@soapjs/soap-auth 0.3.3 → 0.4.4

package/build/strategies/api-key/__tests__/api-key.strategy.test.js

@@ -1,103 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const api_key_strategy_1 = require("../api-key.strategy");
-const errors_1 = require("../../../errors");
-const api_key_errors_1 = require("../api-key.errors");
-describe("ApiKeyStrategy", () => {
-    let strategy;
-    let mockConfig;
-    let mockLogger;
-    beforeEach(() => {
-        mockLogger = {
-            error: jest.fn(),
-            warn: jest.fn(),
-            info: jest.fn(),
-        };
-        mockConfig = {
-            extractApiKey: jest.fn(),
-            retrieveUserByApiKey: jest.fn(),
-            lock: {
-                isAccountLocked: jest.fn(),
-                logFailedAttempt: jest.fn(),
-            },
-            isApiKeyExpired: jest.fn(),
-            rateLimit: {
-                checkRateLimit: jest.fn(),
-                incrementRequestCount: jest.fn(),
-            },
-            role: { authorizeByRoles: jest.fn(), roles: [] },
-            revokeApiKey: jest.fn(),
-            trackApiKeyUsage: jest.fn(),
-            keyType: "long-term",
-        };
-        strategy = new api_key_strategy_1.ApiKeyStrategy(mockConfig, mockLogger);
-    });
-    it("should authenticate a user with a valid API key", async () => {
-        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
-        mockConfig.retrieveUserByApiKey.mockResolvedValue({
-            id: 1,
-            name: "John Doe",
-        });
-        const result = await strategy.authenticate({});
-        expect(result).toEqual({ user: { id: 1, name: "John Doe" } });
-        expect(mockConfig.trackApiKeyUsage).toHaveBeenCalledWith("valid-api-key");
-        expect(mockConfig.rateLimit.incrementRequestCount).toHaveBeenCalledWith("valid-api-key");
-    });
-    it("should throw MissingApiKeyError if no API key is provided", async () => {
-        mockConfig.extractApiKey.mockReturnValue(null);
-        await expect(strategy.authenticate({})).rejects.toThrow(api_key_errors_1.MissingApiKeyError);
-        expect(mockConfig.lock.logFailedAttempt).toHaveBeenCalled();
-    });
-    it("should throw InvalidApiKeyError if the API key is invalid", async () => {
-        mockConfig.extractApiKey.mockReturnValue("invalid-api-key");
-        mockConfig.retrieveUserByApiKey.mockResolvedValue(null);
-        await expect(strategy.authenticate({})).rejects.toThrow(api_key_errors_1.InvalidApiKeyError);
-        expect(mockConfig.lock.logFailedAttempt).toHaveBeenCalledWith("invalid-api-key", {});
-    });
-    it("should throw AccountLockedError if account is locked", async () => {
-        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
-        mockConfig.lock.isAccountLocked.mockResolvedValue(true);
-        await expect(strategy.authenticate({})).rejects.toThrow(errors_1.AccountLockedError);
-    });
-    it("should throw ExpiredApiKeyError if API key is expired", async () => {
-        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
-        mockConfig.isApiKeyExpired.mockResolvedValue(true);
-        await expect(strategy.authenticate({})).rejects.toThrow(api_key_errors_1.ExpiredApiKeyError);
-    });
-    it("should throw RateLimitExceededError if API key exceeds rate limit", async () => {
-        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
-        mockConfig.rateLimit.checkRateLimit.mockResolvedValue(true);
-        await expect(strategy.authenticate({})).rejects.toThrow(errors_1.RateLimitExceededError);
-    });
-    it("should throw UnauthorizedRoleError if user has no access", async () => {
-        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
-        mockConfig.retrieveUserByApiKey.mockResolvedValue({ id: 1, role: "guest" });
-        mockConfig.role.authorizeByRoles.mockResolvedValue(false);
-        strategy.role.roles = ["admin", "user"];
-        await expect(strategy.authenticate({})).rejects.toThrow(errors_1.UnauthorizedRoleError);
-    });
-    it("should revoke one-time API keys after authentication", async () => {
-        mockConfig.keyType = "one-time";
-        mockConfig.extractApiKey.mockReturnValue("one-time-key");
-        mockConfig.retrieveUserByApiKey.mockResolvedValue({ id: 1 });
-        await strategy.authenticate({});
-        expect(mockConfig.revokeApiKey).toHaveBeenCalledWith("one-time-key");
-    });
-    it("should retry retrieving user on failure", async () => {
-        mockConfig.retrieveUserMaxRetries = 1;
-        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
-        mockConfig.retrieveUserByApiKey
-            .mockRejectedValueOnce(new Error("Temporary failure"))
-            .mockResolvedValueOnce({ id: 1, name: "John Doe" });
-        const result = await strategy.authenticate({});
-        expect(result).toEqual({ user: { id: 1, name: "John Doe" } });
-        expect(mockConfig.retrieveUserByApiKey).toHaveBeenCalledTimes(2);
-    });
-    it("should log failed authentication attempts", async () => {
-        mockConfig.extractApiKey.mockReturnValue("invalid-api-key");
-        mockConfig.retrieveUserByApiKey.mockResolvedValue(null);
-        const ctx = {};
-        await expect(strategy.authenticate(ctx)).rejects.toThrow(api_key_errors_1.InvalidApiKeyError);
-        expect(mockConfig.lock.logFailedAttempt).toHaveBeenCalledWith("invalid-api-key", ctx);
-    });
-});

