@stonyx/oauth 0.1.1-beta.9 → 0.1.1-beta.90

package/test/sample/providers/mock.js

@@ -1,40 +0,0 @@
-import OAuthFlow from '../../../src/oauth-flow.js';
-
-export default class MockProvider extends OAuthFlow {
-  constructor(config) {
-    super({
-      ...config,
-      authorizationUrl: 'https://mock.provider/oauth/authorize',
-      tokenUrl: 'https://mock.provider/oauth/token',
-      userInfoUrl: 'https://mock.provider/api/me',
-    });
-  }
-
-  async exchangeCode(_code) {
-    return {
-      accessToken: 'mock-access-token',
-      refreshToken: 'mock-refresh-token',
-      expiresIn: 3600,
-    };
-  }
-
-  async fetchUserInfo(_accessToken) {
-    return {
-      id: 'mock-user-123',
-      username: 'mockuser',
-      displayName: 'Mock User',
-      email: 'mock@test.com',
-    };
-  }
-
-  normalizeUser(rawUser) {
-    return {
-      id: rawUser.id,
-      username: rawUser.username,
-      displayName: rawUser.displayName,
-      avatar: null,
-      email: rawUser.email,
-      raw: rawUser,
-    };
-  }
-}

package/test/unit/oauth-flow-test.js

@@ -1,137 +0,0 @@
-import QUnit from 'qunit';
-import OAuthFlow from '../../src/oauth-flow.js';
-
-const { module, test } = QUnit;
-
-const defaultConfig = {
-  clientId: 'test-client',
-  clientSecret: 'test-secret',
-  redirectUri: 'http://localhost/callback',
-  scopes: ['read', 'write'],
-  authorizationUrl: 'https://provider.com/oauth/authorize',
-  tokenUrl: 'https://provider.com/oauth/token',
-  userInfoUrl: 'https://provider.com/api/me',
-};
-
-module('[Unit] OAuthFlow', function() {
-  module('buildAuthorizationUrl', function() {
-    test('generates a valid authorization URL with all params', function(assert) {
-      const flow = new OAuthFlow(defaultConfig);
-      const url = flow.buildAuthorizationUrl('test-state-123');
-
-      assert.ok(url.startsWith('https://provider.com/oauth/authorize?'));
-      assert.ok(url.includes('client_id=test-client'));
-      assert.ok(url.includes('redirect_uri='));
-      assert.ok(url.includes('response_type=code'));
-      assert.ok(url.includes('scope=read+write'));
-      assert.ok(url.includes('state=test-state-123'));
-    });
-
-    test('handles empty scopes', function(assert) {
-      const flow = new OAuthFlow({ ...defaultConfig, scopes: [] });
-      const url = flow.buildAuthorizationUrl('state');
-
-      assert.ok(url.includes('scope='));
-    });
-  });
-
-  module('exchangeCode', function() {
-    test('makes a POST request to the token URL', async function(assert) {
-      const flow = new OAuthFlow(defaultConfig);
-      const originalFetch = globalThis.fetch;
-
-      globalThis.fetch = async (url, options) => {
-        assert.equal(url, 'https://provider.com/oauth/token');
-        assert.equal(options.method, 'POST');
-        assert.equal(options.headers['Content-Type'], 'application/json');
-
-        const body = JSON.parse(options.body);
-        assert.equal(body.grant_type, 'authorization_code');
-        assert.equal(body.code, 'test-code');
-        assert.equal(body.client_id, 'test-client');
-
-        return {
-          ok: true,
-          json: async () => ({ access_token: 'abc', refresh_token: 'def', expires_in: 3600 }),
-        };
-      };
-
-      const result = await flow.exchangeCode('test-code');
-
-      assert.equal(result.accessToken, 'abc');
-      assert.equal(result.refreshToken, 'def');
-      assert.equal(result.expiresIn, 3600);
-
-      globalThis.fetch = originalFetch;
-    });
-
-    test('throws on failed token exchange', async function(assert) {
-      const flow = new OAuthFlow(defaultConfig);
-      const originalFetch = globalThis.fetch;
-
-      globalThis.fetch = async () => ({ ok: false, status: 400 });
-
-      await assert.rejects(flow.exchangeCode('bad-code'), /Token exchange failed: 400/);
-
-      globalThis.fetch = originalFetch;
-    });
-  });
-
-  module('refreshAccessToken', function() {
-    test('makes a refresh grant request', async function(assert) {
-      const flow = new OAuthFlow(defaultConfig);
-      const originalFetch = globalThis.fetch;
-
-      globalThis.fetch = async (_url, options) => {
-        const body = JSON.parse(options.body);
-        assert.equal(body.grant_type, 'refresh_token');
-        assert.equal(body.refresh_token, 'old-refresh');
-
-        return {
-          ok: true,
-          json: async () => ({ access_token: 'new-access', expires_in: 7200 }),
-        };
-      };
-
-      const result = await flow.refreshAccessToken('old-refresh');
-
-      assert.equal(result.accessToken, 'new-access');
-      assert.equal(result.refreshToken, 'old-refresh', 'falls back to original refresh token');
-      assert.equal(result.expiresIn, 7200);
-
-      globalThis.fetch = originalFetch;
-    });
-  });
-
-  module('fetchUserInfo', function() {
-    test('sends a Bearer token in the Authorization header', async function(assert) {
-      const flow = new OAuthFlow(defaultConfig);
-      const originalFetch = globalThis.fetch;
-
-      globalThis.fetch = async (url, options) => {
-        assert.equal(url, 'https://provider.com/api/me');
-        assert.equal(options.headers.Authorization, 'Bearer my-token');
-
-        return {
-          ok: true,
-          json: async () => ({ id: '1', name: 'Test' }),
-        };
-      };
-
-      const result = await flow.fetchUserInfo('my-token');
-      assert.deepEqual(result, { id: '1', name: 'Test' });
-
-      globalThis.fetch = originalFetch;
-    });
-  });
-
-  module('normalizeUser', function() {
-    test('returns raw user by default', function(assert) {
-      const flow = new OAuthFlow(defaultConfig);
-      const raw = { id: '1', name: 'Test' };
-      const result = flow.normalizeUser(raw);
-
-      assert.deepEqual(result, { raw });
-    });
-  });
-});

