@siran/auth-core 0.1.1 → 0.14.0

package/tests/application/policies/otp-identifier.policy.test.ts

@@ -0,0 +1,55 @@
+import { OtpIdentifierPolicy } from '@application/policies/otp-identifier.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('OtpIdentifierPolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new OtpIdentifierPolicy(false);
+    const method = {
+      type: 'otp' as const,
+      identifier: '',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and identifier is present', async () => {
+    const policy = new OtpIdentifierPolicy(true);
+    const method = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but identifier is missing', async () => {
+    const policy = new OtpIdentifierPolicy(true);
+    const method = {
+      type: 'otp' as const,
+      identifier: '',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false for non-OTP methods', async () => {
+    const policy = new OtpIdentifierPolicy(true);
+    const passwordMethod = {
+      type: 'password' as const,
+      identifier: '',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(passwordMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new OtpIdentifierPolicy(true);
+    expect(policy.code).toBe('MISSING_OTP_IDENTIFIER');
+  });
+});

package/tests/application/policies/password-identifier.policy.test.ts

@@ -0,0 +1,55 @@
+import { PasswordIdentifierPolicy } from '@application/policies/password-identifier.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('PasswordIdentifierPolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new PasswordIdentifierPolicy(false);
+    const method = {
+      type: 'password' as const,
+      identifier: '',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and identifier is present', async () => {
+    const policy = new PasswordIdentifierPolicy(true);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but identifier is missing', async () => {
+    const policy = new PasswordIdentifierPolicy(true);
+    const method = {
+      type: 'password' as const,
+      identifier: '',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false for non-password methods', async () => {
+    const policy = new PasswordIdentifierPolicy(true);
+    const otpMethod = {
+      type: 'otp' as const,
+      identifier: '',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(otpMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new PasswordIdentifierPolicy(true);
+    expect(policy.code).toBe('MISSING_PASSWORD_IDENTIFIER');
+  });
+});

package/tests/application/policies/password-min-length.policy.test.ts

@@ -0,0 +1,66 @@
+import { PasswordMinLengthPolicy } from '@application/policies/password-min-length.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('PasswordMinLengthPolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new PasswordMinLengthPolicy(false);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'short',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and password meets minimum length', async () => {
+    const policy = new PasswordMinLengthPolicy(true, 8);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but password is too short', async () => {
+    const policy = new PasswordMinLengthPolicy(true, 8);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'short',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should use default minimum length of 8', async () => {
+    const policy = new PasswordMinLengthPolicy(true);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: '1234567', // 7 chars
+    };
+
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false for non-password methods', async () => {
+    const policy = new PasswordMinLengthPolicy(true, 8);
+    const otpMethod = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(otpMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new PasswordMinLengthPolicy(true, 8);
+    expect(policy.code).toBe('PASSWORD_TOO_SHORT');
+  });
+});

package/tests/application/policies/password-present.policy.test.ts

@@ -0,0 +1,55 @@
+import { PasswordPresentPolicy } from '@application/policies/password-present.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('PasswordPresentPolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new PasswordPresentPolicy(false);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: '',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and password is present', async () => {
+    const policy = new PasswordPresentPolicy(true);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but password is missing', async () => {
+    const policy = new PasswordPresentPolicy(true);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: '',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false for non-password methods', async () => {
+    const policy = new PasswordPresentPolicy(true);
+    const otpMethod = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(otpMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new PasswordPresentPolicy(true);
+    expect(policy.code).toBe('MISSING_PASSWORD');
+  });
+});

package/tests/application/policies/password-strength.policy.test.ts

@@ -0,0 +1,66 @@
+import { PasswordStrengthPolicy } from '@application/policies/password-strength.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('PasswordStrengthPolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new PasswordStrengthPolicy(false);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'weak',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and password meets minimum length', async () => {
+    const policy = new PasswordStrengthPolicy(true, 6);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'strong123',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but password is too short', async () => {
+    const policy = new PasswordStrengthPolicy(true, 12);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'short',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should use default minimum length of 8', async () => {
+    const policy = new PasswordStrengthPolicy(true);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: '1234567', // 7 chars
+    };
+
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return true for non-password methods', async () => {
+    const policy = new PasswordStrengthPolicy(true, 8);
+    const otpMethod = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(otpMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new PasswordStrengthPolicy(true, 8);
+    expect(policy.code).toBe('WEAK_PASSWORD');
+  });
+});

