@civic/auth 0.1.3 → 0.1.4-beta.1

package/test/unit/nextjs/routeHandler.test.ts.skipped

@@ -1,369 +0,0 @@
-import { describe, it, expect, beforeEach, vi } from "vitest";
-import { NextRequest, NextResponse } from "next/server.js";
-import { handler } from "@/nextjs/routeHandler.js";
-import { revalidatePath } from "next/cache.js";
-import type { OIDCTokenResponseBody, User } from "@/types.ts";
-import * as logger from "@/lib/logger.js";
-import * as login from "@/server/login.js";
-import * as session from "@/shared/lib/session.js";
-import * as cookies from "@/nextjs/cookies.js";
-import * as PKCE from "@/services/PKCE.js";
-import { GenericUserSession } from "@/shared/lib/UserSession.js";
-import { TOKEN_EXCHANGE_TRIGGER_TEXT } from "@/constants.js";
-
-vi.mock("next/headers.js", () => {
-  return {
-    cookies: vi.fn().mockReturnValue({
-      set: vi.fn(),
-      get: (name: string) => {
-        if (name === "codeVerifier") {
-          return "test-code-verifier";
-        }
-      },
-    }),
-  };
-});
-
-vi.mock("@/server/login.js");
-vi.mock("@/shared/lib/session.js");
-vi.mock("@/nextjs/cookies.js");
-vi.mock("@/services/PKCE.js");
-
-const mockUser: User = {
-  id: "user123",
-  name: "John Doe",
-  email: "john@example.com",
-  picture: "https://example.com/john.jpg",
-} as unknown as User;
-
-// Mock implementations
-vi.mock("next/server.js", () => {
-  class MockNextResponse {
-    constructor(
-      public body?: any,
-      public init?: any,
-    ) {
-      this.body = body;
-      this.init = init;
-    }
-
-    public headers = {
-      set: vi.fn(),
-    };
-
-    public cookies = {
-      set: vi.fn(),
-      get: vi.fn(),
-    };
-
-    json() {
-      return Promise.resolve({});
-    }
-
-    static json(data: any, options: any) {
-      return {
-        ...options,
-        data,
-        json: () => Promise.resolve(data),
-        headers: {
-          set: vi.fn(),
-        },
-        cookies: {
-          set: vi.fn(),
-          get: vi.fn(),
-        },
-      };
-    }
-
-    static redirect(url: string) {
-      return {
-        url,
-        cookies: {
-          set: vi.fn(),
-          get: vi.fn(),
-        },
-      };
-    }
-  }
-
-  return {
-    NextResponse: MockNextResponse,
-    NextRequest: vi.fn().mockImplementation((url) => ({
-      url,
-      nextUrl: new URL(url),
-    })),
-  };
-});
-
-vi.mock("next/cache", () => ({
-  revalidatePath: vi.fn(),
-}));
-
-describe.skip("Auth Route Handler", () => {
-  let mockLogger: logger.Logger;
-  afterEach(vi.clearAllMocks);
-  beforeEach(() => {
-    mockLogger = {
-      error: vi.fn(),
-      info: vi.fn(),
-      warn: vi.fn(),
-      debug: vi.fn(),
-    };
-    vi.spyOn(logger.loggers.nextjs.handlers.auth, "debug").mockImplementation(
-      (...args) => mockLogger.debug(...args),
-    );
-    vi.spyOn(logger.loggers.nextjs.handlers.auth, "info").mockImplementation(
-      (...args) => mockLogger.info(...args),
-    );
-    vi.spyOn(logger.loggers.nextjs.handlers.auth, "warn").mockImplementation(
-      (...args) => mockLogger.warn(...args),
-    );
-    vi.spyOn(logger.loggers.nextjs.handlers.auth, "error").mockImplementation(
-      (...args) => mockLogger.error(...args),
-    );
-  });
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-    vi.stubEnv("_civic_auth_client_id", "test-client-id");
-    vi.spyOn(login, "resolveOAuthAccessCode").mockResolvedValue(
-      {} as OIDCTokenResponseBody,
-    );
-    vi.spyOn(session, "getUser").mockResolvedValue(mockUser);
-    vi.spyOn(GenericUserSession.prototype, "set");
-  });
-
-  describe("Challenge Handler", () => {
-    beforeEach(() => {
-      vi.spyOn(
-        PKCE.GenericPublicClientPKCEProducer.prototype,
-        "getCodeChallenge",
-      ).mockResolvedValue("test-code-challenge");
-    });
-
-    it("should handle challenge request", async () => {
-      const mockRequest = new NextRequest(
-        "https://example.com/api/auth/challenge",
-      );
-
-      const routeHandler = handler();
