@crossauth/sveltekit 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +1 -1
- package/dist/index.js +16 -6181
- package/dist/sveltekitadminclientendpoints.d.ts +13 -12
- package/dist/sveltekitadminclientendpoints.js +187 -0
- package/dist/sveltekitadminendpoints.d.ts +5 -4
- package/dist/sveltekitadminendpoints.js +766 -0
- package/dist/sveltekitapikey.d.ts +4 -4
- package/dist/sveltekitapikey.js +81 -0
- package/dist/sveltekitoauthclient.d.ts +6 -5
- package/dist/sveltekitoauthclient.js +2309 -0
- package/dist/sveltekitoauthserver.d.ts +4 -4
- package/dist/sveltekitoauthserver.js +1350 -0
- package/dist/sveltekitresserver.d.ts +6 -5
- package/dist/sveltekitresserver.js +286 -0
- package/dist/sveltekitserver.d.ts +11 -10
- package/dist/sveltekitserver.js +393 -0
- package/dist/sveltekitsession.d.ts +5 -5
- package/dist/sveltekitsession.js +1112 -0
- package/dist/sveltekitsessionadapter.d.ts +2 -3
- package/dist/sveltekitsessionadapter.js +2 -0
- package/dist/sveltekitsharedclientendpoints.d.ts +7 -6
- package/dist/sveltekitsharedclientendpoints.js +630 -0
- package/dist/sveltekituserclientendpoints.d.ts +13 -12
- package/dist/sveltekituserclientendpoints.js +270 -0
- package/dist/sveltekituserendpoints.d.ts +6 -5
- package/dist/sveltekituserendpoints.js +1813 -0
- package/dist/tests/sveltekitadminclientendpoints.test.js +330 -0
- package/dist/tests/sveltekitadminendpoints.test.js +242 -0
- package/dist/tests/sveltekitapikeyserver.test.js +44 -0
- package/dist/tests/sveltekitoauthclient.test.d.ts +5 -5
- package/dist/tests/sveltekitoauthclient.test.js +1016 -0
- package/dist/tests/sveltekitoauthresserver.test.d.ts +4 -4
- package/dist/tests/sveltekitoauthresserver.test.js +185 -0
- package/dist/tests/sveltekitoauthserver.test.js +673 -0
- package/dist/tests/sveltekituserclientendpoints.test.js +244 -0
- package/dist/tests/sveltekituserendpoints.test.js +152 -0
- package/dist/tests/sveltemock.test.js +36 -0
- package/dist/tests/sveltemocks.d.ts +2 -3
- package/dist/tests/sveltemocks.js +114 -0
- package/dist/tests/sveltesessionhooks.test.js +224 -0
- package/dist/tests/testshared.d.ts +8 -8
- package/dist/tests/testshared.js +344 -0
- package/dist/utils.d.ts +1 -2
- package/dist/utils.js +123 -0
- package/package.json +6 -4
- package/dist/index.cjs +0 -1
|
@@ -0,0 +1,1016 @@
|
|
|
1
|
+
// Copyright (c) 2026 Matthew Baker. All rights reserved. Licenced under the Apache Licence 2.0. See LICENSE file
|
|
2
|
+
import { MockRequestEvent } from './sveltemocks';
|
|
3
|
+
import { CrossauthError, ErrorCode } from '@crossauth/common';
|
|
4
|
+
import { makeServer, getAccessToken, oidcConfiguration, getCsrfToken } from './testshared';
|
|
5
|
+
import createFetchMock from 'vitest-fetch-mock';
|
|
6
|
+
import { test, expect, vi, beforeAll, afterEach } from 'vitest';
|
|
7
|
+
let fetchMocker = createFetchMock(vi);
|
|
8
|
+
fetchMocker.enableMocks();
|
|
9
|
+
beforeAll(async () => {
|
|
10
|
+
fetchMocker.doMock();
|
|
11
|
+
});
|
|
12
|
+
afterEach(async () => {
|
|
13
|
+
vi.restoreAllMocks();
|
|
14
|
+
});
|
|
15
|
+
export async function oauthLogin(options = {}) {
|
|
16
|
+
const { server, keyStorage, userStorage, clientStorage } = await makeServer(true, false, true, true, { tokenResponseType: "saveInSessionAndReturn", enableCsrfProtection: false, ...options });
|
|
17
|
+
const { authServer } = await getAccessToken();
|
|
18
|
+
if (server.oAuthClient)
|
|
19
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
20
|
+
// @ts-ignore
|
|
21
|
+
//fetchMocker.mockResponseOnce((request) => {return JSON.stringify({url: request.url, body: JSON.parse(request.body.toString())})});
|
|
22
|
+
fetchMocker.mockResponseOnce(async (request) => {
|
|
23
|
+
// call token with password flow
|
|
24
|
+
const body = JSON.parse(request.body?.toString() ?? "{}");
|
|
25
|
+
const firstTokenResponse = await authServer.tokenEndpoint({
|
|
26
|
+
grantType: body.grant_type,
|
|
27
|
+
client_id: body.client_id,
|
|
28
|
+
scope: body.scope,
|
|
29
|
+
client_secret: body.client_secret,
|
|
30
|
+
username: body.username,
|
|
31
|
+
password: body.password,
|
|
32
|
+
});
|
|
33
|
+
return new Response(JSON.stringify(firstTokenResponse), { headers: { "content-type": "application/json" } });
|
|
34
|
+
});
|
|
35
|
+
// password flow post endpoint
|
|
36
|
+
let postRequest = new Request(`http://server.com/passwordFlowFlow`, {
|
|
37
|
+
method: "POST",
|
|
38
|
+
body: JSON.stringify({
|
|
39
|
+
scope: "read write",
|
|
40
|
+
username: "bob",
|
|
41
|
+
password: "bobPass123",
|
|
42
|
+
}),
|
|
43
|
+
headers: { "content-type": "application/json" },
|
|
44
|
+
});
|
|
45
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
46
|
+
if (server.oAuthClient == undefined)
|
|
47
|
+
throw new Error("server.oAuthClient is undefined");
|
|
48
|
+
const resp = await server.oAuthClient?.passwordFlowEndpoint.post(event);
|
|
49
|
+
if (!resp || !(resp instanceof Response))
|
|
50
|
+
throw "Resp is not an object";
|
|
51
|
+
expect(resp.status).toBe(200);
|
|
52
|
+
const body = await resp.json();
|
|
53
|
+
expect(body.ok).toBe(true);
|
|
54
|
+
expect(body.access_token).toBeDefined();
|
|
55
|
+
expect(body.refresh_token).toBeDefined();
|
|
56
|
+
const access_token = body.access_token;
|
|
57
|
+
const refresh_token = body.refresh_token;
|
|
58
|
+
let sessionCookieValue = event.cookies.get("SESSIONID");
|
|
59
|
+
let sessionId = server.sessionServer?.sessionManager.getSessionId(sessionCookieValue ?? "");
|
|
60
|
+
return { server, authServer, sessionCookieValue, sessionId, access_token, refresh_token, keyStorage, userStorage, clientStorage };
|
|
61
|
+
}
|
|
62
|
+
;
|
|
63
|
+
////////////////////////////////////////////////////////////////////////
|
|
64
|
+
// Tests
|
|
65
|
+
test('SvelteKitClient.authzcodeflowLoginNotNeeded_get', async () => {
|
|
66
|
+
const { authServer } = await getAccessToken();
|
|
67
|
+
const { server } = await makeServer(true, false, false, true);
|
|
68
|
+
if (server.oAuthClient)
|
|
69
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
70
|
+
// authorizationCodeFlow get endpoint
|
|
71
|
+
let getRequest = new Request(`http://server.com/authorizationCodeFlow?scope=read+write`, {
|
|
72
|
+
method: "GET",
|
|
73
|
+
});
|
|
74
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
75
|
+
let location = undefined;
|
|
76
|
+
try {
|
|
77
|
+
await server.oAuthClient?.authorizationCodeFlowEndpoint.get(event);
|
|
78
|
+
}
|
|
79
|
+
catch (e) {
|
|
80
|
+
expect(e.location).toBeDefined();
|
|
81
|
+
location = e.location;
|
|
82
|
+
}
|
|
83
|
+
expect(location).toContain("http://server.com/authorize");
|
|
84
|
+
const url = new URL(location ?? "");
|
|
85
|
+
expect(url.searchParams.get("scope")).not.toBe(null);
|
|
86
|
+
expect(url.searchParams.get("state")).not.toBe(null);
|
|
87
|
+
