npm - @flink-app/oauth-plugin - Versions diffs - 0.12.1-alpha.36 → 0.12.1-alpha.38 - Mend

@flink-app/oauth-plugin 0.12.1-alpha.36 → 0.12.1-alpha.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/GITHUB_APP_PLUGIN_PRD.md +1383 -0
package/dist/handlers/CallbackOAuth.js +1 -0
package/dist/handlers/InitiateOAuth.js +1 -0
package/package.json +3 -3
package/spec/OAuthHandlers.spec.ts +118 -119
package/src/handlers/CallbackOAuth.ts +2 -1
package/src/handlers/InitiateOAuth.ts +2 -1

package/dist/handlers/CallbackOAuth.js CHANGED Viewed

@@ -27,6 +27,7 @@ const error_utils_1 = require("../utils/error-utils");
  */
 exports.Route = {
     path: "/oauth/:provider/callback",
+    method: flink_1.HttpMethod.get,
 };
 /**
  * OAuth Callback Handler

package/dist/handlers/InitiateOAuth.js CHANGED Viewed

@@ -24,6 +24,7 @@ const error_utils_1 = require("../utils/error-utils");
  */
 exports.Route = {
     path: "/oauth/:provider/initiate",
+    method: flink_1.HttpMethod.get,
 };
 /**
  * OAuth Initiate Handler

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@flink-app/oauth-plugin",
-    "version": "0.12.1-alpha.36",
+    "version": "0.12.1-alpha.38",
     "description": "Flink plugin for OAuth 2.0 authentication with GitHub and Google providers",
     "scripts": {
         "test": "node --preserve-symlinks -r ts-node/register -- node_modules/jasmine/bin/jasmine --config=./spec/support/jasmine.json",
@@ -21,7 +21,7 @@
     "devDependencies": {
         "@flink-app/flink": "^0.12.1-alpha.35",
         "@flink-app/jwt-auth-plugin": "^0.12.1-alpha.35",
-        "@flink-app/test-utils": "^0.12.1-alpha.35",
+        "@flink-app/test-utils": "^0.12.1-alpha.38",
         "@types/jasmine": "^3.7.1",
         "@types/jwt-simple": "^0.5.36",
         "@types/node": "22.13.10",
@@ -34,5 +34,5 @@
         "tsc-watch": "^4.2.9",
         "typescript": "5.4.5"
     },
-    "gitHead": "3becd47c43eb095f19f8b1ad2fa5ecbecfbd5ab6"
+    "gitHead": "bba579788683fe0729399a56152eba4974f29bb6"
 }

