@openstax/ts-utils 1.34.0 → 1.35.0

package/packages/utils/src/services/apiGateway/index.ts

@@ -1,189 +0,0 @@
-import { Headers } from 'node-fetch';
-import * as pathToRegexp from 'path-to-regexp';
-import queryString from 'query-string';
-import { v4 as uuid } from 'uuid';
-import { merge } from '../..';
-import { ConfigProviderForConfig, resolveConfigValue } from '../../config';
-import { SessionExpiredError, UnauthorizedError } from '../../errors';
-import { ConfigForFetch, GenericFetch, Response } from '../../fetch';
-import { fetchStatusRetry } from '../../fetch/fetchStatusRetry';
-import { AnyRoute, ApiResponse, METHOD, OutputForRoute, ParamsForRoute, PayloadForRoute, QueryParams, RouteParams } from '../../routing';
-import { UnwrapPromise } from '../../types';
-import { Level, Logger } from '../logger';
-
-export type TResponsePayload<R> = R extends ApiResponse<any, infer P> ? P : never;
-export type TResponseStatus<R> = R extends ApiResponse<infer S, any> ? S : never;
-
-export type RouteClient<R> = {
-  (
-    config: { fetchConfig?: any; query?: QueryParams }
-      & (
-        ParamsForRoute<R> extends undefined
-        ? {}
-        : { params: ParamsForRoute<R> }
-      )
-      & (
-        PayloadForRoute<R> extends undefined
-        ? {}
-        : { payload: PayloadForRoute<R> }
-      )
-  ): Promise<UnsafeApiClientResponse<UnwrapPromise<OutputForRoute<R>>>>;
-  renderUrl: (
-    config: { query?: QueryParams }
-      & (
-        ParamsForRoute<R> extends undefined
-        ? {}
-        : { params: ParamsForRoute<R> }
-      )
-  ) => Promise<string>;
-};
-
-export interface AcceptStatus<Ro> {
-  <S extends TResponseStatus<Ro>[]>(...args: S): Promise<ApiClientResponse<Extract<Ro, Record<'statusCode', S[number]>>>>;
-  <S extends number[]>(...args: S): Promise<ApiClientResponse<any>>;
-}
-
-export type UnsafeApiClientResponse<Ro> = {
-  headers: Headers;
-  load: () => Promise<any>;
-  status: number;
-  acceptStatus: AcceptStatus<Ro>;
-};
-
-export type ApiClientResponse<Ro> = Ro extends any ? {
-  headers: Headers;
-  status: TResponseStatus<Ro>;
-  load: () => Promise<TResponsePayload<Ro>>;
-} : never;
-
-export type ExpandRoute<T> = T extends ((...args: infer A) => infer R) & { renderUrl: (...args: infer Ar) => Promise<string> } ? ((...args: A) => R) & { renderUrl: (...args: Ar) => Promise<string> } : never;
-
-export type MapRoutesToClient<Ru> = [Ru] extends [AnyRoute<Ru>]
-  ? { [N in Ru['name']]: ExpandRoute<RouteClient<Extract<Ru, Record<'name', N>>>> }
-  : never;
-
-export type MapRoutesToConfig<Ru> = [Ru] extends [AnyRoute<Ru>]
-  ? { [_N in Ru['name']]: {
-    path: string;
-    method: string;
-  } }
-  : never;
-
-/** Pulls the content out of a response based on the content type */
-export const loadResponse = (response: Response) => () => {
-  const [contentType] = (response.headers.get('content-type') || '').split(';');
-  switch (contentType) {
-    case 'text/plain':
-      return response.text();
-    case 'application/json':
-      return response.json();
-    default:
-      throw new Error(`unknown content type ${contentType}`);
-  }
-};
-
-const makeRouteClient = <F extends GenericFetch>(
-  initializer: {
-    fetch: F;
-  },
-  config: ConfigProviderForConfig<{
-    apiBase: string;
-  }>,
-  route: { path: string; method: METHOD },
-  app?: {
-    authProvider?: { getAuthorizedFetchConfig: () => Promise<ConfigForFetch<F>> };
-    logger?: Logger;
-    launchToken?: string;
-  }
-) => {
-  /* TODO this duplicates code with makeRenderRouteUrl, reuse that */
-  const renderUrl = async ({ params, query }: { params?: RouteParams; query?: QueryParams }) => {