expect(url.searchParams.get("redirect_uri")).not.toBe(null);
|
|
88
|
+
expect(url.searchParams.get("response_type")).toBe("code");
|
|
89
|
+
expect(url.searchParams.get("client_id")).toBe("ABC");
|
|
90
|
+
const state = url.searchParams.get("state") ?? "";
|
|
91
|
+
const scope = url.searchParams.get("scope") ?? "";
|
|
92
|
+
const redirect_uri = url.searchParams.get("redirect_uri") ?? "";
|
|
93
|
+
const { code, state: returnedState, error } = await authServer.authorizeGetEndpoint({
|
|
94
|
+
responseType: "code",
|
|
95
|
+
client_id: "ABC",
|
|
96
|
+
redirect_uri: redirect_uri ?? "",
|
|
97
|
+
scope: scope,
|
|
98
|
+
state: state ?? ""
|
|
99
|
+
});
|
|
100
|
+
expect(error).toBeUndefined();
|
|
101
|
+
expect(returnedState).toBe(state);
|
|
102
|
+
expect(code).toBeDefined();
|
|
103
|
+
});
|
|
104
|
+
test('SvelteKitClient.authzcodeflowLoginNotNeeded_load', async () => {
|
|
105
|
+
const { server } = await makeServer(true, false, false, true, { tokenResponseType: "sendInPage" });
|
|
106
|
+
if (server.oAuthClient)
|
|
107
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
108
|
+
// authorizationCodeFlow get endpoint
|
|
109
|
+
let getRequest = new Request(`http://server.com/authorizationCodeFlow?scope=read+write`, {
|
|
110
|
+
method: "GET",
|
|
111
|
+
});
|
|
112
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
113
|
+
let location = undefined;
|
|
114
|
+
try {
|
|
115
|
+
await server.oAuthClient?.authorizationCodeFlowEndpoint.load(event);
|
|
116
|
+
}
|
|
117
|
+
catch (e) {
|
|
118
|
+
expect(e.location).toBeDefined();
|
|
119
|
+
location = e.location;
|
|
120
|
+
}
|
|
121
|
+
expect(location).toContain("http://server.com/authorize");
|
|
122
|
+
const url = new URL(location ?? "");
|
|
123
|
+
expect(url.searchParams.get("scope")).not.toBe(null);
|
|
124
|
+
expect(url.searchParams.get("state")).not.toBe(null);
|
|
125
|
+
expect(url.searchParams.get("redirect_uri")).not.toBe(null);
|
|
126
|
+
expect(url.searchParams.get("response_type")).toBe("code");
|
|
127
|
+
expect(url.searchParams.get("client_id")).toBe("ABC");
|
|
128
|
+
});
|
|
129
|
+
test('SvelteKitClient.clientCredentials_post', async () => {
|
|
130
|
+
const { authServer } = await getAccessToken();
|
|
131
|
+
const { server } = await makeServer(true, false, false, true);
|
|
132
|
+
if (server.oAuthClient)
|
|
133
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
134
|
+
// @ts-ignore
|
|
135
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, body: JSON.parse(request.body.toString()) }); });
|
|
136
|
+
// clientCredentialsFlow post endpoint
|
|
137
|
+
let postRequest = new Request(`http://server.com/clientCredentialsFlow`, {
|
|
138
|
+
method: "POST",
|
|
139
|
+
body: JSON.stringify({
|
|
140
|
+
scope: "read write",
|
|
141
|
+
}),
|
|
142
|
+
headers: { "content-type": "application/json" },
|
|
143
|
+
});
|
|
144
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
145
|
+
const resp = await server.oAuthClient?.clientCredentialsFlowEndpoint.post(event);
|
|
146
|
+
if (!(resp instanceof Response))
|
|
147
|
+
throw new CrossauthError(ErrorCode.Configuration, "Expected Response");
|
|
148
|
+
expect(resp.status).toBe(200);
|
|
149
|
+
const body = await resp.json();
|
|
150
|
+
expect(body.ok).toBe(true);
|
|
151
|
+
expect(body.body.grant_type).toBe("client_credentials");
|
|
152
|
+
expect(body.body.client_secret).toBe("DEF");
|
|
153
|
+
const resp2 = await authServer.tokenEndpoint({
|
|
154
|
+
grantType: body.body.grant_type,
|
|
155
|
+
client_id: body.body.client_id,
|
|
156
|
+
scope: body.body.scope,
|
|
157
|
+
client_secret: body.body.client_secret,
|
|
158
|
+
});
|
|
159
|
+
expect(resp2.error).toBeUndefined();
|
|
160
|
+
expect(resp2.access_token).toBeDefined();
|
|
161
|
+
});
|
|
162
|
+
test('SvelteKitClient.clientCredentials_action', async () => {
|
|
163
|
+
const { server } = await makeServer(true, false, false, true, { tokenResponseType: "sendInPage" });
|
|
164
|
+
if (server.oAuthClient)
|
|
165
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
166
|
+
// @ts-ignore
|
|
167
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, body: JSON.parse(request.body.toString()) }); });
|
|
168
|
+
// clientCredentialsFlow post endpoint
|
|
169
|
+
let postRequest = new Request(`http://server.com/clientCredentialsFlow`, {
|
|
170
|
+
method: "POST",
|
|
171
|
+
body: JSON.stringify({
|
|
172
|
+
scope: "read write",
|
|
173
|
+
}),
|
|
174
|
+
headers: { "content-type": "application/json" },
|
|
175
|
+
});
|
|
176
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
177
|
+
const resp = await server.oAuthClient?.clientCredentialsFlowEndpoint.actions.default(event);
|
|
178
|
+
expect(typeof resp).toBe("object");
|
|
179
|
+
if (typeof resp == "object") {
|
|
180
|
+
const url = ("url" in resp) ? resp.url : undefined;
|
|
181
|
+
expect(url).toBe("http://server.com/token");
|
|
182
|
+
const body = ("body" in resp) ? (resp.body ?? {}) : {};
|
|
183
|
+
expect(body.grant_type).toBe("client_credentials");
|
|
184
|
+
expect(body.client_secret).toBe("DEF");
|
|
185
|
+
}
|
|
186
|
+
});
|
|
187
|
+
test('SvelteKitClient.refreshTokenFlow_post', async () => {
|
|
188
|
+
const { authServer, refresh_token } = await getAccessToken();
|
|
189
|
+
const { server, resolver, handle } = await makeServer(true, false, false, true);
|
|
190
|
+
if (server.oAuthClient)
|
|
191
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
192
|
+
// @ts-ignore
|
|
193
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, body: JSON.parse(request.body.toString()) }); });
|
|
194
|
+
const { csrfToken, csrfCookieValue } = await getCsrfToken(server, resolver, handle);
|
|
195
|
+
// clientCredentialsFlow post endpoint
|
|
196
|
+
let postRequest = new Request(`http://server.com/refreshTokenFlow`, {
|
|
197
|
+
method: "POST",
|
|
198
|
+
body: JSON.stringify({
|
|
199
|
+
refresh_token: refresh_token,
|
|
200
|
+
csrfToken,
|
|
201
|
+
}),
|
|
202
|
+
headers: [
|
|
203
|
+
["cookie", "CSRFTOKEN=" + csrfCookieValue],
|
|
204
|
+
["content-type", "application/json"],
|
|
205
|
+
]
|
|
206
|
+
});
|
|
207
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
208
|
+
event.locals.csrfToken = csrfToken;
|
|
209
|
+
if (!server.oAuthClient)
|
|
210
|
+
throw new CrossauthError(ErrorCode.Configuration, "No auth client");
|
|
211
|
+
const resp = await server.oAuthClient?.refreshTokenFlowEndpoint.post(event);
|
|
212
|
+
expect(resp.status).toBe(200);
|
|
213
|
+
const body = await resp.json();
|
|
214
|
+
expect(body.ok).toBe(true);
|
|
215
|
+
expect(body.body.grant_type).toBe("refresh_token");
|
|
216
|
+
expect(body.body.client_secret).toBe("DEF");
|
|
217
|
+
const resp2 = await authServer.tokenEndpoint({
|
|
218
|
+
grantType: body.body.grant_type,
|
|
219
|
+
client_id: body.body.client_id,
|
|
220
|
+
