npm - @bitblit/ratchet-warden-server - Versions diffs - 6.0.145-alpha → 6.0.147-alpha - Mend

@bitblit/ratchet-warden-server 6.0.145-alpha → 6.0.147-alpha

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/src/server/provider/warden-s3-single-file-storage-provider.ts ADDED Viewed

@@ -0,0 +1,139 @@
+//    Service for interacting with positions for a given user
+import { WardenContact } from '@bitblit/ratchet-warden-common/common/model/warden-contact';
+import { WardenEntrySummary } from '@bitblit/ratchet-warden-common/common/model/warden-entry-summary';
+import { WardenEntry } from '@bitblit/ratchet-warden-common/common/model/warden-entry';
+import { WardenUtils } from '@bitblit/ratchet-warden-common/common/util/warden-utils';
+import { WardenStorageProvider } from './warden-storage-provider.js';
+import { WardenS3SingleFileStorageProviderOptions } from './warden-s3-single-file-storage-provider-options.js';
+import { PutObjectOutput, S3Client } from '@aws-sdk/client-s3';
+import { S3CacheRatchet } from '@bitblit/ratchet-aws/s3/s3-cache-ratchet';
+import { ErrorRatchet } from '@bitblit/ratchet-common/lang/error-ratchet';
+import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
+/*
+The most quick and dirty implementation of the storage provider.  Not a good choice if you have
+multiple users, etc, since it has no synchronization, etc.  Only really useful for very low traffic
+websites, or getting a demo hacked out quickly
+ */
+export class WardenS3SingleFileStorageProvider implements WardenStorageProvider {
+  private ratchet: S3CacheRatchet;
+  constructor(
+    private s3: S3Client,
+    private options: WardenS3SingleFileStorageProviderOptions,
+  ) {
+    this.ratchet = new S3CacheRatchet(this.s3, this.options.bucket);
+  }
+  public async listUserSummaries(): Promise<WardenEntrySummary[]> {
+    const allData: WardenEntry[] = (await this.fetchDataFile()).entries;
+    const rval: WardenEntrySummary[] = allData.map((d) => WardenUtils.stripWardenEntryToSummary(d));
+    return rval;
+  }
+  public async fetchDataFile(): Promise<WardenS3SingleFileStorageProviderDataFile> {
+    let data: WardenS3SingleFileStorageProviderDataFile =
+      await this.ratchet.fetchCacheFileAsObject<WardenS3SingleFileStorageProviderDataFile>(this.options.dataFileKey);
+    data = data || {
+      entries: [],
+      challenges: [],
+    };
+    return data;
+  }
+  public async storeDataFile(file: WardenS3SingleFileStorageProviderDataFile): Promise<PutObjectOutput> {
+    let rval: PutObjectOutput = null;
+    if (file) {
+      rval = await this.ratchet.writeObjectToCacheFile(this.options.dataFileKey, file);
+    }
+    return rval;
+  }
+  public async fetchCurrentUserChallenge(userId: string, relyingPartyId: string): Promise<string> {
+    const data: WardenS3SingleFileStorageProviderDataFile = await this.fetchDataFile();
+    const entry: WardenS3SingleFileStorageProviderChallengeRecord = (data.challenges || []).find(
+      (d) => d.userId === userId && d.relyingPartyId === relyingPartyId,
+    );
+    if (!entry) {
+      ErrorRatchet.throwFormattedErr('fetchCurrentUserChallenge: Could not find user %s', userId);
+    }
+    return entry.challenge;
+  }
+  public async findEntryByContact(contact: WardenContact): Promise<WardenEntry> {
+    let rval: WardenEntry = null;
+    if (contact?.type && StringRatchet.trimToNull(contact?.value)) {
+      const data: WardenS3SingleFileStorageProviderDataFile = await this.fetchDataFile();
+      rval = (data.entries || []).find((d) => !!(d.contactMethods || []).find((x) => x.type === contact.type && x.value === contact.value));
+    }
+    return rval;
+  }
+  public async findEntryByThirdPartyId(thirdParty: string, thirdPartyId: string): Promise<WardenEntry> {
+    let rval: WardenEntry = null;
+    if (StringRatchet.trimToNull(thirdParty) && StringRatchet.trimToNull(thirdPartyId)) {
+      const data: WardenS3SingleFileStorageProviderDataFile = await this.fetchDataFile();
+      rval = (data.entries || []).find((d) => !!(d.thirdPartyAuthenticators || []).find((x) => x.thirdParty===thirdParty && x.thirdPartyId===thirdPartyId));
+    }
+    return rval;
+  }
+  public async findEntryById(userId: string): Promise<WardenEntry> {
+    let rval: WardenEntry = null;
+    if (StringRatchet.trimToNull(userId)) {
+      const data: WardenS3SingleFileStorageProviderDataFile = await this.fetchDataFile();
+      rval = (data.entries || []).find((d) => d.userId === userId);
+    }
+    return rval;
+  }
+  public async removeEntry(userId: string): Promise<boolean> {
+    const data: WardenS3SingleFileStorageProviderDataFile = await this.fetchDataFile();
+    data.entries = (data.entries || []).filter((d) => d.userId !== userId);
+    await this.storeDataFile(data);
+    return true;
+  }
+  public async saveEntry(entry: WardenEntry): Promise<WardenEntry> {
+    let rval: WardenEntry = null;
+    if (entry && entry.userId) {
+      const now: number = Date.now();
+      entry.createdEpochMS = entry.createdEpochMS || now;
+      entry.updatedEpochMS = now;
+      const data: WardenS3SingleFileStorageProviderDataFile = await this.fetchDataFile();
+      data.entries = (data.entries || []).filter((d) => d.userId !== entry.userId);
+      data.entries.push(entry);
+      await this.storeDataFile(data);
+      rval = await this.findEntryById(entry.userId);
+    }
+    return rval;
+  }
+  public async updateUserChallenge(userId: string, relyingPartyId: string, challenge: string): Promise<boolean> {
+    const data: WardenS3SingleFileStorageProviderDataFile = await this.fetchDataFile();
+    data.challenges = (data.challenges || []).filter((d) => d.userId !== userId || d.relyingPartyId !== relyingPartyId);
+    data.challenges.push({
+      userId: userId,
+      relyingPartyId: relyingPartyId,
+      challenge: challenge,
+      updatedEpochMS: Date.now(),
+    });
+    // Update the file
+    await this.storeDataFile(data);
+    return true;
+  }
+}
+export interface WardenS3SingleFileStorageProviderChallengeRecord {
+  userId: string;
+  relyingPartyId: string;
+  challenge: string;
+  updatedEpochMS: number;
+}
+export interface WardenS3SingleFileStorageProviderDataFile {
+  entries: WardenEntry[];
+  challenges: WardenS3SingleFileStorageProviderChallengeRecord[];
+}