-    const apiBase = await resolveConfigValue(config.apiBase);
-    const getPathForParams = pathToRegexp.compile(route.path, { encode: encodeURIComponent });
-    const search = query && queryString.stringify(query);
-    return apiBase.replace(/\/+$/, '') + getPathForParams(params || {}) + (search ? `?${search}` : '');
-  };
-
-  const routeClient = async ({ params, payload, query, fetchConfig }: { params?: RouteParams; payload?: any; query?: QueryParams; fetchConfig?: ConfigForFetch<F> }) => {
-    const { fetch } = initializer;
-
-    const url = await renderUrl({ params, query });
-    const body = payload ? JSON.stringify(payload) : undefined;
-    const baseOptions = merge((await app?.authProvider?.getAuthorizedFetchConfig()) || {}, fetchConfig || {});
-    const requestId = uuid();
-    const requestLogger = app?.logger?.createSubContext();
-    requestLogger?.setContext({ requestId, url, timeStamp: new Date().getTime() });
-    const fetcher = fetchStatusRetry(fetch, { retries: 1, status: [502], logger: requestLogger });
-
-    requestLogger?.log('Request Initiated', Level.Info);
-
-    return fetcher(url, merge(baseOptions, {
-      method: route.method,
-      body,
-      headers: {
-        ...fetchConfig?.headers,
-        ...(body ? { 'content-type': 'application/json' } : {}),
-        'x-request-id': requestId,
-        ...(app?.launchToken ? {
-          'x-launch-token': app.launchToken,
-        } : {}),
-      }
-    })).then(
-      response => {
-        if (response.status === 401) {
-          throw new UnauthorizedError();
-        }
-        if (response.status === 440) {
-          throw new SessionExpiredError();
-        }
-
-        return {
-          status: response.status,
-          acceptStatus: async (...status: number[]) => {
-            if (!status.includes(response.status)) {
-              throw new Error(`unexpected HTTP ${response.status} response from api: ${await response.text()}`);
-            }
-
-            return { status: response.status, headers: response.headers, load: loadResponse(response) };
-          },
-          headers: response.headers,
-          load: loadResponse(response),
-        };
-      }
-    );
-  };
-
-  routeClient.renderUrl = renderUrl;
-
-  return routeClient;
-};
-
-
-export interface MakeApiGateway<F> {
-  <Ru>(
-    config: ConfigProviderForConfig<{ apiBase: string }>,
-    routes: MapRoutesToConfig<Ru>,
-    app?: {
-      authProvider?: { getAuthorizedFetchConfig: () => Promise<ConfigForFetch<F>> };
-      logger?: Logger;
-      launchToken?: string;
-    }
-  ): MapRoutesToClient<Ru>;
-}
-
-export const createApiGateway = <F extends GenericFetch>(initializer: {
-  fetch: F;
-  // TODO - try harder
-  // @ts-ignore this type conversion is annoying
-}): MakeApiGateway<F> => (
-  config: ConfigProviderForConfig<{ apiBase: string }>,
-  routes: { [key: string]: { path: string; method: METHOD } },
-  app?: {
-    authProvider?: { getAuthorizedFetchConfig: () => Promise<ConfigForFetch<F>> };
-    logger?: Logger;
-    launchToken?: string;
-  }
-) => {
-    return Object.fromEntries(Object.entries(routes)
-      .map(([key, routeConfig]) => ([key, makeRouteClient(initializer, config, routeConfig, app)])));
-  };

package/packages/utils/src/services/authProvider/README.md

@@ -1,21 +0,0 @@
-
-# authProvider
-
-the authProvider interface is just a `getUser` function, there are several available drivers.
-
-
-## drivers
-
-### [subrequest](./subrequest.ts)
-
-for servers, takes a given cookie value and forwards it to another accounts server to get the user data. useful for dev or testing server implementations because you don't need any secrets.