package/build/strategies/basic/__tests__/basic.strategy.test.d.ts

@@ -1 +0,0 @@
-export {};

package/build/strategies/basic/__tests__/basic.strategy.test.js

@@ -1,104 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const basic_strategy_1 = require("../basic.strategy");
-const errors_1 = require("../../../errors");
-describe("BasicStrategy", () => {
-    let strategy;
-    let mockConfig;
-    let mockSession;
-    let mockJwt;
-    beforeEach(() => {
-        mockConfig = {
-            credentials: {
-                extractCredentials: jest.fn(),
-                verifyCredentials: jest.fn(),
-            },
-            user: {
-                fetchUser: jest.fn(),
-            },
-            routes: {
-                login: {},
-                logout: {},
-            },
-        };
-        mockSession = {
-            issueSession: jest.fn(),
-        };
-        mockJwt = {
-            issueTokens: jest.fn(),
-        };
-        strategy = new basic_strategy_1.BasicStrategy(mockConfig, mockSession, mockJwt);
-    });
-    describe("extractCredentials", () => {
-        it("should extract credentials from Authorization header", () => {
-            mockConfig.credentials.extractCredentials = null;
-            const username = "testuser";
-            const password = "securepassword";
-            const encoded = Buffer.from(`${username}:${password}`).toString("base64");
-            const context = { headers: { authorization: `Basic ${encoded}` } };
-            const credentials = strategy.extractCredentials(context);
-            expect(credentials).toEqual({ identifier: username, password });
-        });
-        it("should throw MissingCredentialsError if Authorization header is missing", () => {
-            const context = { headers: {} };
-            expect(() => strategy.extractCredentials(context)).toThrow(errors_1.MissingCredentialsError);
-        });
-        it("should throw InvalidCredentialsError if Authorization header is malformed", () => {
-            const context = { headers: { authorization: "Bearer token" } };
-            mockConfig.credentials.extractCredentials = null;
-            expect(() => strategy.extractCredentials(context)).toThrow(errors_1.InvalidCredentialsError);
-        });
-        it("should throw InvalidCredentialsError if Authorization header is not base64-encoded properly", () => {
-            const context = { headers: { authorization: "Basic not_base64_data" } };
-            mockConfig.credentials.extractCredentials = null;
-            expect(() => strategy.extractCredentials(context)).toThrow(errors_1.InvalidCredentialsError);
-        });
-        it("should throw InvalidCredentialsError if decoded credentials are invalid", () => {
-            const encoded = Buffer.from(`username`).toString("base64");
-            const context = { headers: { authorization: `Basic ${encoded}` } };
-            mockConfig.credentials.extractCredentials = null;
-            expect(() => strategy.extractCredentials(context)).toThrow(errors_1.InvalidCredentialsError);
-        });
-    });
-    describe("verifyCredentials", () => {
-        it("should verify valid credentials", async () => {
-            mockConfig.credentials.verifyCredentials.mockResolvedValue(true);
-            const result = await strategy.verifyCredentials("testuser", "password");
-            expect(result).toBe(true);
-            expect(mockConfig.credentials.verifyCredentials).toHaveBeenCalledWith("testuser", "password");
-        });
-        it("should return false if credentials are invalid", async () => {
-            mockConfig.credentials.verifyCredentials.mockResolvedValue(false);
-            const result = await strategy.verifyCredentials("testuser", "wrongpass");
-            expect(result).toBe(false);
-            expect(mockConfig.credentials.verifyCredentials).toHaveBeenCalledWith("testuser", "wrongpass");
-        });
-    });
-    describe("fetchUser", () => {
-        it("should retrieve user data when credentials are valid", async () => {
-            const mockUser = { id: 1, username: "testuser" };
-            mockConfig.user.fetchUser.mockResolvedValue(mockUser);
-            const user = await strategy.fetchUser({
-                identifier: "testuser",
-                password: "securepassword",
-            });
-            expect(user).toEqual(mockUser);
-            expect(mockConfig.user.fetchUser).toHaveBeenCalledWith({
-                identifier: "testuser",
-                password: "securepassword",
-            });
-        });
-        it("should return null if user is not found", async () => {
-            mockConfig.user.fetchUser.mockResolvedValue(null);
-            const user = await strategy.fetchUser({
-                identifier: "unknownuser",
-                password: "securepassword",
-            });
-            expect(user).toBeNull();
-            expect(mockConfig.user.fetchUser).toHaveBeenCalledWith({
-                identifier: "unknownuser",
-                password: "securepassword",
-            });
-        });
-    });
-});

