@civic/auth 0.3.2-beta.0 → 0.3.2-beta.1

package/dist/test/unit/server/session.test.js

@@ -0,0 +1,41 @@
+import { describe, it, expect, vi } from "vitest";
+import { parseJWT } from "oslo/jwt";
+import { getUser } from "@/shared/lib/session.js";
+import { retrieveTokens } from "@/shared/lib/util.js";
+vi.mock("@/shared/lib/util.js");
+vi.mock("oslo/jwt");
+describe("getUser", () => {
+    const mockStorage = {};
+    const mockUser = {
+        id: "mockUserId",
+        email: "user@example.com",
+    };
+    beforeEach(() => {
+        vi.clearAllMocks();
+    });
+    it("should return null if no tokens are retrieved", async () => {
+        vi.mocked(retrieveTokens).mockResolvedValue(null);
+        const result = await getUser(mockStorage);
+        expect(result).toBeNull();
+        expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);
+    });
+    it("should return a User if tokens are retrieved and parsed successfully", async () => {
+        const mockTokens = { id_token: "mockIdToken" };
+        vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);
+        vi.mocked(parseJWT).mockReturnValue({ payload: mockUser });
+        const result = await getUser(mockStorage);
+        expect(result).toEqual(mockUser);
+        expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);
+        expect(parseJWT).toHaveBeenCalledWith(mockTokens.id_token);
+    });
+    it("should return null if parsing the ID token fails", async () => {
+        const mockTokens = { id_token: "mockIdToken" };
+        vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);
+        vi.mocked(parseJWT).mockReturnValue(null); // Simulate parse failure
+        const result = await getUser(mockStorage);
+        expect(result).toBeNull();
+        expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);
+        expect(parseJWT).toHaveBeenCalledWith(mockTokens.id_token);
+    });
+});
+//# sourceMappingURL=session.test.js.map

package/dist/test/unit/server/session.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.test.js","sourceRoot":"","sources":["../../../../test/unit/server/session.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAElD,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGtD,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;AAChC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAEpB,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE;IACvB,MAAM,WAAW,GAAG,EAAiB,CAAC;IACtC,MAAM,QAAQ,GAAS;QACrB,EAAE,EAAE,YAAY;QAChB,KAAK,EAAE,kBAAkB;KAClB,CAAC;IAEV,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAElD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC1B,MAAM,CAAC,cAAc,CAAC,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,KAAK,IAAI,EAAE;QACpF,MAAM,UAAU,GAAG,EAAE,QAAQ,EAAE,aAAa,EAA2B,CAAC;QACxE,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACxD,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAS,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,CAAC,cAAc,CAAC,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QACzD,MAAM,CAAC,QAAQ,CAAC,CAAC,oBAAoB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,UAAU,GAAG,EAAE,QAAQ,EAAE,aAAa,EAA2B,CAAC;QACxE,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACxD,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,yBAAyB;QAEpE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC1B,MAAM,CAAC,cAAc,CAAC,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QACzD,MAAM,CAAC,QAAQ,CAAC,CAAC,oBAAoB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import { describe, it, expect, vi } from \"vitest\";\nimport type { JWT } from \"oslo/jwt\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { retrieveTokens } from \"@/shared/lib/util.js\";\nimport type { AuthStorage, OIDCTokenResponseBody, User } from \"@/types.js\";\n\nvi.mock(\"@/shared/lib/util.js\");\nvi.mock(\"oslo/jwt\");\n\ndescribe(\"getUser\", () => {\n  const mockStorage = {} as AuthStorage;\n  const mockUser: User = {\n    id: \"mockUserId\",\n    email: \"user@example.com\",\n  } as User;\n\n  beforeEach(() => {\n    vi.clearAllMocks();\n  });\n\n  it(\"should return null if no tokens are retrieved\", async () => {\n    vi.mocked(retrieveTokens).mockResolvedValue(null);\n\n    const result = await getUser(mockStorage);\n    expect(result).toBeNull();\n    expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);\n  });\n\n  it(\"should return a User if tokens are retrieved and parsed successfully\", async () => {\n    const mockTokens = { id_token: \"mockIdToken\" } as OIDCTokenResponseBody;\n    vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);\n    vi.mocked(parseJWT).mockReturnValue({ payload: mockUser } as JWT);\n\n    const result = await getUser(mockStorage);\n    expect(result).toEqual(mockUser);\n    expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);\n    expect(parseJWT).toHaveBeenCalledWith(mockTokens.id_token);\n  });\n\n  it(\"should return null if parsing the ID token fails\", async () => {\n    const mockTokens = { id_token: \"mockIdToken\" } as OIDCTokenResponseBody;\n    vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);\n    vi.mocked(parseJWT).mockReturnValue(null); // Simulate parse failure\n\n    const result = await getUser(mockStorage);\n    expect(result).toBeNull();\n    expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);\n    expect(parseJWT).toHaveBeenCalledWith(mockTokens.id_token);\n  });\n});\n"]}

package/dist/test/unit/services/AuthenticationService.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=AuthenticationService.test.d.ts.map

package/dist/test/unit/services/AuthenticationService.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthenticationService.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/services/AuthenticationService.test.ts"],"names":[],"mappings":""}

