@civic/auth 0.1.2 → 0.1.4-beta.0

package/test/unit/server/session.test.ts

@@ -1,51 +0,0 @@
-import { describe, it, expect, vi } from "vitest";
-import type { JWT } from "oslo/jwt";
-import { parseJWT } from "oslo/jwt";
-import { getUser } from "@/shared/lib/session.js";
-import { retrieveTokens } from "@/shared/lib/util.js";
-import type { AuthStorage, OIDCTokenResponseBody, User } from "@/types.js";
-
-vi.mock("@/shared/lib/util.js");
-vi.mock("oslo/jwt");
-
-describe("getUser", () => {
-  const mockStorage = {} as AuthStorage;
-  const mockUser: User = {
-    id: "mockUserId",
-    email: "user@example.com",
-  } as User;
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-  });
-
-  it("should return null if no tokens are retrieved", async () => {
-    vi.mocked(retrieveTokens).mockResolvedValue(null);
-
-    const result = await getUser(mockStorage);
-    expect(result).toBeNull();
-    expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);
-  });
-
-  it("should return a User if tokens are retrieved and parsed successfully", async () => {
-    const mockTokens = { id_token: "mockIdToken" } as OIDCTokenResponseBody;
-    vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);
-    vi.mocked(parseJWT).mockReturnValue({ payload: mockUser } as JWT);
-
-    const result = await getUser(mockStorage);
-    expect(result).toEqual(mockUser);
-    expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);
-    expect(parseJWT).toHaveBeenCalledWith(mockTokens.id_token);
-  });
-
-  it("should return null if parsing the ID token fails", async () => {
-    const mockTokens = { id_token: "mockIdToken" } as OIDCTokenResponseBody;
-    vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);
-    vi.mocked(parseJWT).mockReturnValue(null); // Simulate parse failure
-
-    const result = await getUser(mockStorage);
-    expect(result).toBeNull();
-    expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);
-    expect(parseJWT).toHaveBeenCalledWith(mockTokens.id_token);
-  });
-});