package/spec/OAuthHandlers.spec.ts CHANGED Viewed

@@ -12,135 +12,134 @@
  * critical OAuth flow scenarios.
  */
-import { FlinkApp } from '@flink-app/flink';
-import * as http from '@flink-app/test-utils';
-describe('OAuth Handlers', () => {
-  let app: FlinkApp<any>;
-  let testSessionId: string;
-  let testState: string;
-  beforeAll(async () => {
-    // Note: This is a placeholder test structure
-    // The actual FlinkApp setup with oauth plugin will be completed
-    // in Task Group 5 when the plugin is fully implemented
-    // For now, we're creating the test structure to validate
-    // the handler logic once the plugin integration is complete
-  });
-  afterAll(async () => {
-    if (app) {
-      await app.stop();
-    }
-  });
-  describe('InitiateOAuth Handler', () => {
-    it('should generate state, create session, and redirect to provider', async () => {
-      // Test that initiate handler:
-      // 1. Validates provider is configured
-      // 2. Generates cryptographically secure state parameter
-      // 3. Creates OAuth session with state
-      // 4. Returns 302 redirect to provider authorization URL
-      // This test will be implemented once plugin setup is complete
-      expect(true).toBe(true); // Placeholder
+import { FlinkApp } from "@flink-app/flink";
+import * as http from "@flink-app/test-utils";
+describe("OAuth Handlers", () => {
+    let app: FlinkApp<any>;
+    let testSessionId: string;
+    let testState: string;
+    beforeAll(async () => {
+        // Note: This is a placeholder test structure
+        // The actual FlinkApp setup with oauth plugin will be completed
+        // in Task Group 5 when the plugin is fully implemented
+        // For now, we're creating the test structure to validate
+        // the handler logic once the plugin integration is complete
     });
-    it('should reject unsupported provider', async () => {
-      // Test that initiate handler returns 400 for invalid provider
-      // This test will be implemented once plugin setup is complete
-      expect(true).toBe(true); // Placeholder
-    });
-  });
-  describe('CallbackOAuth Handler', () => {
-    it('should validate state, exchange code, and call onAuthSuccess with context', async () => {
-      // Test that callback handler:
-      // 1. Validates state parameter matches session
-      // 2. Exchanges authorization code for access token
-      // 3. Fetches user profile from provider
-      // 4. Calls onAuthSuccess callback with profile and context
-      // 5. Receives JWT token from callback
-      // This test will be implemented once plugin setup is complete
-      expect(true).toBe(true); // Placeholder
-    });
-    it('should receive JWT token from callback and return to client', async () => {
-      // Test that callback handler:
-      // 1. Receives JWT token from onAuthSuccess callback
-      // 2. Returns token in appropriate format (redirect by default)
-      // This test will be implemented once plugin setup is complete
-      expect(true).toBe(true); // Placeholder
+    afterAll(async () => {
+        if (app) {
+            await app.stop();
+        }
     });
-    it('should support response_type=json query parameter', async () => {
-      // Test that callback handler:
-      // 1. Detects response_type=json in query parameters
-      // 2. Returns JSON response with user and token
-      // 3. Does not redirect when response_type=json
+    describe("InitiateOAuth Handler", () => {
+        it("should generate state, create session, and redirect to provider", async () => {
+            // Test that initiate handler:
+            // 1. Validates provider is configured
+            // 2. Generates cryptographically secure state parameter
+            // 3. Creates OAuth session with state
+            // 4. Returns 302 redirect to provider authorization URL
-      // This test will be implemented once plugin setup is complete
-      expect(true).toBe(true); // Placeholder
-    });
+            // This test will be implemented once plugin setup is complete
+            expect(true).toBe(true); // Placeholder
+        });
-    it('should reject callback with invalid state parameter', async () => {
-      // Test that callback handler:
-      // 1. Detects state mismatch
-      // 2. Returns 400 error
-      // 3. Prevents CSRF attacks
+        it("should reject unsupported provider", async () => {
+            // Test that initiate handler returns 400 for invalid provider
-      // This test will be implemented once plugin setup is complete
-      expect(true).toBe(true); // Placeholder
+            // This test will be implemented once plugin setup is complete
+            expect(true).toBe(true); // Placeholder
+        });
     });
-    it('should reject callback with missing code parameter', async () => {
-      // Test that callback handler:
-      // 1. Detects missing authorization code
-      // 2. Returns 400 error with clear message
-      // This test will be implemented once plugin setup is complete
-      expect(true).toBe(true); // Placeholder
+    describe("CallbackOAuth Handler", () => {
+        it("should validate state, exchange code, and call onAuthSuccess with context", async () => {
+            // Test that callback handler:
+            // 1. Validates state parameter matches session
+            // 2. Exchanges authorization code for access token
+            // 3. Fetches user profile from provider
+            // 4. Calls onAuthSuccess callback with profile and context
+            // 5. Receives JWT token from callback
+            // This test will be implemented once plugin setup is complete
+            expect(true).toBe(true); // Placeholder
+        });
+        it("should receive JWT token from callback and return to client", async () => {
+            // Test that callback handler:
+            // 1. Receives JWT token from onAuthSuccess callback
+            // 2. Returns token in appropriate format (redirect by default)
+            // This test will be implemented once plugin setup is complete
+            expect(true).toBe(true); // Placeholder
+        });
+        it("should support response_type=json query parameter", async () => {
+            // Test that callback handler:
+            // 1. Detects response_type=json in query parameters
+            // 2. Returns JSON response with user and token
+            // 3. Does not redirect when response_type=json
+            // This test will be implemented once plugin setup is complete
+            expect(true).toBe(true); // Placeholder
+        });
+        it("should reject callback with invalid state parameter", async () => {
+            // Test that callback handler:
+            // 1. Detects state mismatch
+            // 2. Returns 400 error
+            // 3. Prevents CSRF attacks
+            // This test will be implemented once plugin setup is complete
+            expect(true).toBe(true); // Placeholder
+        });
+        it("should reject callback with missing code parameter", async () => {
+            // Test that callback handler:
+            // 1. Detects missing authorization code
+            // 2. Returns 400 error with clear message
+            // This test will be implemented once plugin setup is complete
+            expect(true).toBe(true); // Placeholder
+        });
+        it("should handle OAuth provider error (access_denied)", async () => {
+            // Test that callback handler:
+            // 1. Detects error parameter from provider
+            // 2. Maps error to user-friendly message
+            // 3. Calls onAuthError callback if provided
+            // This test will be implemented once plugin setup is complete
+            expect(true).toBe(true); // Placeholder
+        });
+        it("should handle expired or missing session", async () => {
+            // Test that callback handler:
+            // 1. Detects missing session for state
+            // 2. Returns appropriate error message
+            // 3. Suggests user try logging in again
+            // This test will be implemented once plugin setup is complete
+            expect(true).toBe(true); // Placeholder
+        });
+        it("should handle JWT generation failure gracefully", async () => {
+            // Test that callback handler:
+            // 1. Catches errors from onAuthSuccess callback
+            // 2. Logs error securely
+            // 3. Calls onAuthError callback if provided
+            // 4. Returns user-friendly error message
+            // This test will be implemented once plugin setup is complete
+            expect(true).toBe(true); // Placeholder
+        });
     });
-    it('should handle OAuth provider error (access_denied)', async () => {
-      // Test that callback handler:
-      // 1. Detects error parameter from provider
-      // 2. Maps error to user-friendly message
-      // 3. Calls onAuthError callback if provided
-      // This test will be implemented once plugin setup is complete
-      expect(true).toBe(true); // Placeholder
+    describe("OAuth Flow End-to-End", () => {
+        // Note: Full end-to-end tests with mock OAuth provider responses
+        // will be added in Task Group 7 by the testing-engineer
+        // These placeholder tests establish the test structure
     });
-    it('should handle expired or missing session', async () => {
-      // Test that callback handler:
-      // 1. Detects missing session for state
-      // 2. Returns appropriate error message
-      // 3. Suggests user try logging in again
-      // This test will be implemented once plugin setup is complete
-      expect(true).toBe(true); // Placeholder
-    });
-    it('should handle JWT generation failure gracefully', async () => {
-      // Test that callback handler:
-      // 1. Catches errors from onAuthSuccess callback
-      // 2. Logs error securely
-      // 3. Calls onAuthError callback if provided
-      // 4. Returns user-friendly error message
-      // This test will be implemented once plugin setup is complete
-      expect(true).toBe(true); // Placeholder
-    });
-  });
-  describe('OAuth Flow End-to-End', () => {
-    // Note: Full end-to-end tests with mock OAuth provider responses
-    // will be added in Task Group 7 by the testing-engineer
-    // These placeholder tests establish the test structure
-  });
 });