package/dist/test/unit/services/AuthenticationService.test.js

@@ -0,0 +1,301 @@
+import { describe, it, expect, vi, beforeEach, } from "vitest";
+import { BrowserAuthenticationInitiator, BrowserAuthenticationService, GenericAuthenticationInitiator, } from "@/services/AuthenticationService.js";
+import { generateOauthLoginUrl, generateOauthLogoutUrl, exchangeTokens, retrieveTokens, storeTokens, } from "@/shared/lib/util.js";
+import { getUser } from "@/shared/lib/session.js";
+import { LocalStorageAdapter } from "@/browser/storage.js";
+import { BrowserPublicClientPKCEProducer, ConfidentialClientPKCEConsumer, } from "@/services/PKCE.js";
+import { GenericUserSession } from "@/shared/lib/UserSession.js";
+const mockUser = {
+    id: "mockUserId",
+    email: "user@example.com",
+};
+vi.mock("@/shared/lib/util.js", () => ({
+    getEndpointsWithOverrides: async () => ({
+        auth: "auth-endpoint",
+    }),
+    exchangeTokens: vi.fn(),
+    retrieveTokens: vi.fn(),
+    storeTokens: vi.fn(),
+    generateOauthLoginUrl: vi.fn(),
+    generateOauthLogoutUrl: vi.fn(),
+    clearTokens: vi.fn(),
+    clearUser: vi.fn(),
+}));
+vi.mock("@/shared/lib/session.js", () => ({
+    getUser: vi.fn(),
+}));
+vi.mock("@/browser/storage");
+vi.mock("@/services/PKCE.js");
+describe("Authentication Services", () => {
+    const mockConfig = {
+        clientId: "mockClientId",
+        redirectUrl: "http://localhost/redirect",
+        logoutUrl: "http://localhost/api/auth/logout",
+        logoutRedirectUrl: "http://localhost/logout",
+        state: "mockState",
+        scopes: ["openid", "profile"],
+        displayMode: "redirect",
+        oauthServer: "http://mockOauthServer",
+        pkceConsumer: {},
+    };
+    let originalLocation;
+    beforeEach(() => {
+        // Spy on window.location.href
+        originalLocation = window.location;
+        window.location = { href: "http://localhost" };
+    });
+    afterEach(() => {
+        // Restore the original window.location
+        window.location = originalLocation;
+    });
+    describe("BrowserAuthenticationInitiator", () => {
+        let windowEventListenerSpy;
+        beforeEach(() => {
+            // stub out the window object and spy on addEventListener
+            windowEventListenerSpy = vi.spyOn(window, "addEventListener");
+        });
+        describe("signOut", () => {
+            let initiator;
+            const mockIdToken = "mock-id-token";
+            const mockIframe = document.createElement("iframe");
+            beforeEach(() => {
+                initiator = new BrowserAuthenticationInitiator({
+                    ...mockConfig,
+                    pkceConsumer: {},
+                });
+                vi.mocked(generateOauthLogoutUrl).mockResolvedValue(new URL("http://mocklogouturl"));
+                vi.spyOn(initiator, "handleIframeUrlChange").mockResolvedValue(undefined);
+            });
+            describe("with client-side logout", () => {
+                it("should throw error if idToken is missing", async () => {
+                    await expect(initiator.signOut(undefined, null)).rejects.toThrow("idToken is required for non-server token exchange");
+                });
+                it("should handle iframe display mode", async () => {
+                    initiator.setDisplayMode("iframe");
+                    await expect(initiator.signOut(mockIdToken, null)).rejects.toThrow("iframeRef is required for displayMode 'iframe'");
+                    const url = await initiator.signOut(mockIdToken, mockIframe);
+                    expect(mockIframe.getAttribute("src")).toBe(url.toString());
+                    expect(initiator["handleIframeUrlChange"]).toHaveBeenCalledWith(mockIframe, mockConfig.logoutRedirectUrl);
+                });
+                it("should handle redirect display mode", async () => {
+                    initiator.setDisplayMode("redirect");
+                    const url = await initiator.signOut(mockIdToken, null);
+                    expect(url.toString()).toBe("http://mocklogouturl/");
+                });
+                it("should handle new_tab display mode", async () => {
+                    initiator.setDisplayMode("new_tab");
+                    const windowOpenSpy = vi
+                        .spyOn(window, "open")
+                        .mockReturnValue(window);
+                    const url = await initiator.signOut(mockIdToken, null);
+                    expect(windowOpenSpy).toHaveBeenCalledWith(url.toString(), "_blank");
+                });
+                it("should throw PopupError when window.open fails", async () => {
+                    initiator.setDisplayMode("new_tab");
+                    vi.spyOn(window, "open").mockReturnValue(null);
+                    await expect(initiator.signOut(mockIdToken, null)).rejects.toThrow("Failed to open popup window");
+                });
+            });
+            describe("with server-side logout", () => {
+                beforeEach(() => {
+                    initiator = new BrowserAuthenticationInitiator({
+                        ...mockConfig,
+                        pkceConsumer: new ConfidentialClientPKCEConsumer("http://localhost/pkce"),
+                    });
+                });
+                it("should use server logout URL", async () => {
+                    const url = await initiator.signOut(undefined, null);
+                    expect(url.toString()).toContain(mockConfig.logoutUrl);
+                });
+                it("should include state parameter", async () => {
+                    const url = await initiator.signOut(undefined, null);
+                    expect(url.searchParams.get("state")).toBeTruthy();
+                });
+                describe("with no config logoutUrl", () => {
+                    it("should throw an error", async () => {
+                        const badInitiator = new BrowserAuthenticationInitiator({
+                            ...mockConfig,
+                            logoutUrl: undefined,
+                            pkceConsumer: new ConfidentialClientPKCEConsumer("http://localhost/pkce"),
+                        });
+                        await expect(badInitiator.signOut(undefined, null)).rejects.toThrow("logoutUrl is required for server token exchange");
+                    });
+                });
+            });
+        });
+        describe("signIn", () => {
+            let useConfig;
+            it("should generate a login URL", async () => {
+                const initiator = new BrowserAuthenticationInitiator({
+                    ...mockConfig,
+                    pkceConsumer: {},
+                });
+                vi.mocked(generateOauthLoginUrl).mockResolvedValue(new URL("http://mockLoginUrl"));
+                const url = await initiator.signIn({});
+                expect(url.toString()).toBe("http://mockloginurl/");
+            });
+            it("should add a postMessage handler to the window", async () => {
+                const initiator = new BrowserAuthenticationInitiator({
+                    ...mockConfig,
+                    pkceConsumer: {},
+                });
+                vi.mocked(generateOauthLoginUrl).mockResolvedValue(new URL("http://mockLoginUrl"));
+                await initiator.signIn({});
+                expect(windowEventListenerSpy).toHaveBeenCalledWith("message", expect.any(Function));
+            });
+            describe("with iframe displayMode", () => {
+                beforeEach(() => {
+                    useConfig = {
+                        ...mockConfig,
+                        displayMode: "iframe",
+                    };
+                });
+                describe("with no iframeRef", () => {
+                    it("should throw an error", () => {
+                        const initiator = new BrowserAuthenticationInitiator({
+                            ...useConfig,
+                            pkceConsumer: {},
+                        });
+                        initiator.setDisplayMode("iframe");
+                        return expect(() => initiator.signIn(null)).rejects.toThrow("iframeRef is required for displayMode 'iframe'");
+                    });
+                    describe("with an iframeRef", () => {
+                        it("should set the iframe src", async () => {
+                            const initiator = new BrowserAuthenticationInitiator({
+                                ...useConfig,
+                                pkceConsumer: {},
+                            });
+                            const mockIframe = document.createElement("iframe");
+                            vi.mocked(generateOauthLoginUrl).mockResolvedValue(new URL("http://mockLoginUrl"));
+                            await initiator.signIn(mockIframe);
+                            expect(mockIframe.getAttribute("src")).toBe("http://mockloginurl/");
+                        });
+                    });
+                });
+            });
+            describe("with redirect displayMode", () => {
+                beforeEach(() => {
+                    useConfig = {
+                        ...mockConfig,
+                        displayMode: "redirect",
+                    };
+                });
+                it("should redirect the window to the login URL", async () => {
+                    const initiator = new BrowserAuthenticationInitiator({
+                        ...mockConfig,
+                        pkceConsumer: {},
+                    });
+                    vi.mocked(generateOauthLoginUrl).mockResolvedValue(new URL("http://mockLoginUrl"));
+                    await initiator.signIn(null);
+                    expect(window.location.href).toEqual("http://mockloginurl/");
+                });
+            });
+            describe("with new_tab displayMode", () => {
+                it("should open a new tab with the login URL", async () => {
+                    const initiator = new BrowserAuthenticationInitiator({
+                        ...mockConfig,
+                        displayMode: "new_tab",
+                        pkceConsumer: {},
+                    });
+                    vi.mocked(generateOauthLoginUrl).mockResolvedValue(new URL("http://mockLoginUrl"));
+                    const windowOpenSpy = vi
+                        .spyOn(window, "open")
+                        .mockReturnValue(window);
+                    await initiator.signIn(null);
+                    expect(windowOpenSpy).toHaveBeenCalledWith("http://mockloginurl/", "_blank");
+                });
+            });
+        });
+        describe("cleanup", () => {
+            it("should remove the message event listener", async () => {
+                const initiator = new BrowserAuthenticationInitiator({
+                    ...mockConfig,
+                    displayMode: "redirect",
+                    pkceConsumer: {},
+                });
+                vi.mocked(generateOauthLoginUrl).mockResolvedValue(new URL("http://mockLoginUrl"));
+                const removeEventListenerSpy = vi.spyOn(window, "removeEventListener");
+                await initiator.signIn(null);
+                initiator.cleanup();
+                expect(removeEventListenerSpy).toHaveBeenCalledWith("message", expect.any(Function));
+            });
+        });
+    });
+    describe("GenericAuthenticationInitiator", () => {
+        it("should generate a login URL", async () => {
+            const initiator = new GenericAuthenticationInitiator({
+                ...mockConfig,
+            });
+            vi.mocked(generateOauthLoginUrl).mockResolvedValue(new URL("http://mockloginurl"));
+            const url = await initiator.signIn();
+            expect(url.toString()).toBe("http://mockloginurl/");
+        });
+        it("should generate a logout URL", async () => {
+            const initiator = new GenericAuthenticationInitiator({
+                ...mockConfig,
+                pkceConsumer: {},
+            });
+            vi.mocked(generateOauthLogoutUrl).mockResolvedValue(new URL("http://mocklogouturl"));
+            const url = await initiator.signOut("idToken");
+            expect(url.toString()).toBe("http://mocklogouturl/");
+        });
+    });
+    describe("BrowserAuthenticationService", () => {
+        let service;
+        const mockTokens = {
+            id_token: "mockIdToken",
+            access_token: "mockAccessToken",
+            refresh_token: "mockRefreshToken",
+        };
+        let setUserSpy;
+        beforeEach(async () => {
+            service = await BrowserAuthenticationService.build({
+                ...mockConfig,
+            });
+            vi.mocked(exchangeTokens).mockResolvedValue(mockTokens);
+            vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);
+            vi.mocked(getUser).mockResolvedValue(mockUser);
+            setUserSpy = vi.spyOn(GenericUserSession.prototype, "set");
+            setUserSpy.mockResolvedValue();
+        });
+        describe("tokenExchange", () => {
+            const code = "mockCode";
+            const state = "mockState";
+            let signInListenerSpy;
+            beforeEach(() => {
+                signInListenerSpy = vi.fn();
+                LocalStorageAdapter.emitter.on("signIn", signInListenerSpy);
+                vi.mocked(BrowserPublicClientPKCEProducer.prototype.getCodeVerifier).mockResolvedValue("dummy-verifier");
+            });
+            it("should exchange auth code for tokens and store them", async () => {
+                const tokens = await service.tokenExchange(code, state);
+                expect(storeTokens).toHaveBeenCalledWith(expect.any(LocalStorageAdapter), mockTokens);
+                expect(setUserSpy).toHaveBeenCalledWith(mockUser);
+                expect(tokens).toEqual(mockTokens);
+                expect(signInListenerSpy).toHaveBeenCalled();
+            });
+            describe("if getUser fails", () => {
+                beforeEach(() => {
+                    vi.mocked(getUser).mockResolvedValue(null);
+                });
+                it("should throw an error", async () => {
+                    const code = "mockCode";
+                    const state = "mockState";
+                    await expect(service.tokenExchange(code, state)).rejects.toThrow("Failed to get user info");
+                });
+            });
+            it("should retrieve session data from local storage", async () => {
+                const sessionData = {
+                    authenticated: true,
+                    idToken: mockTokens.id_token,
+                    accessToken: mockTokens.access_token,
+                    refreshToken: mockTokens.refresh_token,
+                };
+                const result = await service.getSessionData();
+                expect(retrieveTokens).toHaveBeenCalledWith(expect.any(LocalStorageAdapter));
+                expect(result).toEqual(sessionData);
+            });
+        });
+    });
+});
+//# sourceMappingURL=AuthenticationService.test.js.map

