npm - @friggframework/core - Versions diffs - 2.0.0--canary.461.651659d.0 → 2.0.0--canary.461.0b53aff.0 - Mend

@friggframework/core 2.0.0--canary.461.651659d.0 → 2.0.0--canary.461.0b53aff.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/index.js +12 -0
package/integrations/integration-router.js +54 -70
package/integrations/tests/integration-router-multi-auth.test.js +368 -0
package/package.json +5 -5
package/user/tests/use-cases/get-user-from-adopter-jwt.test.js +113 -0
package/user/tests/use-cases/get-user-from-x-frigg-headers.test.js +345 -0
package/user/use-cases/authenticate-user.js +78 -0
package/user/use-cases/get-user-from-adopter-jwt.js +148 -0
package/user/use-cases/get-user-from-x-frigg-headers.js +105 -0

package/integrations/tests/integration-router-multi-auth.test.js ADDED Viewed

@@ -0,0 +1,368 @@
+const { AuthenticateUser } = require('../../user/use-cases/authenticate-user');
+const { GetUserFromBearerToken } = require('../../user/use-cases/get-user-from-bearer-token');
+const { GetUserFromXFriggHeaders } = require('../../user/use-cases/get-user-from-x-frigg-headers');
+const { GetUserFromAdopterJwt } = require('../../user/use-cases/get-user-from-adopter-jwt');
+const { User } = require('../../user/user');
+const Boom = require('@hapi/boom');
+describe('AuthenticateUser - Multi-Mode Authentication', () => {
+    let authenticateUser;
+    let mockGetUserFromBearerToken;
+    let mockGetUserFromXFriggHeaders;
+    let mockGetUserFromAdopterJwt;
+    let mockUserConfig;
+    let mockUser;
+    beforeEach(() => {
+        mockUser = new User(
+            { id: 'user-123', username: 'testuser' },
+            null,
+            false,
+            'individual',
+            true,
+            false
+        );
+        mockGetUserFromBearerToken = {
+            execute: jest.fn().mockResolvedValue(mockUser),
+        };
+        mockGetUserFromXFriggHeaders = {
+            execute: jest.fn().mockResolvedValue(mockUser),
+        };
+        mockGetUserFromAdopterJwt = {
+            execute: jest.fn().mockResolvedValue(mockUser),
+        };
+        mockUserConfig = {
+            authModes: {
+                friggToken: true,
+                xFriggHeaders: true,
+                adopterJwt: false,
+            },
+        };
+        authenticateUser = new AuthenticateUser({
+            getUserFromBearerToken: mockGetUserFromBearerToken,
+            getUserFromXFriggHeaders: mockGetUserFromXFriggHeaders,
+            getUserFromAdopterJwt: mockGetUserFromAdopterJwt,
+            userConfig: mockUserConfig,
+        });
+    });
+    describe('Priority 1: X-Frigg Headers (Backend-to-Backend)', () => {
+        it('should authenticate with x-frigg-appUserId header', async () => {
+            const mockReq = {
+                headers: {
+                    'x-frigg-appuserid': 'app-user-123',
+                },
+            };
+            const result = await authenticateUser.execute(mockReq);
+            expect(result).toBe(mockUser);
+            expect(mockGetUserFromXFriggHeaders.execute).toHaveBeenCalledWith(
+                'app-user-123',
+                undefined
+            );
+            expect(mockGetUserFromBearerToken.execute).not.toHaveBeenCalled();
+        });
+        it('should authenticate with x-frigg-appOrgId header', async () => {
+            const mockReq = {
+                headers: {
+                    'x-frigg-apporgid': 'app-org-456',
+                },
+            };
+            const result = await authenticateUser.execute(mockReq);
+            expect(result).toBe(mockUser);
+            expect(mockGetUserFromXFriggHeaders.execute).toHaveBeenCalledWith(
+                undefined,
+                'app-org-456'
+            );
+            expect(mockGetUserFromBearerToken.execute).not.toHaveBeenCalled();
+        });
+        it('should authenticate with both x-frigg headers when they match', async () => {
+            const mockReq = {
+                headers: {
+                    'x-frigg-appuserid': 'app-user-123',
+                    'x-frigg-apporgid': 'app-org-456',
+                },
+            };
+            const result = await authenticateUser.execute(mockReq);
+            expect(result).toBe(mockUser);
+            expect(mockGetUserFromXFriggHeaders.execute).toHaveBeenCalledWith(
+                'app-user-123',
+                'app-org-456'
+            );
+        });
+        it('should reject conflicting x-frigg headers (delegated to use case)', async () => {
+            const mockReq = {
+                headers: {
+                    'x-frigg-appuserid': 'app-user-123',
+                    'x-frigg-apporgid': 'app-org-999',
