@civic/auth 0.0.1--.tsc.alpha.1

package/test/unit/nextjs/routeHandler.test.ts

@@ -0,0 +1,369 @@
+import { describe, it, expect, beforeEach, vi } from "vitest";
+import { NextRequest, NextResponse } from "next/server.js";
+import { handler } from "@/nextjs/routeHandler.js";
+import { revalidatePath } from "next/cache.js";
+import type { OIDCTokenResponseBody, User } from "@/types.ts";
+import * as logger from "@/lib/logger.js";
+import * as login from "@/server/login.js";
+import * as session from "@/shared/lib/session.js";
+import * as cookies from "@/nextjs/cookies.js";
+import * as PKCE from "@/services/PKCE.js";
+import { GenericUserSession } from "@/shared/lib/UserSession.js";
+import { TOKEN_EXCHANGE_TRIGGER_TEXT } from "@/constants.js";
+
+vi.mock("next/headers.js", () => {
+  return {
+    cookies: vi.fn().mockReturnValue({
+      set: vi.fn(),
+      get: (name: string) => {
+        if (name === "codeVerifier") {
+          return "test-code-verifier";
+        }
+      },
+    }),
+  };
+});
+
+vi.mock("@/server/login.js");
+vi.mock("@/shared/lib/session.js");
+vi.mock("@/nextjs/cookies.js");
+vi.mock("@/services/PKCE.js");
+
+const mockUser: User = {
+  id: "user123",
+  name: "John Doe",
+  email: "john@example.com",
+  picture: "https://example.com/john.jpg",
+} as unknown as User;
+
+// Mock implementations
+vi.mock("next/server.js", () => {
+  class MockNextResponse {
+    constructor(
+      public body?: any,
+      public init?: any,
+    ) {
+      this.body = body;
+      this.init = init;
+    }
+
+    public headers = {
+      set: vi.fn(),
+    };
+
+    public cookies = {
+      set: vi.fn(),
+      get: vi.fn(),
+    };
+
+    json() {
+      return Promise.resolve({});
+    }
+
+    static json(data: any, options: any) {
+      return {
+        ...options,
+        data,
+        json: () => Promise.resolve(data),
+        headers: {
+          set: vi.fn(),
+        },
+        cookies: {
+          set: vi.fn(),
+          get: vi.fn(),
+        },
+      };
+    }
+
+    static redirect(url: string) {
+      return {
+        url,
+        cookies: {
+          set: vi.fn(),
+          get: vi.fn(),
+        },
+      };
+    }
+  }
+
+  return {
+    NextResponse: MockNextResponse,
+    NextRequest: vi.fn().mockImplementation((url) => ({
+      url,
+      nextUrl: new URL(url),
+    })),
+  };
+});
+
+vi.mock("next/cache", () => ({
+  revalidatePath: vi.fn(),
+}));
+
+describe("Auth Route Handler", () => {
+  let mockLogger: logger.Logger;
+  afterEach(vi.clearAllMocks);
+  beforeEach(() => {
+    mockLogger = {
+      error: vi.fn(),
+      info: vi.fn(),
+      warn: vi.fn(),
+      debug: vi.fn(),
+    };
+    vi.spyOn(logger.loggers.nextjs.handlers.auth, "debug").mockImplementation(
+      (...args) => mockLogger.debug(...args),
+    );
+    vi.spyOn(logger.loggers.nextjs.handlers.auth, "info").mockImplementation(
+      (...args) => mockLogger.info(...args),
+    );
+    vi.spyOn(logger.loggers.nextjs.handlers.auth, "warn").mockImplementation(
+      (...args) => mockLogger.warn(...args),
+    );
+    vi.spyOn(logger.loggers.nextjs.handlers.auth, "error").mockImplementation(
+      (...args) => mockLogger.error(...args),
+    );
+  });
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    vi.stubEnv("_civic_auth_client_id", "test-client-id");
+    vi.spyOn(login, "resolveOAuthAccessCode").mockResolvedValue(
+      {} as OIDCTokenResponseBody,
+    );
+    vi.spyOn(session, "getUser").mockResolvedValue(mockUser);
+    vi.spyOn(GenericUserSession.prototype, "set");
+  });
+
+  describe("Challenge Handler", () => {
+    beforeEach(() => {
+      vi.spyOn(
+        PKCE.GenericPublicClientPKCEProducer.prototype,
+        "getCodeChallenge",
+      ).mockResolvedValue("test-code-challenge");
+    });
+
+    it("should handle challenge request", async () => {
+      const mockRequest = new NextRequest(
+        "https://example.com/api/auth/challenge",
+      );
+
+      const routeHandler = handler();