-      const response = await routeHandler(mockRequest);
-
-      expect(response.json()).resolves.toEqual({
-        status: "success",
-        challenge: "test-code-challenge",
-      });
-    });
-  });
-
-  describe("Callback Handler", () => {
-    let mockRequest: NextRequest;
-    let routeHandler: (request: NextRequest) => Promise<NextResponse>;
-    beforeAll(() => {
-      routeHandler = handler();
-    });
-    it("should handle missing parameters", async () => {
-      mockRequest = new NextRequest(
-        "https://example.com/api/auth/callback", // missing params
-      );
-
-      (mockRequest as unknown as Record<string, unknown>).cookies = {
-        get: (cookieName: string) =>
-          cookieName === "code_verifier" ? "test-code-verifier" : undefined,
-      };
-      const response = await routeHandler(mockRequest);
-
-      expect(response.json()).resolves.toEqual({
-        error: "Bad parameters",
-      });
-      expect(response.status).toBe(400);
-    });
-
-    describe("with all parameters passed in", () => {
-      beforeAll(() => {
-        mockRequest = new NextRequest(
-          "https://example.com/api/auth/callback?code=123&state=testState&appUrl=https://example.com",
-        );
-
-        (mockRequest as unknown as Record<string, unknown>).cookies = {
-          get: (cookieName: string) =>
-            cookieName === "code_verifier" ? "test-code-verifier" : undefined,
-        };
-      });
-      it("should handle error when resolving the access code", async () => {
-        vi.spyOn(login, "resolveOAuthAccessCode").mockRejectedValue(
-          "Token exchange failed",
-        );
-        const response = await routeHandler(mockRequest);
-
-        expect(response.json()).resolves.toEqual({
-          error: "Failed to authenticate user",
-        });
-        expect(response.status).toBe(401);
-      });
-      describe("with code_verifier cookie present on request", () => {
-        it("should do token exchange", async () => {
-          const routeHandler = handler();
-          const response = await routeHandler(mockRequest);
-
-          // should have resolved the access code
-          expect(login.resolveOAuthAccessCode).toHaveBeenCalled();
-
-          // verify response data
-          const responseData = await response.json();
-          expect(responseData).toEqual({});
-
-          // verify user is being set to the session
-          expect(GenericUserSession.prototype.set).toHaveBeenCalledWith(
-            mockUser,
-          );
-        });
-        it("should return empty html response", async () => {
-          const response = await routeHandler(mockRequest);
-          expect(response.body).toEqual(
-            '<html><span style="display:none">serverSideTokenExchangeSuccess</span></html>',
-          );
-        });
-      });
-      describe("with no code_verifier cookie present on request", () => {
-        beforeAll(() => {
-          (mockRequest as unknown as Record<string, unknown>).cookies = {
-            get: () => undefined,
-          };
-        });
-        it("should not do token exchange", async () => {
-          const response = await routeHandler(mockRequest);
-
-          // should have resolved the access code
-          expect(login.resolveOAuthAccessCode).not.toHaveBeenCalled();
-
-          // verify response data
-          const responseData = await response.json();
-          expect(responseData).toEqual({});
-
-          // verify user is being set to the session
-          expect(GenericUserSession.prototype.set).not.toHaveBeenCalled();
-        });
-
-        describe("in server token-exchange mode", () => {
-          let state: string;
-          beforeEach(() => {
-            state =
-              "eyJ1dWlkIjoiMGY0NWU5YWItY2U1Ni00OWZiLTlkYmUtOGQ3ZmM3YTI3NDFhIiwiZGlzcGxheU1vZGUiOiJpZnJhbWUiLCJzZXJ2ZXJUb2tlbkV4Y2hhbmdlIjp0cnVlfQ";
-            const params = new URLSearchParams({ code: "123", state });
-            mockRequest = new NextRequest(
-              `https://example.com/api/auth/callback?${params.toString()}`,
