@labdigital/commercetools-mock 2.0.0 → 2.2.0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@labdigital/commercetools-mock",
   "author": "Michael van Tellingen",
-  "version": "2.0.0",
+  "version": "2.2.0",
   "license": "MIT",
   "main": "dist/index.cjs",
   "module": "dist/index.js",
@@ -37,10 +37,10 @@
     "body-parser": "^1.20.2",
     "deep-equal": "^2.2.2",
     "express": "^4.18.2",
+    "light-my-request": "^5.11.0",
     "lodash.isequal": "^4.5.0",
     "morgan": "^1.10.0",
     "msw": "^2.0.0",
-    "supertest": "^6.3.3",
     "uuid": "^9.0.0"
   },
   "devDependencies": {
@@ -67,6 +67,7 @@
     "got": "^11.8.3",
     "husky": "^8.0.3",
     "prettier": "^3.0.0",
+    "supertest": "^6.3.3",
     "timekeeper": "^2.3.1",
     "ts-node": "^10.9.1",
     "tslib": "^2.6.1",

package/src/ctMock.ts

@@ -1,6 +1,6 @@
 import express, { NextFunction, Request, Response } from 'express'
-import supertest from 'supertest'
 import morgan from 'morgan'
+import inject from 'light-my-request'
 import { setupServer, SetupServer } from 'msw/node'
 import { http, HttpResponse } from 'msw'
 import { AbstractStorage, InMemoryStorage } from './storage/index.js'
@@ -16,6 +16,7 @@ import { ProjectService } from './services/project.js'
 import { createRepositories, RepositoryMap } from './repositories/index.js'
 import { createServices } from './services/index.js'
 import { ProjectRepository } from './repositories/project.js'
+import { mapHeaderType } from './helpers.js'
 
 export type CommercetoolsMockOptions = {
 	validateCredentials: boolean
@@ -106,6 +107,7 @@ export class CommercetoolsMock {
 
 	private createApp(options?: AppOptions): express.Express {
 		this._repositories = createRepositories(this._storage)
+		this._oauth2.setCustomerRepository(this._repositories.customer)
 
 		const app = express()
 
@@ -139,6 +141,14 @@ export class CommercetoolsMock {
 
 		app.use((err: Error, req: Request, resp: Response, next: NextFunction) => {
 			if (err instanceof CommercetoolsError) {
+				if (err.errors?.length > 0) {
+					return resp.status(err.statusCode).send({
+						statusCode: err.statusCode,
+						message: err.message,
+						errors: err.errors,
+					})
+				}
+
 				return resp.status(err.statusCode).send({
 					statusCode: err.statusCode,
 					message: err.message,
@@ -166,56 +176,66 @@ export class CommercetoolsMock {
 			}
 		}
 
-		const app = this.app
+		const server = this.app
 		this._mswServer = setupServer(
 			http.post(`${this.options.authHost}/oauth/*`, async ({ request }) => {
-				const text = await request.text()
+				const body = await request.text()
 				const url = new URL(request.url)
-				const res = await supertest(app)
-					.post(url.pathname + '?' + url.searchParams.toString())
-					.set(copyHeaders(request.headers))
-					.send(text)
+				const headers = copyHeaders(request.headers)
 
