticationError("Limited user token is not allowed");
+      }
+      const { sub: userEntityRef } = JSON.parse(
+        token.slice(MOCK_USER_LIMITED_TOKEN_PREFIX.length)
+      );
+      return exports.mockCredentials.user(userEntityRef);
+    }
+    if (token.startsWith(MOCK_SERVICE_TOKEN_PREFIX)) {
+      const { sub, target, obo } = JSON.parse(
+        token.slice(MOCK_SERVICE_TOKEN_PREFIX.length)
+      );
+      if (target && target !== this.pluginId) {
+        throw new errors.AuthenticationError(
+          `Invalid mock token target plugin ID, got '${target}' but expected '${this.pluginId}'`
+        );
+      }
+      if (obo) {
+        return exports.mockCredentials.user(obo);
+      }
+      return exports.mockCredentials.service(sub);
+    }
+    throw new errors.AuthenticationError(`Unknown mock token '${token}'`);
+  }
+  async getNoneCredentials() {
+    return exports.mockCredentials.none();
+  }
+  async getOwnServiceCredentials() {
+    return exports.mockCredentials.service(`plugin:${this.pluginId}`);
+  }
+  isPrincipal(credentials, type) {
+    const principal = credentials.principal;
+    if (type === "unknown") {
+      return true;
+    }
+    if (principal.type !== type) {
+      return false;
+    }
+    return true;
+  }
+  async getPluginRequestToken(options) {
+    const principal = options.onBehalfOf.principal;
+    if (principal.type === "none" && this.disableDefaultAuthPolicy) {
+      return { token: "" };
+    }
+    if (principal.type !== "user" && principal.type !== "service") {
+      throw new errors.AuthenticationError(
+        `Refused to issue service token for credential type '${principal.type}'`
+      );
+    }
+    return {
+      token: exports.mockCredentials.service.token({
+        onBehalfOf: options.onBehalfOf,
+        targetPluginId: options.targetPluginId
+      })
+    };
+  }
+  async getLimitedUserToken(credentials) {
+    if (credentials.principal.type !== "user") {
+      throw new errors.AuthenticationError(
+        `Refused to issue limited user token for credential type '${credentials.principal.type}'`
+      );
+    }
+    return {
+      token: exports.mockCredentials.limitedUser.token(
+        credentials.principal.userEntityRef
+      ),
+      expiresAt: new Date(Date.now() + 36e5)
+    };
+  }
+}
+
+var __accessCheck$3 = (obj, member, msg) => {
+  if (!member.has(obj))
+    throw TypeError("Cannot " + msg);
+};
+var __privateGet$3 = (obj, member, getter) => {
+  __accessCheck$3(obj, member, "read from private field");
+  return getter ? getter.call(obj) : member.get(obj);
+};
+var __privateAdd$3 = (obj, member, value) => {
+  if (member.has(obj))
+    throw TypeError("Cannot add the same private member more than once");
+  member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+};
+var __privateSet$3 = (obj, member, value, setter) => {
+  __accessCheck$3(obj, member, "write to private field");
+  setter ? setter.call(obj, value) : member.set(obj, value);
+  return value;
+};
+var __privateMethod$2 = (obj, member, method) => {
+  __accessCheck$3(obj, member, "access private method");
+  return method;
+};
+var _auth, _defaultCredentials, _getCredentials, getCredentials_fn;
+class MockHttpAuthService {
+  constructor(pluginId, defaultCredentials) {
+    __privateAdd$3(this, _getCredentials);
+    __privateAdd$3(this, _auth, void 0);
+    __privateAdd$3(this, _defaultCredentials, void 0);
+    __privateSet$3(this, _auth, new MockAuthService({
+      pluginId,
+      disableDefaultAuthPolicy: false
+    }));
+    __privateSet$3(this, _defaultCredentials, defaultCredentials);
+  }
+  async credentials(req, options) {
+    var _a;
+    const credentials = await __privateMethod$2(this, _getCredentials, getCredentials_fn).call(this, req, (_a = options == null ? void 0 : options.allowLimitedAccess) != null ? _a : false);
+    const allowedPrincipalTypes = options == null ? void 0 : options.allow;
+    if (!allowedPrincipalTypes) {
+      return credentials;
+    }
+    if (__privateGet$3(this, _auth).isPrincipal(credentials, "none")) {
+      if (allowedPrincipalTypes.includes("none")) {
+        return credentials;
