@sneat/auth-core 0.1.3 → 0.1.6

package/src/lib/sneat-auth-state-service.spec.ts

@@ -1,332 +0,0 @@
-import { TestBed } from '@angular/core/testing';
-import { Auth, UserCredential } from '@angular/fire/auth';
-import { AnalyticsService, ErrorLogger } from '@sneat/core';
-import {
-  SneatAuthStateService,
-  AuthStatuses,
-} from './sneat-auth-state-service';
-import { describe, it, expect, beforeEach, vi, Mock } from 'vitest';
-import { firstValueFrom, Observer } from 'rxjs';
-import { User } from '@angular/fire/auth';
-
-// Mock Capacitor
-vi.mock('@capacitor/core', () => ({
-  Capacitor: {
-    isNativePlatform: vi.fn().mockReturnValue(false),
-  },
-}));
-
-// Mock Firebase Authentication
-vi.mock('@capacitor-firebase/authentication', () => ({
-  FirebaseAuthentication: {
-    signInWithGoogle: vi.fn(),
-    signInWithApple: vi.fn(),
-    signInWithFacebook: vi.fn(),
-    signInWithMicrosoft: vi.fn(),
-  },
-}));
-
-// Mock firebase/auth with proper constructor mocks
-vi.mock('firebase/auth', () => {
-  class MockGoogleAuthProvider {}
-  class MockOAuthProvider {
-    credential = vi.fn();
-  }
-  class MockGithubAuthProvider {
-    addScope = vi.fn();
-  }
-  class MockFacebookAuthProvider {
-    addScope = vi.fn();
-  }
-
-  return {
-    GoogleAuthProvider: MockGoogleAuthProvider,
-    OAuthProvider: MockOAuthProvider,
-    GithubAuthProvider: MockGithubAuthProvider,
-    FacebookAuthProvider: MockFacebookAuthProvider,
-    signInWithEmailLink: vi.fn().mockResolvedValue({ user: { uid: 'test' } }),
-    signInWithCustomToken: vi.fn().mockResolvedValue({ user: { uid: 'test' } }),
-    signInWithPopup: vi.fn().mockResolvedValue({ user: { uid: 'test' } }),
-    linkWithPopup: vi.fn().mockResolvedValue({ user: { uid: 'test' } }),
-    unlink: vi.fn().mockResolvedValue({ uid: 'test', providerData: [] }),
-    signInWithCredential: vi.fn().mockResolvedValue({ user: { uid: 'test' } }),
-    getAuth: vi.fn().mockReturnValue({}),
-  };
-});
-
-describe('SneatAuthStateService', () => {
-  let service: SneatAuthStateService;
-  let authMock: {
-    onIdTokenChanged: Mock;
-    onAuthStateChanged: Mock;
-    signOut: Mock;
-    currentUser: User | null;
-  };
-  let onAuthStateChangedCallback: Observer<User | null>;
-  let onIdTokenChangedCallback: Observer<User | null>;
-
-  beforeEach(() => {
-    authMock = {
-      onIdTokenChanged: vi.fn().mockImplementation((obs) => {
-        onIdTokenChangedCallback = obs;
-      }),
-      onAuthStateChanged: vi.fn().mockImplementation((obs) => {
-        onAuthStateChangedCallback = obs;
-      }),
-      signOut: vi.fn().mockResolvedValue(undefined),
-      currentUser: null,
-    };
-
-    TestBed.configureTestingModule({
-      providers: [
-        SneatAuthStateService,
-        {
-          provide: ErrorLogger,
-          useValue: { logError: vi.fn(), logErrorHandler: () => vi.fn() },
-        },
-        {
-          provide: AnalyticsService,
-          useValue: {
-            identify: vi.fn(),
-            logEvent: vi.fn(),
-          },
-        },
-        {
-          provide: Auth,
-          useValue: authMock,
-        },
-      ],
-    });
-    service = TestBed.inject(SneatAuthStateService);
-  });
-
-  it('should be created', () => {
-    expect(service).toBeTruthy();
-  });
-
-  it('should update auth status when onAuthStateChanged triggers', async () => {
-    const fbUser = {
-      uid: 'u1',
-      isAnonymous: false,
-      emailVerified: true,
-      email: 'test@example.com',
-      providerId: 'password',
-      providerData: [],
-    };
-
-    onAuthStateChangedCallback.next(fbUser as unknown as User);
-
-    const status = await firstValueFrom(service.authStatus);
-    expect(status).toBe(AuthStatuses.authenticated);
-
-    const user = await firstValueFrom(service.authUser);