package/test/unit/providers/discord-test.js

@@ -1,115 +0,0 @@
-import QUnit from 'qunit';
-import DiscordProvider from '../../../src/providers/discord.js';
-
-const { module, test } = QUnit;
-
-const defaultConfig = {
-  clientId: 'discord-client-id',
-  clientSecret: 'discord-client-secret',
-  redirectUri: 'http://localhost/auth/callback/discord',
-  scopes: ['identify', 'email'],
-};
-
-module('[Unit] DiscordProvider', function() {
-  module('constructor', function() {
-    test('sets correct Discord OAuth2 URLs', function(assert) {
-      const provider = new DiscordProvider(defaultConfig);
-
-      assert.equal(provider.authorizationUrl, 'https://discord.com/oauth2/authorize');
-      assert.equal(provider.tokenUrl, 'https://discord.com/api/oauth2/token');
-      assert.equal(provider.userInfoUrl, 'https://discord.com/api/users/@me');
-    });
-
-    test('preserves client config', function(assert) {
-      const provider = new DiscordProvider(defaultConfig);
-
-      assert.equal(provider.clientId, 'discord-client-id');
-      assert.equal(provider.clientSecret, 'discord-client-secret');
-      assert.deepEqual(provider.scopes, ['identify', 'email']);
-    });
-  });
-
-  module('exchangeCode', function() {
-    test('uses form-encoded body for Discord token exchange', async function(assert) {
-      const provider = new DiscordProvider(defaultConfig);
-      const originalFetch = globalThis.fetch;
-
-      globalThis.fetch = async (url, options) => {
-        assert.equal(url, 'https://discord.com/api/oauth2/token');
-        assert.equal(options.headers['Content-Type'], 'application/x-www-form-urlencoded');
-        assert.ok(options.body instanceof URLSearchParams);
-
-        const params = Object.fromEntries(options.body);
-        assert.equal(params.grant_type, 'authorization_code');
-        assert.equal(params.code, 'discord-auth-code');
-        assert.equal(params.client_id, 'discord-client-id');
-
-        return {
-          ok: true,
-          json: async () => ({ access_token: 'discord-token', refresh_token: 'refresh', expires_in: 604800 }),
-        };
-      };
-
-      const result = await provider.exchangeCode('discord-auth-code');
-
-      assert.equal(result.accessToken, 'discord-token');
-      assert.equal(result.refreshToken, 'refresh');
-      assert.equal(result.expiresIn, 604800);
-
-      globalThis.fetch = originalFetch;
-    });
-  });
-
-  module('normalizeUser', function() {
-    test('maps Discord user fields correctly', function(assert) {
-      const provider = new DiscordProvider(defaultConfig);
-
-      const discordUser = {
-        id: '123456789',
-        username: 'testuser',
-        global_name: 'Test User',
-        avatar: 'abc123',
-        email: 'test@example.com',
-      };
-
-      const result = provider.normalizeUser(discordUser);
-
-      assert.equal(result.id, '123456789');
-      assert.equal(result.username, 'testuser');
-      assert.equal(result.displayName, 'Test User');
-      assert.equal(result.avatar, 'https://cdn.discordapp.com/avatars/123456789/abc123.png');
-      assert.equal(result.email, 'test@example.com');
-      assert.deepEqual(result.raw, discordUser);
-    });
-
-    test('handles missing avatar', function(assert) {
-      const provider = new DiscordProvider(defaultConfig);
-
-      const result = provider.normalizeUser({
-        id: '1', username: 'user', global_name: 'User', avatar: null, email: null,
-      });
-
-      assert.equal(result.avatar, null);
-    });
-
-    test('falls back to username when global_name is missing', function(assert) {
-      const provider = new DiscordProvider(defaultConfig);
-
-      const result = provider.normalizeUser({
-        id: '1', username: 'myuser', avatar: null, email: null,
-      });
-
-      assert.equal(result.displayName, 'myuser');
-    });
-
-    test('handles missing email', function(assert) {
-      const provider = new DiscordProvider(defaultConfig);
-
-      const result = provider.normalizeUser({
-        id: '1', username: 'user', global_name: 'User', avatar: null,
-      });
-
-      assert.equal(result.email, null);
-    });
-  });
-});