+      }
+      throw new errors.AuthenticationError("Missing credentials");
+    } else if (__privateGet$3(this, _auth).isPrincipal(credentials, "user")) {
+      if (allowedPrincipalTypes.includes("user")) {
+        return credentials;
+      }
+      throw new errors.NotAllowedError(
+        `This endpoint does not allow 'user' credentials`
+      );
+    } else if (__privateGet$3(this, _auth).isPrincipal(credentials, "service")) {
+      if (allowedPrincipalTypes.includes("service")) {
+        return credentials;
+      }
+      throw new errors.NotAllowedError(
+        `This endpoint does not allow 'service' credentials`
+      );
+    }
+    throw new errors.NotAllowedError(
+      "Unknown principal type, this should never happen"
+    );
+  }
+  async issueUserCookie(res, options) {
+    var _a;
+    const credentials = (_a = options == null ? void 0 : options.credentials) != null ? _a : await this.credentials(res.req, { allow: ["user"] });
+    res.setHeader(
+      "Set-Cookie",
+      exports.mockCredentials.limitedUser.cookie(credentials.principal.userEntityRef)
+    );
+    return { expiresAt: new Date(Date.now() + 36e5) };
+  }
+}
+_auth = new WeakMap();
+_defaultCredentials = new WeakMap();
+_getCredentials = new WeakSet();
+getCredentials_fn = async function(req, allowLimitedAccess) {
+  var _a;
+  const header = req.headers.authorization;
+  const token = typeof header === "string" ? (_a = header.match(/^Bearer[ ]+(\S+)$/i)) == null ? void 0 : _a[1] : void 0;
+  if (token) {
+    if (token === MOCK_NONE_TOKEN) {
+      return __privateGet$3(this, _auth).getNoneCredentials();
+    }
+    return await __privateGet$3(this, _auth).authenticate(token, {
+      allowLimitedAccess
+    });
+  }
+  if (allowLimitedAccess) {
+    const cookieHeader = req.headers.cookie;
+    if (cookieHeader) {
+      const cookies = cookie.parse(cookieHeader);
+      const cookie$1 = cookies[MOCK_AUTH_COOKIE];
+      if (cookie$1) {
+        return await __privateGet$3(this, _auth).authenticate(cookie$1, {
+          allowLimitedAccess: true
+        });
+      }
+    }
+  }
+  return __privateGet$3(this, _defaultCredentials);
+};
+
+var __defProp = Object.defineProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField = (obj, key, value) => {
+  __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+  return value;
+};
+class MockUserInfoService {
+  constructor(customInfo) {
+    __publicField(this, "customInfo");
+    this.customInfo = customInfo != null ? customInfo : {};
+  }
+  async getUserInfo(credentials) {
+    const principal = credentials.principal;
+    if (principal.type !== "user") {
+      throw new errors.InputError(
+        `User info not available for principal type '${principal.type}'`
+      );
+    }
+    return {
+      userEntityRef: principal.userEntityRef,
+      ownershipEntityRefs: [principal.userEntityRef],
+      ...this.customInfo
+    };
+  }
+}
+
 function simpleFactory(ref, factory) {
   return backendPluginApi.createServiceFactory((options) => ({
     service: ref,
@@ -783,6 +1151,104 @@ exports.mockServices = void 0;
       getIdentity: jest.fn()
     }));
   })(identity = mockServices2.identity || (mockServices2.identity = {}));
+  function auth(options) {
+    var _a;
+    return new MockAuthService({
+      pluginId: (_a = options == null ? void 0 : options.pluginId) != null ? _a : "test",
+      disableDefaultAuthPolicy: Boolean(options == null ? void 0 : options.disableDefaultAuthPolicy)
+    });
+  }
+  mockServices2.auth = auth;
+  ((auth2) => {
+    auth2.factory = backendPluginApi.createServiceFactory({
+      service: backendPluginApi.coreServices.auth,
+      deps: {
+        plugin: backendPluginApi.coreServices.pluginMetadata,
+        config: backendPluginApi.coreServices.rootConfig
+      },
+      factory({ plugin, config }) {
+        const disableDefaultAuthPolicy = Boolean(
+          config.getOptionalBoolean(
+            "backend.auth.dangerouslyDisableDefaultAuthPolicy"
+          )
+        );
+        return new MockAuthService({
+          pluginId: plugin.getId(),
+          disableDefaultAuthPolicy