-    expect(user?.uid).toBe('u1');
-  });
-
-  it('should call fbAuth.signOut when signOut is called', async () => {
-    await service.signOut();
-    expect(authMock.signOut).toHaveBeenCalled();
-  });
-
-  it('should handle null user in onAuthStateChanged', async () => {
-    onAuthStateChangedCallback.next(null);
-
-    const status = await firstValueFrom(service.authStatus);
-    expect(status).toBe(AuthStatuses.notAuthenticated);
-
-    const user = await firstValueFrom(service.authUser);
-    expect(user).toBeNull();
-  });
-
-  it('should handle user with multiple providerData', async () => {
-    const fbUser = {
-      uid: 'u2',
-      isAnonymous: false,
-      emailVerified: true,
-      email: 'multi@example.com',
-      providerId: 'firebase',
-      providerData: [
-        { providerId: 'google.com', uid: 'g123' },
-        { providerId: 'facebook.com', uid: 'f456' },
-      ],
-    };
-
-    onAuthStateChangedCallback.next(fbUser as unknown as User);
-
-    const user = await firstValueFrom(service.authUser);
-    expect(user?.uid).toBe('u2');
-    expect(user?.providerId).toBe('firebase');
-  });
-
-  it('should handle user with single providerData', async () => {
-    const fbUser = {
-      uid: 'u3',
-      isAnonymous: false,
-      emailVerified: true,
-      email: 'single@example.com',
-      providerId: 'firebase',
-      providerData: [{ providerId: 'google.com', uid: 'g789' }],
-    };
-
-    onAuthStateChangedCallback.next(fbUser as unknown as User);
-
-    const user = await firstValueFrom(service.authUser);
-    expect(user?.providerId).toBe('google.com');
-  });
-
-  it('should handle onIdTokenChanged with authenticated user', async () => {
-    const fbUser = {
-      uid: 'u4',
-      isAnonymous: false,
-      emailVerified: true,
-      email: 'token@example.com',
-      providerId: 'google.com',
-      providerData: [],
-      getIdToken: vi.fn().mockResolvedValue('mock-token-123'),
-    };
-
-    // First set auth user
-    onAuthStateChangedCallback.next(fbUser as unknown as User);
-
-    // Then trigger token changed
-    onIdTokenChangedCallback.next(fbUser as unknown as User);
-
-    // Wait for async operations
-    await new Promise((resolve) => setTimeout(resolve, 10));
-
-    const state = await firstValueFrom(service.authState);
-    expect(state.status).toBe(AuthStatuses.authenticated);
-    expect(state.token).toBe('mock-token-123');
-  });
-
-  it('should handle error in getIdToken', async () => {
-    const errorLogger = TestBed.inject(ErrorLogger);
-    const fbUser = {
-      uid: 'u5',
-      isAnonymous: false,
-      emailVerified: true,
-      email: 'error@example.com',
-      providerId: 'google.com',
-      providerData: [],
-      getIdToken: vi.fn().mockRejectedValue(new Error('Token error')),
-    };
-
-    onAuthStateChangedCallback.next(fbUser as unknown as User);
-    onIdTokenChangedCallback.next(fbUser as unknown as User);
-
-    await new Promise((resolve) => setTimeout(resolve, 10));
-
-    expect(errorLogger.logError).toHaveBeenCalled();
-  });
-
-  it('should handle error in onAuthStateChanged', () => {
-    const errorLogger = TestBed.inject(ErrorLogger);
-    const error = new Error('Auth state error');
-
-    onAuthStateChangedCallback.error(error);
-
-    expect(errorLogger.logError).toHaveBeenCalledWith(
-      error,
-      'failed to retrieve Firebase auth user information',
-    );
-  });
-
-  it('should handle error in onIdTokenChanged', () => {
-    const errorLogger = TestBed.inject(ErrorLogger);
-    const error = new Error('Token changed error');
-
-    onIdTokenChangedCallback.error(error);
-
-    expect(errorLogger.logError).toHaveBeenCalledWith(
-      error,
-      'failed in fbAuth.onIdTokenChanged',
-    );
-  });
-