-				return new HttpResponse(res.text, {
-					status: res.status,
-					headers: res.headers,
+				const res = await inject(server)
+					.post(url.pathname + '?' + url.searchParams.toString())
+					.body(body)
+					.headers(headers)
+					.end()
+				return new HttpResponse(res.body, {
+					status: res.statusCode,
+					headers: mapHeaderType(res.headers),
 				})
 			}),
 			http.get(`${this.options.apiHost}/*`, async ({ request }) => {
 				const body = await request.text()
 				const url = new URL(request.url)
-				const res = await supertest(app)
+				const headers = copyHeaders(request.headers)
+
+				const res = await inject(server)
 					.get(url.pathname + '?' + url.searchParams.toString())
-					.set(copyHeaders(request.headers))
-					.send(body)
-				return new HttpResponse(res.text, {
-					status: res.status,
-					headers: res.headers,
+					.body(body)
+					.headers(headers)
+					.end()
+				return new HttpResponse(res.body, {
+					status: res.statusCode,
+					headers: mapHeaderType(res.headers),
 				})
 			}),
 			http.post(`${this.options.apiHost}/*`, async ({ request }) => {
 				const body = await request.text()
 				const url = new URL(request.url)
-				const res = await supertest(app)
+				const headers = copyHeaders(request.headers)
+
+				const res = await inject(server)
 					.post(url.pathname + '?' + url.searchParams.toString())
-					.set(copyHeaders(request.headers))
-					.send(body)
-				return new HttpResponse(res.text, {
-					status: res.status,
-					headers: res.headers,
+					.body(body)
+					.headers(headers)
+					.end()
+				return new HttpResponse(res.body, {
+					status: res.statusCode,
+					headers: mapHeaderType(res.headers),
 				})
 			}),
 			http.delete(`${this.options.apiHost}/*`, async ({ request }) => {
 				const body = await request.text()
 				const url = new URL(request.url)
-				const res = await supertest(app)
-					.delete(url.pathname + '?' + url.searchParams.toString())
-					.set(copyHeaders(request.headers))
-					.send(body)
+				const headers = copyHeaders(request.headers)
 
-				return new HttpResponse(res.text, {
-					status: res.status,
-					headers: res.headers,
+				const res = await inject(server)
+					.delete(url.pathname + '?' + url.searchParams.toString())
+					.body(body)
+					.headers(headers)
+					.end()
+				return new HttpResponse(res.body, {
+					status: res.statusCode,
+					headers: mapHeaderType(res.headers),
 				})
 			})
 		)

package/src/exceptions.ts

@@ -1,15 +1,19 @@
 export abstract class BaseError {
 	abstract message: string
+	abstract errors?: BaseError[]
 }
 
 export class CommercetoolsError<T extends BaseError> extends Error {
 	info: T
 	statusCode: number
 
+	errors: BaseError[]
+
 	constructor(info: T, statusCode = 400) {
 		super(info.message)
 		this.info = info
 		this.statusCode = statusCode || 500
+		this.errors = info.errors ?? []
 	}
 }
 

package/src/helpers.ts

@@ -1,3 +1,4 @@
+import { OutgoingHttpHeaders } from 'node:http'
 import { ParsedQs } from 'qs'
 import { v4 as uuidv4 } from 'uuid'
 
@@ -59,3 +60,20 @@ export const queryParamsValue = (
 }
 
 export const cloneObject = <T>(o: T): T => JSON.parse(JSON.stringify(o))
+
+export const mapHeaderType = (
+	outgoingHttpHeaders: OutgoingHttpHeaders
+): HeadersInit => {
+	const headersInit: HeadersInit = {}
+	for (const key in outgoingHttpHeaders) {
+		const value = outgoingHttpHeaders[key]
+		if (Array.isArray(value)) {
+			// Join multiple values for the same header with a comma
+			headersInit[key] = value.join(', ')
+		} else if (value !== undefined) {
+			// Single value or undefined
+			headersInit[key] = value.toString()
+		}
+	}
+	return headersInit
+}

package/src/lib/password.ts

@@ -0,0 +1,7 @@
+export const validatePassword = (
+	clearPassword: string,
+	hashedPassword: string
+) => hashPassword(clearPassword) === hashedPassword
+
+export const hashPassword = (clearPassword: string) =>
+	Buffer.from(clearPassword).toString('base64')

package/src/oauth/server.ts

@@ -10,18 +10,45 @@ import { CommercetoolsError, InvalidRequestError } from '../exceptions.js'
 import { InvalidClientError, UnsupportedGrantType } from './errors.js'
 import { OAuth2Store } from './store.js'
 import { getBearerToken } from './helpers.js'
+import { CustomerRepository } from '../repositories/customer.js'
+import { hashPassword } from '../lib/password.js'
+
+type AuthRequest = Request & {
+	credentials: {
+		clientId: string
+		clientSecret: string
+	}
+}
 
 export class OAuth2Server {
 	store: OAuth2Store
+	private customerRepository: CustomerRepository
 
 	constructor(options: { enabled: boolean; validate: boolean }) {
 		this.store = new OAuth2Store(options.validate)
 	}
 