package/dist/test/unit/services/AuthenticationService.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthenticationService.test.js","sourceRoot":"","sources":["../../../../test/unit/services/AuthenticationService.test.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,QAAQ,EACR,EAAE,EACF,MAAM,EACN,EAAE,EACF,UAAU,GAGX,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,8BAA8B,EAC9B,4BAA4B,EAC5B,8BAA8B,GAE/B,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,cAAc,EACd,cAAc,EACd,WAAW,GACZ,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,GAC/B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAEjE,MAAM,QAAQ,GAAS;IACrB,EAAE,EAAE,YAAY;IAChB,KAAK,EAAE,kBAAkB;CAClB,CAAC;AAEV,EAAE,CAAC,IAAI,CAAC,sBAAsB,EAAE,GAAG,EAAE,CAAC,CAAC;IACrC,yBAAyB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QACtC,IAAI,EAAE,eAAe;KACtB,CAAC;IACF,cAAc,EAAE,EAAE,CAAC,EAAE,EAAE;IACvB,cAAc,EAAE,EAAE,CAAC,EAAE,EAAE;IACvB,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE;IACpB,qBAAqB,EAAE,EAAE,CAAC,EAAE,EAAE;IAC9B,sBAAsB,EAAE,EAAE,CAAC,EAAE,EAAE;IAC/B,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE;IACpB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;CACnB,CAAC,CAAC,CAAC;AACJ,EAAE,CAAC,IAAI,CAAC,yBAAyB,EAAE,GAAG,EAAE,CAAC,CAAC;IACxC,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE;CACjB,CAAC,CAAC,CAAC;AACJ,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;AAC7B,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;AAE9B,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,cAAc;QACxB,WAAW,EAAE,2BAA2B;QACxC,SAAS,EAAE,kCAAkC;QAC7C,iBAAiB,EAAE,yBAAyB;QAC5C,KAAK,EAAE,WAAW;QAClB,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;QAC7B,WAAW,EAAE,UAAmB;QAChC,WAAW,EAAE,wBAAwB;QACrC,YAAY,EAAE,EAAkB;KACjC,CAAC;IAEF,IAAI,gBAA0B,CAAC;IAC/B,UAAU,CAAC,GAAG,EAAE;QACd,8BAA8B;QAC9B,gBAAgB,GAAG,MAAM,CAAC,QAAQ,CAAC;QACnC,MAAM,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,kBAAkB,EAAc,CAAC;IAC7D,CAAC,CAAC,CAAC;IACH,SAAS,CAAC,GAAG,EAAE;QACb,uCAAuC;QACvC,MAAM,CAAC,QAAQ,GAAG,gBAAgB,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;QAC9C,IAAI,sBAAoC,CAAC;QACzC,UAAU,CAAC,GAAG,EAAE;YACd,yDAAyD;YACzD,sBAAsB,GAAG,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QACH,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE;YACvB,IAAI,SAAyC,CAAC;YAC9C,MAAM,WAAW,GAAG,eAAe,CAAC;YACpC,MAAM,UAAU,GAAG,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;YAEpD,UAAU,CAAC,GAAG,EAAE;gBACd,SAAS,GAAG,IAAI,8BAA8B,CAAC;oBAC7C,GAAG,UAAU;oBACb,YAAY,EAAE,EAAkB;iBACjC,CAAC,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,iBAAiB,CACjD,IAAI,GAAG,CAAC,sBAAsB,CAAC,CAChC,CAAC;gBACF,EAAE,CAAC,KAAK,CAAC,SAAgB,EAAE,uBAAuB,CAAC,CAAC,iBAAiB,CACnE,SAAS,CACV,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;gBACvC,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;oBACxD,MAAM,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAC9D,mDAAmD,CACpD,CAAC;gBACJ,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;oBACjD,SAAS,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;oBACnC,MAAM,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAChE,gDAAgD,CACjD,CAAC;oBAEF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;oBAC7D,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;oBAC5D,MAAM,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC,CAAC,oBAAoB,CAC7D,UAAU,EACV,UAAU,CAAC,iBAAiB,CAC7B,CAAC;gBACJ,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;oBACnD,SAAS,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;oBACrC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;oBACvD,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;gBACvD,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;oBAClD,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;oBACpC,MAAM,aAAa,GAAG,EAAE;yBACrB,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC;yBACrB,eAAe,CAAC,MAAM,CAAC,CAAC;oBAE3B,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;oBACvD,MAAM,CAAC,aAAa,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBACvE,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;oBAC9D,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;oBACpC,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;oBAE/C,MAAM,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAChE,6BAA6B,CAC9B,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;gBACvC,UAAU,CAAC,GAAG,EAAE;oBACd,SAAS,GAAG,IAAI,8BAA8B,CAAC;wBAC7C,GAAG,UAAU;wBACb,YAAY,EAAE,IAAI,8BAA8B,CAC9C,uBAAuB,CACxB;qBACF,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;oBAC5C,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;oBACrD,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;gBACzD,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;oBAC9C,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;oBACrD,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC;gBACrD,CAAC,CAAC,CAAC;gBAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;oBACxC,EAAE,CAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;wBACrC,MAAM,YAAY,GAAG,IAAI,8BAA8B,CAAC;4BACtD,GAAG,UAAU;4BACb,SAAS,EAAE,SAAS;4BACpB,YAAY,EAAE,IAAI,8BAA8B,CAC9C,uBAAuB,CACxB;yBACF,CAAC,CAAC;wBACH,MAAM,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACjE,iDAAiD,CAClD,CAAC;oBACJ,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;YACtB,IAAI,SAA+C,CAAC;YACpD,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;gBAC3C,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAAC;oBACnD,GAAG,UAAU;oBACb,YAAY,EAAE,EAAkB;iBACjC,CAAC,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,iBAAiB,CAChD,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAC/B,CAAC;gBAEF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,EAAuB,CAAC,CAAC;gBAE5D,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACtD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;gBAC9D,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAAC;oBACnD,GAAG,UAAU;oBACb,YAAY,EAAE,EAAkB;iBACjC,CAAC,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,iBAAiB,CAChD,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAC/B,CAAC;gBAEF,MAAM,SAAS,CAAC,MAAM,CAAC,EAAuB,CAAC,CAAC;gBAChD,MAAM,CAAC,sBAAsB,CAAC,CAAC,oBAAoB,CACjD,SAAS,EACT,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CACrB,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;gBACvC,UAAU,CAAC,GAAG,EAAE;oBACd,SAAS,GAAG;wBACV,GAAG,UAAU;wBACb,WAAW,EAAE,QAAiB;qBAC/B,CAAC;gBACJ,CAAC,CAAC,CAAC;gBACH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;oBACjC,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;wBAC/B,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAAC;4BACnD,GAAG,SAAS;4BACZ,YAAY,EAAE,EAAkB;yBACjC,CAAC,CAAC;wBACH,SAAS,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;wBAEnC,OAAO,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACzD,gDAAgD,CACjD,CAAC;oBACJ,CAAC,CAAC,CAAC;oBAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