package/test/unit/services/AuthenticationService.test.ts

@@ -1,152 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from "vitest";
-import {
-  BrowserAuthenticationInitiator,
-  BrowserAuthenticationService,
-  GenericAuthenticationInitiator,
-} from "@/services/AuthenticationService.js";
-import {
-  generateOauthLoginUrl,
-  generateOauthLogoutUrl,
-  exchangeTokens,
-  retrieveTokens,
-  storeTokens,
-} from "@/shared/lib/util.js";
-import { LocalStorageAdapter } from "@/browser/storage.js";
-import { BrowserPublicClientPKCEProducer } from "@/services/PKCE.js";
-import type { OIDCTokenResponseBody, SessionData } from "@/types.js";
-import type { AuthenticationResolver, PKCEConsumer } from "@/services/types.js";
-
-vi.mock("@/shared/lib/util.js", () => ({
-  getEndpointsWithOverrides: async () => ({
-    auth: "auth-endpoint",
-  }),
-  exchangeTokens: vi.fn(),
-  retrieveTokens: vi.fn(),
-  storeTokens: vi.fn(),
-  generateOauthLoginUrl: vi.fn(),
-  generateOauthLogoutUrl: vi.fn(),
-  clearTokens: vi.fn(),
-  clearUser: vi.fn(),
-}));
-vi.mock("@/browser/storage");
-vi.mock("@/services/PKCE.js");
-
-describe("Authentication Services", () => {
-  const mockConfig = {
-    clientId: "mockClientId",
-    redirectUrl: "http://localhost/redirect",
-    state: "mockState",
-    scopes: ["openid", "profile"],
-    displayMode: "redirect" as const,
-    oauthServer: "http://mockOauthServer",
-  };
-
-  describe("BrowserAuthenticationInitiator", () => {
-    it("should generate a login URL", async () => {
-      const initiator = new BrowserAuthenticationInitiator({
-        ...mockConfig,
-        pkceConsumer: {} as PKCEConsumer,
-      });
-      vi.mocked(generateOauthLoginUrl).mockResolvedValue(
-        new URL("http://mockLoginUrl"),
-      );
-
-      const url = await initiator.signIn({} as HTMLIFrameElement);
-
-      expect(url.toString()).toBe("http://mockloginurl/");
-    });
-
-    it("should generate a logout URL", async () => {
-      const initiator = new BrowserAuthenticationInitiator({
-        ...mockConfig,
-        pkceConsumer: {} as PKCEConsumer,
-      });
-      vi.mocked(generateOauthLogoutUrl).mockResolvedValue(
-        new URL("http://mocklogouturl"),
-      );
-
-      const url = await initiator.signOut();
-
-      expect(url.toString()).toBe("http://mocklogouturl/");
-    });
-  });
-
-  describe("GenericAuthenticationInitiator", () => {
-    it("should generate a login URL", async () => {
-      const initiator = new GenericAuthenticationInitiator({
-        ...mockConfig,
-        pkceConsumer: {} as PKCEConsumer,
-      });
-      vi.mocked(generateOauthLoginUrl).mockResolvedValue(
-        new URL("http://mockloginurl"),
-      );
-
-      const url = await initiator.signIn();
-
-      expect(url.toString()).toBe("http://mockloginurl/");
-    });
-
-    it("should generate a logout URL", async () => {
-      const initiator = new GenericAuthenticationInitiator({
-        ...mockConfig,
-        pkceConsumer: {} as PKCEConsumer,
-      });
-      vi.mocked(generateOauthLogoutUrl).mockResolvedValue(
-        new URL("http://mocklogouturl"),
-      );
-
-      const url = await initiator.signOut();
-
-      expect(url.toString()).toBe("http://mocklogouturl/");
-    });
-  });
-
-  describe("BrowserAuthenticationService", () => {
-    let service: AuthenticationResolver;
-    const mockTokens: OIDCTokenResponseBody = {
-      id_token: "mockIdToken",
-      access_token: "mockAccessToken",
-      refresh_token: "mockRefreshToken",
-    };
-
-    beforeEach(async () => {
-      service = await BrowserAuthenticationService.build({
-        ...mockConfig,
-      });
-      vi.mocked(exchangeTokens).mockResolvedValue(mockTokens);
-      vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);
-    });
-
-    it("should exchange auth code for tokens and store them", async () => {
-      const code = "mockCode";
-      const state = "mockState";
-
-      vi.mocked(
-        BrowserPublicClientPKCEProducer.prototype.getCodeVerifier,
-      ).mockResolvedValue("dummy-verifier");
-
-      const tokens = await service.tokenExchange(code, state);
-
-      expect(storeTokens).toHaveBeenCalledWith(
-        expect.any(LocalStorageAdapter),
-        mockTokens,
-      );
-      expect(tokens).toEqual(mockTokens);
-    });
-
-    it("should retrieve session data from local storage", async () => {
-      const sessionData: SessionData = {
-        authenticated: true,
-        idToken: mockTokens.id_token,
-        accessToken: mockTokens.access_token,
-        refreshToken: mockTokens.refresh_token,
-      };
-      const result = await service.getSessionData();
-
-      expect(retrieveTokens).toHaveBeenCalledWith(
-        expect.any(LocalStorageAdapter),
-      );
-      expect(result).toEqual(sessionData);
-    });
-  });
-});