package/src/server/provider/warden-send-magic-link-command-validator.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * This object checks if a magic link request may be processed.
+ *
+ * Should throw an error if not allowed
+ *
+ */
+import { WardenEntry } from '@bitblit/ratchet-warden-common/common/model/warden-entry';
+import { SendMagicLink } from '@bitblit/ratchet-warden-common/common/command/send-magic-link';
+export interface WardenSendMagicLinkCommandValidator {
+  allowMagicLinkCommand(cmd: SendMagicLink, origin: string, loggedInUser: WardenEntry): Promise<void>;
+}

package/src/server/provider/warden-single-use-code-provider.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import { WardenContactType } from '@bitblit/ratchet-warden-common/common/model/warden-contact-type';
+import { WardenContact } from '@bitblit/ratchet-warden-common/common/model/warden-contact';
+import { WardenCustomTemplateDescriptor } from '@bitblit/ratchet-warden-common/common/command/warden-custom-template-descriptor';
+/**
+ * Classes implementing WardenSingleUseCodeProvider are able to
+ * generate single-use codes for a user, and to validate a code
+ * provided by the user
+ **/
+export interface WardenSingleUseCodeProvider {
+  handlesContactType(type: WardenContactType): boolean;
+  // Origin is the url of the page that sent the request - put into the template to allow clickthru
+  createAndSendNewCode(contact: WardenContact, relyingPartyName: string, origin: string): Promise<boolean>;
+  checkCode(contactValue: string, code: string): Promise<boolean>;
+  // The code is to login the loginContact.  That is also where the code is sent, unless
+  // destination contact is set (usually for admin/demo purposes)
+  createCodeAndSendMagicLink?(
+    loginContact: WardenContact,
+    relyingPartyName: string,
+    landingUrl: string,
+    metaIn?: Record<string, string>,
+    ttlSeconds?: number,
+    destinationContact?: WardenContact,
+    customTemplate?: WardenCustomTemplateDescriptor,
+  ): Promise<boolean>;
+}