+        });
+      }
+    });
+    auth2.mock = simpleMock(backendPluginApi.coreServices.auth, () => ({
+      authenticate: jest.fn(),
+      getNoneCredentials: jest.fn(),
+      getOwnServiceCredentials: jest.fn(),
+      isPrincipal: jest.fn(),
+      getPluginRequestToken: jest.fn(),
+      getLimitedUserToken: jest.fn()
+    }));
+  })(auth = mockServices2.auth || (mockServices2.auth = {}));
+  function discovery() {
+    return backendAppApi.HostDiscovery.fromConfig(
+      new config.ConfigReader({
+        backend: {
+          // Invalid port to make sure that requests are always mocked
+          baseUrl: "http://localhost:0",
+          listen: { port: 0 }
+        }
+      })
+    );
+  }
+  mockServices2.discovery = discovery;
+  ((discovery2) => {
+    discovery2.factory = backendAppApi.discoveryServiceFactory;
+    discovery2.mock = simpleMock(backendPluginApi.coreServices.discovery, () => ({
+      getBaseUrl: jest.fn(),
+      getExternalBaseUrl: jest.fn()
+    }));
+  })(discovery = mockServices2.discovery || (mockServices2.discovery = {}));
+  function httpAuth(options) {
+    var _a, _b;
+    return new MockHttpAuthService(
+      (_a = options == null ? void 0 : options.pluginId) != null ? _a : "test",
+      (_b = options == null ? void 0 : options.defaultCredentials) != null ? _b : exports.mockCredentials.user()
+    );
+  }
+  mockServices2.httpAuth = httpAuth;
+  ((httpAuth2) => {
+    httpAuth2.factory = backendPluginApi.createServiceFactory(
+      (options) => ({
+        service: backendPluginApi.coreServices.httpAuth,
+        deps: { plugin: backendPluginApi.coreServices.pluginMetadata },
+        factory: ({ plugin }) => {
+          var _a;
+          return new MockHttpAuthService(
+            plugin.getId(),
+            (_a = options == null ? void 0 : options.defaultCredentials) != null ? _a : exports.mockCredentials.user()
+          );
+        }
+      })
+    );
+    httpAuth2.mock = simpleMock(backendPluginApi.coreServices.httpAuth, () => ({
+      credentials: jest.fn(),
+      issueUserCookie: jest.fn()
+    }));
+  })(httpAuth = mockServices2.httpAuth || (mockServices2.httpAuth = {}));
+  function userInfo(customInfo) {
+    return new MockUserInfoService(customInfo);
+  }
+  mockServices2.userInfo = userInfo;
+  ((userInfo2) => {
+    userInfo2.factory = backendPluginApi.createServiceFactory({
+      service: backendPluginApi.coreServices.userInfo,
+      deps: {},
+      factory() {
+        return new MockUserInfoService();
+      }
+    });
+    userInfo2.mock = simpleMock(backendPluginApi.coreServices.userInfo, () => ({
+      getUserInfo: jest.fn()
+    }));
+  })(userInfo = mockServices2.userInfo || (mockServices2.userInfo = {}));
   ((cache2) => {
     cache2.factory = backendAppApi.cacheServiceFactory;
     cache2.mock = simpleMock(backendPluginApi.coreServices.cache, () => ({
@@ -801,7 +1267,8 @@ exports.mockServices = void 0;
   ((httpRouter2) => {
     httpRouter2.factory = backendAppApi.httpRouterServiceFactory;
     httpRouter2.mock = simpleMock(backendPluginApi.coreServices.httpRouter, () => ({
-      use: jest.fn()
+      use: jest.fn(),
+      addAuthPolicy: jest.fn()
     }));
   })(mockServices2.httpRouter || (mockServices2.httpRouter = {}));
   ((rootHttpRouter2) => {
@@ -861,9 +1328,11 @@ exports.mockServices = void 0;
 })(exports.mockServices || (exports.mockServices = {}));
 
 const defaultServiceFactories = [
+  exports.mockServices.auth.factory(),
   exports.mockServices.cache.factory(),
   exports.mockServices.rootConfig.factory(),
   exports.mockServices.database.factory(),
+  exports.mockServices.httpAuth.factory(),
   exports.mockServices.httpRouter.factory(),
   exports.mockServices.identity.factory(),
   exports.mockServices.lifecycle.factory(),
@@ -873,6 +1342,7 @@ const defaultServiceFactories = [
   exports.mockServices.rootLogger.factory(),
   exports.mockServices.scheduler.factory(),
   exports.mockServices.tokenManager.factory(),
+  exports.mockServices.userInfo.factory(),
   exports.mockServices.urlReader.factory()
 ];
 function createExtensionPointTestModules(features, extensionPointTuples) {