package/tests/application/ports/auth-preferences-service.port.mock.ts

@@ -0,0 +1,14 @@
+import { AuthPreferences, AuthPreferencesServicePort } from "@application/ports/auth-preference-service.port.js";
+import { vi } from "vitest";
+
+interface AuthPreferencesServiceMock {
+    getAuthPreferences?: () => Promise<AuthPreferences>;
+}
+
+export function createAuthPreferencesServiceMock(
+    authPreferencesService?: AuthPreferencesServiceMock,
+): AuthPreferencesServicePort {
+    return {
+        getAuthPreferences: authPreferencesService?.getAuthPreferences ?? vi.fn().mockResolvedValue({ allowLoginWithNotVerifiedAccount: false }),
+    };
+}

package/tests/application/ports/auth-service.port.mock.ts

@@ -0,0 +1,19 @@
+import { AuthMethod, AuthResult, AuthServicePort } from "@application/ports/auth-service.port.js";
+import { UserAccount } from "@domain/user-account.js";
+import { vi } from "vitest";
+
+const activeUser: UserAccount = { id: '1', displayName: 'test@test.com', status: 'active', isVerified: true };
+
+interface AuthServiceMock {
+  authenticate?: (method: AuthMethod) => Promise<AuthResult>;
+  register?: (method: AuthMethod) => Promise<AuthResult>;
+  logout?: () => Promise<void>;
+}
+
+export function createAuthServiceMock(authService?: AuthServiceMock): AuthServicePort {
+  return {
+    authenticate: authService?.authenticate ?? vi.fn().mockResolvedValue({ ok: true, user: activeUser }),
+    logout: authService?.logout ?? vi.fn().mockResolvedValue(undefined),
+    register: authService?.register ?? vi.fn().mockResolvedValue({ ok: true, user: activeUser }),
+  };
+}

package/tests/application/ports/pre-register-policy.port.mock.ts

@@ -0,0 +1,16 @@
+import { AuthMethod } from "@application/ports/auth-service.port.js";
+import { PreRegisterPolicy } from "@application/ports/pre-register-policy.port.js";
+
+export interface PreRegisterPolicyMock {
+  check?: (method: AuthMethod) => Promise<boolean>;
+  isActive?: (method: AuthMethod) => Promise<boolean>;
+  code?: string;
+}
+
+export function createPreRegisterPolicyMock(preRegisterPolicy?: PreRegisterPolicyMock): PreRegisterPolicy {
+  return {
+    check: preRegisterPolicy?.check ?? vi.fn().mockResolvedValue(true),
+    isActive: preRegisterPolicy?.isActive ?? vi.fn().mockResolvedValue(false),
+    code: preRegisterPolicy?.code ?? 'POLICY_ERROR',
+  };
+}

package/tests/application/services/composite-auth.mock.ts

@@ -0,0 +1,18 @@
+import { AuthServicePort } from '@application/ports/auth-service.port.js';
+import { vi } from 'vitest';
+
+export function createPasswordAdapterMock(): AuthServicePort {
+  return {
+    authenticate: vi.fn(),
+    register: vi.fn(),
+    logout: vi.fn(),
+  };
+}
+
+export function createOAuthAdapterMock(): AuthServicePort {
+  return {
+    authenticate: vi.fn(),
+    register: vi.fn(),
+    logout: vi.fn(),
+  };
+}