-  describe('signInWithToken', () => {
-    it('should call signInWithCustomToken', async () => {
-      const { signInWithCustomToken } = await import('firebase/auth');
-      const mockCredential = { user: { uid: 'test' } } as UserCredential;
-      (signInWithCustomToken as Mock).mockResolvedValue(mockCredential);
-
-      const result = await service.signInWithToken('custom-token');
-
-      expect(signInWithCustomToken).toHaveBeenCalledWith(
-        authMock,
-        'custom-token',
-      );
-      expect(result).toBe(mockCredential);
-    });
-  });
-
-  describe('signInWithEmailLink', () => {
-    it('should return observable that calls signInWithEmailLink', async () => {
-      const { signInWithEmailLink } = await import('firebase/auth');
-
-      const result = await firstValueFrom(
-        service.signInWithEmailLink('test@example.com'),
-      );
-
-      expect(signInWithEmailLink).toHaveBeenCalled();
-      expect(result.user.uid).toBe('test');
-    });
-  });
-
-  describe('linkWith', () => {
-    it('should reject if no current user', async () => {
-      authMock.currentUser = null;
-
-      await expect(service.linkWith('google.com')).rejects.toBe(
-        'no current user',
-      );
-    });
-
-    it('should link provider to current user', async () => {
-      const { linkWithPopup } = await import('firebase/auth');
-      const mockUser = { uid: 'current-user' } as User;
-      authMock.currentUser = mockUser;
-
-      const result = await service.linkWith('google.com');
-
-      expect(linkWithPopup).toHaveBeenCalled();
-      expect(result?.user.uid).toBe('test');
-    });
-  });
-
-  describe('unlinkAuthProvider', () => {
-    it('should reject if no current user', async () => {
-      authMock.currentUser = null;
-
-      await expect(service.unlinkAuthProvider('google.com')).rejects.toBe(
-        'No user is currently signed in.',
-      );
-    });
-
-    it('should unlink auth provider from current user', async () => {
-      const { unlink } = await import('firebase/auth');
-      const mockUser = {
-        uid: 'current-user',
-        isAnonymous: false,
-        emailVerified: true,
-        providerData: [],
-      } as unknown as User;
-      authMock.currentUser = mockUser;
-
-      await service.unlinkAuthProvider('google.com');
-
-      expect(unlink).toHaveBeenCalledWith(mockUser, 'google.com');
-    });
-
-    it('should handle unlink error', async () => {
-      const { unlink } = await import('firebase/auth');
-      const mockUser = { uid: 'current-user' } as User;
-      authMock.currentUser = mockUser;
-      const error = new Error('Unlink failed');
-      (unlink as Mock).mockRejectedValueOnce(error);
-
-      await expect(service.unlinkAuthProvider('google.com')).rejects.toMatch(
-        /Failed to unlink google.com account/,
-      );
-    });
-  });
-});

package/src/lib/sneat-auth-state-service.ts

@@ -1,387 +0,0 @@
-import { SignInWithOAuthOptions } from '@capacitor-firebase/authentication/dist/esm/definitions';
-import { Capacitor } from '@capacitor/core';
-import {
-  FirebaseAuthentication,
-  SignInResult,
-} from '@capacitor-firebase/authentication';
-import {
-  AnalyticsService,
-  EnumAsUnionOfKeys,
-  IAnalyticsService,
-} from '@sneat/core';
-import { BehaviorSubject, from, Observable } from 'rxjs';
-import { Injectable, inject } from '@angular/core';
-import { ErrorLogger, IErrorLogger } from '@sneat/core';
-import { distinctUntilChanged, shareReplay } from 'rxjs/operators';
-import {
-  Auth,
-  AuthProvider,
-  getAuth,
-  signInWithCredential,
-  User,
-  UserCredential,
-  UserInfo,
-} from '@angular/fire/auth';
-
-import {
-  GoogleAuthProvider,
-  OAuthProvider,
-  GithubAuthProvider,
-  FacebookAuthProvider,
-  signInWithEmailLink,
-  signInWithCustomToken,