package/src/server/provider/warden-storage-provider.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { WardenContact } from '@bitblit/ratchet-warden-common/common/model/warden-contact';
+import { WardenEntrySummary } from '@bitblit/ratchet-warden-common/common/model/warden-entry-summary';
+import { WardenEntry } from '@bitblit/ratchet-warden-common/common/model/warden-entry';
+/**
+ * Classes implementing WardenStorageProvider perform store and
+ * retrieval functions for the SimpleAuthenticationProvider
+ */
+export interface WardenStorageProvider {
+  findEntryById(userId: string): Promise<WardenEntry>;
+  findEntryByContact(contact: WardenContact): Promise<WardenEntry>;
+  findEntryByThirdPartyId(thirdParty: string, thirdPartyId: string): Promise<WardenEntry>;
+  saveEntry(entry: WardenEntry): Promise<WardenEntry>;
+  removeEntry(userId: string): Promise<boolean>;
+  // User challenges are stored on a per-user, per-rpid basis
+  updateUserChallenge(userId: string, relyingPartyId: string, challenge: string): Promise<boolean>;
+  fetchCurrentUserChallenge(userId: string, relyingPartyId: string): Promise<string>;
+  listUserSummaries(): Promise<WardenEntrySummary[]>;
+}

package/src/server/provider/warden-third-party-authentication-provider.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { WardenLoginThirdPartyToken } from "@bitblit/ratchet-warden-common/common/model/warden-login-third-party-token";
+import {
+  WardenThirdPartyAuthentication
+} from "@bitblit/ratchet-warden-common/common/model/warden-third-party-authentication";
+/**
+ * Classes implementing WardenThirdPartyAuthenticator are able to
+ * validate tokens from a third party and if they are valid, return
+ * the user id in that system.  Warden can then lookup the local user
+ * by that user id
+ *
+ */
+export interface WardenThirdPartyAuthenticationProvider {
+  handlesThirdParty(thirdParty: string): boolean;
+  validateTokenAndReturnThirdPartyUserId(input: WardenLoginThirdPartyToken, origin: string): Promise<WardenThirdPartyAuthentication>;
+  extractUserLabelFromAuthentication?(auth: WardenThirdPartyAuthentication): Promise<string>;
+}

package/src/server/provider/warden-twilio-verify-single-use-code-provider-options.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export interface WardenTwilioVerifySingleUseCodeProviderOptions {
+  accountSID: string;
+  authToken: string;
+  verifyServiceSID: string;
+}

package/src/server/provider/warden-twilio-verify-single-use-code-provider.ts ADDED Viewed

@@ -0,0 +1,38 @@
+//    Service for sending codes via twilio verify
+import { WardenTwilioVerifySingleUseCodeProviderOptions } from './warden-twilio-verify-single-use-code-provider-options.js';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { WardenSingleUseCodeProvider } from './warden-single-use-code-provider.js';
+import { TwilioVerifyRatchet } from '@bitblit/ratchet-common/third-party/twilio/twilio-verify-ratchet';
+import { WardenContactType } from '@bitblit/ratchet-warden-common/common/model/warden-contact-type';
+import { WardenContact } from '@bitblit/ratchet-warden-common/common/model/warden-contact';
+export class WardenTwilioVerifySingleUseCodeProvider implements WardenSingleUseCodeProvider {
+  private _cacheTwilioVerifyRatchet: TwilioVerifyRatchet;
+  constructor(private optsPromise: Promise<WardenTwilioVerifySingleUseCodeProviderOptions>) {}
+  private async twilioVerifyRatchet(): Promise<TwilioVerifyRatchet> {
+    if (!this._cacheTwilioVerifyRatchet) {
+      const opts: WardenTwilioVerifySingleUseCodeProviderOptions = await this.optsPromise;
+      this._cacheTwilioVerifyRatchet = new TwilioVerifyRatchet(opts.accountSID, opts.authToken, opts.verifyServiceSID);
+    }
+    return this._cacheTwilioVerifyRatchet;
+  }
+  public handlesContactType(type: WardenContactType): boolean {
+    return type === WardenContactType.TextCapablePhoneNumber;
+  }
+  public async createAndSendNewCode(contact: WardenContact, _relyingPartyNameIgnored: string, _origin: string): Promise<boolean> {
+    // Twilio verify does not let you set the message
+    const ratchet: TwilioVerifyRatchet = await this.twilioVerifyRatchet();
+    const rval: any = await ratchet.sendVerificationTokenUsingTwilioVerify(contact.value);
+    Logger.debug('sendMessage was : %j', rval);
+    return !!rval;
+  }
+  public async checkCode(contactValue: string, code: string): Promise<boolean> {
+    const ratchet: TwilioVerifyRatchet = await this.twilioVerifyRatchet();
+    const rval: boolean = await ratchet.simpleCheckVerificationTokenUsingTwilioVerify(contactValue, code);
+    return rval;
+  }
+}