-
-### [browser](./browser.ts)
-
-for browsers, queries an accounts server for the current user data
-
-### decode
-
-**note** not written yet, needs to be written
-
-decodes the given cookie value with secret keys. faster than making a subrequest

package/packages/utils/src/services/authProvider/browser.spec.ts

@@ -1,391 +0,0 @@
-import { browserAuthProvider, EventHandler, Window } from './browser';
-import { User } from '.';
-
-afterEach(() => {
-  jest.clearAllMocks();
-});
-
-describe('browserAuthProvider', () => {
-  let fetchSpy: jest.SpyInstance;
-  let postMessageSpy: jest.SpyInstance;
-  let addEventListenerSpy: jest.SpyInstance;
-  let removeEventListenerSpy: jest.SpyInstance;
-  let initializer: { window: Window };
-  const config = {
-    auth: {
-      accountsBase: 'accountsBase',
-    }
-  };
-
-  beforeEach(() => {
-    fetchSpy = jest.fn();
-    postMessageSpy = jest.fn();
-    addEventListenerSpy = jest.fn();
-    removeEventListenerSpy = jest.fn();
-    const win = {};
-
-    Object.assign(win, {
-      fetch: fetchSpy as any,
-      location: {search: ''},
-      parent: win,
-      document: {referrer: 'https://example.com'},
-      postMessage: postMessageSpy as any,
-      addEventListener: addEventListenerSpy as any,
-      removeEventListener: removeEventListenerSpy as any,
-    });
-
-    initializer = {
-      window: win as Window
-    };
-  });
-
-  describe('with cookie config', () => {
-    it('fetches user', async() => {
-      const userResponse = { id: 1 } as User;
-      fetchSpy.mockReturnValue(Promise.resolve({status: 200, json: () => userResponse}));
-      const loader = browserAuthProvider(initializer)(config);
-      await loader.getUser();
-      await loader.getUser();
-      const user = await loader.getUser();
-      expect(fetchSpy).toHaveBeenCalledTimes(1);
-      expect(fetchSpy).toHaveBeenCalledWith('accountsBase/api/user?always_200=true', {credentials: 'include'});
-      expect(user).toBe(userResponse);
-    });
-
-    it('handles empty object responses', async() => {
-      fetchSpy.mockReturnValue(Promise.resolve({status: 200, json: () => ({})}));
-      const loader = browserAuthProvider(initializer)(config);
-      await loader.getUser();
-      await loader.getUser();
-      const user = await loader.getUser();
-      expect(fetchSpy).toHaveBeenCalledTimes(1);
-      expect(fetchSpy).toHaveBeenCalledWith('accountsBase/api/user?always_200=true', {credentials: 'include'});
-      expect(user).toBeUndefined();
-    });
-
-    it('throws on other status codes', async() => {
-      fetchSpy.mockReturnValue(Promise.resolve({status: 500, text: () => 'oops'}));
-      const loader = browserAuthProvider(initializer)(config);
-      await expect(loader.getUser()).rejects.toThrow('Error response from Accounts 500: oops');
-      expect(fetchSpy).toHaveBeenCalledTimes(1);
-      expect(fetchSpy).toHaveBeenCalledWith('accountsBase/api/user?always_200=true', {credentials: 'include'});
-    });
-
-    it('generates authorized url', () => {
-      const provider = browserAuthProvider(initializer)(config);
-      expect(provider.getAuthorizedUrl('https://somecoolurl.com/?foo=bar')).toBe('https://somecoolurl.com/?foo=bar');
-      expect(provider.getAuthorizedLinkUrl('https://somecoolurl.com/?foo=bar')).toBe('https://somecoolurl.com/?foo=bar');
-      expect(provider.getAuthorizedEmbedUrl('https://somecoolurl.com/?foo=bar')).toBe('https://somecoolurl.com/?auth=embedded&embedded=true&foo=bar&subcontent=true');
-      expect(provider.getAuthorizedEmbedUrl('https://somecoolurl.com/?foo=bar', {test: 'true'})).toBe('https://somecoolurl.com/?auth=embedded&embedded=true&foo=bar&subcontent=true&test=true');
-    });
-
-    it('generates authorized fetch-config', async () => {
-      const userResponse = { id: 1 } as User;
-      fetchSpy.mockReturnValue(Promise.resolve({status: 200, json: () => userResponse}));
-      const provider = browserAuthProvider(initializer)(config);
-      expect(await provider.getAuthorizedFetchConfig()).toEqual({credentials: 'include'});
-    });
-
-    it('releases loaded identity to trusted embed', async () => {
-      let eventListener: EventHandler;
-
-      addEventListenerSpy.mockImplementation((_, handler) => eventListener = handler);
-
-      const userResponse = { id: 1 } as User;
-      fetchSpy.mockReturnValue(Promise.resolve({status: 200, json: () => userResponse}));