package/src/handlers/CallbackOAuth.ts CHANGED Viewed

@@ -12,7 +12,7 @@
  * Route: GET /oauth/:provider/callback?code=...&state=...&response_type=json
  */
-import { GetHandler, RouteProps, badRequest, internalServerError, log } from "@flink-app/flink";
+import { GetHandler, HttpMethod, RouteProps, badRequest, internalServerError, log } from "@flink-app/flink";
 import CallbackRequest from "../schemas/CallbackRequest";
 import { validateState } from "../utils/state-utils";
 import { getProvider } from "../providers/ProviderRegistry";
@@ -35,6 +35,7 @@ interface PathParams {
  */
 export const Route: RouteProps = {
     path: "/oauth/:provider/callback",
+    method: HttpMethod.get,
 };
 /**

package/src/handlers/InitiateOAuth.ts CHANGED Viewed

@@ -11,7 +11,7 @@
  * Route: GET /oauth/:provider/initiate?redirectUri={optional_redirect_url}
  */
-import { GetHandler, RouteProps, badRequest, internalServerError } from "@flink-app/flink";
+import { GetHandler, HttpMethod, RouteProps, badRequest, internalServerError } from "@flink-app/flink";
 import InitiateRequest from "../schemas/InitiateRequest";
 import { generateState, generateSessionId } from "../utils/state-utils";
 import { getProvider } from "../providers/ProviderRegistry";
@@ -32,6 +32,7 @@ interface PathParams {
  */
 export const Route: RouteProps = {
     path: "/oauth/:provider/initiate",
+    method: HttpMethod.get,
 };
 /**