package/src/server/provider/warden-user-decoration-provider.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * The user details gets jammed into the JWT token upon login.  If one is not provided,
+ * the default only puts the user id and label in there
+ */
+import { WardenEntry } from '@bitblit/ratchet-warden-common/common/model/warden-entry';
+import { WardenUserDecoration } from '@bitblit/ratchet-warden-common/common/model/warden-user-decoration';
+export interface WardenUserDecorationProvider<T> {
+  fetchDecoration(wardenUser: WardenEntry): Promise<WardenUserDecoration<T>>;
+}

package/src/server/warden-authorizer.ts ADDED Viewed

@@ -0,0 +1,130 @@
+import { WardenServiceOptions } from "./warden-service-options.js";
+import { WardenContact } from "@bitblit/ratchet-warden-common/common/model/warden-contact";
+import { WardenEntry } from "@bitblit/ratchet-warden-common/common/model/warden-entry";
+import { WardenUtils } from "@bitblit/ratchet-warden-common/common/util/warden-utils";
+import { WardenUserDecoration } from "@bitblit/ratchet-warden-common/common/model/warden-user-decoration";
+import { WardenJwtToken } from "@bitblit/ratchet-warden-common/common/model/warden-jwt-token";
+export class WardenAuthorizer {
+  constructor(private opts: WardenServiceOptions) {
+  }
+  // Passthru for very common use case
+  public findEntryByContact(contact: WardenContact): Promise<WardenEntry> {
+    return this.opts.storageProvider.findEntryByContact(contact);
+  }
+  // Passthru for very common use case
+  public findEntryById(userId: string): Promise<WardenEntry> {
+    return this.opts.storageProvider.findEntryById(userId);
+  }
+  public async findDecoratorById(userId: string): Promise<WardenUserDecoration<any>> {
+    const user: WardenEntry = await this.findEntryById(userId);
+    const rval: WardenUserDecoration<any> = user ? await this.opts.userDecorationProvider.fetchDecoration(user) : null;
+    return rval;
+  }
+  public async userHasGlobalRoleById(userId: string, roleId: string): Promise<boolean> {
+    return this.userHasGlobalRole(await this.findDecoratorById(userId), roleId);
+  }
+  public async userHasRoleOnTeamById(userId: string,teamId: string, roleId: string): Promise<boolean> {
+    return this.userHasRolesOnTeam(await this.findDecoratorById(userId), teamId, [roleId], true);
+  }
+  public async userHasAtLeastOneGlobalRoleById(userId: string, roleIds: string[]): Promise<boolean> {
+    return this.userHasGlobalRoles(await this.findDecoratorById(userId), roleIds, false);
+  }
+  public async userHasAtLeastOneRoleOnTeamById(userId: string, teamId: string, roleIds: string[]): Promise<boolean> {
+    return this.userHasRolesOnTeam(await this.findDecoratorById(userId), teamId, roleIds, false);
+  }
+  public async userHasAllGlobalRolesById(userId: string, roleIds: string[]): Promise<boolean> {
+    return this.userHasGlobalRoles(await this.findDecoratorById(userId), roleIds, true);
+  }
+  public async userHasAllRolesOnTeamById(userId: string, teamId: string, roleIds: string[]): Promise<boolean> {
+    return this.userHasRolesOnTeam(await this.findDecoratorById(userId), teamId, roleIds, true);
+  }