+                },
+            };
+            const conflictError = Boom.badRequest('User ID mismatch');
+            mockGetUserFromXFriggHeaders.execute.mockRejectedValue(conflictError);
+            await expect(authenticateUser.execute(mockReq)).rejects.toThrow(
+                conflictError
+            );
+        });
+        it('should skip x-frigg headers when authModes.xFriggHeaders is false', async () => {
+            mockUserConfig.authModes.xFriggHeaders = false;
+            const mockReq = {
+                headers: {
+                    'x-frigg-appuserid': 'app-user-123',
+                    authorization: 'Bearer frigg-token-xyz',
+                },
+            };
+            await authenticateUser.execute(mockReq);
+            expect(mockGetUserFromXFriggHeaders.execute).not.toHaveBeenCalled();
+            expect(mockGetUserFromBearerToken.execute).toHaveBeenCalledWith(
+                'Bearer frigg-token-xyz'
+            );
+        });
+    });
+    describe('Priority 2: Adopter JWT', () => {
+        beforeEach(() => {
+            mockUserConfig.authModes.adopterJwt = true;
+        });
+        it('should try JWT when enabled and Bearer token is 3-part format', async () => {
+            const mockReq = {
+                headers: {
+                    authorization: 'Bearer eyJhbGci.eyJzdWIi.signature',
+                },
+            };
+            await authenticateUser.execute(mockReq);
+            expect(mockGetUserFromAdopterJwt.execute).toHaveBeenCalledWith(
+                'eyJhbGci.eyJzdWIi.signature'
+            );
+            expect(mockGetUserFromBearerToken.execute).not.toHaveBeenCalled();
+        });
+        it('should fall back to Frigg token when Bearer token is not JWT format', async () => {
+            const mockReq = {
+                headers: {
+                    authorization: 'Bearer simple-token',
+                },
+            };
+            await authenticateUser.execute(mockReq);
+            expect(mockGetUserFromAdopterJwt.execute).not.toHaveBeenCalled();
+            expect(mockGetUserFromBearerToken.execute).toHaveBeenCalledWith(
+                'Bearer simple-token'
+            );
+        });
+        it('should not try JWT when authModes.adopterJwt is false', async () => {
+            mockUserConfig.authModes.adopterJwt = false;
+            const mockReq = {
+                headers: {
+                    authorization: 'Bearer eyJhbGci.eyJzdWIi.signature',
+                },
+            };
+            await authenticateUser.execute(mockReq);
+            expect(mockGetUserFromAdopterJwt.execute).not.toHaveBeenCalled();
+            expect(mockGetUserFromBearerToken.execute).toHaveBeenCalledWith(
+                'Bearer eyJhbGci.eyJzdWIi.signature'
+            );
+        });
+    });
+    describe('Priority 3: Frigg Native Token (Fallback)', () => {
+        it('should fall back to Frigg token when no x-frigg headers', async () => {
+            const mockReq = {
+                headers: {
+                    authorization: 'Bearer frigg-token-123',
+                },
+            };
+            const result = await authenticateUser.execute(mockReq);
+            expect(result).toBe(mockUser);
+            expect(mockGetUserFromBearerToken.execute).toHaveBeenCalledWith(
+                'Bearer frigg-token-123'
+            );
+            expect(mockGetUserFromXFriggHeaders.execute).not.toHaveBeenCalled();
+        });
+        it('should skip Frigg token when authModes.friggToken is false', async () => {
+            mockUserConfig.authModes.friggToken = false;
+            const mockReq = {
+                headers: {
+                    authorization: 'Bearer frigg-token-123',
+                },
+            };
+            await expect(authenticateUser.execute(mockReq)).rejects.toThrow(
+                Boom.unauthorized().message
+            );
+            expect(mockGetUserFromBearerToken.execute).not.toHaveBeenCalled();
+        });
+    });
+    describe('Priority Ordering', () => {
+        it('should prioritize x-frigg headers over bearer token', async () => {
+            const mockReq = {
+                headers: {
+                    'x-frigg-appuserid': 'app-user-123',
+                    authorization: 'Bearer frigg-token-xyz',
+                },
+            };
+            await authenticateUser.execute(mockReq);
+            expect(mockGetUserFromXFriggHeaders.execute).toHaveBeenCalledWith(
+                'app-user-123',
+                undefined
+            );
+            expect(mockGetUserFromBearerToken.execute).not.toHaveBeenCalled();
+        });