+	setCustomerRepository(repository: CustomerRepository) {
+		this.customerRepository = repository
+	}
+
 	createRouter() {
 		const router = express.Router()
 		router.use(bodyParser.urlencoded({ extended: true }))
+		router.use(this.validateClientCredentials.bind(this))
 		router.post('/token', this.tokenHandler.bind(this))
+		router.post(
+			'/:projectKey/customers/token',
+			this.customerTokenHandler.bind(this)
+		)
+		router.post(
+			'/:projectKey/in-store/key=:storeKey/customers/token',
+			this.inStoreCustomerTokenHandler.bind(this)
+		)
+		router.post(
+			'/:projectKey/anonymous/token',
+			this.anonymousTokenHandler.bind(this)
+		)
 		return router
 	}
 
@@ -56,7 +83,12 @@ export class OAuth2Server {
 			next()
 		}
 	}
-	async tokenHandler(request: Request, response: Response, next: NextFunction) {
+
+	async validateClientCredentials(
+		request: AuthRequest,
+		response: Response,
+		next: NextFunction
+	) {
 		const authHeader = request.header('Authorization')
 		if (!authHeader) {
 			return next(
@@ -84,6 +116,19 @@ export class OAuth2Server {
 			)
 		}
 
+		request.credentials = {
+			clientId: credentials.name,
+			clientSecret: credentials.pass,
+		}
+
+		next()
+	}
+
+	async tokenHandler(
+		request: AuthRequest,
+		response: Response,
+		next: NextFunction
+	) {
 		const grantType = request.query.grant_type || request.body.grant_type
 		if (!grantType) {
 			return next(
@@ -99,8 +144,15 @@ export class OAuth2Server {
 
 		if (grantType === 'client_credentials') {
 			const token = this.store.getClientToken(
-				credentials.name,
-				credentials.pass,
+				request.credentials.clientId,
+				request.credentials.clientSecret,
+				request.query.scope?.toString()
+			)
+			return response.status(200).send(token)
+		} else if (grantType === 'refresh_token') {
+			const token = this.store.getClientToken(
+				request.credentials.clientId,
+				request.credentials.clientSecret,
 				request.query.scope?.toString()
 			)
 			return response.status(200).send(token)
@@ -116,4 +168,86 @@ export class OAuth2Server {
 			)
 		}
 	}
+	async customerTokenHandler(
+		request: AuthRequest,
+		response: Response,
+		next: NextFunction
+	) {
+		const grantType = request.query.grant_type || request.body.grant_type
+		if (!grantType) {
+			return next(
+				new CommercetoolsError<InvalidRequestError>(
+					{
+						code: 'invalid_request',
+						message: 'Missing required parameter: grant_type.',
+					},
+					400
+				)
+			)
+		}
+
+		if (grantType === 'password') {
+			const username = request.query.username || request.body.username
+			const password = hashPassword(
+				request.query.password || request.body.password
+			)
+			const scope =
+				request.query.scope?.toString() || request.body.scope?.toString()
+
+			const result = this.customerRepository.query(
+				{ projectKey: request.params.projectKey },
+				{
+					where: [`email = "${username}"`, `password = "${password}"`],
+				}
+			)
+
+			if (result.count === 0) {
+				return next(
+					new CommercetoolsError<any>(
+						{
+							code: 'invalid_customer_account_credentials',
+							message: 'Customer account with the given credentials not found.',
+						},
+						400
+					)
+				)
+			}
+
+			const customer = result.results[0]
+			const token = this.store.getCustomerToken(scope, customer.id)
+			return response.status(200).send(token)
+		}
+	}
+
+	async inStoreCustomerTokenHandler(
+		request: Request,
+		response: Response,
+		next: NextFunction
+	) {
+		return next(
+			new CommercetoolsError<InvalidClientError>(
+				{
+					code: 'invalid_client',
+					message: 'Not implemented yet in commercetools-mock',
+				},
+				401
+			)
+		)
+	}
+
+	async anonymousTokenHandler(
+		request: Request,
+		response: Response,
+		next: NextFunction
+	) {
+		return next(
+			new CommercetoolsError<InvalidClientError>(
+				{
+					code: 'invalid_client',
+					message: 'Not implemented yet in commercetools-mock',
+				},
+				401
+			)
+		)
+	}
 }