+  public async userHasGlobalRolesById(userId: string, roleIds: string[], combineWithAnd: boolean): Promise<boolean> {
+    return WardenUtils.userHasGlobalRoles(await this.findDecoratorById(userId), roleIds, combineWithAnd);
+  }
+  public async userHasRolesOnTeamById(userId: string, teamId: string, roleIds: string[], combineWithAnd: boolean): Promise<boolean> {
+    return WardenUtils.userHasRolesOnTeam(await this.findDecoratorById(userId), teamId, roleIds, combineWithAnd);
+  }
+  // Just a synonym since that is how some people think
+  public async userIsTeamMemberById(userId: string, teamId: string): Promise<boolean> {
+    return WardenUtils.userIsTeamMember(await this.findDecoratorById(userId),teamId);
+  }
+  public async userHasAnyRoleOnTeamById(userId: string, teamId: string): Promise<boolean> {
+    return WardenUtils.userHasAnyRoleOnTeam(await this.findDecoratorById(userId),teamId);
+  }
+  public async usersTeamMembershipsById(userId: string): Promise<string[]> {
+    return WardenUtils.usersTeamMemberships(await this.findDecoratorById(userId));
+  }
+  // Simple passthrus for convenience
+  public userHasGlobalRole(user: WardenUserDecoration<any>, roleId: string): boolean {
+    return WardenUtils.userHasGlobalRoles(user, [roleId], true);
+  }
+  public userHasRoleOnTeam(user: WardenUserDecoration<any>,teamId: string, roleId: string): boolean {
+    return WardenUtils.userHasRolesOnTeam(user, teamId, [roleId], true);
+  }
+  public userHasAtLeastOneGlobalRole(user: WardenUserDecoration<any>, roleIds: string[]): boolean {
+    return WardenUtils.userHasGlobalRoles(user, roleIds, false);
+  }
+  public userHasAtLeastOneRoleOnTeam(user: WardenUserDecoration<any>, teamId: string, roleIds: string[]): boolean {
+    return WardenUtils.userHasRolesOnTeam(user, teamId, roleIds, false);
+  }
+  public userHasAllGlobalRoles(user: WardenUserDecoration<any>, roleIds: string[]): boolean {
+    return WardenUtils.userHasGlobalRoles(user, roleIds, true);
+  }
+  public userHasAllRolesOnTeam(user: WardenUserDecoration<any>, teamId: string, roleIds: string[]): boolean {
+    return WardenUtils.userHasRolesOnTeam(user, teamId, roleIds, true);
+  }
+  public userHasGlobalRoles(user: WardenUserDecoration<any>, roleIds: string[], combineWithAnd: boolean): boolean {
+    return WardenUtils.userHasGlobalRoles(user, roleIds, combineWithAnd);
+  }
+  public userHasRolesOnTeam(user: WardenUserDecoration<any>, teamId: string, roleIds: string[], combineWithAnd: boolean): boolean {
+    return WardenUtils.userHasRolesOnTeam(user, teamId, roleIds, combineWithAnd);
+  }
+  public wardenUserDecorationFromToken(jwt: WardenJwtToken<any>): WardenUserDecoration<any> {
+    return WardenUtils.wardenUserDecorationFromToken(jwt);
+  }
+  // Just a synonym since that is how some people think
+  public userIsTeamMember(user: WardenUserDecoration<any>, teamId: string): boolean {
+    return WardenUtils.userIsTeamMember(user,teamId);
+  }
+  public userHasAnyRoleOnTeam(user: WardenUserDecoration<any>, teamId: string): boolean {
+    return WardenUtils.userHasAnyRoleOnTeam(user,teamId);
+  }
+  public usersTeamMemberships(user: WardenUserDecoration<any>): string[] {
+    return WardenUtils.usersTeamMemberships(user);
+  }
+}