;wBACjC,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;4BACzC,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAAC;gCACnD,GAAG,SAAS;gCACZ,YAAY,EAAE,EAAkB;6BACjC,CAAC,CAAC;4BACH,MAAM,UAAU,GAAG,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;4BACpD,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,iBAAiB,CAChD,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAC/B,CAAC;4BAEF,MAAM,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;4BAEnC,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CACzC,sBAAsB,CACvB,CAAC;wBACJ,CAAC,CAAC,CAAC;oBACL,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;gBACzC,UAAU,CAAC,GAAG,EAAE;oBACd,SAAS,GAAG;wBACV,GAAG,UAAU;wBACb,WAAW,EAAE,UAAmB;qBACjC,CAAC;gBACJ,CAAC,CAAC,CAAC;gBACH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;oBAC3D,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAAC;wBACnD,GAAG,UAAU;wBACb,YAAY,EAAE,EAAkB;qBACjC,CAAC,CAAC;oBACH,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,iBAAiB,CAChD,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAC/B,CAAC;oBAEF,MAAM,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;oBAE7B,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;gBAC/D,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;gBACxC,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;oBACxD,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAAC;wBACnD,GAAG,UAAU;wBACb,WAAW,EAAE,SAAkB;wBAC/B,YAAY,EAAE,EAAkB;qBACjC,CAAC,CAAC;oBACH,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,iBAAiB,CAChD,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAC/B,CAAC;oBAEF,MAAM,aAAa,GAAG,EAAE;yBACrB,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC;yBACrB,eAAe,CAAC,MAAM,CAAC,CAAC;oBAE3B,MAAM,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;oBAE7B,MAAM,CAAC,aAAa,CAAC,CAAC,oBAAoB,CACxC,sBAAsB,EACtB,QAAQ,CACT,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE;YACvB,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;gBACxD,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAAC;oBACnD,GAAG,UAAU;oBACb,WAAW,EAAE,UAAmB;oBAChC,YAAY,EAAE,EAAkB;iBACjC,CAAC,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,iBAAiB,CAChD,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAC/B,CAAC;gBACF,MAAM,sBAAsB,GAAG,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;gBACvE,MAAM,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC7B,SAAS,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,CAAC,sBAAsB,CAAC,CAAC,oBAAoB,CACjD,SAAS,EACT,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CACrB,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;QAC9C,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YAC3C,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAAC;gBACnD,GAAG,UAAU;aACd,CAAC,CAAC;YACH,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,iBAAiB,CAChD,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAC/B,CAAC;YAEF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,CAAC;YAErC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC5C,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAAC;gBACnD,GAAG,UAAU;gBACb,YAAY,EAAE,EAAkB;aACjC,CAAC,CAAC;YACH,EAAE,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,iBAAiB,CACjD,IAAI,GAAG,CAAC,sBAAsB,CAAC,CAChC,CAAC;YAEF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAE/C,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;QAC5C,IAAI,OAA+B,CAAC;QACpC,MAAM,UAAU,GAA0B;YACxC,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,iBAAiB;YAC/B,aAAa,EAAE,kBAAkB;SAClC,CAAC;QAEF,IAAI,UAA8D,CAAC;QACnE,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,OAAO,GAAG,MAAM,4BAA4B,CAAC,KAAK,CAAC;gBACjD,GAAG,UAAU;aACd,CAAC,CAAC;YACH,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;YACxD,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;YACxD,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YAE/C,UAAU,GAAG,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC3D,UAAU,CAAC,iBAAiB,EAAE,CAAC;QACjC,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;YAC7B,MAAM,IAAI,GAAG,UAAU,CAAC;YACxB,MAAM,KAAK,GAAG,WAAW,CAAC;YAC1B,IAAI,iBAAuB,CAAC;YAC5B,UAAU,CAAC,GAAG,EAAE;gBACd,iBAAiB,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5B,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;gBAE5D,EAAE,CAAC,MAAM,CACP,+BAA+B,CAAC,SAAS,CAAC,eAAe,CAC1D,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;YACxC,CAAC,CAAC,CAAC;YACH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;gBACnE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBAExD,MAAM,CAAC,WAAW,CAAC,CAAC,oBAAoB,CACtC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAC/B,UAAU,CACX,CAAC;gBACF,MAAM,CAAC,UAAU,CAAC,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;gBAClD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBACnC,MAAM,CAAC,iBAAiB,CAAC,CAAC,gBAAgB,EAAE,CAAC;YAC/C,CAAC,CAAC,CAAC;YAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;gBAChC,UAAU,CAAC,GAAG,EAAE;oBACd,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBAC7C,CAAC,CAAC,CAAC;gBACH,EAAE,CAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;oBACrC,MAAM,IAAI,GAAG,UAAU,CAAC;oBACxB,MAAM,KAAK,GAAG,WAAW,CAAC;oBAC1B,MAAM,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAC9D,yBAAyB,CAC1B,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;gBAC/D,MAAM,WAAW,GAAgB;oBAC/B,aAAa,EAAE,IAAI;oBACnB,OAAO,EAAE,UAAU,CAAC,QAAQ;oBAC5B,WAAW,EAAE,UAAU,CAAC,YAAY;oBACpC,YAAY,EAAE,UAAU,CAAC,aAAa;iBACvC,CAAC;gBACF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,cAAc,EAAE,CAAC;gBAE9C,MAAM,CAAC,cAAc,CAAC,CAAC,oBAAoB,CACzC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAChC,CAAC;gBACF,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import {\n  describe,\n  it,\n  expect,\n  vi,\n  beforeEach,\n  type MockInstance,\n  type Mock,\n} from \"vitest\";\nimport {\n  BrowserAuthenticationInitiator,\n  BrowserAuthenticationService,\n  GenericAuthenticationInitiator,\n  type BrowserAuthenticationInitiatorConfig,\n} from \"@/services/AuthenticationService.js\";\nimport {\n  generateOauthLoginUrl,\n  generateOauthLogoutUrl,\n  exchangeTokens,\n  retrieveTokens,\n  storeTokens,\n} from \"@/shared/lib/util.js\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport {\n  BrowserPublicClientPKCEProducer,\n  ConfidentialClientPKCEConsumer,\n} from \"@/services/PKCE.js\";\nimport type { OIDCTokenResponseBody, SessionData, User } from \"@/types.js\";\nimport type { AuthenticationResolver, PKCEConsumer } from \"@/services/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\n\nconst mockUser: User = {\n  id: \"mockUserId\",\n  email: \"user@example.com\",\n} as User;\n\nvi.mock(\"@/shared/lib/util.js\", () => ({\n  getEndpointsWithOverrides: async () => ({\n    auth: \"auth-endpoint\",\n  }),\n  exchangeTokens: vi.fn(),\n  retrieveTokens: vi.fn(),\n  storeTokens: vi.fn(),\n  generateOauthLoginUrl: vi.fn(),\n  generateOauthLogoutUrl: vi.fn(),\n  clearTokens: vi.fn(),\n  clearUser: vi.fn(),\n}));\nvi.mock(\"@/shared/lib/session.js\", () => ({\n  getUser: vi.fn(),\n}));\nvi.mock(\"@/browser/storage\");\nvi.mock(\"@/services/PKCE.js\");\n\ndescribe(\"Authentication Services\", () => {\n  const mockConfig = {\n    clientId: \"mockClientId\",\n    redirectUrl: \"http://localhost/redirect\",\n    logoutUrl: \"http://localhost/api/auth/logout\",\n    logoutRedirectUrl: \"http://localhost/logout\",\n    state: \"mockState\",\n    scopes: [\"openid\", \"profile\"],\n    displayMode: \"redirect\" as const,\n    oauthServer: \"http://mockOauthServer\",\n    pkceConsumer: {} as PKCEConsumer,\n  };\n\n  let originalLocation: Location;\n  beforeEach(() => {\n    // Spy on window.location.href\n    originalLocation = window.location;\n    window.location = { href: \"http://localhost\" } as Location;\n  });\n  afterEach(() => {\n    // Restore the original window.location\n    window.location = originalLocation;\n  });\n\n  describe(\"BrowserAuthenticationInitiator\", () => {\n    let windowEventListenerSpy: MockInstance;\n    beforeEach(() => {\n      // stub out the window object and spy on addEventListener\n      windowEventListenerSpy = vi.spyOn(window, \"addEventListener\");\n    });\n    describe(\"signOut\", () => {\n      let initiator: BrowserAuthenticationInitiator;\n      const mockIdToken = \"mock-id-token\";\n      const mockIframe = document.createElement(\"iframe\");\n\n      beforeEach(() => {\n        initiator = new BrowserAuthenticationInitiator({\n          ...mockConfig,\n          pkceConsumer: {} as PKCEConsumer,\n        });\n        vi.mocked(generateOauthLogoutUrl).mockResolvedValue(\n          new URL(\"http://mocklogouturl\"),\n        );\n        vi.spyOn(initiator as any, \"handleIframeUrlChange\").mockResolvedValue(\n          undefined,\n        );\n      });\n\n      describe(\"with client-side logout\", () => {\n        it(\"should throw error if idToken is missing\", async () => {\n          await expect(initiator.signOut(undefined, null)).rejects.toThrow(\n            \"idToken is required for non-server token exchange\",\n          );\n        });\n\n        it(\"should handle iframe display mode\", async () => {\n          initiator.setDisplayMode(\"iframe\");\n          await expect(initiator.signOut(mockIdToken, null)).rejects.toThrow(\n            \"iframeRef is required for displayMode 'iframe'\",\n          );\n\n          const url = await initiator.signOut(mockIdToken, mockIframe);\n          expect(mockIframe.getAttribute(\"src\")).toBe(url.toString());\n          expect(initiator[\"handleIframeUrlChange\"]).toHaveBeenCalledWith(\n            mockIframe,\n            mockConfig.logoutRedirectUrl,\n          );\n        });\n\n        it(\"should handle redirect display mode\", async () => {\n          initiator.setDisplayMode(\"redirect\");\n          const url = await initiator.signOut(mockIdToken, null);\n          expect(url.toString()).toBe(\"http://mocklogouturl/\");\n        });\n\n        it(\"should handle new_tab display mode\", async () => {\n          initiator.setDisplayMode(\"new_tab\");\n          const windowOpenSpy = vi\n            .spyOn(window, \"open\")\n            .mockReturnValue(window);\n\n          const url = await initiator.signOut(mockIdToken, null);\n          expect(windowOpenSpy).toHaveBeenCalledWith(url.toString(), \"_blank\");\n        });\n\n        it(\"should throw PopupError when window.open fails\", async () => {\n          initiator.setDisplayMode(\"new_tab\");\n          vi.spyOn(window, \"open\").mockReturnValue(null);\n\n          await expect(initiator.signOut(mockIdToken, null)).rejects.toThrow(\n            \"Failed to open popup window\",\n          );\n        });\n      });\n\n      describe(\"with server-side logout\", () => {\n        beforeEach(() => {\n          initiator = new BrowserAuthenticationInitiator({\n            ...mockConfig,\n            pkceConsumer: new ConfidentialClientPKCEConsumer(\n              \"http://localhost/pkce\",\n            ),\n          });\n        });\n\n        it(\"should use server logout URL\", async () => {\n          const url = await initiator.signOut(undefined, null);\n          expect(url.toString()).toContain(mockConfig.logoutUrl);\n        });\n\n        it(\"should include state parameter\", async () => {\n          const url = await initiator.signOut(undefined, null);\n          expect(url.searchParams.get(\"state\")).toBeTruthy();\n        });\n\n        describe(\"with no config logoutUrl\", () => {\n          it(\"should throw an error\", async () => {\n            const badInitiator = new BrowserAuthenticationInitiator({\n              ...mockConfig,\n              logoutUrl: undefined,\n              pkceConsumer: new ConfidentialClientPKCEConsumer(\n                \"http://localhost/pkce\",\n              ),\n            });\n            await expect(badInitiator.signOut(undefined, null)).rejects.toThrow(\n              \"logoutUrl is required for server token exchange\",\n            );\n          });\n        });\n      });\n    });\n\n    describe(\"signIn\", () => {\n      let useConfig: BrowserAuthenticationInitiatorConfig;\n      it(\"should generate a login URL\", async () => {\n        const initiator = new BrowserAuthenticationInitiator({\n          ...mockConfig,\n          pkceConsumer: {} as PKCEConsumer,\n        });\n        vi.mocked(generateOauthLoginUrl).mockResolvedValue(\n          new URL(\"http://mockLoginUrl\"),\n        );\n\n        const url = await initiator.signIn({} as HTMLIFrameElement);\n\n        expect(url.toString()).toBe(\"http://mockloginurl/\");\n      });\n\n      it(\"should add a postMessage handler to the window\", async () => {\n        const initiator = new BrowserAuthenticationInitiator({\n          ...mockConfig,\n          pkceConsumer: {} as PKCEConsumer,\n        });\n        vi.mocked(generateOauthLoginUrl).mockResolvedValue(\n          new URL(\"http://mockLoginUrl\"),\n        );\n\n        await initiator.signIn({} as HTMLIFrameElement);\n        expect(windowEventListenerSpy).toHaveBeenCalledWith(\n          \"message\",\n          expect.any(Function),\n        );\n      });\n\n      describe(\"with iframe displayMode\", () => {\n        beforeEach(() => {\n          useConfig = {\n            ...mockConfig,\n            displayMode: \"iframe\" as const,\n          };\n        });\n        describe(\"with no iframeRef\", () => {\n          it(\"should throw an error\", () => {\n            const initiator = new BrowserAuthenticationInitiator({\n              ...useConfig,\n              pkceConsumer: {} as