-      const provider = browserAuthProvider(initializer)(config);
-
-      provider.getAuthorizedEmbedUrl('https://somecoolurl.com/?foo=bar');
-      eventListener!({data: {type: 'request-user'}, origin: 'https://somecoolurl.com', source: initializer.window});
-
-      await new Promise(setImmediate);
-
-      expect(postMessageSpy).toHaveBeenCalledWith({
-        type: 'receive-user', userData: {token: null, user: userResponse}
-      }, 'https://somecoolurl.com');
-    });
-  });
-
-  describe('with token config', () => {
-    it('sends an Authorization: Bearer TOKEN header when given a token string', async() => {
-      const userResponse = { id: 1 } as User;
-      fetchSpy.mockReturnValue(Promise.resolve({status: 200, json: () => userResponse}));
-      initializer.window.location.search = '?auth=123abc';
-      const loader = browserAuthProvider(initializer)(config);
-      await loader.getUser();
-      await loader.getUser();
-      const user = await loader.getUser();
-      expect(fetchSpy).toHaveBeenCalledTimes(1);
-      expect(fetchSpy).toHaveBeenCalledWith(
-        'accountsBase/api/user?always_200=true', {headers: {Authorization: 'Bearer 123abc'}}
-      );
-      expect(user).toBe(userResponse);
-    });
-
-    it('generates authorized url', () => {
-      initializer.window.location.search = '?auth=123abc';
-      const provider = browserAuthProvider(initializer)(config);
-      expect(provider.getAuthorizedUrl('https://somecoolurl.com/?foo=bar')).toBe('https://somecoolurl.com/?foo=bar&auth=123abc');
-      expect(provider.getAuthorizedLinkUrl('https://somecoolurl.com/?foo=bar')).toBe('https://somecoolurl.com/?foo=bar&auth=123abc');
-    });
-
-    it('generates authorized fetch-config', async () => {
-      initializer.window.location.search = '?auth=123abc';
-      const provider = browserAuthProvider(initializer)(config);
-      expect(await provider.getAuthorizedFetchConfig()).toEqual({headers: {Authorization: 'Bearer 123abc'}});
-    });
-
-    it('generates authorized embed url', () => {
-      initializer.window.location.search = '?auth=123abc';
-      const provider = browserAuthProvider(initializer)(config);
-      expect(provider.getAuthorizedEmbedUrl('https://somecoolurl.com/?foo=bar')).toBe(
-        'https://somecoolurl.com/?auth=123abc&embedded=true&foo=bar&subcontent=true'
-      );
-    });
-
-    it('returns the auth token', async () => {
-      const userResponse = { id: 1 } as User;
-      fetchSpy.mockReturnValue(Promise.resolve({status: 200, json: () => userResponse}));
-      initializer.window.location.search = '?auth=123abc';
-      const provider = browserAuthProvider(initializer)(config);
-      expect(await provider.getAuthToken()).toBe('123abc');
-    });
-
-    it('releases loaded identity to trusted embed', async () => {
-      let eventListener: EventHandler;
-
-      addEventListenerSpy.mockImplementation((_, handler) => eventListener = handler);
-
-      const userResponse = { id: 1 } as User;
-      fetchSpy.mockReturnValue(Promise.resolve({status: 200, json: () => userResponse}));
-      initializer.window.location.search = '?auth=123abc';
-      const provider = browserAuthProvider(initializer)(config);
-
-      provider.getAuthorizedEmbedUrl('https://somecoolurl.com/?foo=bar');
-      eventListener!({data: {type: 'request-user'}, origin: 'https://somecoolurl.com', source: initializer.window});
-
-      await new Promise(setImmediate);
-
-      expect(postMessageSpy).toHaveBeenCalledWith({
-        type: 'receive-user', userData: {token: '123abc', user: userResponse}
-      }, 'https://somecoolurl.com');
-    });
-  });
-
-  describe('with embedded config', () => {
-    it('requests user identity', async () => {
-      let eventListener: EventHandler;
-
-      addEventListenerSpy.mockImplementation((_, handler) => eventListener = handler);
-      const userResponse = { id: 1 } as User;
-
-      const parentPostMessageSpy = jest.fn();
-      const parent = {
-        postMessage: parentPostMessageSpy,
-      } as NonNullable<Window['parent']>;
-
-      initializer.window.document.referrer = 'https://openstax.org/select-content';
-      initializer.window.parent = parent;
-      initializer.window.location.search = '?embedded=true';
-      const provider = browserAuthProvider(initializer)(config);
-