package/src/server/warden-entry-builder.ts ADDED Viewed

@@ -0,0 +1,56 @@
+import { WardenEntry } from "@bitblit/ratchet-warden-common/common/model/warden-entry";
+import { StringRatchet } from "@bitblit/ratchet-common/lang/string-ratchet";
+import { WardenContact } from "@bitblit/ratchet-warden-common/common/model/warden-contact";
+import {
+  WardenThirdPartyAuthentication
+} from "@bitblit/ratchet-warden-common/common/model/warden-third-party-authentication";
+export class WardenEntryBuilder {
+  private readonly _entry: WardenEntry;
+  constructor(label?: string ) {
+    const guid: string = StringRatchet.createShortUid();
+    const now: number = Date.now();
+    this._entry = {
+      userId: guid,
+      userLabel: label || 'User '+guid,
+      contactMethods: [],
+      tags: [],
+      webAuthnAuthenticators: [],
+      thirdPartyAuthenticators: [],
+      createdEpochMS: now,
+      updatedEpochMS: now,
+    };
+  }
+  public withTags(tags: string[]): WardenEntryBuilder {
+    this._entry.tags = tags ?? [];
+    return this;
+  }
+  public withThirdPartyAuthentication(thirdPartyAuthenticators: [WardenThirdPartyAuthentication]): WardenEntryBuilder {
+    this._entry.thirdPartyAuthenticators = thirdPartyAuthenticators ?? [];
+    return this;
+  }
+  public withLabel(label: string): WardenEntryBuilder {
+    this._entry.userLabel = label;
+    return this;
+  }
+  public withLabelFromContact(contact: WardenContact): WardenEntryBuilder {
+    this._entry.userLabel = contact.value;
+    return this;
+  }
+  public withContacts(contacts: [WardenContact]): WardenEntryBuilder {
+    this._entry.contactMethods = contacts ?? [];
+    return this;
+  }
+  public get entry(): WardenEntry {
+    return this._entry;
+  }
+}

package/src/server/warden-service-options.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { WardenStorageProvider } from './provider/warden-storage-provider.js';
+import { JwtRatchetLike } from '@bitblit/ratchet-node-only/jwt/jwt-ratchet-like';
+import { WardenUserDecorationProvider } from './provider/warden-user-decoration-provider.js';
+import { WardenEventProcessingProvider } from './provider/warden-event-processing-provider.js';
+import { WardenSingleUseCodeProvider } from './provider/warden-single-use-code-provider.js';
+import { WardenSendMagicLinkCommandValidator } from './provider/warden-send-magic-link-command-validator.js';
+import { WardenThirdPartyAuthenticationProvider } from "./provider/warden-third-party-authentication-provider.js";
+export interface WardenServiceOptions {
+  // Human-readable title for your website
+  relyingPartyName: string;
+  allowedOrigins: string[];
+  singleUseCodeProviders: WardenSingleUseCodeProvider[];
+  storageProvider: WardenStorageProvider;
+  jwtRatchet: JwtRatchetLike;
+  userDecorationProvider?: WardenUserDecorationProvider<any>;
+  eventProcessor?: WardenEventProcessingProvider;
+  sendMagicLinkCommandValidator?: WardenSendMagicLinkCommandValidator;
+  thirdPartyAuthenticationProviders?: WardenThirdPartyAuthenticationProvider[];
+}