-            );
-            (mockRequest as unknown as Record<string, unknown>).cookies = {
-              get: () => undefined,
-            };
-          });
-          it("should return html with a javascript fetch call to retry the callback token exchange", async () => {
-            // this state indicates server-side token exchange
-
-            const response = await routeHandler(mockRequest);
-
-            expect(response.body).toContain(
-              `fetch('/api/auth/callback?code=123&state=${state}&sameDomainServerTokenExchange=true&appUrl=' + appUrl)`,
-            );
-          });
-        });
-
-        describe("in client token-exchange mode", () => {
-          let state: string;
-          beforeEach(() => {
-            state =
-              "eyJ1dWlkIjoiNzE5MmI3MmItYzk5ZC00NjhmLTliMDAtMWFhOWVhYjI0YjgxIiwiZGlzcGxheU1vZGUiOiJyZWRpcmVjdCJ9";
-            const params = new URLSearchParams({ code: "123", state });
-            mockRequest = new NextRequest(
-              `https://example.com/api/auth/callback?${params.toString()}`,
-            );
-            (mockRequest as unknown as Record<string, unknown>).cookies = {
-              get: () => undefined,
-            };
-          });
-          it("should return html response indicating a token exchange is required", async () => {
-            const response = await routeHandler(mockRequest);
-            expect(response.body).toEqual(
-              `<html><body><span style="display:none">${TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`,
-            );
-          });
-        });
-      });
-    });
-  });
-
-  describe("Logout Handler", () => {
-    beforeEach(() => {
-      vi.spyOn(cookies, "clearAuthCookies");
-    });
-
-    it("should clear auth cookies", async () => {
-      const mockRequest = new NextRequest(
-        "https://example.com/api/auth/logout?redirect=/dashboard",
-      );
-
-      const routeHandler = handler();
-
-      await routeHandler(mockRequest);
-      expect(cookies.clearAuthCookies).toHaveBeenCalled();
-    });
-
-    it("should handle relative redirect paths", async () => {
-      const mockRequest = new NextRequest(
-        "https://example.com/api/auth/logout?redirect=/dashboard",
-      );
-
-      const routeHandler = handler();
-
-      const response = await routeHandler(mockRequest);
-
-      expect(response.url).toBe("https://example.com/dashboard");
-      expect(revalidatePath).toHaveBeenCalledWith("/dashboard");
-    });
-
-    it("should handle default redirect to home", async () => {
-      const mockRequest = new NextRequest(
-        "https://example.com/api/auth/logout",
-      );
-
-      const routeHandler = handler();
-
-      const response = await routeHandler(mockRequest);
-
-      expect(response.url).toBe("https://example.com/");
-      expect(revalidatePath).toHaveBeenCalledWith("/");
-    });
-
-    it("should handle absolute URLs and preserve the domain", async () => {
-      const mockRequest = new NextRequest(
-        "https://example.com/api/auth/logout?redirect=https://other-domain.com/page",
-      );
-
-      const routeHandler = handler();
-
-      const response = await routeHandler(mockRequest);
-
-      // The URL constructor will preserve the absolute URL
-      expect(response.url).toBe("https://other-domain.com/page");
-      expect(revalidatePath).toHaveBeenCalledWith(
-        "https://other-domain.com/page",
-      );
-    });
-
-    it("should handle revalidation failure gracefully", async () => {
-      const mockRequest = new NextRequest(
-        "https://example.com/api/auth/logout?redirect=/dashboard",
-      );
-
-      vi.mocked(revalidatePath).mockImplementationOnce(() => {
-        throw new Error("Revalidation failed");
-      });
-
-      const routeHandler = handler();
-      const response = await routeHandler(mockRequest);
-      expect(response.url).toBe("https://example.com/dashboard");
-      expect(mockLogger.warn).toHaveBeenCalled();
-    });
-  });
-});