+        it('should try JWT before Frigg token when JWT enabled', async () => {
+            mockUserConfig.authModes.adopterJwt = true;
+            const mockReq = {
+                headers: {
+                    authorization: 'Bearer part1.part2.part3',
+                },
+            };
+            await authenticateUser.execute(mockReq);
+            expect(mockGetUserFromAdopterJwt.execute).toHaveBeenCalledWith(
+                'part1.part2.part3'
+            );
+            expect(mockGetUserFromBearerToken.execute).not.toHaveBeenCalled();
+        });
+    });
+    describe('Auth Mode Configuration', () => {
+        it('should use default friggToken mode when authModes not configured', () => {
+            const authWithDefaults = new AuthenticateUser({
+                getUserFromBearerToken: mockGetUserFromBearerToken,
+                getUserFromXFriggHeaders: mockGetUserFromXFriggHeaders,
+                getUserFromAdopterJwt: mockGetUserFromAdopterJwt,
+                userConfig: {}, // No authModes
+            });
+            const mockReq = {
+                headers: {
+                    authorization: 'Bearer token',
+                },
+            };
+            authWithDefaults.execute(mockReq);
+            expect(mockGetUserFromBearerToken.execute).toHaveBeenCalled();
+        });
+        it('should throw unauthorized when no valid authentication provided', async () => {
+            const mockReq = {
+                headers: {},
+            };
+            await expect(authenticateUser.execute(mockReq)).rejects.toThrow(
+                Boom.unauthorized().message
+            );
+            await expect(authenticateUser.execute(mockReq)).rejects.toThrow(
+                'No valid authentication provided'
+            );
+        });
+        it('should throw unauthorized when all auth modes disabled', async () => {
+            mockUserConfig.authModes = {
+                friggToken: false,
+                xFriggHeaders: false,
+                adopterJwt: false,
+            };
+            const mockReq = {
+                headers: {
+                    authorization: 'Bearer token',
+                },
+            };
+            await expect(authenticateUser.execute(mockReq)).rejects.toThrow(
+                'No valid authentication provided'
+            );
+        });
+    });
+    describe('Error Handling', () => {
+        it('should propagate authentication errors from x-frigg headers', async () => {
+            const mockReq = {
+                headers: {
+                    'x-frigg-appuserid': 'invalid-user',
+                },
+            };
+            const customError = Boom.badRequest('Invalid user ID');
+            mockGetUserFromXFriggHeaders.execute.mockRejectedValue(customError);
+            await expect(authenticateUser.execute(mockReq)).rejects.toThrow(
+                customError
+            );
+        });
+        it('should propagate authentication errors from bearer token', async () => {
+            const mockReq = {
+                headers: {
+                    authorization: 'Bearer invalid-token',
+                },
+            };
+            const customError = Boom.unauthorized('Invalid token');
+            mockGetUserFromBearerToken.execute.mockRejectedValue(customError);
+            await expect(authenticateUser.execute(mockReq)).rejects.toThrow(
+                customError
+            );
+        });
+        it('should propagate not implemented error from JWT', async () => {
+            mockUserConfig.authModes.adopterJwt = true;
+            const mockReq = {
+                headers: {
+                    authorization: 'Bearer part1.part2.part3',
+                },
+            };
+            const notImplementedError = Boom.notImplemented('JWT not implemented');
+            mockGetUserFromAdopterJwt.execute.mockRejectedValue(
+                notImplementedError
+            );
+            await expect(authenticateUser.execute(mockReq)).rejects.toThrow(
+                notImplementedError
+            );
+        });
+    });
+});

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
     "name": "@friggframework/core",
     "prettier": "@friggframework/prettier-config",
-    "version": "2.0.0--canary.461.651659d.0",
+    "version": "2.0.0--canary.461.0b53aff.0",
     "dependencies": {
         "@aws-sdk/client-apigatewaymanagementapi": "^3.588.0",
         "@aws-sdk/client-kms": "^3.588.0",
@@ -37,9 +37,9 @@
         }
     },
     "devDependencies": {
-        "@friggframework/eslint-config": "2.0.0--canary.461.651659d.0",
-        "@friggframework/prettier-config": "2.0.0--canary.461.651659d.0",