package/test/unit/services/ServerAuthenticationResolver.test.ts

@@ -1,115 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from "vitest";
-import { ServerAuthenticationResolver } from "@/server/ServerAuthenticationResolver.js";
-import {
-  exchangeTokens,
-  getEndpointsWithOverrides,
-  retrieveTokens,
-  storeTokens,
-} from "@/shared/lib/util.js";
-import type {
-  AuthStorage,
-  Endpoints,
-  OIDCTokenResponseBody,
-  SessionData,
-} from "@/types.js";
-import type { AuthConfig } from "@/server/config.ts";
-import { GenericPublicClientPKCEProducer } from "@/services/PKCE.js";
-import type { AuthenticationResolver } from "@/services/types.ts";
-
-vi.mock("oslo/oauth2");
-vi.mock("@/services/PKCE.js");
-vi.mock("@/shared/lib/util.js");
-
-describe("ServerAuthenticationResolver", () => {
-  const mockAuthConfig: AuthConfig = {
-    clientId: "mockClientId",
-    oauthServer: "http://mockOauthServer",
-    redirectUrl: "http://localhost/redirect",
-    challengeUrl: "http://localhost/challenge",
-  };
-  const mockEndpoints: Endpoints = {
-    auth: "http://mockAuthEndpoint",
-    token: "http://mockTokenEndpoint",
-    jwks: "http://mockJwksEndpoint",
-    userinfo: "http://mockUserinfoEndpoint",
-  };
-  const mockTokens: OIDCTokenResponseBody = {
-    id_token: "mockIdToken",
-    access_token: "mockAccessToken",
-    refresh_token: "mockRefreshToken",
-  };
-  const mockStorage = {} as AuthStorage;
-
-  let resolver: AuthenticationResolver;
-
-  beforeEach(async () => {
-    vi.clearAllMocks();
-    vi.mocked(getEndpointsWithOverrides).mockResolvedValue(mockEndpoints);
-    resolver = await ServerAuthenticationResolver.build(
-      mockAuthConfig,
-      mockStorage,
-    );
-  });
-
-  describe("init", () => {
-    it("should initialize OAuth2 client with resolved endpoints", async () => {
-      expect(getEndpointsWithOverrides).toHaveBeenCalledWith(
-        mockAuthConfig.oauthServer,
-        undefined,
-      );
-    });
-  });
-
-  describe("tokenExchange", () => {
-    it("should exchange auth code for tokens and store them", async () => {
-      const code = "mockCode";
-      const state = "mockState";
-      const codeVerifier = "mockCodeVerifier";
-      vi.mocked(
-        GenericPublicClientPKCEProducer.prototype.getCodeVerifier,
-      ).mockResolvedValue(codeVerifier);
-      vi.mocked(exchangeTokens).mockResolvedValue(mockTokens);
-
-      const tokens = await resolver.tokenExchange(code, state);
-
-      expect(storeTokens).toHaveBeenCalledWith(mockStorage, mockTokens);
-      expect(tokens).toEqual(mockTokens);
-    });
-
-    it("should throw an error if code verifier is not found", async () => {
-      vi.mocked(
-        GenericPublicClientPKCEProducer.prototype.getCodeVerifier,
-      ).mockResolvedValue(null);
-
-      await expect(
-        resolver.tokenExchange("mockCode", "mockState"),
-      ).rejects.toThrow("Code verifier not found in storage");
-    });
-  });
-
-  describe("getSessionData", () => {
-    it("should retrieve session data from storage", async () => {
-      vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);
-
-      const sessionData: SessionData = {
-        authenticated: true,
-        idToken: mockTokens.id_token,
-        accessToken: mockTokens.access_token,
-        refreshToken: mockTokens.refresh_token,
-      };
-
-      const result = await resolver.getSessionData();
-
-      expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);
-      expect(result).toEqual(sessionData);
-    });
-
-    it("should return null if no tokens are found in storage", async () => {
-      vi.mocked(retrieveTokens).mockResolvedValue(null);
-
-      const result = await resolver.getSessionData();
-
-      expect(result).toBeNull();
-    });
-  });
-});