scope: body.body.scope,
|
|
221
|
+
client_secret: body.body.client_secret,
|
|
222
|
+
refreshToken: refresh_token,
|
|
223
|
+
});
|
|
224
|
+
expect(resp2.error).toBeUndefined();
|
|
225
|
+
expect(resp2.access_token).toBeDefined();
|
|
226
|
+
});
|
|
227
|
+
test('SvelteKitClient.refreshTokenFlow_action', async () => {
|
|
228
|
+
const { refresh_token } = await getAccessToken();
|
|
229
|
+
const { server, resolver, handle } = await makeServer(true, false, false, true, { tokenResponseType: "sendInPage" });
|
|
230
|
+
const { csrfToken } = await getCsrfToken(server, resolver, handle);
|
|
231
|
+
if (server.oAuthClient)
|
|
232
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
233
|
+
// @ts-ignore
|
|
234
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, body: JSON.parse(request.body.toString()) }); });
|
|
235
|
+
// refresh token flow post endpoint
|
|
236
|
+
let postRequest = new Request(`http://server.com/refreshTokenFlow`, {
|
|
237
|
+
method: "POST",
|
|
238
|
+
body: JSON.stringify({
|
|
239
|
+
refresh_token: refresh_token,
|
|
240
|
+
}),
|
|
241
|
+
headers: { "content-type": "application/json" },
|
|
242
|
+
});
|
|
243
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
244
|
+
event.locals.csrfToken = csrfToken;
|
|
245
|
+
if (!server.oAuthClient)
|
|
246
|
+
throw new CrossauthError(ErrorCode.Configuration, "No auth client");
|
|
247
|
+
const resp = await server.oAuthClient?.refreshTokenFlowEndpoint.actions.default(event);
|
|
248
|
+
const url = ("url" in resp) ? resp.url : undefined;
|
|
249
|
+
expect(url).toBe("http://server.com/token");
|
|
250
|
+
const body = ("body" in resp) ? (resp.body ?? {}) : {};
|
|
251
|
+
expect(body.grant_type).toBe("refresh_token");
|
|
252
|
+
expect(body.client_secret).toBe("DEF");
|
|
253
|
+
});
|
|
254
|
+
test('SvelteKitClient.passwordFlow_post', async () => {
|
|
255
|
+
const { authServer } = await getAccessToken();
|
|
256
|
+
const { server } = await makeServer(true, false, false, true, { enableCsrfProtection: false });
|
|
257
|
+
if (server.oAuthClient)
|
|
258
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
259
|
+
// @ts-ignore
|
|
260
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, body: JSON.parse(request.body.toString()) }); });
|
|
261
|
+
// password flow post endpoint
|
|
262
|
+
let postRequest = new Request(`http://server.com/passwordFlowFlow`, {
|
|
263
|
+
method: "POST",
|
|
264
|
+
body: JSON.stringify({
|
|
265
|
+
scope: "read write",
|
|
266
|
+
username: "bob",
|
|
267
|
+
password: "bobPass123",
|
|
268
|
+
}),
|
|
269
|
+
headers: { "content-type": "application/json" },
|
|
270
|
+
});
|
|
271
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
272
|
+
if (server.oAuthClient == undefined)
|
|
273
|
+
throw new Error("server.oAuthClient is undefined");
|
|
274
|
+
const resp = await server.oAuthClient?.passwordFlowEndpoint.post(event);
|
|
275
|
+
if (!resp || !(resp instanceof Response))
|
|
276
|
+
throw "Resp is not an object";
|
|
277
|
+
expect(resp.status).toBe(200);
|
|
278
|
+
const body = await resp.json();
|
|
279
|
+
expect(body.ok).toBe(true);
|
|
280
|
+
expect(body.body.grant_type).toBe("password");
|
|
281
|
+
expect(body.body.client_secret).toBe("DEF");
|
|
282
|
+
const resp2 = await authServer.tokenEndpoint({
|
|
283
|
+
grantType: body.body.grant_type,
|
|
284
|
+
client_id: body.body.client_id,
|
|
285
|
+
scope: body.body.scope,
|
|
286
|
+
client_secret: body.body.client_secret,
|
|
287
|
+
username: body.body.username,
|
|
288
|
+
password: body.body.password,
|
|
289
|
+
});
|
|
290
|
+
expect(resp2.error).toBeUndefined();
|
|
291
|
+
expect(resp2.access_token).toBeDefined();
|
|
292
|
+
});
|
|
293
|
+
test('SvelteKitClient.passwordFlow_action', async () => {
|
|
294
|
+
const { server } = await makeServer(true, false, false, true, { tokenResponseType: "sendInPage", enableCsrfProtection: false });
|
|
295
|
+
if (server.oAuthClient)
|
|
296
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
297
|
+
// @ts-ignore
|
|
298
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, body: JSON.parse(request.body.toString()) }); });
|
|
299
|
+
// password flow post endpoint
|
|
300
|
+
let postRequest = new Request(`http://server.com/passwordFlowFlow`, {
|
|
301
|
+
method: "POST",
|
|
302
|
+
body: JSON.stringify({
|
|
303
|
+
scope: "read write",
|
|
304
|
+
username: "bob",
|
|
305
|
+
password: "bobPass123",
|
|
306
|
+
}),
|
|
307
|
+
headers: { "content-type": "application/json" },
|
|
308
|
+
});
|
|
309
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
310
|
+
if (!server.oAuthClient)
|
|
311
|
+
throw new CrossauthError(ErrorCode.Configuration, "No auth client");
|
|
312
|
+
const resp = await server.oAuthClient?.passwordFlowEndpoint.actions.password(event);
|
|
313
|
+
const url = ("url" in resp) ? resp.url : undefined;
|
|
314
|
+
expect(url).toBe("http://server.com/token");
|
|
315
|
+
const body = ("body" in resp) ? (resp.body ?? {}) : {};
|
|
316
|
+
expect(body.grant_type).toBe("password");
|
|
317
|
+
expect(body.client_secret).toBe("DEF");
|
|
318
|
+
expect(body.username).toBe("bob");
|
|
319
|
+
expect(body.password).toBe("bobPass123");
|
|
320
|
+
});
|
|
321
|
+
test('SvelteKitClient.passwordMfaFlow_post', async () => {
|
|
322
|
+
const { authServer } = await getAccessToken();
|
|
323
|
+
const { server } = await makeServer(true, false, false, true, { enableCsrfProtection: false });
|
|
324
|
+
if (server.oAuthClient)
|
|
325
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
326
|
+
// @ts-ignore
|
|
327
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, body: JSON.parse(request.body.toString()) }); });
|
|
328
|
+
// password flow post endpoint
|
|
329
|
+
let postRequest = new Request(`http://server.com/passwordFlowFlow`, {
|
|
330
|
+
method: "POST",
|
|
331
|
+
body: JSON.stringify({
|
|
332
|
+
scope: "read write",
|
|
333
|
+
username: "alice",
|
|
334
|
+
password: "alicePass123",
|
|
335
|
+
}),
|
|
336
|
+
headers: { "content-type": "application/json" },
|
|
337
|
+
});
|
|
338
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
339
|
+
if (server.oAuthClient == undefined)
|
|
340
|
+
throw new Error("server.oAuthClient is undefined");
|
|
341
|
+
const resp = await server.oAuthClient?.passwordFlowEndpoint.post(event);
|
|
342
|
+
if (!resp || !(resp instanceof Response))
|
|
343
|
+
throw "Resp is not an object";
|
|
344
|
+
expect(resp.status).toBe(200);
|
|
345
|
+
const body = await resp.json();
|
|
346
|
+
expect(body.ok).toBe(true);
|
|
347
|
+
expect(body.body.grant_type).toBe("password");
|
|
348
|
+
expect(body.body.client_secret).toBe("DEF");
|
|
349
|
+
// call token with password flow
|
|
350
|
+
const firstTokenResponse = await authServer.tokenEndpoint({
|
|
351
|
+
grantType: body.body.grant_type,
|
|
352
|
+
client_id: body.body.client_id,