-      const promise = provider.getUser();
-
-      expect(addEventListenerSpy).toHaveBeenCalledTimes(2);
-      expect(parentPostMessageSpy).toHaveBeenCalledWith({type: 'request-user'}, 'https://openstax.org');
-      eventListener!({data: {type: 'receive-user', userData: {token: '123abc', user: userResponse}}, origin: 'https://openstax.org', source: parent});
-
-      await new Promise(setImmediate);
-
-      expect(await promise).toBe(userResponse);
-    });
-
-    it('requests with trusted subdomain referrer', async () => {
-      let eventListener: EventHandler;
-
-      addEventListenerSpy.mockImplementation((_, handler) => eventListener = handler);
-      const userResponse = { id: 1 } as User;
-
-      const parentPostMessageSpy = jest.fn();
-      const parent = {
-        postMessage: parentPostMessageSpy,
-      } as NonNullable<Window['parent']>;
-
-      initializer.window.document.referrer = 'https://lti.openstax.org/select-content';
-      initializer.window.parent = parent;
-      initializer.window.location.search = '?embedded=true';
-      const provider = browserAuthProvider(initializer)(config);
-
-      const promise = provider.getUser();
-
-      expect(addEventListenerSpy).toHaveBeenCalledTimes(2);
-      expect(parentPostMessageSpy).toHaveBeenCalledWith({type: 'request-user'}, 'https://lti.openstax.org');
-      eventListener!({data: {type: 'receive-user', userData: {token: '123abc', user: userResponse}}, origin: 'https://lti.openstax.org', source: parent});
-
-      await new Promise(setImmediate);
-
-      expect(await promise).toBe(userResponse);
-    });
-
-    it('does not request with untrusted referrer', async () => {
-      const parentPostMessageSpy = jest.fn();
-      const parent = {
-        postMessage: parentPostMessageSpy,
-      } as NonNullable<Window['parent']>;
-
-      initializer.window.document.referrer = 'https://notopenstax.org/select-content';
-      initializer.window.parent = parent;
-      initializer.window.location.search = '?embedded=true';
-      const provider = browserAuthProvider(initializer)(config);
-
-      await expect(() => provider.getUser()).rejects.toThrow('parent window is undefined or not trusted');
-
-      initializer.window.document.referrer = 'https://not.openstaxlorg/select-content';
-      const provider2 = browserAuthProvider(initializer)(config);
-
-      await expect(() => provider2.getUser()).rejects.toThrow('parent window is undefined or not trusted');
-    });
-
-    it('does not request without referrer', async () => {
-      const parentPostMessageSpy = jest.fn();
-      const parent = {
-        postMessage: parentPostMessageSpy,
-      } as NonNullable<Window['parent']>;
-
-      initializer.window.document.referrer = '';
-      initializer.window.parent = parent;
-      initializer.window.location.search = '?embedded=true';
-      const provider = browserAuthProvider(initializer)(config);
-
-      await expect(() => provider.getUser()).rejects.toThrow('parent window is undefined or not trusted');
-    });
-
-    it('ignores responses from the wrong origin', async () => {
-      let eventListener: EventHandler;
-
-      addEventListenerSpy.mockImplementation((_, handler) => eventListener = handler);
-      const userResponse = { id: 1 } as User;
-
-      const parentPostMessageSpy = jest.fn();
-      const parent = {
-        postMessage: parentPostMessageSpy,
-      } as NonNullable<Window['parent']>;
-
-      initializer.window.document.referrer = 'https://lti.openstax.org/select-content';
-      initializer.window.parent = parent;
-      initializer.window.location.search = '?embedded=true';
-      const provider = browserAuthProvider(initializer)(config);
-
-      const promise = provider.getUser();
-
-      expect(addEventListenerSpy).toHaveBeenCalledTimes(2);
-      expect(parentPostMessageSpy).toHaveBeenCalledWith({type: 'request-user'}, 'https://lti.openstax.org');
-      eventListener!({data: {type: 'receive-user', userData: {token: '123abc', user: userResponse}}, origin: 'https://malicious-site.com', source: parent});
-
-      await expect(promise).rejects.toThrow('loading user identity timed out');
-    }, 10000);
-
-    it('works with legacy auth=embedded urls', async () => {
-      let eventListener: EventHandler;
-
-      addEventListenerSpy.mockImplementation((_, handler) => eventListener = handler);