package/test/unit/shared/GenericAuthenticationRefresher.test.ts

@@ -1,89 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from "vitest";
-import { GenericAuthenticationRefresher } from "@/shared/lib/GenericAuthenticationRefresher.js";
-import {
-  getEndpointsWithOverrides,
-  retrieveTokens,
-  storeTokens,
-} from "@/shared/lib/util.js";
-import type { AuthStorage, Endpoints, OIDCTokenResponseBody } from "@/types.js";
-import { OAuth2Client } from "oslo/oauth2";
-import type { AuthConfig } from "@/server/config.ts";
-
-vi.mock("@/shared/lib/util.js");
-vi.mock("oslo/oauth2");
-
-describe("GenericAuthenticationRefresher", () => {
-  const mockAuthConfig: AuthConfig = {
-    clientId: "mockClientId",
-    oauthServer: "http://mockOauthServer",
-    redirectUrl: "http://localhost/redirect",
-  };
-  const mockEndpoints: Endpoints = {
-    auth: "http://mockAuthEndpoint",
-    token: "http://mockTokenEndpoint",
-    jwks: "http://mockJwksEndpoint",
-    userinfo: "http://mockUserinfoEndpoint",
-  };
-  const mockTokens: OIDCTokenResponseBody = {
-    id_token: "mockIdToken",
-    access_token: "mockAccessToken",
-    refresh_token: "mockRefreshToken",
-  };
-  const mockStorage = {} as AuthStorage;
-
-  let refresher: GenericAuthenticationRefresher;
-
-  beforeEach(async () => {
-    vi.clearAllMocks();
-    vi.mocked(getEndpointsWithOverrides).mockResolvedValue(mockEndpoints);
-    refresher = await GenericAuthenticationRefresher.build(
-      mockAuthConfig,
-      mockStorage,
-    );
-  });
-
-  describe("init", () => {
-    it("should initialize OAuth2 client with resolved endpoints", async () => {
-      expect(getEndpointsWithOverrides).toHaveBeenCalledWith(
-        mockAuthConfig.oauthServer,
-        undefined,
-      );
-      expect(refresher["endpoints"]).toEqual(mockEndpoints);
-      expect(refresher["oauth2client"]).toBeInstanceOf(OAuth2Client);
-    });
-  });
-
-  describe("refreshTokens", () => {
-    it("should refresh tokens and store them", async () => {
-      vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);
-      const refreshedTokens: OIDCTokenResponseBody = {
-        id_token: "newIdToken",
-        access_token: "newAccessToken",
-        refresh_token: "newRefreshToken",
-      };
-
-      vi.mocked(OAuth2Client.prototype.refreshAccessToken).mockResolvedValue(
-        refreshedTokens,
-      );
-
-      const result = await refresher.refreshTokens();
-
-      expect(
-        refresher["oauth2client"]?.refreshAccessToken,
-      ).toHaveBeenCalledWith(mockTokens.refresh_token);
-      expect(storeTokens).toHaveBeenCalledWith(mockStorage, refreshedTokens);
-      expect(result).toEqual(mockTokens);
-    });
-
-    it("should throw an error if no refresh token is available", async () => {
-      vi.mocked(retrieveTokens).mockResolvedValue({
-        ...mockTokens,
-        refresh_token: undefined,
-      });
-
-      await expect(refresher.refreshTokens()).rejects.toThrow(
-        "No refresh token available",
-      );
-    });
-  });
-});