+      const response = await routeHandler(mockRequest);
+
+      expect(response.json()).resolves.toEqual({
+        status: "success",
+        challenge: "test-code-challenge",
+      });
+    });
+  });
+
+  describe("Callback Handler", () => {
+    let mockRequest: NextRequest;
+    let routeHandler: (request: NextRequest) => Promise<NextResponse>;
+    beforeAll(() => {
+      routeHandler = handler();
+    });
+    it("should handle missing parameters", async () => {
+      mockRequest = new NextRequest(
+        "https://example.com/api/auth/callback", // missing params
+      );
+
+      (mockRequest as unknown as Record<string, unknown>).cookies = {
+        get: (cookieName: string) =>
+          cookieName === "code_verifier" ? "test-code-verifier" : undefined,
+      };
+      const response = await routeHandler(mockRequest);
+
+      expect(response.json()).resolves.toEqual({
+        error: "Bad parameters",
+      });
+      expect(response.status).toBe(400);
+    });
+
+    describe("with all parameters passed in", () => {
+      beforeAll(() => {
+        mockRequest = new NextRequest(
+          "https://example.com/api/auth/callback?code=123&state=testState",
+        );
+
+        (mockRequest as unknown as Record<string, unknown>).cookies = {
+          get: (cookieName: string) =>
+            cookieName === "code_verifier" ? "test-code-verifier" : undefined,
+        };
+      });
+      it("should handle error when resolving the access code", async () => {
+        vi.spyOn(login, "resolveOAuthAccessCode").mockRejectedValue(
+          "Token exchange failed",
+        );
+        const response = await routeHandler(mockRequest);
+
+        expect(response.json()).resolves.toEqual({
+          error: "Failed to authenticate user",
+        });
+        expect(response.status).toBe(401);
+      });
+      describe("with code_verifier cookie present on request", () => {
+        it("should do token exchange", async () => {
+          const routeHandler = handler();
+          const response = await routeHandler(mockRequest);
+
+          // should have resolved the access code
+          expect(login.resolveOAuthAccessCode).toHaveBeenCalled();
+
+          // verify response data
+          const responseData = await response.json();
+          expect(responseData).toEqual({});
+
+          // verify user is being set to the session
+          expect(GenericUserSession.prototype.set).toHaveBeenCalledWith(
+            mockUser,
+          );
+        });
+        it("should return empty html response", async () => {
+          const response = await routeHandler(mockRequest);
+          expect(response.body).toEqual(
+            '<html><span style="display:none">serverSideTokenExchangeSuccess</span></html>',
+          );
+        });
+      });
+      describe("with no code_verifier cookie present on request", () => {
+        beforeAll(() => {
+          (mockRequest as unknown as Record<string, unknown>).cookies = {
+            get: () => undefined,
+          };
+        });
+        it("should not do token exchange", async () => {
+          const response = await routeHandler(mockRequest);
+
+          // should have resolved the access code
+          expect(login.resolveOAuthAccessCode).not.toHaveBeenCalled();
+
+          // verify response data
+          const responseData = await response.json();
+          expect(responseData).toEqual({});
+
+          // verify user is being set to the session
+          expect(GenericUserSession.prototype.set).not.toHaveBeenCalled();
+        });
+
+        describe("in server token-exchange mode", () => {
+          let state: string;
+          beforeEach(() => {
+            state =
+              "eyJ1dWlkIjoiMGY0NWU5YWItY2U1Ni00OWZiLTlkYmUtOGQ3ZmM3YTI3NDFhIiwiZGlzcGxheU1vZGUiOiJpZnJhbWUiLCJzZXJ2ZXJUb2tlbkV4Y2hhbmdlIjp0cnVlfQ";
+            const params = new URLSearchParams({ code: "123", state });
+            mockRequest = new NextRequest(
+              `https://example.com/api/auth/callback?${params.toString()}`,