package/tests/application/services/composite-auth.test.ts

@@ -0,0 +1,162 @@
+import type { AuthServicePort } from '@application/ports/auth-service.port.js';
+import { CompositeAuthService } from '@application/services/composite-auth.service.js';
+import { beforeEach, describe, expect, it } from 'vitest';
+import {
+  createOAuthAdapterMock,
+  createPasswordAdapterMock,
+} from '../services/composite-auth.mock.js';
+
+describe('CompositeAuthService', () => {
+  let compositeAuthService: CompositeAuthService;
+  let mockPasswordAdapter: AuthServicePort;
+  let mockOAuthAdapter: AuthServicePort;
+
+  beforeEach(() => {
+    mockPasswordAdapter = createPasswordAdapterMock();
+    mockOAuthAdapter = createOAuthAdapterMock();
+
+    compositeAuthService = new CompositeAuthService({
+      password: mockPasswordAdapter,
+      oauth: mockOAuthAdapter,
+    });
+  });
+
+  it('should create composite service with method-based config', () => {
+    expect(compositeAuthService).toBeDefined();
+    expect(compositeAuthService.getMethodConfig()).toEqual({
+      password: mockPasswordAdapter,
+      oauth: mockOAuthAdapter,
+    });
+  });
+
+  it('should authenticate with password adapter', async () => {
+    const mockUser = {
+      id: 'test-id',
+      displayName: 'Test User',
+      status: 'active' as const,
+      isVerified: true,
+    };
+
+    (mockPasswordAdapter.authenticate as any).mockResolvedValue({
+      ok: true,
+      user: mockUser,
+    });
+
+    const result = await compositeAuthService.authenticate({
+      type: 'password',
+      identifier: 'test@example.com',
+      password: 'password',
+    });
+
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.user).toEqual(mockUser);
+    }
+    expect(mockPasswordAdapter.authenticate).toHaveBeenCalled();
+    expect(mockOAuthAdapter.authenticate).not.toHaveBeenCalled();
+  });
+
+  it('should authenticate with oauth adapter', async () => {
+    const mockUser = {
+      id: 'test-id',
+      displayName: 'Test User',
+      status: 'active' as const,
+      isVerified: true,
+    };
+
+    (mockOAuthAdapter.authenticate as any).mockResolvedValue({
+      ok: true,
+      user: mockUser,
+    });
+
+    const result = await compositeAuthService.authenticate({
+      type: 'oauth',
+      provider: 'google',
+      code: 'auth-code',
+    });
+
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.user).toEqual(mockUser);
+    }
+    expect(mockOAuthAdapter.authenticate).toHaveBeenCalled();
+    expect(mockPasswordAdapter.authenticate).not.toHaveBeenCalled();
+  });
+
+  it('should validate magic link token format', async () => {
+    const result = await compositeAuthService.authenticate({
+      type: 'magic_link',
+      token: 'short', // Too short
+    });
+
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBe('ADAPTER_UNAVAILABLE'); // No magic_link adapter configured
+    }
+  });
+
+  it('should return error for unsupported auth method', async () => {
+    const result = await compositeAuthService.authenticate({
+      type: 'unknown_method' as any, // Unsupported method type
+      token: 'magic-token',
+    });
+
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBe('ADAPTER_UNAVAILABLE');
+    }
+  });
+
+  it('should handle register with correct adapter', async () => {
+    const mockUser = {
+      id: 'test-id',
+      displayName: 'Test User',
+      status: 'active' as const,
+      isVerified: true,
+    };
+
+    (mockPasswordAdapter.register as any).mockResolvedValue({
+      ok: true,
+      user: mockUser,
+    });
+
+    const result = await compositeAuthService.register({
+      type: 'password',
+      identifier: 'test@example.com',
+      password: 'password',
+    });
+
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.user).toEqual(mockUser);
+    }
+    expect(mockPasswordAdapter.register).toHaveBeenCalled();
+  });
+
+  it('should validate OTP code format', async () => {
+    const result = await compositeAuthService.authenticate({
+      type: 'otp',
+      identifier: 'test@example.com',
+      code: '123', // Too short
+    });
+
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBe('ADAPTER_UNAVAILABLE'); // No OTP adapter configured
+    }
+  });
+
+  it('should demonstrate exact requested syntax', () => {
+    // This is exactly how the user wants to use it:
+    const engine = new CompositeAuthService({
+      password: createPasswordAdapterMock(),
+      oauth: createOAuthAdapterMock(),
+    });
+
+    expect(engine).toBeDefined();
+    expect(engine.getMethodConfig()).toEqual({
+      password: expect.any(Object),
+      oauth: expect.any(Object),
+    });
+  });
+});

