@paakd/api 0.0.1

package/src/auth.spec.ts

@@ -0,0 +1,771 @@
+import { createClient } from '@connectrpc/connect'
+import { createGrpcTransport } from '@connectrpc/connect-node'
+import { getCheckoutConfig } from '@paakd/config'
+import {
+  changePassword,
+  login,
+  refreshToken,
+  type ChangePasswordRequestProps,
+  type LoginRequestProps,
+} from './auth'
+import {
+  createAuthenticationInterceptor,
+  createCustomerAuthenticationInterceptor,
+  createHeadersInterceptor,
+} from './interceptors'
+import {
+  type BaseTestContext,
+  type Checkout,
+  type MockedFunction,
+  type MockServiceClient,
+  type Transport,
+  clearAllMocks,
+  createMockConnectError,
+  setupCommonMocks,
+} from './test-utils'
+
+// Mock dependencies
+vi.mock('@connectrpc/connect', async () => {
+  const actual = await vi.importActual('@connectrpc/connect')
+  return {
+    ...actual,
+    createClient: vi.fn(),
+  }
+})
+
+vi.mock('./compressor/brotli', () => ({
+  brotliCompression: {
+    name: 'brotli',
+    compress: vi.fn(),
+    decompress: vi.fn(),
+  },
+}))
+
+vi.mock('@connectrpc/connect-node', () => ({
+  createGrpcTransport: vi.fn(),
+}))
+
+vi.mock('@paakd/config', () => ({
+  getCheckoutConfig: vi.fn(),
+}))
+
+vi.mock('./interceptors', () => ({
+  createAuthenticationInterceptor: vi.fn(),
+  createCustomerAuthenticationInterceptor: vi.fn(),
+  createHeadersInterceptor: vi.fn(),
+}))
+
+vi.mock('../gen/src/proto/auth/v1/service_pb', () => ({
+  AuthService: {},
+}))
+
+vi.mock('../gen/src/proto/customers/v1/service_pb', () => ({
+  CustomerService: {},
+}))
+
+const mockGetCheckoutConfig = vi.mocked(getCheckoutConfig)
+const mockCreateGrpcTransport = vi.mocked(createGrpcTransport)
+const mockCreateClient = vi.mocked(createClient)
+const mockCreateAuthenticationInterceptor = vi.mocked(
+  createAuthenticationInterceptor
+)
+const mockCreateCustomerAuthenticationInterceptor = vi.mocked(
+  createCustomerAuthenticationInterceptor
+)
+const mockCreateHeadersInterceptor = vi.mocked(createHeadersInterceptor)
+
+/**
+ * Extended test context for auth service
+ */
+interface AuthTestContext extends BaseTestContext {
+  clients: {
+    auth: MockServiceClient
+    customer: MockServiceClient
+  }
+  config: Checkout
+  interceptors: Record<string, MockedFunction<(...args: unknown[]) => unknown>>
+  transport: Transport
+}
+
+/**
+ * Setup function similar to testing-library's render.
+ * Initializes the testing environment with proper mocks
+ */
+function setupAuthService(): AuthTestContext {
+  clearAllMocks()
+  const { config, interceptors, transport } = setupCommonMocks()
+
+  const clients = {
+    auth: {
+      login: vi.fn(),
+      refreshToken: vi.fn(),
+    },
+    customer: {
+      changePassword: vi.fn(),
+    },
+  }
+
+  // Setup mock implementations
+  mockGetCheckoutConfig.mockResolvedValue(config)
+  mockCreateGrpcTransport.mockReturnValue(transport)
+  mockCreateHeadersInterceptor.mockImplementation(() => next => async req => {
+    return await next(req)
+  })
+  mockCreateAuthenticationInterceptor.mockImplementation(
+    () => next => async req => {
+      return await next(req)
+    }
+  )
+  mockCreateCustomerAuthenticationInterceptor.mockImplementation(
+    () => next => async req => {
+      return await next(req)
+    }
+  )
+
+  // mockCreateClient should intelligently return the right client
+  // The tests will set up their own expectations, but provide a smart default
+  mockCreateClient.mockImplementation(() => {
+    // Default to returning auth client, but tests can override as needed
+    return clients.auth as any
+  })
+
+  return {
+    client: clients.auth,
+    clients,
+    config,
+    interceptors,
+    transport,
+  }
+}
+
+describe('Authentication Service', () => {
+  let consoleSpySpy: any
+
+  beforeEach(() => {
+    consoleSpySpy = vi.spyOn(console, 'log').mockImplementation(() => {})
+  })
+
+  afterEach(() => {
+    consoleSpySpy.mockRestore()
+  })
+
+  describe('login', () => {
+    it('should successfully authenticate user with valid credentials', async () => {
+      const { clients } = setupAuthService()
+      const credentials: LoginRequestProps = {
+        body: {
+          email: 'user@example.com',
+          password: 'password123',
+        },
+        headers: {
+          'x-shop-id': '123',
+        },
+      }
+
+      const expectedResponse = {