package/build/strategies/jwt/__tests__/jwt.strategy.test.d.ts

@@ -1 +0,0 @@
-export {};

package/build/strategies/jwt/__tests__/jwt.strategy.test.js

@@ -1,156 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const jsonwebtoken_1 = require("jsonwebtoken");
-const jwt_strategy_1 = require("../jwt.strategy");
-const errors_1 = require("../../../errors");
-describe("JWTStrategy", () => {
-    let strategy;
-    let mockLogger;
-    let mockConfig;
-    let mockUser;
-    let mockContext;
-    beforeEach(() => {
-        mockLogger = { error: jest.fn(), warn: jest.fn(), info: jest.fn() };
-        mockUser = { id: "123", email: "test@example.com" };
-        mockContext = {
-            req: {
-                headers: { authorization: "Bearer mock-access-token" },
-                cookies: { refreshToken: "mock-refresh-token" },
-            },
-            res: { setHeader: jest.fn(), cookie: jest.fn(), clearCookie: jest.fn() },
-        };
-        mockConfig = {
-            accessToken: {
-                issuer: { secretKey: "access-secret", options: { expiresIn: "1h" } },
-                verifier: { options: {} },
-                persistence: { store: jest.fn() },
-                extract: jest.fn(),
-                embed: jest.fn(),
-            },
-            refreshToken: {
-                issuer: { secretKey: "refresh-secret", options: { expiresIn: "7d" } },
-                verifier: { options: {} },
-                persistence: { store: jest.fn(), remove: jest.fn() },
-                extract: jest.fn(),
-                embed: jest.fn(),
-            },
-            user: { fetchUser: jest.fn().mockResolvedValue(mockUser) },
-            routes: {},
-        };
-        strategy = new jwt_strategy_1.JwtStrategy(mockConfig, mockLogger);
-    });
-    it("should authenticate user with valid access token", async () => {
-        const mockAccessToken = "mock-access-token";
-        jest
-            .spyOn(mockConfig.accessToken, "extract")
-            .mockReturnValue(mockAccessToken);
-        jest.spyOn(strategy, "verifyAccessToken").mockResolvedValue(mockUser);
-        const result = await strategy.authenticate(mockContext);
-        expect(result.user).toEqual(mockUser);
-        expect(result.tokens.accessToken).toEqual("mock-access-token");
-    });
-    it("should refresh tokens when access token is invalid", async () => {
-        const mockAccessToken = "mock-access-token";
-        const mockRefreshToken = "mock-refresh-token";
-        jest
-            .spyOn(mockConfig.accessToken, "extract")
-            .mockReturnValue(mockAccessToken);
-        jest
-            .spyOn(mockConfig.refreshToken, "extract")
-            .mockReturnValue(mockRefreshToken);
-        jest
-            .spyOn(strategy, "verifyAccessToken")
-            .mockRejectedValue(new jsonwebtoken_1.TokenExpiredError("Access", new Date()));
-        jest.spyOn(strategy, "verifyRefreshToken").mockResolvedValue(mockUser);
-        jest
-            .spyOn(strategy, "generateAccessToken")
-            .mockResolvedValue("new-access-token");
-        jest
-            .spyOn(strategy, "generateRefreshToken")
-            .mockResolvedValue("new-refresh-token");
-        jest.spyOn(strategy, "storeAccessToken").mockResolvedValue(null);
-        jest.spyOn(strategy, "storeRefreshToken").mockResolvedValue(null);
-        const result = await strategy.authenticate(mockContext);
-        expect(result.user).toEqual(mockUser);
-        expect(result.tokens.accessToken).toEqual("new-access-token");
-        expect(result.tokens.refreshToken).toEqual("new-refresh-token");
-    });
-    it("should throw MissingTokenError when no tokens are provided", async () => {
-        jest.spyOn(mockConfig.accessToken, "extract").mockReturnValue(undefined);
-        jest.spyOn(mockConfig.refreshToken, "extract").mockReturnValue(undefined);