|
|
353
|
+
scope: body.body.scope,
|
|
354
|
+
client_secret: body.body.client_secret,
|
|
355
|
+
username: body.body.username,
|
|
356
|
+
password: body.body.password,
|
|
357
|
+
});
|
|
358
|
+
expect(firstTokenResponse.error).toBe("mfa_required");
|
|
359
|
+
expect(firstTokenResponse.mfa_token).toBeDefined();
|
|
360
|
+
// call mfaAuthenticators to select factor2 method
|
|
361
|
+
fetchMocker.mockResponseOnce((_req) => {
|
|
362
|
+
return JSON.stringify(firstTokenResponse);
|
|
363
|
+
});
|
|
364
|
+
const authenticatorsResponse = await authServer.mfaAuthenticatorsEndpoint(firstTokenResponse.mfa_token ?? "");
|
|
365
|
+
expect(authenticatorsResponse.authenticators?.length).toBe(1);
|
|
366
|
+
let authenticators = authenticatorsResponse.authenticators;
|
|
367
|
+
if (!authenticators)
|
|
368
|
+
throw Error("No authenticators returned");
|
|
369
|
+
expect(authenticators[0].id).toBe("dummyFactor2");
|
|
370
|
+
const challengeResponse = await authServer.mfaChallengeEndpoint(firstTokenResponse.mfa_token ?? "", "ABC", "DEF", "oob", "dummyFactor2");
|
|
371
|
+
expect(challengeResponse.challenge_type).toBe("oob");
|
|
372
|
+
expect(challengeResponse.binding_method).toBe("prompt");
|
|
373
|
+
expect(challengeResponse.oob_code).toBeDefined();
|
|
374
|
+
fetchMocker.mockResponseOnce((_req) => {
|
|
375
|
+
return JSON.stringify(authenticatorsResponse.authenticators);
|
|
376
|
+
});
|
|
377
|
+
fetchMocker.mockResponseOnce((_req) => {
|
|
378
|
+
return JSON.stringify({
|
|
379
|
+
challenge_type: "oob",
|
|
380
|
+
oob_code: challengeResponse.oob_code,
|
|
381
|
+
binding_method: "prompt"
|
|
382
|
+
});
|
|
383
|
+
});
|
|
384
|
+
// password flow again. This time it should trigger MFA completion
|
|
385
|
+
postRequest = new Request(`http://server.com/passwordFlow`, {
|
|
386
|
+
method: "POST",
|
|
387
|
+
body: JSON.stringify({
|
|
388
|
+
scope: "read write",
|
|
389
|
+
username: "alice",
|
|
390
|
+
password: "alicePass123",
|
|
391
|
+
}),
|
|
392
|
+
headers: { "content-type": "application/json" },
|
|
393
|
+
});
|
|
394
|
+
event = new MockRequestEvent("1", postRequest, {});
|
|
395
|
+
if (server.oAuthClient == undefined)
|
|
396
|
+
throw new Error("server.oAuthClient is undefined");
|
|
397
|
+
const password2Resp = await server.oAuthClient?.passwordFlowEndpoint.post(event);
|
|
398
|
+
if (!password2Resp || !(password2Resp instanceof Response))
|
|
399
|
+
throw "Resp is not an object";
|
|
400
|
+
expect(password2Resp.status).toBe(200);
|
|
401
|
+
const password2Body = await password2Resp.json();
|
|
402
|
+
expect(password2Body.ok).toBe(true);
|
|
403
|
+
expect(password2Body.challenge_type).toBe("oob");
|
|
404
|
+
const oobCode = password2Body.oob_code;
|
|
405
|
+
// Call passwordoob to completre MFA
|
|
406
|
+
const { access_token, expires_in } = await authServer.tokenEndpoint({
|
|
407
|
+
grantType: "http://auth0.com/oauth/grant-type/mfa-oob",
|
|
408
|
+
client_id: "ABC",
|
|
409
|
+
scope: "read write",
|
|
410
|
+
client_secret: "DEF",
|
|
411
|
+
mfaToken: firstTokenResponse.mfa_token,
|
|
412
|
+
oobCode: oobCode,
|
|
413
|
+
bindingCode: "0000",
|
|
414
|
+
});
|
|
415
|
+
expect(access_token).toBeDefined();
|
|
416
|
+
expect(expires_in).toBeDefined();
|
|
417
|
+
});
|
|
418
|
+
test('SvelteKitClient.refreshIfExpired_post', async () => {
|
|
419
|
+
// login using password flow
|
|
420
|
+
const { authServer, refresh_token, server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
421
|
+
if (server.oAuthClient)
|
|
422
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
423
|
+
// Refresh token flow
|
|
424
|
+
// @ts-ignore
|
|
425
|
+
//fetchMocker.mockResponseOnce((request) => {return JSON.stringify({url: request.url, body: JSON.parse(request.body.toString())})});
|
|
426
|
+
fetchMocker.mockResponseOnce(async (request) => {
|
|
427
|
+
// call token with refresj tolken flow
|
|
428
|
+
const body = JSON.parse(request.body?.toString() ?? "{}");
|
|
429
|
+
const resp2 = await authServer.tokenEndpoint({
|
|
430
|
+
grantType: body.grant_type,
|
|
431
|
+
client_id: body.client_id,
|
|
432
|
+
scope: body.scope,
|
|
433
|
+
client_secret: body.client_secret,
|
|
434
|
+
refreshToken: refresh_token,
|
|
435
|
+
});
|
|
436
|
+
return new Response(JSON.stringify(resp2), { headers: { "content-type": "application/json" } });
|
|
437
|
+
});
|
|
438
|
+
// if (server.oAuthClient) server.oAuthClient["receiveTokenFn"] = receiveFn_post;
|
|
439
|
+
// refresh token if expired post endpoint
|
|
440
|
+
let postRequest = new Request(`http://server.com/refreshTokenIfExpired`, {
|
|
441
|
+
method: "POST",
|
|
442
|
+
body: JSON.stringify({
|
|
443
|
+
refresh_token: refresh_token,
|
|
444
|
+
}),
|
|
445
|
+
headers: { "content-type": "application/json", "cookie": "SESSIONID=" + sessionCookieValue },
|
|
446
|
+
});
|
|
447
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
448
|
+
event.locals.sessionId = sessionId;
|
|
449
|
+
// expire token
|
|
450
|
+
const oauthData = await server.sessionServer?.getSessionData(event, "oauth");
|
|
451
|
+
expect(oauthData).toBeDefined();
|
|
452
|
+
if (!oauthData)
|
|
453
|
+
throw new Error("oauthData not defined");
|
|
454
|
+
oauthData.expires_in = 0;
|
|
455
|
+
oauthData.expires_at = Date.now() - 10000;
|
|
456
|
+
await server.sessionServer?.updateSessionData(event, "oauth", oauthData);
|
|
457
|
+
if (!server.oAuthClient)
|
|
458
|
+
throw new CrossauthError(ErrorCode.Configuration, "No auth client");
|
|
459
|
+
const resp = await server.oAuthClient?.refreshTokensIfExpiredEndpoint.post(event);
|
|
460
|
+
expect(resp).toBeDefined();
|
|
461
|
+
if (!resp || !(resp instanceof Response))
|
|
462
|
+
throw Error("Response undefined");
|
|
463
|
+
const body = await resp.json();
|
|
464
|
+
expect(body.access_token).toBeDefined();
|
|
465
|
+
});
|
|
466
|
+
test('SvelteKitClient.refreshIfNotExpired_post', async () => {
|
|
467
|
+
// login using password flow
|
|
468
|
+
const { authServer, refresh_token, server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
469
|
+
if (server.oAuthClient)
|
|
470
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
471
|
+
// Refresh token flow
|
|
472
|
+
// @ts-ignore
|
|
473
|
+
//fetchMocker.mockResponseOnce((request) => {return JSON.stringify({url: request.url, body: JSON.parse(request.body.toString())})});
|
|
474
|
+
fetchMocker.mockResponseOnce(async (request) => {
|
|
475
|
+
// call token with refresj tolken flow
|
|
476
|
+
const body = JSON.parse(request.body?.toString() ?? "{}");
|
|
477
|
+
const resp2 = await authServer.tokenEndpoint({
|
|
478
|
+
grantType: body.grant_type,
|
|
479
|
+
client_id: body.client_id,
|
|
480
|
+
scope: body.scope,
|
|
481
|
+
client_secret: body.client_secret,
|
|
482
|
+
refreshToken: refresh_token,
|
|
483
|
+
});
|
|
484