+        jwt: 'token123',
+        refreshToken: 'refresh123',
+        expiresIn: 3600,
+      }
+
+      clients.auth.login.mockResolvedValue(expectedResponse)
+
+      const result = await login(credentials)
+
+      expect((result as any).status).toBe('success')
+      expect(result).toHaveProperty('value')
+      expect(clients.auth.login).toHaveBeenCalledWith({
+        email: credentials.body.email,
+        password: credentials.body.password,
+      })
+    })
+
+    it('should reject user when credentials are invalid', async () => {
+      const { clients } = setupAuthService()
+      const error = createMockConnectError(
+        16,
+        'UNAUTHENTICATED',
+        'Invalid credentials'
+      )
+      clients.auth.login.mockRejectedValue(error)
+
+      const result = await login({
+        body: {
+          email: 'user@example.com',
+          password: 'wrongpassword',
+        },
+        headers: {},
+      })
+
+      expect((result as any).status).toBe('failed')
+      expect(result).toHaveProperty('code')
+    })
+
+    it('should handle network failures gracefully', async () => {
+      const { clients } = setupAuthService()
+      const networkError = createMockConnectError(
+        14,
+        'UNAVAILABLE',
+        'Service unavailable'
+      )
+      clients.auth.login.mockRejectedValue(networkError)
+
+      const result = await login({
+        body: {
+          email: 'user@example.com',
+          password: 'password123',
+        },
+        headers: {},
+      })
+
+      expect(result.status).toBe('failed')
+    })
+
+    it('should include custom headers in request context', async () => {
+      const { clients } = setupAuthService()
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': '456',
+        'x-locale': 'en-US',
+      }
+
+      clients.auth.login.mockResolvedValue({
+        jwt: 'new-token',
+        refreshToken: 'refresh-token',
+      })
+
+      await login({
+        body: {
+          email: 'user@example.com',
+          password: 'password123',
+        },
+        headers: customHeaders,
+      })
+
+      expect(mockCreateHeadersInterceptor).toHaveBeenCalledWith(customHeaders)
+    })
+
+    it('should use checkout configuration for enterprise URL', async () => {
+      const { clients, config } = setupAuthService()
+
+      const jwt = 'token-xyz'
+      clients.auth.login.mockResolvedValue({ jwt })
+
+      await login({
+        body: {
+          email: 'user@example.com',
+          password: 'password123',
+        },
+        headers: {},
+      })
+
+      expect(mockCreateGrpcTransport).toHaveBeenCalledWith(
+        expect.objectContaining({
+          baseUrl: config.enterpriseURL,
+        })
+      )
+    })
+
+    it('should enable compression for optimized data transfer', async () => {
+      const { clients } = setupAuthService()
+
+      const jwt = 'token-for-compression-test'
+      clients.auth.login.mockResolvedValue({ jwt })
+
+      await login({
+        body: {
+          email: 'user@example.com',
+          password: 'password123',
+        },
+        headers: {},
+      })
+
+      const transportConfig = (mockCreateGrpcTransport as any).mock.calls[0][0]
+      expect(transportConfig).toHaveProperty('acceptCompression')
+      expect(transportConfig).toHaveProperty('sendCompression')
+    })
+
+    it('should handle service unavailability', async () => {
+      const { clients } = setupAuthService()
+      const error = createMockConnectError(
+        14,
+        'UNAVAILABLE',
+        'Service temporarily unavailable'
+      )
+      clients.auth.login.mockRejectedValue(error)
+
+      const result = await login({
+        body: {
+          email: 'user@example.com',
+          password: 'password123',
+        },
+        headers: {},
+      })
+
+      expect(result.status).toBe('failed')
+    })
+
+    it('should support multiple concurrent login attempts', async () => {
+      const { clients } = setupAuthService()
+      const mockResponse = {
+        jwt: 'concurrent-token',
+        refreshToken: 'concurrent-refresh',
+      }
+
+      clients.auth.login.mockResolvedValue(mockResponse)
+
+      const results = await Promise.all([
+        login({
+          body: {
+            email: 'user1@example.com',
+            password: 'password123',
+          },