package/tests/application/use-cases/authenticate-user.test.ts

@@ -1,25 +1,72 @@
 import { authenticateUser } from "@application/use-cases/authenticate-user.js";
-import { AuthServicePort } from "@application/ports/auth-service.port.js";
+import { createAuthPreferencesServiceMock } from "@tests/application/ports/auth-preferences-service.port.mock.js";
+import { createAuthServiceMock } from "@tests/application/ports/auth-service.port.mock.js";
+import { inactiveUser, notVerifiedUser } from "@tests/domain/user-account.data.js";
 import { describe, expect, it, vi } from "vitest";
 
 describe('AuthenticateUser', () => {
   it('should authenticate a user', async () => {
-    const authService: AuthServicePort = {
-      authenticate: vi.fn().mockResolvedValue({ ok: true, user: { id: '1', email: 'test@test.com' } }),
-      logout: vi.fn().mockResolvedValue(undefined),
-    };
-    const loginUser = authenticateUser(authService);
-    const user = await loginUser({ type: 'password', identifier: 'test@test.com', password: 'test' });
-    expect(user).toEqual({ ok: true, user: { id: '1', email: 'test@test.com' } });
+    // Given
+    const authService = createAuthServiceMock();
+    const authPreferencesService = createAuthPreferencesServiceMock();
+    const loginUser = authenticateUser(authService, authPreferencesService);
+    // When
+    const result = await loginUser({ type: 'password', identifier: 'test@test.com', password: 'test' });
+    // Then
+    expect(result.ok).toBe(true);
   });
 
   it('should return an error if the authentication fails', async () => {
-    const authService: AuthServicePort = {
+    // Given
+    const authService = createAuthServiceMock({
       authenticate: vi.fn().mockResolvedValue({ ok: false, error: 'INVALID_CREDENTIALS' }),
-      logout: vi.fn().mockResolvedValue(undefined),
-    };
-    const loginUser = authenticateUser(authService);
+    });
+    const authPreferencesService = createAuthPreferencesServiceMock();
+    // When
+    const loginUser = authenticateUser(authService, authPreferencesService);
+    const user = await loginUser({ type: 'password', identifier: 'test@test.com', password: 'test' });
+    // Then
+    expect(user).toEqual({ ok: false, error: 'INVALID_CREDENTIALS', violatedPolicies: [] });
+  });
+
+  it('should not be possible to authenticate with deactivated account', async () => {
+    // Given
+    const authService = createAuthServiceMock({
+      authenticate: vi.fn().mockResolvedValue({ ok: true, user: inactiveUser }),
+    });
+    const authPreferencesService = createAuthPreferencesServiceMock();
+    // When
+    const loginUser = authenticateUser(authService, authPreferencesService);
     const user = await loginUser({ type: 'password', identifier: 'test@test.com', password: 'test' });
-    expect(user).toEqual({ ok: false, error: 'INVALID_CREDENTIALS' });
+    // Then
+    expect(user).toEqual({ ok: false, error: 'ACCOUNT_DISABLED', violatedPolicies: [] });
+  });
+
+  it('should not be possible to authenticate with not verified account', async () => {
+    // Given
+    const authService = createAuthServiceMock({
+      authenticate: vi.fn().mockResolvedValue({ ok: true, user: notVerifiedUser }),
+    });
+    const authPreferencesService = createAuthPreferencesServiceMock();
+    // When
+    const loginUser = authenticateUser(authService, authPreferencesService);
+    // Then
+    const result = await loginUser({ type: 'password', identifier: 'test@test.com', password: 'test' });
+    expect(result).toEqual({ ok: false, error: 'ACCOUNT_NOT_VERIFIED', violatedPolicies: [] });
+  });
+
+  it('should be possible to authenticate with not verified account if unckeched in settings', async () => {
+    // Given
+    const authService = createAuthServiceMock({
+      authenticate: vi.fn().mockResolvedValue({ ok: true, user: notVerifiedUser }),
+    });
+    const authPreferencesService = createAuthPreferencesServiceMock({
+      getAuthPreferences: vi.fn().mockResolvedValue({ allowLoginWithNotVerifiedAccount: true }),
+    });
+    // When
+    const loginUser = authenticateUser(authService, authPreferencesService);
+    // Then
+    const result = await loginUser({ type: 'password', identifier: 'test@test.com', password: 'test' });
+    expect(result.ok).toEqual(true);
   });
-});
+});