|
+
return new Response(JSON.stringify(resp2), { headers: { "content-type": "application/json" } });
|
|
485
|
+
});
|
|
486
|
+
// if (server.oAuthClient) server.oAuthClient["receiveTokenFn"] = receiveFn_post;
|
|
487
|
+
// refresh token if expired post endpoint
|
|
488
|
+
let postRequest = new Request(`http://server.com/refreshTokenIfExpired`, {
|
|
489
|
+
method: "POST",
|
|
490
|
+
body: JSON.stringify({
|
|
491
|
+
refresh_token: refresh_token,
|
|
492
|
+
}),
|
|
493
|
+
headers: { "content-type": "application/json", "cookie": "SESSIONID=" + sessionCookieValue },
|
|
494
|
+
});
|
|
495
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
496
|
+
event.locals.sessionId = sessionId;
|
|
497
|
+
if (!server.oAuthClient)
|
|
498
|
+
throw new CrossauthError(ErrorCode.Configuration, "No auth client");
|
|
499
|
+
const resp = await server.oAuthClient?.refreshTokensIfExpiredEndpoint.post(event);
|
|
500
|
+
expect(resp).toBeDefined();
|
|
501
|
+
if (!resp || !(resp instanceof Response))
|
|
502
|
+
throw Error("Response unefined");
|
|
503
|
+
const body = await resp.json();
|
|
504
|
+
expect(body.access_token).toBeUndefined();
|
|
505
|
+
expect(body.error).toBeUndefined();
|
|
506
|
+
});
|
|
507
|
+
test('SvelteKitClient.autoRefreshTokens_post', async () => {
|
|
508
|
+
// login using password flow
|
|
509
|
+
const { authServer, refresh_token, server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
510
|
+
if (server.oAuthClient)
|
|
511
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
512
|
+
// Refresh token flow
|
|
513
|
+
// @ts-ignore
|
|
514
|
+
//fetchMocker.mockResponseOnce((request) => {return JSON.stringify({url: request.url, body: JSON.parse(request.body.toString())})});
|
|
515
|
+
fetchMocker.mockResponseOnce(async (request) => {
|
|
516
|
+
// call token with refresj tolken flow
|
|
517
|
+
const body = JSON.parse(request.body?.toString() ?? "{}");
|
|
518
|
+
const resp2 = await authServer.tokenEndpoint({
|
|
519
|
+
grantType: body.grant_type,
|
|
520
|
+
client_id: body.client_id,
|
|
521
|
+
scope: body.scope,
|
|
522
|
+
client_secret: body.client_secret,
|
|
523
|
+
refreshToken: refresh_token,
|
|
524
|
+
});
|
|
525
|
+
return new Response(JSON.stringify(resp2), { headers: { "content-type": "application/json" } });
|
|
526
|
+
});
|
|
527
|
+
// if (server.oAuthClient) server.oAuthClient["receiveTokenFn"] = receiveFn_post;
|
|
528
|
+
// refresh token if expired post endpoint
|
|
529
|
+
let postRequest = new Request(`http://server.com/refreshTokenIfExpired`, {
|
|
530
|
+
method: "POST",
|
|
531
|
+
body: JSON.stringify({
|
|
532
|
+
refresh_token: refresh_token,
|
|
533
|
+
}),
|
|
534
|
+
headers: { "content-type": "application/json", "cookie": "SESSIONID=" + sessionCookieValue },
|
|
535
|
+
});
|
|
536
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
537
|
+
event.locals.sessionId = sessionId;
|
|
538
|
+
if (!server.oAuthClient)
|
|
539
|
+
throw new CrossauthError(ErrorCode.Configuration, "No auth client");
|
|
540
|
+
const resp = await server.oAuthClient?.autoRefreshTokensEndpoint.post(event);
|
|
541
|
+
//expect(typeof resp).not.toBe("object");
|
|
542
|
+
//if (!resp || !(resp instanceof Response)) throw Error("Response is not an Response object");
|
|
543
|
+
const body = await resp.json();
|
|
544
|
+
expect(body?.expires_at).toBeDefined();
|
|
545
|
+
});
|
|
546
|
+
test('SvelteKitClient.bff_post', async () => {
|
|
547
|
+
// login using password flow
|
|
548
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
549
|
+
if (server.oAuthClient)
|
|
550
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
551
|
+
// @ts-ignore
|
|
552
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: JSON.parse(request.body.toString()) }); });
|
|
553
|
+
// password flow post endpoint
|
|
554
|
+
let postRequest = new Request(`http://server.com/bff/method`, {
|
|
555
|
+
method: "POST",
|
|
556
|
+
body: JSON.stringify({
|
|
557
|
+
param1: 1,
|
|
558
|
+
param2: "a&b"
|
|
559
|
+
}),
|
|
560
|
+
headers: { "content-type": "application/json", "cookie": "SESSIONID=" + sessionCookieValue },
|
|
561
|
+
});
|
|
562
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
563
|
+
event.locals.sessionId = sessionId;
|
|
564
|
+
if (server.oAuthClient == undefined)
|
|
565
|
+
throw new Error("server.oAuthClient is undefined");
|
|
566
|
+
const resp = await server.oAuthClient?.bff(event);
|
|
567
|
+
expect(resp.status).toBe(200);
|
|
568
|
+
const body = await resp.json();
|
|
569
|
+
expect(body.url).toBe("http://server.com/method");
|
|
570
|
+
expect(body.method).toBe("POST");
|
|
571
|
+
expect(body.body.param1).toBe(1);
|
|
572
|
+
expect(body.body.param2).toBe("a&b");
|
|
573
|
+
});
|
|
574
|
+
test('SvelteKitClient.bff_get', async () => {
|
|
575
|
+
// login using password flow
|
|
576
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
577
|
+
if (server.oAuthClient)
|
|
578
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
579
|
+
// @ts-ignore
|
|
580
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
581
|
+
// password flow post endpoint
|
|
582
|
+
let getRequest = new Request(`http://server.com/bff/method?param1=a¶m2=a+b`, {
|
|
583
|
+
method: "GET",
|
|
584
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue },
|
|
585
|
+
});
|
|
586
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
587
|
+
event.locals.sessionId = sessionId;
|
|
588
|
+
if (server.oAuthClient == undefined)
|
|
589
|
+
throw new Error("server.oAuthClient is undefined");
|
|
590
|
+
const resp = await server.oAuthClient?.bff(event);
|
|
591
|
+
expect(resp.status).toBe(200);
|
|
592
|
+
const body = await resp.json();
|
|
593
|
+
expect(body.url).toContain("http://server.com/method");
|
|
594
|
+
expect(body.method).toBe("GET");
|
|
595
|
+
});
|
|
596
|
+
test('SvelteKitClient.bffEndpoint_post', async () => {
|
|
597
|
+
// login using password flow
|
|
598
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
599
|
+
if (server.oAuthClient)
|
|
600
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
601
|
+
// @ts-ignore
|
|
602
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: JSON.parse(request.body.toString()) }); });
|
|
603
|
+
// password flow post endpoint
|
|
604
|
+
let postRequest = new Request(`http://server.com/bff/method`, {
|
|
605
|
+
method: "POST",
|
|
606
|
+
body: JSON.stringify({
|
|
607
|
+
param1: 1,
|
|
608
|
+
param2: "a&b"
|
|
609
|
+
}),
|
|
610
|
+
headers: { "content-type": "application/json", "cookie": "SESSIONID=" + sessionCookieValue },
|
|
611
|
+
});
|
|
612
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
613
|
+
event.locals.sessionId = sessionId;
|
|
614
|
+
if (server.oAuthClient == undefined)
|
|
615
|
+
throw new Error("server.oAuthClient is undefined");
|
|
616
|
+
const resp = await server.oAuthClient?.bffEndpoint.post(event);