package/src/oauth/store.ts

@@ -26,6 +26,19 @@ export class OAuth2Store {
 		return token
 	}
 
+	getCustomerToken(scope: string, customerId: string) {
+		const token: Token = {
+			access_token: randomBytes(16).toString('base64'),
+			token_type: 'Bearer',
+			expires_in: 172800,
+			scope: scope
+				? `${scope} custome_id:${customerId}`
+				: `customer_id: ${customerId}`,
+		}
+		this.tokens.push(token)
+		return token
+	}
+
 	validateToken(token: string) {
 		if (!this.validate) return true
 

package/src/repositories/customer.ts

@@ -4,6 +4,7 @@ import type {
 	CustomerDraft,
 	CustomerSetAuthenticationModeAction,
 	CustomerSetCustomFieldAction,
+	DuplicateFieldError,
 	InvalidInputError,
 	InvalidJsonInputError,
 } from '@commercetools/platform-sdk'
@@ -14,6 +15,7 @@ import {
 	AbstractResourceRepository,
 	type RepositoryContext,
 } from './abstract.js'
+import { hashPassword } from '../lib/password.js'
 
 export class CustomerRepository extends AbstractResourceRepository<'customer'> {
 	getTypeId() {
@@ -21,13 +23,32 @@ export class CustomerRepository extends AbstractResourceRepository<'customer'> {
 	}
 
 	create(context: RepositoryContext, draft: CustomerDraft): Customer {
+		// Check uniqueness
+		const results = this._storage.query(context.projectKey, this.getTypeId(), {
+			where: [`email="${draft.email.toLocaleLowerCase()}"`],
+		})
+		if (results.count > 0) {
+			throw new CommercetoolsError<any>({
+				code: 'CustomerAlreadyExists',
+				statusCode: 400,
+				message:
+					'There is already an existing customer with the provided email.',
+				errors: [
+					{
+						code: 'DuplicateField',
+						message: `Customer with email '${draft.email}' already exists.`,
+						duplicateValue: draft.email,
+						field: 'email',
+					} as DuplicateFieldError,
+				],
+			})
+		}
+
 		const resource: Customer = {
 			...getBaseResourceProperties(),
 			authenticationMode: draft.authenticationMode || 'Password',
-			email: draft.email,
-			password: draft.password
-				? Buffer.from(draft.password).toString('base64')
-				: undefined,
+			email: draft.email.toLowerCase(),
+			password: draft.password ? hashPassword(draft.password) : undefined,
 			isEmailVerified: draft.isEmailVerified || false,
 			addresses: [],
 		}
@@ -36,11 +57,14 @@ export class CustomerRepository extends AbstractResourceRepository<'customer'> {
 	}
 
 	getMe(context: RepositoryContext): Customer | undefined {
+		// grab the first customer you can find for now. In the future we should
+		// use the customer id from the scope of the token
 		const results = this._storage.query(
 			context.projectKey,
 			this.getTypeId(),
 			{}
-		) // grab the first customer you can find
+		)
+
 		if (results.count > 0) {
 			return results.results[0] as Customer
 		}
@@ -76,9 +100,7 @@ export class CustomerRepository extends AbstractResourceRepository<'customer'> {
 				return
 			}
 			if (authMode === 'Password') {
-				resource.password = password
-					? Buffer.from(password).toString('base64')
-					: undefined
+				resource.password = password ? hashPassword(password) : undefined
 				return
 			}
 			throw new CommercetoolsError<InvalidJsonInputError>(

package/src/services/my-customer.ts

@@ -2,6 +2,7 @@ import { Request, Response, Router } from 'express'
 import { CustomerRepository } from '../repositories/customer.js'
 import { getRepositoryContext } from '../repositories/helpers.js'
 import AbstractService from './abstract.js'
+import { hashPassword } from '../lib/password.js'
 
 export class MyCustomerService extends AbstractService {
 	public repository: CustomerRepository
@@ -51,7 +52,7 @@ export class MyCustomerService extends AbstractService {
 
 	signIn(request: Request, response: Response) {
 		const { email, password } = request.body
-		const encodedPassword = Buffer.from(password).toString('base64')
+		const encodedPassword = hashPassword(password)
 
 		const result = this.repository.query(getRepositoryContext(request), {
 			where: [`email = "${email}"`, `password = "${encodedPassword}"`],