PKCEConsumer,\n            });\n            initiator.setDisplayMode(\"iframe\");\n\n            return expect(() => initiator.signIn(null)).rejects.toThrow(\n              \"iframeRef is required for displayMode 'iframe'\",\n            );\n          });\n\n          describe(\"with an iframeRef\", () => {\n            it(\"should set the iframe src\", async () => {\n              const initiator = new BrowserAuthenticationInitiator({\n                ...useConfig,\n                pkceConsumer: {} as PKCEConsumer,\n              });\n              const mockIframe = document.createElement(\"iframe\");\n              vi.mocked(generateOauthLoginUrl).mockResolvedValue(\n                new URL(\"http://mockLoginUrl\"),\n              );\n\n              await initiator.signIn(mockIframe);\n\n              expect(mockIframe.getAttribute(\"src\")).toBe(\n                \"http://mockloginurl/\",\n              );\n            });\n          });\n        });\n      });\n\n      describe(\"with redirect displayMode\", () => {\n        beforeEach(() => {\n          useConfig = {\n            ...mockConfig,\n            displayMode: \"redirect\" as const,\n          };\n        });\n        it(\"should redirect the window to the login URL\", async () => {\n          const initiator = new BrowserAuthenticationInitiator({\n            ...mockConfig,\n            pkceConsumer: {} as PKCEConsumer,\n          });\n          vi.mocked(generateOauthLoginUrl).mockResolvedValue(\n            new URL(\"http://mockLoginUrl\"),\n          );\n\n          await initiator.signIn(null);\n\n          expect(window.location.href).toEqual(\"http://mockloginurl/\");\n        });\n      });\n\n      describe(\"with new_tab displayMode\", () => {\n        it(\"should open a new tab with the login URL\", async () => {\n          const initiator = new BrowserAuthenticationInitiator({\n            ...mockConfig,\n            displayMode: \"new_tab\" as const,\n            pkceConsumer: {} as PKCEConsumer,\n          });\n          vi.mocked(generateOauthLoginUrl).mockResolvedValue(\n            new URL(\"http://mockLoginUrl\"),\n          );\n\n          const windowOpenSpy = vi\n            .spyOn(window, \"open\")\n            .mockReturnValue(window);\n\n          await initiator.signIn(null);\n\n          expect(windowOpenSpy).toHaveBeenCalledWith(\n            \"http://mockloginurl/\",\n            \"_blank\",\n          );\n        });\n      });\n    });\n\n    describe(\"cleanup\", () => {\n      it(\"should remove the message event listener\", async () => {\n        const initiator = new BrowserAuthenticationInitiator({\n          ...mockConfig,\n          displayMode: \"redirect\" as const,\n          pkceConsumer: {} as PKCEConsumer,\n        });\n        vi.mocked(generateOauthLoginUrl).mockResolvedValue(\n          new URL(\"http://mockLoginUrl\"),\n        );\n        const removeEventListenerSpy = vi.spyOn(window, \"removeEventListener\");\n        await initiator.signIn(null);\n        initiator.cleanup();\n        expect(removeEventListenerSpy).toHaveBeenCalledWith(\n          \"message\",\n          expect.any(Function),\n        );\n      });\n    });\n  });\n\n  describe(\"GenericAuthenticationInitiator\", () => {\n    it(\"should generate a login URL\", async () => {\n      const initiator = new GenericAuthenticationInitiator({\n        ...mockConfig,\n      });\n      vi.mocked(generateOauthLoginUrl).mockResolvedValue(\n        new URL(\"http://mockloginurl\"),\n      );\n\n      const url = await initiator.signIn();\n\n      expect(url.toString()).toBe(\"http://mockloginurl/\");\n    });\n\n    it(\"should generate a logout URL\", async () => {\n      const initiator = new GenericAuthenticationInitiator({\n        ...mockConfig,\n        pkceConsumer: {} as PKCEConsumer,\n      });\n      vi.mocked(generateOauthLogoutUrl).mockResolvedValue(\n        new URL(\"http://mocklogouturl\"),\n      );\n\n      const url = await initiator.signOut(\"idToken\");\n\n      expect(url.toString()).toBe(\"http://mocklogouturl/\");\n    });\n  });\n\n  describe(\"BrowserAuthenticationService\", () => {\n    let service: AuthenticationResolver;\n    const mockTokens: OIDCTokenResponseBody = {\n      id_token: \"mockIdToken\",\n      access_token: \"mockAccessToken\",\n      refresh_token: \"mockRefreshToken\",\n    };\n\n    let setUserSpy: MockInstance<(user: User | null) => Promise<void>>;\n    beforeEach(async () => {\n      service = await BrowserAuthenticationService.build({\n        ...mockConfig,\n      });\n      vi.mocked(exchangeTokens).mockResolvedValue(mockTokens);\n      vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);\n      vi.mocked(getUser).mockResolvedValue(mockUser);\n\n      setUserSpy = vi.spyOn(GenericUserSession.prototype, \"set\");\n      setUserSpy.mockResolvedValue();\n    });\n\n    describe(\"tokenExchange\", () => {\n      const code = \"mockCode\";\n      const state = \"mockState\";\n      let signInListenerSpy: Mock;\n      beforeEach(() => {\n        signInListenerSpy = vi.fn();\n        LocalStorageAdapter.emitter.on(\"signIn\", signInListenerSpy);\n\n        vi.mocked(\n          BrowserPublicClientPKCEProducer.prototype.getCodeVerifier,\n        ).mockResolvedValue(\"dummy-verifier\");\n      });\n      it(\"should exchange auth code for tokens and store them\", async () => {\n        const tokens = await service.tokenExchange(code, state);\n\n        expect(storeTokens).toHaveBeenCalledWith(\n          expect.any(LocalStorageAdapter),\n          mockTokens,\n        );\n        expect(setUserSpy).toHaveBeenCalledWith(mockUser);\n        expect(tokens).toEqual(mockTokens);\n        expect(signInListenerSpy).toHaveBeenCalled();\n      });\n\n      describe(\"if getUser fails\", () => {\n        beforeEach(() => {\n          vi.mocked(getUser).mockResolvedValue(null);\n        });\n        it(\"should throw an error\", async () => {\n          const code = \"mockCode\";\n          const state = \"mockState\";\n          await expect(service.tokenExchange(code, state)).rejects.toThrow(\n            \"Failed to get user info\",\n          );\n        });\n      });\n\n      it(\"should retrieve session data from local storage\", async () => {\n        const sessionData: SessionData = {\n          authenticated: true,\n          idToken: mockTokens.id_token,\n          accessToken: mockTokens.access_token,\n          refreshToken: mockTokens.refresh_token,\n        };\n        const result = await service.getSessionData();\n\n        expect(retrieveTokens).toHaveBeenCalledWith(\n          expect.any(LocalStorageAdapter),\n        );\n        expect(result).toEqual(sessionData);\n      });\n    });\n  });\n});\n"]}