|
|
617
|
+
expect(resp.status).toBe(200);
|
|
618
|
+
const body = await resp.json();
|
|
619
|
+
expect(body.url).toBe("http://server.com/method");
|
|
620
|
+
expect(body.method).toBe("POST");
|
|
621
|
+
expect(body.body.param1).toBe(1);
|
|
622
|
+
expect(body.body.param2).toBe("a&b");
|
|
623
|
+
});
|
|
624
|
+
test('SvelteKitClient.allBffEndpoint_get', async () => {
|
|
625
|
+
// login using password flow
|
|
626
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
627
|
+
if (server.oAuthClient)
|
|
628
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
629
|
+
// @ts-ignore
|
|
630
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
631
|
+
// password flow post endpoint
|
|
632
|
+
let getRequest = new Request(`http://server.com/bff/method1?param1=a¶m2=a+b`, {
|
|
633
|
+
method: "GET",
|
|
634
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue },
|
|
635
|
+
});
|
|
636
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
637
|
+
event.locals.sessionId = sessionId;
|
|
638
|
+
if (server.oAuthClient == undefined)
|
|
639
|
+
throw new Error("server.oAuthClient is undefined");
|
|
640
|
+
const resp = await server.oAuthClient?.allBffEndpoint.get(event);
|
|
641
|
+
expect(resp.status).toBe(200);
|
|
642
|
+
const body = await resp.json();
|
|
643
|
+
expect(body.url).toContain("http://server.com/method1");
|
|
644
|
+
expect(body.method).toBe("GET");
|
|
645
|
+
});
|
|
646
|
+
test('SvelteKitClient.allBffEndpoint_subget', async () => {
|
|
647
|
+
// login using password flow
|
|
648
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
649
|
+
if (server.oAuthClient)
|
|
650
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
651
|
+
// @ts-ignore
|
|
652
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
653
|
+
// password flow post endpoint
|
|
654
|
+
let getRequest = new Request(`http://server.com/bff/method2/a?param1=a¶m2=a+b`, {
|
|
655
|
+
method: "GET",
|
|
656
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue },
|
|
657
|
+
});
|
|
658
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
659
|
+
event.locals.sessionId = sessionId;
|
|
660
|
+
if (server.oAuthClient == undefined)
|
|
661
|
+
throw new Error("server.oAuthClient is undefined");
|
|
662
|
+
const resp = await server.oAuthClient?.allBffEndpoint.get(event);
|
|
663
|
+
expect(resp.status).toBe(200);
|
|
664
|
+
const body = await resp.json();
|
|
665
|
+
expect(body.url).toContain("http://server.com/method2");
|
|
666
|
+
expect(body.method).toBe("GET");
|
|
667
|
+
});
|
|
668
|
+
test('SvelteKitClient.allBffEndpoint_invalidget', async () => {
|
|
669
|
+
// login using password flow
|
|
670
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
671
|
+
if (server.oAuthClient)
|
|
672
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
673
|
+
// @ts-ignore
|
|
674
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
675
|
+
// password flow post endpoint
|
|
676
|
+
let getRequest = new Request(`http://server.com/bff/method3?param1=a¶m2=a+b`, {
|
|
677
|
+
method: "GET",
|
|
678
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue },
|
|
679
|
+
});
|
|
680
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
681
|
+
event.locals.sessionId = sessionId;
|
|
682
|
+
if (server.oAuthClient == undefined)
|
|
683
|
+
throw new Error("server.oAuthClient is undefined");
|
|
684
|
+
const resp = await server.oAuthClient?.allBffEndpoint.get(event);
|
|
685
|
+
expect(resp.status).toBe(401);
|
|
686
|
+
});
|
|
687
|
+
test('SvelteKitClient.accessToken', async () => {
|
|
688
|
+
// login using password flow
|
|
689
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
690
|
+
if (server.oAuthClient)
|
|
691
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
692
|
+
// @ts-ignore
|
|
693
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
694
|
+
// password flow post endpoint
|
|
695
|
+
let getRequest = new Request(`http://server.com/accessToken`, {
|
|
696
|
+
method: "GET",
|
|
697
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue },
|
|
698
|
+
});
|
|
699
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
700
|
+
event.locals.sessionId = sessionId;
|
|
701
|
+
if (server.oAuthClient == undefined)
|
|
702
|
+
throw new Error("server.oAuthClient is undefined");
|
|
703
|
+
const resp = await server.oAuthClient?.accessTokenEndpoint.post(event);
|
|
704
|
+
expect(resp.status).toBe(200);
|
|
705
|
+
const body = resp.body;
|
|
706
|
+
expect(typeof (body) == "object" && body?.jti).toBeDefined();
|
|
707
|
+
});
|
|
708
|
+
test('SvelteKitClient.haveAccessToken', async () => {
|
|
709
|
+
// login using password flow
|
|
710
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
711
|
+
if (server.oAuthClient)
|
|
712
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
713
|
+
// @ts-ignore
|
|
714
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
715
|
+
// password flow post endpoint
|
|
716
|
+
let getRequest = new Request(`http://server.com/haveAccessToken`, {
|
|
717
|
+
method: "GET",
|
|
718
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue },
|
|
719
|
+
});
|
|
720
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
721
|
+
event.locals.sessionId = sessionId;
|
|
722
|
+
if (server.oAuthClient == undefined)
|
|
723
|
+
throw new Error("server.oAuthClient is undefined");
|
|
724
|
+
const resp = await server.oAuthClient?.haveAccessTokenEndpoint.post(event);
|
|
725
|
+
expect(resp.status).toBe(200);
|
|
726
|
+
const body = await resp.json();
|
|
727
|
+
expect(body.ok).toBe(true);
|
|
728
|
+
});
|
|
729
|
+
test('SvelteKitClient.refreshTokenNotAllowed', async () => {
|
|
730
|
+
// login using password flow
|
|
731
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
732
|
+
if (server.oAuthClient)
|
|
733
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
734
|
+
// @ts-ignore
|
|
735
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
736
|
+
// password flow post endpoint
|
|
737
|
+
let getRequest = new Request(`http://server.com/accessToken`, {
|
|
738
|
+
method: "GET",
|
|
739
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue },
|
|
740
|
+
});
|
|
741
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
742
|
+
event.locals.sessionId = sessionId;
|
|
743
|
+
if (server.oAuthClient == undefined)
|
|
744
|
+
throw new Error("server.oAuthClient is undefined");
|
|
745
|
+
const resp = await server.oAuthClient?.refreshTokenEndpoint.post(event);
|
|
746
|
+
expect(resp.status).toBe(401);
|
|
747
|
+
const body = await resp.json();
|
|
748
|
+
expect(body.jti).toBeUndefined();
|
|
749
|
+
});
|
|
750
|
+
test('SvelteKitClient.dontHaveRefreshToken', async () => {
|
|
751
|
+
// login using password flow
|
|
752
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
753
|
+
if (server.oAuthClient)
|
|
754
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