package/test/unit/nextjs/utils.test.ts

@@ -1,17 +0,0 @@
-import { describe, it, expect } from "vitest";
-import type { AuthConfigWithDefaults } from "@/nextjs/config.js";
-import { resolveCallbackUrl } from "@/nextjs/utils.js";
-
-describe("Nextjs utils", () => {
-  describe("resolveCallbackUrl", () => {
-    it("should resolve the callbackUrl by combining the relative callbackUrl from config with baseUrl", () => {
-      const callbackUrl = resolveCallbackUrl(
-        {
-          callbackUrl: "/callback",
-        } as unknown as AuthConfigWithDefaults,
-        "https://example.com",
-      );
-      expect(callbackUrl).toBe("https://example.com/callback");
-    });
-  });
-});

package/test/unit/publicApi/__snapshots__/apiSnapshot.test.ts.snap

@@ -1,17 +0,0 @@
-// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
-
-exports[`Auth Client Public API Snapshot > should match the previous API snapshot 1`] = `
-{
-  "CivicAuthIframeContainer": [Function],
-  "CivicAuthProvider": [Function],
-  "SignInButton": [Function],
-  "SignOutButton": [Function],
-  "UserButton": [Function],
-  "useAuth": [Function],
-  "useConfig": [Function],
-  "useIframe": [Function],
-  "useSession": [Function],
-  "useToken": [Function],
-  "useUser": [Function],
-}
-`;

package/test/unit/publicApi/apiSnapshot.test.ts

@@ -1,11 +0,0 @@
-import * as authClient from "../../../src/reactjs/index.js";
-
-import { describe, expect, it } from "vitest";
-
-// This test checks if the current state of the authClient matches the previously saved snapshot.
-// If the API updates, you will need to update the snapshot by running the test:update script, i.e. `pnpm test:update`
-describe("Auth Client Public API Snapshot", () => {
-  it("should match the previous API snapshot", () => {
-    expect(authClient).toMatchSnapshot();
-  });
-});

package/test/unit/react/components/SignInButton.test.tsx

@@ -1,50 +0,0 @@
-import { describe, it, expect, vi } from "vitest";
-import React from "react";
-import { fireEvent, render, screen } from "@testing-library/react";
-import { CivicAuthProvider } from "@/shared/providers/CivicAuthProvider.js";
-import { SignInButton } from "@/reactjs/components/SignInButton.js";
-import * as civicHook from "@/reactjs/hooks/useUser.js";
-
-describe("SignInButton Component", () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-  });
-
-  it("should render a SignInButton component", () => {
-    render(
-      <CivicAuthProvider
-        clientId="test-client-id"
-        redirectUrl="https://example.com"
-      >
-        <SignInButton />
-      </CivicAuthProvider>,
-    );
-
-    expect(screen.getByText("Sign In")).toBeDefined();
-  });
-
-  it("should call signIn when the button is clicked", () => {
-    const mockSignIn = vi.fn();
-
-    vi.spyOn(civicHook, "useUser").mockReturnValue({
-      signIn: mockSignIn,
-      signOut: async () => {},
-      error: null,
-      isLoading: false,
-      user: null,
-    });
-
-    render(
-      <CivicAuthProvider
-        clientId="test-client-id"
-        redirectUrl="https://example.com"
-      >
-        <SignInButton />
-      </CivicAuthProvider>,
-    );
-
-    fireEvent.click(screen.getByText("Sign In"));
-
-    expect(mockSignIn).toHaveBeenCalled();
-  });
-});