+          headers: {},
+        }),
+        login({
+          body: {
+            email: 'user2@example.com',
+            password: 'password456',
+          },
+          headers: {},
+        }),
+        login({
+          body: {
+            email: 'user3@example.com',
+            password: 'password789',
+          },
+          headers: {},
+        }),
+      ])
+
+      expect(results).toHaveLength(3)
+      expect(results.every(r => (r as any).status === 'success')).toBe(true)
+    })
+  })
+
+  describe('refreshToken', () => {
+    it('should refresh authentication token with valid refresh token', async () => {
+      const { clients } = setupAuthService()
+      const refreshTokenValue = 'refresh-token-123'
+
+      const expectedResponse = {
+        jwt: 'new-jwt-token',
+        refreshToken: 'new-refresh-token',
+        expiresIn: 3600,
+      }
+
+      clients.auth.refreshToken.mockResolvedValue(expectedResponse)
+
+      const result = await refreshToken({
+        body: {
+          refreshToken: refreshTokenValue,
+        },
+        headers: {},
+      })
+
+      expect((result as any).status).toBe('success')
+      expect(clients.auth.refreshToken).toHaveBeenCalledWith({
+        refreshToken: refreshTokenValue,
+      })
+    })
+
+    it('should reject expired refresh tokens', async () => {
+      const { clients } = setupAuthService()
+      const error = createMockConnectError(
+        16,
+        'UNAUTHENTICATED',
+        'Refresh token expired'
+      )
+      clients.auth.refreshToken.mockRejectedValue(error)
+
+      const result = await refreshToken({
+        body: {
+          refreshToken: 'expired-refresh-token',
+        },
+        headers: {},
+      })
+
+      expect((result as any).status).toBe('failed')
+    })
+
+    it('should handle missing or malformed refresh tokens', async () => {
+      const { clients } = setupAuthService()
+      const error = createMockConnectError(
+        3,
+        'INVALID_ARGUMENT',
+        'Invalid refresh token format'
+      )
+      clients.auth.refreshToken.mockRejectedValue(error)
+
+      const result = await refreshToken({
+        body: {
+          refreshToken: '',
+        },
+        headers: {},
+      })
+
+      expect((result as any).status).toBe('failed')
+    })
+
+    it('should recover gracefully from service errors', async () => {
+      const { clients } = setupAuthService()
+      const serviceError = createMockConnectError(
+        13,
+        'INTERNAL',
+        'Internal server error'
+      )
+      clients.auth.refreshToken.mockRejectedValue(serviceError)
+
+      const result = await refreshToken({
+        body: {
+          refreshToken: 'valid-refresh-token',
+        },
+        headers: {},
+      })
+
+      expect((result as any).status).toBe('failed')
+    })
+
+    it('should use authentication interceptor for token refresh', async () => {
+      const { clients } = setupAuthService()
+      const refreshTokenValue = 'refresh-token-abc'
+
+      clients.auth.refreshToken.mockResolvedValue({
+        jwt: 'new-jwt-token',
+        refreshToken: 'new-refresh-token',
+      })
+
+      await refreshToken({
+        body: {
+          refreshToken: refreshTokenValue,
+        },
+        headers: {},
+      })
+
+      expect(mockCreateAuthenticationInterceptor).toHaveBeenCalled()
+    })
+  })
+
+  describe('changePassword', () => {
+    it('should successfully change user password with correct current password', async () => {
+      const { clients } = setupAuthService()
+      const passwordChange: ChangePasswordRequestProps = {
+        body: {
+          jwt: 'user-jwt-token',
+          customerId: 'cust-1',
+          oldPassword: 'oldpassword123',
+          newPassword: 'newpassword456',
+        } as any,
+        headers: {},
+      }
+
+      const success = { jwt: 'updated-jwt-token' }
+      clients.customer.changePassword.mockResolvedValue(success)
+
+      // For changePassword test, we need mockCreateClient to return customer client
+      mockCreateClient.mockReturnValue(clients.customer as any)
+
+      const result = await changePassword(passwordChange)
+
+      expect((result as any).status).toBe('success')
+      expect(result).toHaveProperty('value')
+    })
+
+    it('should reject when current password is incorrect', async () => {