-  signInWithPopup,
-  linkWithPopup,
-  unlink,
-} from 'firebase/auth';
-
-// TODO: fix & remove this eslint hint @nrwl/nx/enforce-module-boundaries
-
-import { newRandomId } from '@sneat/random';
-
-export enum AuthStatuses {
-  authenticating = 'authenticating',
-  authenticated = 'authenticated',
-  notAuthenticated = 'notAuthenticated',
-}
-
-export type AuthStatus = EnumAsUnionOfKeys<typeof AuthStatuses>;
-
-export interface ISneatAuthUser extends UserInfo {
-  readonly isAnonymous: boolean;
-  readonly emailVerified: boolean;
-  readonly providerData: readonly UserInfo[];
-}
-
-export interface ISneatAuthState {
-  readonly status: AuthStatus;
-  readonly token?: string | null;
-  readonly user?: ISneatAuthUser | null;
-  readonly err?: unknown;
-}
-
-const initialAuthStatus = AuthStatuses.authenticating;
-export const initialSneatAuthState = { status: initialAuthStatus };
-
-@Injectable({ providedIn: 'root' })
-export class SneatAuthStateService {
-  private readonly errorLogger = inject<IErrorLogger>(ErrorLogger);
-  private readonly analyticsService =
-    inject<IAnalyticsService>(AnalyticsService);
-  readonly fbAuth = inject(Auth);
-
-  private readonly id = newRandomId({ len: 5 });
-
-  private readonly authStatus$ = new BehaviorSubject<AuthStatus>(
-    initialAuthStatus,
-  );
-  public readonly authStatus = this.authStatus$
-    .asObservable()
-    .pipe(distinctUntilChanged());
-
-  private readonly authUser$ = new BehaviorSubject<
-    ISneatAuthUser | null | undefined
-  >(undefined);
-  public readonly authUser = this.authUser$.asObservable();
-
-  private readonly authState$ = new BehaviorSubject<ISneatAuthState>(
-    initialSneatAuthState,
-  );
-  public readonly authState = this.authState$.asObservable().pipe(
-    // tap(v => console.log('SneatAuthStateService => SneatAuthState:', v)),
-    shareReplay(1),
-  );
-
-  // private readonly fbAuth: Auth;
-
-  constructor() {
-    const errorLogger = this.errorLogger;
-    this.fbAuth.onIdTokenChanged({
-      next: (firebaseUser) => {
-        const status: AuthStatus = firebaseUser
-          ? AuthStatuses.authenticated
-          : AuthStatuses.notAuthenticated;
-        if (
-          firebaseUser &&
-          this.authState$.value?.user?.uid !== firebaseUser?.uid
-        ) {
-          this.analyticsService.identify(firebaseUser.uid);
-        }
-        firebaseUser
-          ?.getIdToken()
-          .then((token) => {
-            const current = this.authState$.value || {};
-            this.authState$.next({
-              ...current,
-              status,
-              token,
-              user: this.authUser$.value,
-            });
-            this.authStatus$.next(status); // Should be after authState$
-          })
-          .catch((err) => {
-            const current = this.authState$.value || {};
-            this.authState$.next({
-              ...current,
-              err: `fbUser.getIdToken() failed: ${err}`,
-            });
-            this.errorLogger.logError(err, 'Failed in fbUser.getIdToken()');
-          });
-      },
-      error: (err) => {
-        const current = this.authState$.value || {};
-        this.authState$.next({
-          ...current,
-          err: `fbAuth.onIdTokenChanged() failed: ${err}`,
-        });
-        errorLogger.logError(err, 'failed in fbAuth.onIdTokenChanged');
-      },
-      complete: () => void 0,
-    });
-    this.fbAuth.onAuthStateChanged({
-      complete: () => void 0,
-      next: (fbUser) => {
-        // console.log(
-        //   `SneatAuthStateService => authStatus: ${this.authStatus$.value}; fbUser`,
-        //   fbUser,
-        // );
-
-        const authUser = createSneatAuthUserFromFbUser(fbUser);
-
-        const status = authUser
-          ? AuthStatuses.authenticated