package/test/unit/shared/UserSession.test.ts

@@ -1,42 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { GenericUserSession } from "@/shared/lib/UserSession.js";
-import type { AuthStorage, User } from "@/types.ts";
-
-const mockUser: User = {
-  id: "user123",
-  name: "John Doe",
-  email: "john@example.com",
-  picture: "https://example.com/john.jpg",
-  forwardedTokens: null,
-} as unknown as User;
-
-let storage: Record<string, string> = {};
-class TestStorage implements AuthStorage {
-  async get(key: string): Promise<string | null> {
-    return storage[key] ?? null;
-  }
-  async set(key: string, value: string): Promise<void> {
-    storage[key] = value;
-  }
-}
-
-describe("UserSession", () => {
-  beforeEach(() => {
-    storage = {}; // clear storage
-  });
-
-  describe("GenericUserSession", () => {
-    it("should get the user from session", async () => {
-      const userSession = new GenericUserSession(new TestStorage());
-      userSession.set(mockUser);
-      const user = await userSession.get();
-      expect(user).toEqual(mockUser);
-    });
-
-    it("should return null if user it not found", async () => {
-      const userSession = new GenericUserSession(new TestStorage());
-      const user = await userSession.get();
-      expect(user).toBeNull();
-    });
-  });
-});

package/test/unit/shared/components/CivicAuthIframeContainer.test.tsx

@@ -1,154 +0,0 @@
-import { render, act, waitFor } from "@testing-library/react";
-import { CivicAuthIframeContainer } from "@/shared/components/CivicAuthIframeContainer.js";
-import { vi } from "vitest";
-import React, { type RefObject } from "react";
-import { createRef } from "react";
-import { TOKEN_EXCHANGE_TRIGGER_TEXT } from "@/constants.js";
-
-let setAuthResponseUrlMock: any;
-let iframeRefMock: RefObject<HTMLIFrameElement>;
-
-beforeEach(() => {
-  iframeRefMock = createRef();
-
-  vi.mock("@/shared/hooks", () => ({
-    useAuth: () => ({ isLoading: false }),
-    useConfig: () => ({
-      redirectUrl: "https://example.com/redirect",
-      modalIframe: true,
-    }),
-    useIframe: vi.fn(() => ({
-      setAuthResponseUrl: setAuthResponseUrlMock,
-      iframeRef: iframeRefMock,
-    })),
-  }));
-});
-
-describe("CivicAuthIframeContainer", () => {
-  let originalFetch: typeof global.fetch;
-
-  beforeAll(() => {
-    originalFetch = global.fetch;
-  });
-
-  afterAll(() => {
-    global.fetch = originalFetch;
-  });
-
-  it(`triggers a fetch request when '${TOKEN_EXCHANGE_TRIGGER_TEXT}' is in the iframe body`, async () => {
-    const onCloseMock = vi.fn();
-    setAuthResponseUrlMock = vi.fn();
-
-    const fetchMock = vi.fn(() => Promise.resolve({ ok: true }));
-    global.fetch = fetchMock as any;
-
-    render(
-      <CivicAuthIframeContainer onClose={onCloseMock} closeOnRedirect={true} />,
-    );
-
-    act(() => {
-      if (iframeRefMock.current) {
-        Object.defineProperty(iframeRefMock.current, "contentWindow", {
-          value: {
-            location: {
-              href: "https://example.com/redirect?code=1234",
-            },
-            document: {
-              body: {
-                innerHTML: TOKEN_EXCHANGE_TRIGGER_TEXT,
-              },
-            },
-          },
-          configurable: true,
-        });
-      }
-    });
-
-    act(() => {
-      iframeRefMock.current?.dispatchEvent(new Event("load"));
-    });
-
-    await waitFor(() => {
-      expect(fetchMock).toHaveBeenCalledWith(
-        "https://example.com/redirect?code=1234&appUrl=http://localhost:3000",
-      );
-      expect(onCloseMock).toHaveBeenCalled();
-    });
-  });
-
-  it(`sets auth response URL when no '${TOKEN_EXCHANGE_TRIGGER_TEXT}' in iframe body`, async () => {
-    const onCloseMock = vi.fn();
-    setAuthResponseUrlMock = vi.fn();
-
-    render(
-      <CivicAuthIframeContainer onClose={onCloseMock} closeOnRedirect={true} />,
-    );
-
-    act(() => {
-      if (iframeRefMock.current) {
-        Object.defineProperty(iframeRefMock.current, "contentWindow", {
-          value: {
-            location: {
-              href: "https://example.com/redirect?code=5678",
-            },
-            document: {
-              body: {
-                innerHTML: "",
-              },
-            },
-          },
-          configurable: true,
-        });
-      }
-    });
-
-    act(() => {
-      iframeRefMock.current?.dispatchEvent(new Event("load"));
-    });
-
-    await waitFor(() => {
-      expect(setAuthResponseUrlMock).toHaveBeenCalledWith(
-        "https://example.com/redirect?code=5678",
-      );
-      expect(onCloseMock).toHaveBeenCalled();
-    });
-  });
-
-  it("does not call onClose if closeOnRedirect is false", async () => {
-    const onCloseMock = vi.fn();
-    setAuthResponseUrlMock = vi.fn();
-
-    render(
-      <CivicAuthIframeContainer
-        onClose={onCloseMock}
-        closeOnRedirect={false}
-      />,
-    );
-
-    act(() => {
-      if (iframeRefMock.current) {
-        Object.defineProperty(iframeRefMock.current, "contentWindow", {
-          value: {
-            location: {
-              href: "https://example.com/redirect?code=91011",
-            },
-            document: {
-              body: {
-                innerHTML: TOKEN_EXCHANGE_TRIGGER_TEXT,
-              },
-            },
-          },
-          configurable: true,
-        });
-      }
-    });
-
-    act(() => {
-      iframeRefMock.current?.dispatchEvent(new Event("load"));
-    });
-
-    await waitFor(() => {
-      expect(onCloseMock).not.toHaveBeenCalled();
-    });
-  });
-});