+      const { clients } = setupAuthService()
+      const error = createMockConnectError(
+        16,
+        'UNAUTHENTICATED',
+        'Current password is incorrect'
+      )
+      clients.customer.changePassword.mockRejectedValue(error)
+      mockCreateClient.mockReturnValue(clients.customer as any)
+
+      const result = await changePassword({
+        body: {
+          jwt: 'user-jwt-token',
+          customerId: 'cust-1',
+          oldPassword: 'wrongpassword',
+          newPassword: 'newpassword456',
+        } as any,
+        headers: {},
+      })
+
+      expect((result as any).status).toBe('failed')
+    })
+
+    it('should enforce password complexity requirements', async () => {
+      const { clients } = setupAuthService()
+      const error = createMockConnectError(
+        3,
+        'INVALID_ARGUMENT',
+        'Password does not meet complexity requirements'
+      )
+      clients.customer.changePassword.mockRejectedValue(error)
+      mockCreateClient.mockReturnValue(clients.customer as any)
+
+      const result = await changePassword({
+        body: {
+          jwt: 'user-jwt-token',
+          customerId: 'cust-1',
+          oldPassword: 'oldpassword123',
+          newPassword: 'weak',
+        } as any,
+        headers: {},
+      })
+
+      expect((result as any).status).toBe('failed')
+    })
+
+    it('should reject requests with invalid or expired JWT', async () => {
+      const { clients } = setupAuthService()
+      const error = createMockConnectError(
+        16,
+        'UNAUTHENTICATED',
+        'Invalid or expired JWT'
+      )
+      clients.customer.changePassword.mockRejectedValue(error)
+      mockCreateClient.mockReturnValue(clients.customer as any)
+
+      const result = await changePassword({
+        body: {
+          jwt: 'expired-jwt-token',
+          customerId: 'cust-1',
+          oldPassword: 'oldpassword123',
+          newPassword: 'newpassword456',
+        } as any,
+        headers: {},
+      })
+
+      expect((result as any).status).toBe('failed')
+    })
+
+    it('should not include JWT in service request', async () => {
+      const { clients } = setupAuthService()
+      const success = { jwt: 'updated-jwt-token' }
+      clients.customer.changePassword.mockResolvedValue(success)
+      mockCreateClient.mockReturnValue(clients.customer as any)
+
+      const jwtToken = 'user-jwt-token'
+      const passwordData: ChangePasswordRequestProps = {
+        body: {
+          jwt: jwtToken,
+          customerId: 'cust-1',
+          oldPassword: 'oldpassword123',
+          newPassword: 'newpassword456',
+        } as any,
+        headers: {},
+      }
+
+      await changePassword(passwordData)
+
+      // Verify that JWT is not passed directly to the service
+      const callArgs = clients.customer.changePassword.mock.calls[0][0]
+      expect(callArgs).not.toHaveProperty('jwt')
+    })
+
+    it('should apply three interceptors in correct order', async () => {
+      const { clients, interceptors } = setupAuthService()
+      const success = { jwt: 'updated-jwt-token' }
+      clients.customer.changePassword.mockResolvedValue(success)
+      mockCreateClient.mockReturnValue(clients.customer as any)
+
+      const headers = {
+        'x-shop-id': '123',
+      }
+      const jwt = 'user-jwt-token'
+
+      await changePassword({
+        body: {
+          customerId: 'cust-1',
+          oldPassword: 'oldpassword123',
+          newPassword: 'newpassword456',
+          jwt,
+        } as any,
+        headers,
+      })
+
+      expect(mockCreateHeadersInterceptor).toHaveBeenCalledWith(headers)
+      expect(mockCreateAuthenticationInterceptor).toHaveBeenCalled()
+      expect(mockCreateCustomerAuthenticationInterceptor).toHaveBeenCalledWith(
+        jwt
+      )
+    })
+
+    it('should handle database errors gracefully', async () => {
+      const { clients } = setupAuthService()
+      const dbError = createMockConnectError(
+        13,
+        'INTERNAL',
+        'Database error occurred'
+      )
+      clients.customer.changePassword.mockRejectedValue(dbError)
+      mockCreateClient.mockReturnValue(clients.customer as any)
+
+      const result = await changePassword({
+        body: {
+          jwt: 'user-jwt-token',
+          customerId: 'cust-1',
+          oldPassword: 'oldpassword123',