-          : AuthStatuses.notAuthenticated;
-        this.authStatus$.next(status);
-        this.authUser$.next(authUser);
-        this.authState$.next({
-          ...this.authState$.value,
-          user: authUser,
-          status,
-        });
-      },
-      error: (err) => {
-        this.errorLogger.logError(
-          err,
-          'failed to retrieve Firebase auth user information',
-        );
-        const current = this.authState$.value || {};
-        this.authState$.next({
-          ...current,
-          err: `fbAuth.onAuthStateChanged() failed: ${err}`,
-        });
-      },
-    });
-  }
-
-  public signOut(): Promise<void> {
-    return this.fbAuth.signOut();
-  }
-
-  public signInWithToken(token: string): Promise<UserCredential> {
-    return signInWithCustomToken(this.fbAuth, token);
-  }
-
-  public signInWithEmailLink(email: string): Observable<UserCredential> {
-    return from(signInWithEmailLink(this.fbAuth, email));
-  }
-
-  private isSigningInWith?: AuthProviderName;
-
-  private async signInOnNativeLayer(
-    authProviderID: AuthProviderID,
-  ): Promise<UserCredential> {
-    let signInResult: SignInResult | undefined;
-
-    const o: SignInWithOAuthOptions = { skipNativeAuth: true };
-
-    switch (authProviderID) {
-      case 'google.com':
-        signInResult = await FirebaseAuthentication.signInWithGoogle(o);
-        break;
-      case 'apple.com':
-        signInResult = await FirebaseAuthentication.signInWithApple(o);
-        break;
-      case 'facebook.com':
-        signInResult = await FirebaseAuthentication.signInWithFacebook(o);
-        break;
-      case 'microsoft.com':
-        signInResult = await FirebaseAuthentication.signInWithMicrosoft(o);
-        break;
-      default:
-        return Promise.reject('unsupported auth provider: ' + authProviderID);
-    }
-    // console.log(
-    //   `SneatAuthStateService.signInWith(${authProviderID}) => signed in on native layer, authenticating in webview...`,
-    //   signInResult,
-    // );
-    // we need to authenticate on webview layer using the id token and nonce from signInResult
-    const userCredential = await this.authenticateOnWebviewLayer(
-      authProviderID,
-      signInResult,
-    );
-
-    return Promise.resolve(userCredential);
-  }
-
-  private async authenticateOnWebviewLayer(
-    authProviderID: AuthProviderID,
-    signInResult: SignInResult,
-  ): Promise<UserCredential> {
-    const oauthProvider = new OAuthProvider(authProviderID);
-    const credential = oauthProvider.credential({
-      idToken: signInResult.credential?.idToken,
-      accessToken: signInResult.credential?.accessToken,
-      rawNonce: signInResult.credential?.nonce,
-    });
-    const auth = getAuth();
-    const userCredential = await signInWithCredential(auth, credential);
-
-    // Get a valid Firebase ID token that has a 'kid' header
-    const _firebaseIdToken = await userCredential.user.getIdToken();
-
-    return Promise.resolve(userCredential);
-  }
-
-  private async signInWithWebSDK(
-    authProviderID: AuthProviderID,
-  ): Promise<UserCredential> {
-    const authProvider = getAuthProvider(authProviderID);
-    const userCredential = await signInWithPopup(this.fbAuth, authProvider);
-    return Promise.resolve(userCredential);
-  }
-
-  public async linkWith(
-    authProviderID: AuthProviderID,
-  ): Promise<UserCredential | undefined> {
-    const authProvider = getAuthProvider(authProviderID);
-    if (!this.fbAuth.currentUser) {
-      return Promise.reject('no current user');
-    }
-    const userCredential = await linkWithPopup(
-      this.fbAuth.currentUser,
-      authProvider,
-    );
-    return Promise.resolve(userCredential);
-  }
-
-  public async unlinkAuthProvider(authProviderID: string): Promise<void> {