-        "@friggframework/test": "2.0.0--canary.461.651659d.0",
+        "@friggframework/eslint-config": "2.0.0--canary.461.0b53aff.0",
+        "@friggframework/prettier-config": "2.0.0--canary.461.0b53aff.0",
+        "@friggframework/test": "2.0.0--canary.461.0b53aff.0",
         "@prisma/client": "^6.17.0",
         "@types/lodash": "4.17.15",
         "@typescript-eslint/eslint-plugin": "^8.0.0",
@@ -79,5 +79,5 @@
     "publishConfig": {
         "access": "public"
     },
-    "gitHead": "651659d3282b05bcecf571281d5a1a7e19c156bf"
+    "gitHead": "0b53aff86541a1114582f0448544e9ff6f0302b5"
 }

package/user/tests/use-cases/get-user-from-adopter-jwt.test.js ADDED Viewed

@@ -0,0 +1,113 @@
+const Boom = require('@hapi/boom');
+const { GetUserFromAdopterJwt } = require('../../use-cases/get-user-from-adopter-jwt');
+describe('GetUserFromAdopterJwt', () => {
+    let getUserFromAdopterJwt;
+    let mockUserRepository;
+    let mockUserConfig;
+    beforeEach(() => {
+        mockUserRepository = {
+            findIndividualUserByAppUserId: jest.fn(),
+            findOrganizationUserByAppOrgId: jest.fn(),
+            createIndividualUser: jest.fn(),
+            createOrganizationUser: jest.fn(),
+        };
+        mockUserConfig = {
+            usePassword: false,
+            primary: 'individual',
+            individualUserRequired: true,
+            organizationUserRequired: false,
+            authModes: {
+                adopterJwt: true,
+            },
+            jwtConfig: {
+                secret: 'test-secret',
+                userIdClaim: 'sub',
+                orgIdClaim: 'org_id',
+                algorithm: 'HS256',
+            },
+        };
+        getUserFromAdopterJwt = new GetUserFromAdopterJwt({
+            userRepository: mockUserRepository,
+            userConfig: mockUserConfig,
+        });
+    });
+    describe('Stub Behavior', () => {
+        it('should throw 501 Not Implemented error', async () => {
+            const jwtToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyMTIzIiwib3JnX2lkIjoib3JnNDU2In0.signature';
+            await expect(
+                getUserFromAdopterJwt.execute(jwtToken)
+            ).rejects.toThrow(Boom.notImplemented().message);
+        });
+        it('should provide helpful error message about alternative auth modes', async () => {
+            const jwtToken = 'test.jwt.token';
+            try {
+                await getUserFromAdopterJwt.execute(jwtToken);
+                fail('Should have thrown error');
+            } catch (error) {
+                expect(error.message).toContain('not yet implemented');
+                expect(error.message).toContain('friggToken');
+                expect(error.message).toContain('xFriggHeaders');
+            }
+        });
+        it('should throw 501 error with any token format', async () => {
+            await expect(
+                getUserFromAdopterJwt.execute('simple-token')
+            ).rejects.toThrow(Boom.notImplemented().message);
+            await expect(
+                getUserFromAdopterJwt.execute('part1.part2.part3')
+            ).rejects.toThrow(Boom.notImplemented().message);
+            await expect(getUserFromAdopterJwt.execute('')).rejects.toThrow(
+                Boom.notImplemented().message
+            );
+        });
+    });
+    describe('Initialization', () => {
+        it('should initialize successfully with valid configuration', () => {
+            expect(getUserFromAdopterJwt).toBeDefined();
+            expect(getUserFromAdopterJwt.userRepository).toBe(
+                mockUserRepository
+            );
+            expect(getUserFromAdopterJwt.userConfig).toBe(mockUserConfig);
+        });
+        it('should initialize without jwtConfig (will fail on execute)', () => {
+            const configWithoutJwt = {
+                usePassword: false,
+                primary: 'individual',
+            };
+            const instance = new GetUserFromAdopterJwt({
+                userRepository: mockUserRepository,
+                userConfig: configWithoutJwt,
+            });
+            expect(instance).toBeDefined();
+        });
+    });
+    describe('Future Implementation Notes', () => {
+        it('should have documented todos for JWT implementation', () => {
+            const useCaseFileContent = require('fs').readFileSync(
+                require.resolve('../../use-cases/get-user-from-adopter-jwt.js'),
+                'utf-8'
+            );
+            expect(useCaseFileContent).toContain('@todo');
+            expect(useCaseFileContent).toContain('jsonwebtoken');
+            expect(useCaseFileContent).toContain('FUTURE IMPLEMENTATION');
+        });
+    });
+});