package/test/unit/react/components/SignOutButton.test.tsx

@@ -1,49 +0,0 @@
-import { describe, it, expect, vi } from "vitest";
-import { fireEvent, render, screen } from "@testing-library/react";
-import { CivicAuthProvider, SignOutButton } from "@/reactjs/index.js";
-import * as userHook from "@/reactjs/hooks/useUser.js";
-import React from "react";
-
-describe("SignOutButton Component", () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-  });
-
-  it("should render a SignOutButton component", () => {
-    render(
-      <CivicAuthProvider
-        clientId="test-client-id"
-        redirectUrl="https://example.com"
-      >
-        <SignOutButton />
-      </CivicAuthProvider>,
-    );
-
-    expect(screen.getByText("Sign Out")).toBeDefined();
-  });
-
-  it("should call signIn when the button is clicked", () => {
-    const mockSignOut = vi.fn();
-
-    vi.spyOn(userHook, "useUser").mockReturnValue({
-      signOut: mockSignOut,
-      signIn: async () => {},
-      error: null,
-      isLoading: false,
-      user: null,
-    });
-
-    render(
-      <CivicAuthProvider
-        clientId="test-client-id"
-        redirectUrl="https://example.com"
-      >
-        <SignOutButton />
-      </CivicAuthProvider>,
-    );
-
-    fireEvent.click(screen.getByText("Sign Out"));
-
-    expect(mockSignOut).toHaveBeenCalled();
-  });
-});