-        await expect(strategy.authenticate(mockContext)).rejects.toThrow(errors_1.MissingTokenError);
-    });
-    it("should throw InvalidTokenError if user does not exist", async () => {
-        const mockAccessToken = "mock-access-token";
-        const mockRefreshToken = null;
-        jest
-            .spyOn(mockConfig.accessToken, "extract")
-            .mockReturnValue(mockAccessToken);
-        jest
-            .spyOn(mockConfig.refreshToken, "extract")
-            .mockReturnValue(mockRefreshToken);
-        jest.spyOn(strategy, "verifyAccessToken").mockResolvedValue(mockUser);
-        mockConfig.user.fetchUser = jest.fn().mockResolvedValue(null);
-        await expect(strategy.authenticate(mockContext)).rejects.toThrow(errors_1.InvalidTokenError);
-    });
-    it("should throw InvalidTokenError when refresh token is invalid", async () => {
-        const mockAccessToken = "mock-access-token";
-        const mockRefreshToken = "mock-refresh-token";
-        jest
-            .spyOn(mockConfig.accessToken, "extract")
-            .mockReturnValue(mockAccessToken);
-        jest
-            .spyOn(mockConfig.refreshToken, "extract")
-            .mockReturnValue(mockRefreshToken);
-        jest
-            .spyOn(strategy, "verifyAccessToken")
-            .mockRejectedValue(new errors_1.InvalidTokenError("Access"));
-        jest
-            .spyOn(strategy, "verifyRefreshToken")
-            .mockRejectedValue(new errors_1.InvalidTokenError("Refresh"));
-        await expect(strategy.authenticate(mockContext)).rejects.toThrow(errors_1.InvalidTokenError);
-    });
-    it("should generate and store access and refresh tokens", async () => {
-        jest
-            .spyOn(strategy, "generateAccessToken")
-            .mockResolvedValue("new-access-token");
-        jest
-            .spyOn(strategy, "generateRefreshToken")
-            .mockResolvedValue("new-refresh-token");
-        jest.spyOn(strategy, "storeAccessToken").mockResolvedValue(null);
-        jest.spyOn(strategy, "storeRefreshToken").mockResolvedValue(null);
-        const tokens = await strategy.issueTokens(mockUser, mockContext);
-        expect(tokens).toHaveProperty("accessToken", "new-access-token");
-        expect(tokens).toHaveProperty("refreshToken", "new-refresh-token");
-        expect(strategy.storeAccessToken).toHaveBeenCalledWith("new-access-token");
-        expect(strategy.storeRefreshToken).toHaveBeenCalledWith("new-refresh-token");
-    });
-    it("should invalidate refresh token", async () => {
-        jest
-            .spyOn(strategy, "extractRefreshToken")
-            .mockResolvedValue("mock-refresh-token");
-        jest.spyOn(strategy, "invalidateRefreshToken").mockResolvedValue(null);
-        await strategy.invalidateRefreshToken(mockContext);
-        expect(strategy.invalidateRefreshToken).toHaveBeenCalledWith(mockContext);
-    });
-    it("should extract access token from context", async () => {
-        const mockAccessToken = "mock-access-token";
-        jest
-            .spyOn(mockConfig.accessToken, "extract")
-            .mockReturnValue(mockAccessToken);
-        const token = await strategy.extractAccessToken(mockContext);
-        expect(token).toBe("mock-access-token");
-    });
-    it("should extract refresh token from context", async () => {
-        const mockRefreshToken = "mock-refresh-token";
-        jest
-            .spyOn(mockConfig.refreshToken, "extract")
-            .mockReturnValueOnce(mockRefreshToken);
-        const token = await strategy.extractRefreshToken(mockContext);
-        expect(token).toBe("mock-refresh-token");
-    });
-    it("should throw UndefinedTokenSecretError if access secret key is missing", async () => {
-        mockConfig.accessToken.issuer.secretKey = undefined;
-        expect(() => new jwt_strategy_1.JwtStrategy(mockConfig, mockLogger)).toThrow(errors_1.UndefinedTokenSecretError);
-    });
-});