package/dist/test/unit/services/ServerAuthenticationResolver.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=ServerAuthenticationResolver.test.d.ts.map

package/dist/test/unit/services/ServerAuthenticationResolver.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ServerAuthenticationResolver.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/services/ServerAuthenticationResolver.test.ts"],"names":[],"mappings":""}

package/dist/test/unit/services/ServerAuthenticationResolver.test.js

@@ -0,0 +1,75 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { ServerAuthenticationResolver } from "@/server/ServerAuthenticationResolver.js";
+import { exchangeTokens, getEndpointsWithOverrides, retrieveTokens, storeTokens, } from "@/shared/lib/util.js";
+import { GenericPublicClientPKCEProducer } from "@/services/PKCE.js";
+vi.mock("oslo/oauth2");
+vi.mock("@/services/PKCE.js");
+vi.mock("@/shared/lib/util.js");
+describe("ServerAuthenticationResolver", () => {
+    const mockAuthConfig = {
+        clientId: "mockClientId",
+        oauthServer: "http://mockOauthServer",
+        redirectUrl: "http://localhost/redirect",
+        challengeUrl: "http://localhost/challenge",
+    };
+    const mockEndpoints = {
+        auth: "http://mockAuthEndpoint",
+        token: "http://mockTokenEndpoint",
+        jwks: "http://mockJwksEndpoint",
+        userinfo: "http://mockUserinfoEndpoint",
+        endsession: "http://mockEndsessionEndpoint",
+    };
+    const mockTokens = {
+        id_token: "mockIdToken",
+        access_token: "mockAccessToken",
+        refresh_token: "mockRefreshToken",
+    };
+    const mockStorage = {};
+    let resolver;
+    beforeEach(async () => {
+        vi.clearAllMocks();
+        vi.mocked(getEndpointsWithOverrides).mockResolvedValue(mockEndpoints);
+        resolver = await ServerAuthenticationResolver.build(mockAuthConfig, mockStorage);
+    });
+    describe("init", () => {
+        it("should initialize OAuth2 client with resolved endpoints", async () => {
+            expect(getEndpointsWithOverrides).toHaveBeenCalledWith(mockAuthConfig.oauthServer, undefined);
+        });
+    });
+    describe("tokenExchange", () => {
+        it("should exchange auth code for tokens and store them", async () => {
+            const code = "mockCode";
+            const state = "mockState";
+            const codeVerifier = "mockCodeVerifier";
+            vi.mocked(GenericPublicClientPKCEProducer.prototype.getCodeVerifier).mockResolvedValue(codeVerifier);
+            vi.mocked(exchangeTokens).mockResolvedValue(mockTokens);
+            const tokens = await resolver.tokenExchange(code, state);
+            expect(storeTokens).toHaveBeenCalledWith(mockStorage, mockTokens);
+            expect(tokens).toEqual(mockTokens);
+        });
+        it("should throw an error if code verifier is not found", async () => {
+            vi.mocked(GenericPublicClientPKCEProducer.prototype.getCodeVerifier).mockResolvedValue(null);
+            await expect(resolver.tokenExchange("mockCode", "mockState")).rejects.toThrow("Code verifier not found in storage");
+        });
+    });
+    describe("getSessionData", () => {
+        it("should retrieve session data from storage", async () => {
+            vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);
+            const sessionData = {
+                authenticated: true,
+                idToken: mockTokens.id_token,
+                accessToken: mockTokens.access_token,
+                refreshToken: mockTokens.refresh_token,
+            };
+            const result = await resolver.getSessionData();
+            expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);
+            expect(result).toEqual(sessionData);
+        });
+        it("should return null if no tokens are found in storage", async () => {
+            vi.mocked(retrieveTokens).mockResolvedValue(null);
+            const result = await resolver.getSessionData();
+            expect(result).toBeNull();
+        });
+    });
+});
+//# sourceMappingURL=ServerAuthenticationResolver.test.js.map