+          newPassword: 'newpassword456',
+        } as any,
+        headers: {},
+      })
+
+      expect((result as any).status).toBe('failed')
+    })
+
+    it('should handle permission errors when user cannot change password', async () => {
+      const { clients } = setupAuthService()
+      const error = createMockConnectError(
+        7,
+        'PERMISSION_DENIED',
+        'User does not have permission to change password'
+      )
+      clients.customer.changePassword.mockRejectedValue(error)
+      mockCreateClient.mockReturnValue(clients.customer as any)
+
+      const result = await changePassword({
+        body: {
+          jwt: 'restricted-jwt-token',
+          customerId: 'cust-1',
+          oldPassword: 'oldpassword123',
+          newPassword: 'newpassword456',
+        } as any,
+        headers: {},
+      })
+
+      expect(result.status).toBe('failed')
+    })
+  })
+
+  describe('Common Authentication Behavior', () => {
+    it('should load configuration once per request', async () => {
+      const { clients } = setupAuthService()
+      clients.auth.login.mockResolvedValue({
+        jwt: 'token123',
+        refreshToken: 'refresh123',
+      })
+
+      await login({
+        body: {
+          email: 'user@example.com',
+          password: 'password123',
+        },
+        headers: {},
+      })
+
+      await login({
+        body: {
+          email: 'user2@example.com',
+          password: 'password456',
+        },
+        headers: {},
+      })
+
+      expect(mockGetCheckoutConfig).toHaveBeenCalledTimes(2)
+    })
+
+    it('should support different error scenarios across functions', async () => {
+      const { clients } = setupAuthService()
+
+      const errorScenarios = [
+        {
+          code: 16,
+          message: 'UNAUTHENTICATED',
+          fn: login,
+          args: {
+            body: {
+              email: 'user@example.com',
+              password: 'invalid',
+            },
+            headers: {},
+          },
+        },
+        {
+          code: 16,
+          message: 'UNAUTHENTICATED',
+          fn: refreshToken,
+          args: {
+            body: {
+              refreshToken: 'expired-token',
+            },
+            headers: {},
+          },
+        },
+        {
+          code: 16,
+          message: 'UNAUTHENTICATED',
+          fn: changePassword,
+          args: {
+            body: {
+              jwt: 'invalid-jwt',
+              customerId: 'cust-1',
+              oldPassword: 'old',
+              newPassword: 'new',
+            } as any,
+            headers: {},
+          },
+        },
+      ]
+
+      for (const scenario of errorScenarios) {
+        const error = createMockConnectError(
+          scenario.code,
+          scenario.message,
+          scenario.message
+        )
+
+        if (scenario.fn === login) {
+          clients.auth.login.mockRejectedValueOnce(error)
+        } else if (scenario.fn === refreshToken) {
+          clients.auth.refreshToken.mockRejectedValueOnce(error)
+        } else {
+          clients.customer.changePassword.mockRejectedValueOnce(error)
+        }
+
+        const result = await scenario.fn(scenario.args as any)
+        expect((result as any).status).toBe('failed')
+      }
+    })
+
+    it('should handle edge cases with special characters and long inputs', async () => {
+      const { clients } = setupAuthService()
+      const jwt = 'special-chars-token-!@#$%^&*()'
+      clients.auth.login.mockResolvedValue({
+        jwt: 'new-token',
+      })
+
+      const result = await login({
+        body: {
+          email: 'user+tag@example.com',
+          password: 'P@ssw0rd!@#$%^&*()',
+        },
+        headers: {},
+      })
+
+      expect(result.status).toBe('success')
+    })
+
+    it('should handle null or undefined headers gracefully', async () => {
+      const { clients } = setupAuthService()
+      const jwt = 'test-jwt-token'
+      clients.auth.login.mockResolvedValue({
+        jwt: 'token123',
+        refreshToken: 'refresh123',
+      })
+
+      const result = await login({
+        body: {
+          email: 'user@example.com',
+          password: 'password123',
+        },
+        headers: {
+          'x-header': null,
+        },
+      })
+
+      expect((result as any).status).toBe('success')
+    })
+  })
+})