755
|
+
// @ts-ignore
|
|
756
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
757
|
+
// password flow post endpoint
|
|
758
|
+
let getRequest = new Request(`http://server.com/haveAccessToken`, {
|
|
759
|
+
method: "GET",
|
|
760
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue },
|
|
761
|
+
});
|
|
762
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
763
|
+
event.locals.sessionId = sessionId;
|
|
764
|
+
if (server.oAuthClient == undefined)
|
|
765
|
+
throw new Error("server.oAuthClient is undefined");
|
|
766
|
+
const resp = await server.oAuthClient?.haveRefreshTokenEndpoint.post(event);
|
|
767
|
+
expect(resp.status).toBe(401);
|
|
768
|
+
const body = await resp.json();
|
|
769
|
+
expect(body.ok).toBeUndefined();
|
|
770
|
+
});
|
|
771
|
+
test('SvelteKitClient.dontHaveIdToken', async () => {
|
|
772
|
+
// login using password flow
|
|
773
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
774
|
+
if (server.oAuthClient)
|
|
775
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
776
|
+
// @ts-ignore
|
|
777
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
778
|
+
// password flow post endpoint
|
|
779
|
+
let getRequest = new Request(`http://server.com/haveAccessToken`, {
|
|
780
|
+
method: "GET",
|
|
781
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue },
|
|
782
|
+
});
|
|
783
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
784
|
+
event.locals.sessionId = sessionId;
|
|
785
|
+
if (server.oAuthClient == undefined)
|
|
786
|
+
throw new Error("server.oAuthClient is undefined");
|
|
787
|
+
const resp = await server.oAuthClient?.haveIdTokenEndpoint.post(event);
|
|
788
|
+
expect(resp.status).toBe(200);
|
|
789
|
+
const body = await resp.json();
|
|
790
|
+
expect(body.ok).toBe(false);
|
|
791
|
+
});
|
|
792
|
+
test('SvelteKitClient.idToken', async () => {
|
|
793
|
+
// login using password flow
|
|
794
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
795
|
+
if (server.oAuthClient)
|
|
796
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
797
|
+
// @ts-ignore
|
|
798
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
799
|
+
// password flow post endpoint
|
|
800
|
+
let getRequest = new Request(`http://server.com/idToken`, {
|
|
801
|
+
method: "GET",
|
|
802
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue },
|
|
803
|
+
});
|
|
804
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
805
|
+
event.locals.sessionId = sessionId;
|
|
806
|
+
if (server.oAuthClient == undefined)
|
|
807
|
+
throw new Error("server.oAuthClient is undefined");
|
|
808
|
+
const resp = await server.oAuthClient?.idTokenEndpoint.post(event);
|
|
809
|
+
expect(resp.status).toBe(204);
|
|
810
|
+
});
|
|
811
|
+
test('SvelteKitClient.tokens', async () => {
|
|
812
|
+
// login using password flow
|
|
813
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
814
|
+
if (server.oAuthClient)
|
|
815
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
816
|
+
// @ts-ignore
|
|
817
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
818
|
+
// password flow post endpoint
|
|
819
|
+
let getRequest = new Request(`http://server.com/tokens`, {
|
|
820
|
+
method: "GET",
|
|
821
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue },
|
|
822
|
+
});
|
|
823
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
824
|
+
event.locals.sessionId = sessionId;
|
|
825
|
+
if (server.oAuthClient == undefined)
|
|
826
|
+
throw new Error("server.oAuthClient is undefined");
|
|
827
|
+
const resp = await server.oAuthClient?.tokensEndpoint.post(event);
|
|
828
|
+
expect(resp.status).toBe(200);
|
|
829
|
+
const body = await resp.json();
|
|
830
|
+
expect(body.access_token?.jti).toBeDefined();
|
|
831
|
+
expect(body.have_access_token).toBe(true);
|
|
832
|
+
expect(body.have_id_token).toBe(false);
|
|
833
|
+
expect(body.id_token).toBeUndefined();
|
|
834
|
+
expect(body.refresh_token).toBeUndefined();
|
|
835
|
+
expect(body.have_refresh_token).toBeUndefined();
|
|
836
|
+
});
|
|
837
|
+
test('SvelteKitClient.deviceCodeFlow', async () => {
|
|
838
|
+
// login using password flow
|
|
839
|
+
const { server, sessionId, sessionCookieValue, clientStorage, userStorage } = await oauthLogin();
|
|
840
|
+
if (server.oAuthClient)
|
|
841
|
+
await server.oAuthClient.loadConfig(oidcConfiguration);
|
|
842
|
+
// @ts-ignore
|
|
843
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ url: request.url, method: request.method, body: request.body ? JSON.parse(request.body.toString()) : "{}" }); });
|
|
844
|
+
// start device flow - device_authorization call
|
|
845
|
+
let postRequest = new Request(`http://server.com/dummy`, {
|
|
846
|
+
method: "POST",
|
|
847
|
+
body: JSON.stringify({ scope: "read write" }),
|
|
848
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue,
|
|
849
|
+
"content-type": "application/json",
|
|
850
|
+
},
|
|
851
|
+
});
|
|
852
|
+
let event = new MockRequestEvent("1", postRequest, {});
|
|
853
|
+
event.locals.sessionId = sessionId;
|
|
854
|
+
if (server.oAuthClient == undefined)
|
|
855
|
+
throw new Error("server.oAuthClient is undefined");
|
|
856
|
+
let resp = await server.oAuthClient?.startDeviceCodeFlowEndpoint.actions.default(event);
|
|
857
|
+
expect(resp.url).toBe("http://server.com/device_authorization");
|
|
858
|
+
expect(resp.body.grant_type).toBe("urn:ietf:params:oauth:grant-type:device_code");
|
|
859
|
+
expect(resp.body.client_id).toBe("ABC");
|
|
860
|
+
expect(resp.body.client_secret).toBe("DEF");
|
|
861
|
+
expect(resp.body.scope).toBe("read write");
|
|
862
|
+
// @ts-ignore
|
|
863
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify({ error: "authorization_pending", error_description: "authorization pending" }); });
|
|
864
|
+
// poll receiving pending
|
|
865
|
+
postRequest = new Request(`http://server.com/dummy`, {
|
|
866
|
+
method: "POST",
|
|
867
|
+
body: JSON.stringify({ device_code: "ABC" }),
|
|
868
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue,
|
|
869
|
+
"content-type": "application/json",
|
|
870
|
+
},
|
|
871
|
+
});
|
|
872
|
+
event = new MockRequestEvent("1", postRequest, {});
|
|
873
|
+
event.locals.sessionId = sessionId;
|
|
874
|
+
if (server.oAuthClient == undefined)
|
|
875
|
+
throw new Error("server.oAuthClient is undefined");
|
|
876
|
+
resp = await server.oAuthClient?.pollDeviceCodeFlowEndpoint.actions.default(event);
|
|
877
|
+
expect(resp.error).toBe('authorization_pending');
|
|
878
|
+
// poll receive access token
|
|
879
|
+
const client = await clientStorage.getClientById("ABC");
|
|
880
|
+
const user = await userStorage.getUserByUsername("bob");
|
|
881
|
+
try {
|
|
882
|
+
const tokens = await server.oAuthAuthServer?.authServer.makeAccessToken({
|
|
883
|
+
client,
|
|
884
|
+
client_secret: "DEF",
|
|
885
|
+
scopes: ["read", "write"],