package/build/strategies/jwt/__tests__/jwt.tools.test.d.ts

@@ -1 +0,0 @@
-export {};

package/build/strategies/jwt/__tests__/jwt.tools.test.js

@@ -1,98 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const globals_1 = require("@jest/globals");
-const jwt_tools_1 = require("../jwt.tools");
-const errors_1 = require("../../../errors");
-(0, globals_1.describe)("JwtTools", () => {
-    const secretKey = "test-secret";
-    const payload = { id: "user123", email: "test@example.com" };
-    const config = {
-        accessToken: {
-            issuer: { secretKey, options: { expiresIn: "1h" } },
-            verifier: { options: {} },
-        },
-        refreshToken: {
-            issuer: { secretKey, options: { expiresIn: "7d" } },
-            verifier: { options: {} },
-        },
-        routes: {},
-    };
-    (0, globals_1.it)("should generate an access token", () => {
-        const token = jwt_tools_1.JwtTools.generateAccessToken(payload, config.accessToken);
-        (0, globals_1.expect)(typeof token).toBe("string");
-    });
-    (0, globals_1.it)("should throw error when generating access token without secret key", () => {
-        const invalidConfig = {
-            ...config,
-            accessToken: { issuer: { secretKey: "" } },
-        };
-        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.generateAccessToken(payload, invalidConfig.accessToken)).toThrow(errors_1.UndefinedTokenSecretError);
-    });
-    (0, globals_1.it)("should generate a refresh token", () => {
-        const token = jwt_tools_1.JwtTools.generateRefreshToken(payload, config.refreshToken);
-        (0, globals_1.expect)(typeof token).toBe("string");
-    });
-    (0, globals_1.it)("should throw error when generating refresh token without secret key", () => {
-        const invalidConfig = {
-            ...config,
-            refreshToken: { issuer: { secretKey: "" } },
-        };
-        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.generateRefreshToken(payload, invalidConfig.refreshToken)).toThrow(errors_1.UndefinedTokenSecretError);
-    });
-    (0, globals_1.it)("should verify a valid access token", () => {
-        const token = jwt_tools_1.JwtTools.generateAccessToken(payload, config.accessToken);
-        const decoded = jwt_tools_1.JwtTools.verifyAccessToken(token, config.accessToken);
-        (0, globals_1.expect)(decoded.id).toBe(payload.id);
-    });
-    (0, globals_1.it)("should throw error for undefined access token", () => {
-        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.verifyAccessToken("", config.accessToken)).toThrow(errors_1.UndefinedTokenError);
-    });
-    (0, globals_1.it)("should throw error for invalid access token", () => {
-        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.verifyAccessToken("invalid-token", config.accessToken)).toThrow(errors_1.InvalidTokenError);
-    });
-    (0, globals_1.it)("should verify a valid refresh token", () => {