package/dist/test/unit/services/ServerAuthenticationResolver.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ServerAuthenticationResolver.test.js","sourceRoot":"","sources":["../../../../test/unit/services/ServerAuthenticationResolver.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,4BAA4B,EAAE,MAAM,0CAA0C,CAAC;AACxF,OAAO,EACL,cAAc,EACd,yBAAyB,EACzB,cAAc,EACd,WAAW,GACZ,MAAM,sBAAsB,CAAC;AAQ9B,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AAGrE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;AACvB,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;AAC9B,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;AAEhC,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,MAAM,cAAc,GAAe;QACjC,QAAQ,EAAE,cAAc;QACxB,WAAW,EAAE,wBAAwB;QACrC,WAAW,EAAE,2BAA2B;QACxC,YAAY,EAAE,4BAA4B;KAC3C,CAAC;IACF,MAAM,aAAa,GAAc;QAC/B,IAAI,EAAE,yBAAyB;QAC/B,KAAK,EAAE,0BAA0B;QACjC,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,6BAA6B;QACvC,UAAU,EAAE,+BAA+B;KAC5C,CAAC;IACF,MAAM,UAAU,GAA0B;QACxC,QAAQ,EAAE,aAAa;QACvB,YAAY,EAAE,iBAAiB;QAC/B,aAAa,EAAE,kBAAkB;KAClC,CAAC;IACF,MAAM,WAAW,GAAG,EAAiB,CAAC;IAEtC,IAAI,QAAgC,CAAC;IAErC,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,EAAE,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC;QACtE,QAAQ,GAAG,MAAM,4BAA4B,CAAC,KAAK,CACjD,cAAc,EACd,WAAW,CACZ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,MAAM,EAAE,GAAG,EAAE;QACpB,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;YACvE,MAAM,CAAC,yBAAyB,CAAC,CAAC,oBAAoB,CACpD,cAAc,CAAC,WAAW,EAC1B,SAAS,CACV,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;YACnE,MAAM,IAAI,GAAG,UAAU,CAAC;YACxB,MAAM,KAAK,GAAG,WAAW,CAAC;YAC1B,MAAM,YAAY,GAAG,kBAAkB,CAAC;YACxC,EAAE,CAAC,MAAM,CACP,+BAA+B,CAAC,SAAS,CAAC,eAAe,CAC1D,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;YAClC,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;YAExD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAEzD,MAAM,CAAC,WAAW,CAAC,CAAC,oBAAoB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YAClE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;YACnE,EAAE,CAAC,MAAM,CACP,+BAA+B,CAAC,SAAS,CAAC,eAAe,CAC1D,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAE1B,MAAM,MAAM,CACV,QAAQ,CAAC,aAAa,CAAC,UAAU,EAAE,WAAW,CAAC,CAChD,CAAC,OAAO,CAAC,OAAO,CAAC,oCAAoC,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;YACzD,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;YAExD,MAAM,WAAW,GAAgB;gBAC/B,aAAa,EAAE,IAAI;gBACnB,OAAO,EAAE,UAAU,CAAC,QAAQ;gBAC5B,WAAW,EAAE,UAAU,CAAC,YAAY;gBACpC,YAAY,EAAE,UAAU,CAAC,aAAa;aACvC,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,CAAC;YAE/C,MAAM,CAAC,cAAc,CAAC,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;YACpE,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAElD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,CAAC;YAE/C,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import { describe, it, expect, vi, beforeEach } from \"vitest\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport {\n  exchangeTokens,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n} from \"@/shared/lib/util.js\";\nimport type {\n  AuthStorage,\n  Endpoints,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport type { AuthenticationResolver } from \"@/services/types.ts\";\n\nvi.mock(\"oslo/oauth2\");\nvi.mock(\"@/services/PKCE.js\");\nvi.mock(\"@/shared/lib/util.js\");\n\ndescribe(\"ServerAuthenticationResolver\", () => {\n  const mockAuthConfig: AuthConfig = {\n    clientId: \"mockClientId\",\n    oauthServer: \"http://mockOauthServer\",\n    redirectUrl: \"http://localhost/redirect\",\n    challengeUrl: \"http://localhost/challenge\",\n  };\n  const mockEndpoints: Endpoints = {\n    auth: \"http://mockAuthEndpoint\",\n    token: \"http://mockTokenEndpoint\",\n    jwks: \"http://mockJwksEndpoint\",\n    userinfo: \"http://mockUserinfoEndpoint\",\n    endsession: \"http://mockEndsessionEndpoint\",\n  };\n  const mockTokens: OIDCTokenResponseBody = {\n    id_token: \"mockIdToken\",\n    access_token: \"mockAccessToken\",\n    refresh_token: \"mockRefreshToken\",\n  };\n  const mockStorage = {} as AuthStorage;\n\n  let resolver: AuthenticationResolver;\n\n  beforeEach(async () => {\n    vi.clearAllMocks();\n    vi.mocked(getEndpointsWithOverrides).mockResolvedValue(mockEndpoints);\n    resolver = await ServerAuthenticationResolver.build(\n      mockAuthConfig,\n      mockStorage,\n    );\n  });\n\n  describe(\"init\", () => {\n    it(\"should initialize OAuth2 client with resolved endpoints\", async () => {\n      expect(getEndpointsWithOverrides).toHaveBeenCalledWith(\n        mockAuthConfig.oauthServer,\n        undefined,\n      );\n    });\n  });\n\n  describe(\"tokenExchange\", () => {\n    it(\"should exchange auth code for tokens and store them\", async () => {\n      const code = \"mockCode\";\n      const state = \"mockState\";\n      const codeVerifier = \"mockCodeVerifier\";\n      vi.mocked(\n        GenericPublicClientPKCEProducer.prototype.getCodeVerifier,\n      ).mockResolvedValue(codeVerifier);\n      vi.mocked(exchangeTokens).mockResolvedValue(mockTokens);\n\n      const tokens = await resolver.tokenExchange(code, state);\n\n      expect(storeTokens).toHaveBeenCalledWith(mockStorage, mockTokens);\n      expect(tokens).toEqual(mockTokens);\n    });\n\n    it(\"should throw an error if code verifier is not found\", async () => {\n      vi.mocked(\n        GenericPublicClientPKCEProducer.prototype.getCodeVerifier,\n      ).mockResolvedValue(null);\n\n      await expect(\n        resolver.tokenExchange(\"mockCode\", \"mockState\"),\n      ).rejects.toThrow(\"Code verifier not found in storage\");\n    });\n  });\n\n  describe(\"getSessionData\", () => {\n    it(\"should retrieve session data from storage\", async () => {\n      vi.mocked(retrieveTokens).mockResolvedValue(mockTokens);\n\n      const sessionData: SessionData = {\n        authenticated: true,\n        idToken: mockTokens.id_token,\n        accessToken: mockTokens.access_token,\n        refreshToken: mockTokens.refresh_token,\n      };\n\n      const result = await resolver.getSessionData();\n\n      expect(retrieveTokens).toHaveBeenCalledWith(mockStorage);\n      expect(result).toEqual(sessionData);\n    });\n\n    it(\"should return null if no tokens are found in storage\", async () => {\n      vi.mocked(retrieveTokens).mockResolvedValue(null);\n\n      const result = await resolver.getSessionData();\n\n      expect(result).toBeNull();\n    });\n  });\n});\n"]}

package/dist/test/unit/shared/GenericAuthenticationRefresher.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=GenericAuthenticationRefresher.test.d.ts.map

package/dist/test/unit/shared/GenericAuthenticationRefresher.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GenericAuthenticationRefresher.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/shared/GenericAuthenticationRefresher.test.ts"],"names":[],"mappings":""}