-    const currentUser = this.fbAuth.currentUser;
-    if (currentUser) {
-      try {
-        const updatedUser = await unlink(currentUser, authProviderID);
-        const authUser = createSneatAuthUserFromFbUser(updatedUser);
-        this.authUser$.next(authUser);
-        return Promise.resolve();
-      } catch (error) {
-        return Promise.reject(
-          `Failed to unlink ${authProviderID} account:` + error,
-        );
-      }
-    } else {
-      return Promise.reject('No user is currently signed in.');
-    }
-  }
-
-  public async signInWith(
-    authProviderID: AuthProviderID,
-  ): Promise<UserCredential | undefined> {
-    // console.log(
-    //   `SneatAuthStateService.signInWith(${authProviderID}), isSigningInWith=${this.isSigningInWith}, location.protocol=${location.protocol}`,
-    // );
-    this.analyticsService.logEvent('signingInWith', {
-      provider: authProviderID,
-    });
-    try {
-      if (this.isSigningInWith) {
-        return Promise.reject(
-          new Error(
-            `a repeated call to SneatAuthStateService.signInWith(${authProviderID}) white previous sign in with ${this.isSigningInWith} is in progress`,
-          ),
-        );
-      }
-
-      let userCredential: UserCredential | undefined = undefined;
-
-      if (Capacitor.isNativePlatform()) {
-        userCredential = await this.signInOnNativeLayer(authProviderID);
-      } else {
-        userCredential = await this.signInWithWebSDK(authProviderID);
-      }
-
-      this.isSigningInWith = undefined;
-      this.analyticsService.logEvent('signedInWith', {
-        provider: authProviderID,
-      });
-      return Promise.resolve(userCredential);
-    } catch (e) {
-      this.isSigningInWith = undefined;
-      return Promise.reject(e);
-    }
-  }
-}
-
-export type AuthProviderID =
-  | 'apple.com'
-  | 'google.com'
-  | 'microsoft.com'
-  | 'facebook.com'
-  | 'github.com'
-  | 'phone';
-
-export type AuthProviderName =
-  | 'Google'
-  | 'Apple'
-  | 'Microsoft'
-  | 'Facebook'
-  | 'GitHub';
-
-function getAuthProvider(authProviderID: AuthProviderID): AuthProvider {
-  switch (authProviderID) {
-    case 'google.com':
-      return new GoogleAuthProvider();
-    case 'apple.com':
-      return new OAuthProvider('apple.com');
-    //
-    // https://developer.apple.com/documentation/sign_in_with_apple/incorporating-sign-in-with-apple-into-other-platforms
-    // (authProvider as OAuthProvider).setCustomParameters({
-    // 	// 	// Localize the Apple authentication screen in current app locale.
-    // 	locale: 'en', // TODO: set locale
-    // });
-    case 'microsoft.com':
-      return new OAuthProvider('microsoft.com');
-    case 'facebook.com': {
-      const facebookAuthProvider = new FacebookAuthProvider();
-      facebookAuthProvider.addScope('email');
-      return facebookAuthProvider;
-    }
-    case 'github.com': {
-      const githubAuthProvider = new GithubAuthProvider();
-      githubAuthProvider.addScope('read:user');
-      githubAuthProvider.addScope('user:email');
-      return githubAuthProvider;
-    }
-    default:
-      throw new Error('unsupported auth provider: ' + authProviderID);
-  }
-}
-
-function createSneatAuthUserFromFbUser(
-  fbUser: User | null,
-): ISneatAuthUser | null {
-  return (
-    fbUser && {
-      isAnonymous: fbUser.isAnonymous,
-      emailVerified: fbUser.emailVerified,
-      email: fbUser.email,
-      uid: fbUser.uid,
-      displayName: fbUser.displayName,
-      phoneNumber: fbUser.phoneNumber,
-      photoURL: fbUser.photoURL,
-      providerId:
-        fbUser.providerData?.length === 1 && fbUser.providerData[0]
-          ? fbUser.providerData[0].providerId
-          : fbUser.providerId,
-      providerData: fbUser.providerData,
-    }
-  );
-}