-        const token = jwt_tools_1.JwtTools.generateRefreshToken(payload, config.refreshToken);
-        const decoded = jwt_tools_1.JwtTools.verifyRefreshToken(token, config.refreshToken);
-        (0, globals_1.expect)(decoded.id).toBe(payload.id);
-    });
-    (0, globals_1.it)("should throw error for undefined refresh token", () => {
-        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.verifyRefreshToken("", config.refreshToken)).toThrow(errors_1.UndefinedTokenError);
-    });
-    (0, globals_1.it)("should throw error for invalid refresh token", () => {
-        (0, globals_1.expect)(() => jwt_tools_1.JwtTools.verifyRefreshToken("invalid-token", config.refreshToken)).toThrow(errors_1.InvalidTokenError);
-    });
-    (0, globals_1.it)("should set the access token in the response header", () => {
-        const token = jwt_tools_1.JwtTools.generateAccessToken(payload, config.accessToken);
-        const context = { res: { setHeader: globals_1.jest.fn() } };
-        jwt_tools_1.JwtTools.setAccessTokenHeader(token, context);
-        (0, globals_1.expect)(context.res.setHeader).toHaveBeenCalledWith("Authorization", `Bearer ${token}`);
-    });
-    (0, globals_1.it)("should set the refresh token in cookies", () => {
-        const token = jwt_tools_1.JwtTools.generateRefreshToken(payload, config.refreshToken);
-        const context = { res: { cookie: globals_1.jest.fn() } };
-        jwt_tools_1.JwtTools.setRefreshTokenCookie(token, context);
-        (0, globals_1.expect)(context.res.cookie).toHaveBeenCalledWith("refreshToken", token, globals_1.expect.any(Object));
-    });
-    (0, globals_1.it)("should clear tokens from headers and cookies", () => {
-        const context = {
-            res: { clearCookie: globals_1.jest.fn(), setHeader: globals_1.jest.fn() },
-        };
-        jwt_tools_1.JwtTools.clearTokens(context);
-        (0, globals_1.expect)(context.res.clearCookie).toHaveBeenCalledWith("refreshToken");
-        (0, globals_1.expect)(context.res.setHeader).toHaveBeenCalledWith("Authorization", "");
-    });
-    (0, globals_1.it)("should retrieve an access token from request headers", () => {
-        const token = jwt_tools_1.JwtTools.generateAccessToken(payload, config.accessToken);
-        const context = {
-            req: { headers: { authorization: `Bearer ${token}` } },
-        };
-        const extractedToken = jwt_tools_1.JwtTools.getAccessToken(context);
-        (0, globals_1.expect)(extractedToken).toBe(token);
-    });
-    (0, globals_1.it)("should retrieve a refresh token from request cookies", () => {
-        const token = jwt_tools_1.JwtTools.generateRefreshToken(payload, config.refreshToken);
-        const context = { req: { cookies: { refreshToken: token } } };
-        const extractedToken = jwt_tools_1.JwtTools.getRefreshToken(context);
-        (0, globals_1.expect)(extractedToken).toBe(token);
-    });
-});

package/build/strategies/local/__tests__/local.strategy.test.d.ts

@@ -1 +0,0 @@
-export {};