package/src/server/warden-service.spec.ts ADDED Viewed

@@ -0,0 +1,102 @@
+import { WardenStorageProvider } from "./provider/warden-storage-provider.js";
+import { WardenService } from "./warden-service.js";
+import { WardenServiceOptions } from "./warden-service-options.js";
+import { WardenContactType } from "@bitblit/ratchet-warden-common/common/model/warden-contact-type";
+import { WardenEntry } from "@bitblit/ratchet-warden-common/common/model/warden-entry";
+import { WardenLoginRequest } from "@bitblit/ratchet-warden-common/common/model/warden-login-request";
+import { WardenCommand } from "@bitblit/ratchet-warden-common/common/command/warden-command";
+import { WardenCommandResponse } from "@bitblit/ratchet-warden-common/common/command/warden-command-response";
+import { WardenLoginResults } from "@bitblit/ratchet-warden-common/common/model/warden-login-results";
+import { JwtRatchet } from "@bitblit/ratchet-node-only/jwt/jwt-ratchet";
+import { WardenUserDecorationProvider } from "./provider/warden-user-decoration-provider.js";
+import { WardenSingleUseCodeProvider } from "./provider/warden-single-use-code-provider.js";
+import { beforeEach, describe, expect, test } from "vitest";
+import { mock, MockProxy } from "vitest-mock-extended";
+import { WardenLoginRequestType } from "@bitblit/ratchet-warden-common/common/model/warden-login-request-type";
+//let mockJwtRatchet: MockProxy<JwtRatchetLike>;
+let mockWardenStorageProvider: MockProxy<WardenStorageProvider>;
+let mockWardenSingleUseCodeProvider: MockProxy<WardenSingleUseCodeProvider>;
+let mockUserDecorationProvider: MockProxy<WardenUserDecorationProvider<any>>;
+let opts: WardenServiceOptions;
+describe('#WardenService', () => {
+  beforeEach(() => {
+    //mockJwtRatchet = mock<JwtRatchetLike>();;
+    mockWardenStorageProvider = mock<WardenStorageProvider>();
+    mockWardenSingleUseCodeProvider = mock<WardenSingleUseCodeProvider>();
+    mockUserDecorationProvider = mock<WardenUserDecorationProvider<string>>();
+    opts = {
+      // Human-readable title for your website
+      relyingPartyName: 'rp',
+      allowedOrigins: ['origin'],
+      storageProvider: mockWardenStorageProvider,
+      singleUseCodeProviders: [mockWardenSingleUseCodeProvider],
+      jwtRatchet: new JwtRatchet({ encryptionKeyPromise: Promise.resolve('asdf') }), //mockJwtRatchet,
+      userDecorationProvider: mockUserDecorationProvider,
+      eventProcessor: undefined,
+    };
+  });
+  test('Should login', async () => {
+    const svc: WardenService = new WardenService(opts);
+    const loginReq: WardenLoginRequest = {
+      type: WardenLoginRequestType.ExpiringToken,
+      //userId: string;
+      contact: { type: WardenContactType.EmailAddress, value: 'test@test.com' },
+      //webAuthn?: AuthenticationResponseJSON;
+      expiringToken: '12345',
+      //jwtTokenToRefresh?: string;
+    };
+    const cmd: WardenCommand = {
+      performLogin: loginReq,
+    };
+    const origin: string = 'localhost';
+    mockWardenStorageProvider.findEntryByContact.mockResolvedValue({
+      userId: '12345',
+      userLabel: 'Test User',
+      contactMethods: [{ type: WardenContactType.EmailAddress, value: 'test@test.com' }],
+      tags: ['test'],
+      webAuthnAuthenticators: [],
+      thirdPartyAuthenticators: [],
+      createdEpochMS: 1234,
+      updatedEpochMS: 1235,
+    });
+    mockUserDecorationProvider.fetchDecoration.mockResolvedValue({
+      userTokenData: { a: 'b', c: 1 },
+      proxyUserTokenData: null,
+      userTokenExpirationSeconds: 3600,
+      teamRoleMappings: [{ teamId: 'WARDEN', roleId: 'USER' }],
+      globalRoleIds: [],
+    });
+    mockWardenSingleUseCodeProvider.handlesContactType.mockReturnValue(true);
+    mockWardenSingleUseCodeProvider.checkCode.mockResolvedValue(true);
+    const out: WardenCommandResponse = await svc.processCommandToResponse(cmd, origin, null);
+    const loginResults: WardenLoginResults = out.performLogin;
+    //const parsedJwt: any = opts.jwtRatchet.decodeToken(loginResults.jwtToken);
+    //Logger.info('LOGIN: %j : JWT: %j', loginResults, parsedJwt);
+    expect(out).toBeTruthy();
+    expect(loginResults).toBeTruthy();
+  });
+  // Need to implement
+  test('Should create and account', async () => {
+    const svc: WardenService = new WardenService(opts);
+    mockWardenStorageProvider.findEntryByContact.mockResolvedValue(null);
+    mockWardenStorageProvider.saveEntry.mockResolvedValue({ userId: 'test' } as WardenEntry);
+    mockWardenSingleUseCodeProvider.handlesContactType.mockReturnValue(true);
+    const res: WardenEntry = await svc.createAccount({ type: WardenContactType.EmailAddress, value: 'test@test.com' }, 'testorigin.com',false, 'Test', []);
+    expect(res.userId).toEqual('test');
+  });
+});