-      const userResponse = { id: 1 } as User;
-
-      const parentPostMessageSpy = jest.fn();
-      const parent = {
-        postMessage: parentPostMessageSpy,
-      } as NonNullable<Window['parent']>;
-
-      initializer.window.document.referrer = 'https://openstax.org/select-content';
-      initializer.window.parent = parent;
-      initializer.window.location.search = '?auth=embedded';
-      const provider = browserAuthProvider(initializer)(config);
-
-      const promise = provider.getUser();
-
-      expect(addEventListenerSpy).toHaveBeenCalledTimes(2);
-      expect(parentPostMessageSpy).toHaveBeenCalledWith({type: 'request-user'}, 'https://openstax.org');
-      eventListener!({data: {type: 'receive-user', userData: {token: '123abc', user: userResponse}}, origin: 'https://openstax.org', source: parent});
-
-      await new Promise(setImmediate);
-
-      expect(await promise).toBe(userResponse);
-    });
-  });
-
-  describe('with both token and embedded config', () => {
-    it('gets the parent window user', async() => {
-      const parentPostMessageSpy = jest.fn();
-      const parent = {
-        postMessage: parentPostMessageSpy,
-      } as NonNullable<Window['parent']>;
-      initializer.window.document.referrer = 'https://openstax.org/select-content';
-      initializer.window.parent = parent;
-      initializer.window.location.search = '?auth=123abc&embedded=true';
-      const provider = browserAuthProvider(initializer)(config);
-
-      const userResponse = { id: 1 } as User;
-      let eventListener: EventHandler;
-      addEventListenerSpy.mockImplementation((_, handler) => eventListener = handler);
-
-      const promise = provider.getUser();
-
-      expect(addEventListenerSpy).toHaveBeenCalledTimes(2);
-      expect(parentPostMessageSpy).toHaveBeenCalledWith({type: 'request-user'}, 'https://openstax.org');
-      eventListener!({
-        data: {type: 'receive-user', userData: {token: '123abc', user: userResponse}},
-        origin: 'https://openstax.org',
-        source: parent
-      });
-
-      const user = await promise;
-      expect(user).toBe(userResponse);
-    });
-
-    it('generates authorized url', () => {
-      initializer.window.location.search = '?auth=123abc&embedded=true';
-      const provider = browserAuthProvider(initializer)(config);
-      expect(provider.getAuthorizedUrl('https://somecoolurl.com/?foo=bar')).toBe(
-        'https://somecoolurl.com/?foo=bar&auth=123abc&embedded=true'
-      );
-      expect(provider.getAuthorizedLinkUrl('https://somecoolurl.com/?foo=bar')).toBe(
-        'https://somecoolurl.com/?foo=bar&auth=123abc'
-      );
-    });
-
-    it('sets auth=embedded for backwards compatibility', () => {
-      initializer.window.location.search = '?embedded=true';
-      const provider = browserAuthProvider(initializer)(config);
-      expect(provider.getAuthorizedUrl('https://somecoolurl.com/?foo=bar')).toBe(
-        'https://somecoolurl.com/?foo=bar&auth=embedded&embedded=true'
-      );
-    });
-
-    it('can update user settings', async() => {
-      const consent_preferences = {
-        accepted: ['necessary'],
-        rejected: ['functional', 'analytics', 'performance', 'advertisement', 'other']
-      };
-      const userResponse = { id: 1, consent_preferences } as User;
-      fetchSpy.mockReturnValue(Promise.resolve({status: 200, json: () => userResponse}));
-      const provider = browserAuthProvider(initializer)(config);
-
-      const response = await provider.updateUser({consent_preferences});
-      expect(response).toStrictEqual({ token: null, user: userResponse });
-    });
-
-    it('throws on other status codes when updating', async() => {
-      const consent_preferences = {
-        accepted: ['necessary'],
-        rejected: ['functional', 'analytics', 'performance', 'advertisement', 'other']
-      };
-      fetchSpy.mockReturnValue(Promise.resolve({status: 500, text: () => 'oops'}));
-      const provider = browserAuthProvider(initializer)(config);
-      await expect(provider.updateUser({consent_preferences})).rejects.toThrow('Error response from Accounts 500: oops');
-      expect(fetchSpy).toHaveBeenCalledTimes(1);
-      expect(fetchSpy).toHaveBeenCalledWith('accountsBase/api/user', {
-        body: JSON.stringify({consent_preferences}), credentials: 'include', method: 'PUT'
-      });
-    });
-  });
-});