package/test/unit/shared/storage.test.ts

@@ -1,67 +0,0 @@
-import { describe, it, expect } from "vitest";
-import {
-  CookieStorage,
-  DEFAULT_COOKIE_DURATION,
-  type CookieStorageSettings,
-} from "@/shared/lib/storage.js";
-
-describe("CookieStorage", () => {
-  class MockCookieStorage extends CookieStorage {
-    private storage: Record<string, string> = {};
-
-    constructor(settings: Partial<CookieStorageSettings>) {
-      super(settings);
-    }
-
-    async get(key: string): Promise<string | null> {
-      return this.storage[key] ?? null;
-    }
-    async set(key: string, value: string): Promise<void> {
-      this.storage[key] = value;
-    }
-  }
-
-  it("should set default settings if none are provided", () => {
-    const storage = new MockCookieStorage({});
-
-    const expectedSettings: CookieStorageSettings = {
-      httpOnly: true,
-      secure: true,
-      sameSite: "lax",
-      expires: new Date(Date.now() + 1000 * DEFAULT_COOKIE_DURATION),
-      path: "/",
-    };
-
-    expect(storage["settings"]).toMatchObject({
-      httpOnly: expectedSettings.httpOnly,
-      secure: expectedSettings.secure,
-      sameSite: expectedSettings.sameSite,
-      path: expectedSettings.path,
-    });
-
-    const expires = storage["settings"].expires;
-    const expectedExpires = expectedSettings.expires;
-    expect(expires.getTime()).toBeCloseTo(expectedExpires.getTime(), -3); // Allow small time diff tolerance
-  });
-
-  it("should allow custom settings to override defaults", () => {
-    const customSettings: Partial<CookieStorageSettings> = {
-      httpOnly: false,
-      secure: false,
-      sameSite: "strict",
-      expires: new Date(Date.now() + 1000 * 60 * 30), // 30 minutes
-      path: "/custom",
-    };
-    const storage = new MockCookieStorage(customSettings);
-
-    expect(storage["settings"]).toMatchObject(customSettings);
-  });
-
-  it("should set and get values correctly", async () => {
-    const storage = new MockCookieStorage({});
-
-    await storage.set("testKey", "testValue");
-    expect(await storage.get("testKey")).toBe("testValue");
-    expect(await storage.get("nonExistentKey")).toBe(null);
-  });
-});