package/test/unit/server/login.test.ts

@@ -1,181 +0,0 @@
-import { describe, it, expect, vi } from "vitest";
-import {
-  resolveOAuthAccessCode,
-  isLoggedIn,
-  buildLoginUrl,
-} from "@/server/login.js";
-import { ServerAuthenticationResolver } from "@/server/ServerAuthenticationResolver.js";
-import { GenericAuthenticationInitiator } from "@/services/AuthenticationService.js";
-import { GenericPublicClientPKCEProducer } from "@/services/PKCE.js";
-import { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from "@/constants.js";
-import type { AuthStorage, OIDCTokenResponseBody } from "@/types.js";
-import type { AuthConfig } from "@/server/config.ts";
-import type { PKCEProducer } from "@/services/types.ts";
-
-vi.mock("@/server/ServerAuthenticationResolver");
-vi.mock("@/services/AuthenticationService");
-vi.mock("@/services/PKCE.js");
-
-class StubPKCEProducer implements PKCEProducer {
-  constructor() {}
-
-  async getCodeChallenge(): Promise<string> {
-    return "dummyCodeChallenge";
-  }
-
-  async getCodeVerifier(): Promise<string> {
-    return "dummyCodeVerifier";
-  }
-}
-
-describe("Login Utilities", () => {
-  const mockAuthConfig: AuthConfig = {
-    clientId: "mockClientId",
-    oauthServer: "http://mockOauthServer",
-    redirectUrl: "http://localhost/redirect",
-  };
-  const mockTokens: OIDCTokenResponseBody = {
-    id_token: "mockIdToken",
-    access_token: "mockAccessToken",
-    refresh_token: "mockRefreshToken",
-  };
-  const mockStorage = {
-    get: vi.fn(),
-    set: vi.fn(),
-  } as unknown as AuthStorage;
-
-  describe("resolveOAuthAccessCode", () => {
-    it("should resolve the OAuth access code and return tokens", async () => {
-      vi.mocked(ServerAuthenticationResolver.build).mockResolvedValue({
-        tokenExchange: vi.fn().mockResolvedValue(mockTokens),
-      } as unknown as ServerAuthenticationResolver);
-
-      const result = await resolveOAuthAccessCode(
-        "mockCode",
-        "mockState",
-        mockStorage,
-        mockAuthConfig,
-      );
-
-      expect(ServerAuthenticationResolver.build).toHaveBeenCalledWith(
-        {
-          ...mockAuthConfig,
-          oauthServer: mockAuthConfig.oauthServer ?? DEFAULT_AUTH_SERVER,
-        },
-        mockStorage,
-        undefined,
-      );
-      expect(result).toEqual(mockTokens);
-    });
-  });
-
-  describe("isLoggedIn", () => {
-    it("should return true if id_token is in storage", async () => {
-      vi.mocked(mockStorage.get).mockResolvedValue("mockIdToken");
-
-      const result = await isLoggedIn(mockStorage);
-
-      expect(result).toBe(true);
-    });
-
-    it("should return false if id_token is not in storage", async () => {
-      vi.mocked(mockStorage.get).mockResolvedValue(null);
-
-      const result = await isLoggedIn(mockStorage);
-
-      expect(result).toBe(false);
-    });
-  });
-
-  describe("buildLoginUrl", () => {
-    it("should generate a login URL with provided config", async () => {
-      const state = "mockState";
-      const scopes = ["openid", "profile"];
-      const pkceProducer = new StubPKCEProducer();
-
-      const authInitiator = new GenericAuthenticationInitiator({
-        ...mockAuthConfig,
-        state,
-        scopes,
-        oauthServer: mockAuthConfig.oauthServer ?? DEFAULT_AUTH_SERVER,
-        pkceConsumer: pkceProducer,
-      });
-      vi.mocked(GenericAuthenticationInitiator).mockReturnValue(authInitiator);
-      vi.mocked(authInitiator.signIn).mockResolvedValue(
-        new URL("http://mockLoginUrl"),
-      );
-
-      const result = await buildLoginUrl(
-        {
-          ...mockAuthConfig,
-          state,
-          scopes,
-        },
-        mockStorage,
-      );
-
-      expect(result.toString()).toBe("http://mockloginurl/");
-      expect(GenericAuthenticationInitiator).toHaveBeenCalledWith({
-        ...mockAuthConfig,
-        state,
-        scopes,
-        oauthServer: mockAuthConfig.oauthServer ?? DEFAULT_AUTH_SERVER,
-        pkceConsumer: pkceProducer,
-      });
-    });
-
-    it("should generate a login URL with default state and scopes", async () => {
-      const authInitiator = new GenericAuthenticationInitiator({
-        ...mockAuthConfig,
-        state: expect.any(String), // state is random if not provided
-        scopes: DEFAULT_SCOPES,
-        oauthServer: mockAuthConfig.oauthServer ?? DEFAULT_AUTH_SERVER,
-        pkceConsumer: expect.any(GenericPublicClientPKCEProducer),
-      });
-      vi.mocked(GenericAuthenticationInitiator).mockReturnValue(authInitiator);
-      vi.mocked(authInitiator.signIn).mockResolvedValue(
-        new URL("http://mockLoginUrl"),
-      );
-
-      const result = await buildLoginUrl(mockAuthConfig, mockStorage);
-
-      expect(result.toString()).toBe("http://mockloginurl/");
-    });
-
-    it("should include nonce in the login URL if provided in config", async () => {
-      const state = "mockState";
-      const scopes = ["openid", "profile"];
-      const nonce = "mockNonce";
-      const pkceProducer = new GenericPublicClientPKCEProducer(mockStorage);
-
-      const authInitiator = new GenericAuthenticationInitiator({
-        ...mockAuthConfig,
-        state,
-        scopes,
-        oauthServer: mockAuthConfig.oauthServer ?? DEFAULT_AUTH_SERVER,
-        pkceConsumer: pkceProducer,
-        nonce,
-      });
-      vi.mocked(GenericAuthenticationInitiator).mockReturnValue(authInitiator);
-      vi.mocked(authInitiator.signIn).mockResolvedValue(
-        new URL(`http://mockLoginUrl?nonce=${nonce}`),
-      );
-
-      await buildLoginUrl(
-        {
-          ...mockAuthConfig,
-          state,
-          scopes,
-          nonce,
-        },
-        mockStorage,
-      );
-
-      expect(GenericAuthenticationInitiator).toHaveBeenCalledWith(
-        expect.objectContaining({
-          nonce,
-        }),
-      );
-    });
-  });
-});