|
|
886
|
+
user: user?.user,
|
|
887
|
+
});
|
|
888
|
+
// @ts-ignore
|
|
889
|
+
fetchMocker.mockResponseOnce((request) => { return JSON.stringify(tokens); });
|
|
890
|
+
}
|
|
891
|
+
catch (e) {
|
|
892
|
+
console.log(e);
|
|
893
|
+
process.exit();
|
|
894
|
+
}
|
|
895
|
+
// poll receiving pending
|
|
896
|
+
postRequest = new Request(`http://server.com/dummy`, {
|
|
897
|
+
method: "POST",
|
|
898
|
+
body: JSON.stringify({ device_code: "ABC" }),
|
|
899
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue,
|
|
900
|
+
"content-type": "application/json",
|
|
901
|
+
},
|
|
902
|
+
});
|
|
903
|
+
event = new MockRequestEvent("1", postRequest, {});
|
|
904
|
+
event.locals.sessionId = sessionId;
|
|
905
|
+
if (server.oAuthClient == undefined)
|
|
906
|
+
throw new Error("server.oAuthClient is undefined");
|
|
907
|
+
resp = await server.oAuthClient?.pollDeviceCodeFlowEndpoint.actions.default(event);
|
|
908
|
+
//expect(resp.error).toBe('authorization_pending');
|
|
909
|
+
});
|
|
910
|
+
test('SvelteKitClient.middleware', async () => {
|
|
911
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin();
|
|
912
|
+
if (server.oAuthClient && server.oAuthClient.hook) {
|
|
913
|
+
server.oAuthClient["testMiddleware"] = true;
|
|
914
|
+
// insert payload
|
|
915
|
+
if (!server.sessionServer)
|
|
916
|
+
throw new Error("No session server");
|
|
917
|
+
const sessionManager = server.sessionServer["sessionManager"];
|
|
918
|
+
let sessionData = await sessionManager.dataForSessionId(sessionId ?? "");
|
|
919
|
+
sessionData.oauth.id_payload = { "sub": "bob" };
|
|
920
|
+
await sessionManager.updateSessionData(sessionId ?? "", "oauth", sessionData["oauth"]);
|
|
921
|
+
let getRequest = new Request(`http://server.com/passwordflow`, {
|
|
922
|
+
method: "GET",
|
|
923
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue,
|
|
924
|
+
"content-type": "application/json",
|
|
925
|
+
},
|
|
926
|
+
});
|
|
927
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
928
|
+
event.locals.sessionId = sessionId;
|
|
929
|
+
await server.oAuthClient.hook({ event: event });
|
|
930
|
+
let locals = server.oAuthClient["testEvent"]?.locals;
|
|
931
|
+
expect(locals?.user?.username).toBe("bob");
|
|
932
|
+
expect(locals?.idTokenPayload?.sub).toBe("bob");
|
|
933
|
+
expect(locals?.authType).toBe("oidc");
|
|
934
|
+
}
|
|
935
|
+
});
|
|
936
|
+
test('SvelteKitClient.middlewareWithUserMerge', async () => {
|
|
937
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin({ userCreationType: "merge" });
|
|
938
|
+
if (server.oAuthClient && server.oAuthClient.hook) {
|
|
939
|
+
server.oAuthClient["testMiddleware"] = true;
|
|
940
|
+
// insert payload
|
|
941
|
+
if (!server.sessionServer)
|
|
942
|
+
throw new Error("No session server");
|
|
943
|
+
const sessionManager = server.sessionServer["sessionManager"];
|
|
944
|
+
let sessionData = await sessionManager.dataForSessionId(sessionId ?? "");
|
|
945
|
+
sessionData.oauth.id_payload = { "sub": "bob" };
|
|
946
|
+
await sessionManager.updateSessionData(sessionId ?? "", "oauth", sessionData["oauth"]);
|
|
947
|
+
let getRequest = new Request(`http://server.com/passwordflow`, {
|
|
948
|
+
method: "GET",
|
|
949
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue,
|
|
950
|
+
"content-type": "application/json",
|
|
951
|
+
},
|
|
952
|
+
});
|
|
953
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
954
|
+
event.locals.sessionId = sessionId;
|
|
955
|
+
await server.oAuthClient.hook({ event: event });
|
|
956
|
+
let locals = server.oAuthClient["testEvent"]?.locals;
|
|
957
|
+
expect(locals?.user?.username).toBe("bob");
|
|
958
|
+
expect(locals?.user?.factor1).toBe("localpassword");
|
|
959
|
+
expect(locals?.user?.sub).toBe("bob");
|
|
960
|
+
expect(locals?.idTokenPayload?.sub).toBe("bob");
|
|
961
|
+
expect(locals?.authType).toBe("oidc");
|
|
962
|
+
}
|
|
963
|
+
});
|
|
964
|
+
test('SvelteKitClient.middlewareWithUserEmbed', async () => {
|
|
965
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin({ userCreationType: "embed" });
|
|
966
|
+
if (server.oAuthClient && server.oAuthClient.hook) {
|
|
967
|
+
server.oAuthClient["testMiddleware"] = true;
|
|
968
|
+
// insert payload
|
|
969
|
+
if (!server.sessionServer)
|
|
970
|
+
throw new Error("No session server");
|
|
971
|
+
const sessionManager = server.sessionServer["sessionManager"];
|
|
972
|
+
let sessionData = await sessionManager.dataForSessionId(sessionId ?? "");
|
|
973
|
+
sessionData.oauth.id_payload = { "sub": "bob" };
|
|
974
|
+
await sessionManager.updateSessionData(sessionId ?? "", "oauth", sessionData["oauth"]);
|
|
975
|
+
let getRequest = new Request(`http://server.com/passwordflow`, {
|
|
976
|
+
method: "GET",
|
|
977
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue,
|
|
978
|
+
"content-type": "application/json",
|
|
979
|
+
},
|
|
980
|
+
});
|
|
981
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
982
|
+
event.locals.sessionId = sessionId;
|
|
983
|
+
await server.oAuthClient.hook({ event: event });
|
|
984
|
+
let locals = server.oAuthClient["testEvent"]?.locals;
|
|
985
|
+
expect(locals?.user?.username).toBe("bob");
|
|
986
|
+
expect(locals?.user?.factor1).toBe("localpassword");
|
|
987
|
+
expect(locals?.user?.idToken?.sub).toBe("bob");
|
|
988
|
+
expect(locals?.idTokenPayload?.sub).toBe("bob");
|
|
989
|
+
expect(locals?.authType).toBe("oidc");
|
|
990
|
+
}
|
|
991
|
+
});
|
|
992
|
+
test('SvelteKitClient.middlewareWithUserMergeNoUser', async () => {
|
|
993
|
+
const { server, sessionId, sessionCookieValue } = await oauthLogin({ userCreationType: "merge" });
|
|
994
|
+
if (server.oAuthClient && server.oAuthClient.hook) {
|
|
995
|
+
server.oAuthClient["testMiddleware"] = true;
|
|
996
|
+
// insert payload
|
|
997
|
+
if (!server.sessionServer)
|
|
998
|
+
throw new Error("No session server");
|
|
999
|
+
const sessionManager = server.sessionServer["sessionManager"];
|
|
1000
|
+
let sessionData = await sessionManager.dataForSessionId(sessionId ?? "");
|
|
1001
|
+
sessionData.oauth.id_payload = { "sub": "bob1" };
|
|
1002
|
+
await sessionManager.updateSessionData(sessionId ?? "", "oauth", sessionData["oauth"]);
|
|
1003
|
+
let getRequest = new Request(`http://server.com/passwordflow`, {
|
|
1004
|
+
method: "GET",
|
|
1005
|
+
headers: { "cookie": "SESSIONID=" + sessionCookieValue,
|
|
1006
|
+
"content-type": "application/json",
|
|
1007
|
+
},
|
|
1008
|
+
});
|
|
1009
|
+
let event = new MockRequestEvent("1", getRequest, {});
|
|
1010
|
+
event.locals.sessionId = sessionId;
|
|
1011
|
+
await server.oAuthClient.hook({ event: event });
|
|
1012
|
+
let locals = server.oAuthClient["testEvent"]?.locals;
|
|
1013
|
+
expect(locals?.user).toBeUndefined();
|
|
1014
|
+
expect(locals?.authType).toBeUndefined();
|
|
1015
|
+
}
|
|
1016
|
+
});
|