package/build/strategies/local/__tests__/local.strategy.test.js

@@ -1,115 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const local_strategy_1 = require("../local.strategy");
-const errors_1 = require("../../../errors");
-describe("LocalStrategy", () => {
-    let strategy;
-    let mockConfig;
-    let mockSession;
-    let mockJwt;
-    beforeEach(() => {
-        mockConfig = {
-            credentials: {
-                extractCredentials: jest.fn(),
-                verifyCredentials: jest.fn(),
-            },
-            user: {
-                fetchUser: jest.fn(),
-            },
-            routes: {
-                login: {},
-                logout: {},
-            },
-        };
-        mockSession = {
-            issueSession: jest.fn(),
-        };
-        mockJwt = {
-            issueTokens: jest.fn(),
-        };
-        strategy = new local_strategy_1.LocalStrategy(mockConfig, mockSession, mockJwt);
-    });
-    describe("extractCredentials", () => {
-        it("should extract credentials from context", async () => {
-            const mockContext = { body: { username: "test", password: "pass123" } };
-            mockConfig.credentials.extractCredentials.mockResolvedValue({
-                identifier: "test",
-                password: "pass123",
-            });
-            const credentials = await strategy.extractCredentials(mockContext);
-            expect(credentials).toEqual({ identifier: "test", password: "pass123" });
-            expect(mockConfig.credentials.extractCredentials).toHaveBeenCalledWith(mockContext);
-        });
-        it("should throw MissingCredentialsError if no credentials are provided", async () => {
-            mockConfig.credentials.extractCredentials.mockRejectedValue(new errors_1.MissingCredentialsError());
-            await expect(strategy.extractCredentials({})).rejects.toThrow(errors_1.MissingCredentialsError);
-        });
-    });
-    describe("verifyCredentials", () => {
-        it("should verify credentials successfully", async () => {
-            mockConfig.credentials.verifyCredentials.mockResolvedValue(true);
-            const result = await strategy.verifyCredentials("test", "pass123");
-            expect(result).toBe(true);
-            expect(mockConfig.credentials.verifyCredentials).toHaveBeenCalledWith("test", "pass123");
-        });
-        it("should return false if credentials are invalid", async () => {
-            mockConfig.credentials.verifyCredentials.mockResolvedValue(false);
-            const result = await strategy.verifyCredentials("test", "wrongpass");
-            expect(result).toBe(false);
-            expect(mockConfig.credentials.verifyCredentials).toHaveBeenCalledWith("test", "wrongpass");
-        });
-    });
-    describe("fetchUser", () => {
-        it("should fetch user data", async () => {
-            const mockUser = { id: 1, username: "test" };
-            mockConfig.user.fetchUser.mockResolvedValue(mockUser);
-            const user = await strategy.fetchUser({
-                identifier: "test",
-                password: "pass123",
-            });
-            expect(user).toEqual(mockUser);
-            expect(mockConfig.user.fetchUser).toHaveBeenCalledWith("test");
-        });
-        it("should return null if user is not found", async () => {
-            mockConfig.user.fetchUser.mockResolvedValue(null);
-            const user = await strategy.fetchUser({
-                identifier: "unknown",
-                password: "pass123",
-            });
-            expect(user).toBeNull();
-            expect(mockConfig.user.fetchUser).toHaveBeenCalledWith("unknown");
-        });
-    });
-    describe("login", () => {
-        const mockContext = { body: { username: "test", password: "pass123" } };
-        const mockUser = { id: 1, username: "test" };
-        const mockTokens = { accessToken: "access", refreshToken: "refresh" };
-        const mockSessionData = { sessionId: "session123", data: mockUser };
-        beforeEach(() => {
-            mockConfig.credentials.extractCredentials.mockResolvedValue({
-                identifier: "test",
-                password: "pass123",
-            });
-            mockConfig.credentials.verifyCredentials.mockResolvedValue(true);
-            mockConfig.user.fetchUser.mockResolvedValue(mockUser);
-            mockJwt.issueTokens.mockResolvedValue(mockTokens);
-            mockSession.issueSession.mockResolvedValue(mockSessionData);
-        });
-        it("should login and return user with tokens and session", async () => {
-            const result = await strategy.login(mockContext);
-            expect(result.user).toEqual(mockUser);
-            expect(result.tokens).toEqual(mockTokens);
-            expect(result.session).toEqual(mockSessionData);
-            expect(mockJwt.issueTokens).toHaveBeenCalledWith(mockUser, mockContext);
-            expect(mockSession.issueSession).toHaveBeenCalledWith(mockUser, mockContext);
-        });
-        it("should throw InvalidCredentialsError if credentials are incorrect", async () => {
-            mockConfig.credentials.verifyCredentials.mockResolvedValue(false);
-            await expect(strategy.login(mockContext)).rejects.toThrow(errors_1.InvalidCredentialsError);
-        });
-        it("should throw UserNotFoundError if user is not found", async () => {
-            mockConfig.user.fetchUser.mockResolvedValue(null);
-            await expect(strategy.login(mockContext)).rejects.toThrow(errors_1.UserNotFoundError);
-        });
-    });
-});