+            );
+            (mockRequest as unknown as Record<string, unknown>).cookies = {
+              get: () => undefined,
+            };
+          });
+          it("should return html with a javascript fetch call to retry the callback token exchange", async () => {
+            // this state indicates server-side token exchange
+
+            const response = await routeHandler(mockRequest);
+
+            expect(response.body).toContain(
+              `fetch('/api/auth/callback?code=123&state=${state}&sameDomainServerTokenExchange=true')`,
+            );
+          });
+        });
+
+        describe("in client token-exchange mode", () => {
+          let state: string;
+          beforeEach(() => {
+            state =
+              "eyJ1dWlkIjoiNzE5MmI3MmItYzk5ZC00NjhmLTliMDAtMWFhOWVhYjI0YjgxIiwiZGlzcGxheU1vZGUiOiJyZWRpcmVjdCJ9";
+            const params = new URLSearchParams({ code: "123", state });
+            mockRequest = new NextRequest(
+              `https://example.com/api/auth/callback?${params.toString()}`,
+            );
+            (mockRequest as unknown as Record<string, unknown>).cookies = {
+              get: () => undefined,
+            };
+          });
+          it("should return html response indicating a token exchange is required", async () => {
+            const response = await routeHandler(mockRequest);
+            expect(response.body).toEqual(
+              `<html><body><span style="display:none">${TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`,
+            );
+          });
+        });
+      });
+    });
+  });
+
+  describe("Logout Handler", () => {
+    beforeEach(() => {
+      vi.spyOn(cookies, "clearAuthCookies");
+    });
+
+    it("should clear auth cookies", async () => {
+      const mockRequest = new NextRequest(
+        "https://example.com/api/auth/logout?redirect=/dashboard",
+      );
+
+      const routeHandler = handler();
+
+      await routeHandler(mockRequest);
+      expect(cookies.clearAuthCookies).toHaveBeenCalled();
+    });
+
+    it("should handle relative redirect paths", async () => {
+      const mockRequest = new NextRequest(
+        "https://example.com/api/auth/logout?redirect=/dashboard",
+      );
+
+      const routeHandler = handler();
+
+      const response = await routeHandler(mockRequest);
+
+      expect(response.url).toBe("https://example.com/dashboard");
+      expect(revalidatePath).toHaveBeenCalledWith("/dashboard");
+    });
+
+    it("should handle default redirect to home", async () => {
+      const mockRequest = new NextRequest(
+        "https://example.com/api/auth/logout",
+      );
+
+      const routeHandler = handler();
+
+      const response = await routeHandler(mockRequest);
+
+      expect(response.url).toBe("https://example.com/");
+      expect(revalidatePath).toHaveBeenCalledWith("/");
+    });
+
+    it("should handle absolute URLs and preserve the domain", async () => {
+      const mockRequest = new NextRequest(
+        "https://example.com/api/auth/logout?redirect=https://other-domain.com/page",
+      );
+
+      const routeHandler = handler();
+
+      const response = await routeHandler(mockRequest);
+
+      // The URL constructor will preserve the absolute URL
+      expect(response.url).toBe("https://other-domain.com/page");
+      expect(revalidatePath).toHaveBeenCalledWith(
+        "https://other-domain.com/page",
+      );
+    });
+
+    it("should handle revalidation failure gracefully", async () => {
+      const mockRequest = new NextRequest(
+        "https://example.com/api/auth/logout?redirect=/dashboard",
+      );
+
+      vi.mocked(revalidatePath).mockImplementationOnce(() => {
+        throw new Error("Revalidation failed");
+      });
+
+      const routeHandler = handler();
+      const response = await routeHandler(mockRequest);
+      expect(response.url).toBe("https://example.com/dashboard");
+      expect(mockLogger.warn).toHaveBeenCalled();
+    });
+  });
+});

package/test/unit/nextjs/utils.test.ts

@@ -0,0 +1,26 @@
+import { describe, it, expect } from "vitest";
+import type { AuthConfigWithDefaults } from "@/nextjs/config.js";
+import { resolveCallbackUrl } from "@/nextjs/utils.js";
+
+describe("Nextjs utils", () => {
+  describe("resolveCallbackUrl", () => {
+    it("should resolve the callbackUrl with appUrl and callbackUrl from configs", () => {
+      const callbackUrl = resolveCallbackUrl({
+        appUrl: "https://example.com",
+        callbackUrl: "/callback",
+      } as unknown as AuthConfigWithDefaults);
+      expect(callbackUrl).toBe("https://example.com/callback");
+    });
+
+    it("should resolve the callbackUrl with callbackUrl from config and alternativeUrl if appUrl is empty", () => {
+      const callbackUrl = resolveCallbackUrl(
+        {
+          appUrl: undefined,
+          callbackUrl: "/callback",
+        } as unknown as AuthConfigWithDefaults,
+        "https://example.com",
+      );
+      expect(callbackUrl).toBe("https://example.com/callback");
+    });
+  });
+});

package/test/unit/publicApi/__snapshots__/apiSnapshot.test.ts.snap

@@ -0,0 +1,19 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`Auth Client Public API Snapshot > should match the previous API snapshot 1`] = `
+{
+  "CivicAuthIframeContainer": [Function],
+  "CivicAuthProvider": [Function],
+  "SignInButton": [Function],
+  "SignOutButton": [Function],
+  "UserButton": [Function],
+  "useAuth": [Function],
+  "useConfig": [Function],
+  "useIframe": [Function],
+  "useSession": [Function],
+  "useToken": [Function],
+  "useTokenCookie": [Function],
+  "useUser": [Function],
+  "useUserCookie": [Function],
+}
+`;

package/test/unit/publicApi/apiSnapshot.test.ts

@@ -0,0 +1,11 @@
+import * as authClient from "../../../src/reactjs/index.js";
+
+import { describe, expect, it } from "vitest";
+
+// This test checks if the current state of the authClient matches the previously saved snapshot.
+// If the API updates, you will need to update the snapshot by running the test:update script, i.e. `pnpm test:update`
+describe("Auth Client Public API Snapshot", () => {
+  it("should match the previous API snapshot", () => {
+    expect(authClient).toMatchSnapshot();
+  });
+});

package/test/unit/react/components/SignInButton.test.tsx

@@ -0,0 +1,50 @@
+import { describe, it, expect, vi } from "vitest";
+import React from "react";
+import { fireEvent, render, screen } from "@testing-library/react";
+import { CivicAuthProvider } from "@/shared/providers/CivicAuthProvider.js";
+import { SignInButton } from "@/reactjs/components/SignInButton.js";
+import * as civicHook from "@/reactjs/hooks/useUser.js";
+
+describe("SignInButton Component", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("should render a SignInButton component", () => {
+    render(
+      <CivicAuthProvider
+        clientId="test-client-id"
+        redirectUrl="https://example.com"
+      >
+        <SignInButton />
+      </CivicAuthProvider>,
+    );
+
+    expect(screen.getByText("Sign In")).toBeDefined();
+  });
+
+  it("should call signIn when the button is clicked", () => {
+    const mockSignIn = vi.fn();
+
+    vi.spyOn(civicHook, "useUser").mockReturnValue({
+      signIn: mockSignIn,
+      signOut: async () => {},
+      error: null,
+      isLoading: false,
+      user: null,
+    });
+
+    render(
+      <CivicAuthProvider
+        clientId="test-client-id"
+        redirectUrl="https://example.com"
+      >
+        <SignInButton />
+      </CivicAuthProvider>,
+    );
+
+    fireEvent.click(screen.getByText("Sign In"));
+
+    expect(mockSignIn).toHaveBeenCalled();
+  });
+});

package/test/unit/react/components/SignOutButton.test.tsx

@@ -0,0 +1,49 @@
+import { describe, it, expect, vi } from "vitest";
+import { fireEvent, render, screen } from "@testing-library/react";
+import { CivicAuthProvider, SignOutButton } from "@/reactjs/index.js";
+import * as userHook from "@/reactjs/hooks/useUser.js";
+import React from "react";
+
+describe("SignOutButton Component", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("should render a SignOutButton component", () => {
+    render(
+      <CivicAuthProvider
+        clientId="test-client-id"
+        redirectUrl="https://example.com"
+      >
+        <SignOutButton />
+      </CivicAuthProvider>,
+    );
+
+    expect(screen.getByText("Sign Out")).toBeDefined();
+  });
+
+  it("should call signIn when the button is clicked", () => {
+    const mockSignOut = vi.fn();
+
+    vi.spyOn(userHook, "useUser").mockReturnValue({
+      signOut: mockSignOut,
+      signIn: async () => {},
+      error: null,
+      isLoading: false,
+      user: null,
+    });
+
+    render(
+      <CivicAuthProvider
+        clientId="test-client-id"
+        redirectUrl="https://example.com"
+      >
+        <SignOutButton />
+      </CivicAuthProvider>,
+    );
+
+    fireEvent.click(screen.getByText("Sign Out"));
+
+    expect(mockSignOut).toHaveBeenCalled();
+  });
+});