package/test/unit/session-manager-test.js

@@ -1,85 +0,0 @@
-import QUnit from 'qunit';
-import SessionManager from '../../src/session-manager.js';
-
-const { module, test } = QUnit;
-
-const mockUser = { id: '1', username: 'testuser' };
-const mockTokens = { accessToken: 'abc', expiresAt: Date.now() + 60000 };
-
-module('[Unit] SessionManager', function() {
-  module('create', function() {
-    test('generates a unique session ID and stores session', function(assert) {
-      const manager = new SessionManager(3600);
-      const session1 = manager.create(mockUser, mockTokens);
-      const session2 = manager.create(mockUser, mockTokens);
-
-      assert.ok(session1.sessionId);
-      assert.ok(session2.sessionId);
-      assert.notEqual(session1.sessionId, session2.sessionId);
-      assert.deepEqual(session1.user, mockUser);
-    });
-
-    test('sets expiresAt based on duration', function(assert) {
-      const manager = new SessionManager(3600);
-      const before = Date.now();
-      const session = manager.create(mockUser, mockTokens);
-
-      assert.ok(session.expiresAt >= before + 3600 * 1000);
-    });
-  });
-
-  module('get', function() {
-    test('returns session data for a valid session ID', function(assert) {
-      const manager = new SessionManager(3600);
-      const { sessionId } = manager.create(mockUser, mockTokens);
-      const session = manager.get(sessionId);
-
-      assert.ok(session);
-      assert.deepEqual(session.user, mockUser);
-    });
-
-    test('returns null for unknown session ID', function(assert) {
-      const manager = new SessionManager(3600);
-      const session = manager.get('nonexistent');
-
-      assert.equal(session, null);
-    });
-  });
-
-  module('validate', function() {
-    test('returns user for a valid, non-expired session', function(assert) {
-      const manager = new SessionManager(3600);
-      const { sessionId } = manager.create(mockUser, mockTokens);
-      const user = manager.validate(sessionId);
-
-      assert.deepEqual(user, mockUser);
-    });
-
-    test('returns null for an expired session and cleans it up', function(assert) {
-      const manager = new SessionManager(0);
-      const { sessionId } = manager.create(mockUser, mockTokens);
-      const user = manager.validate(sessionId);
-
-      assert.equal(user, null);
-      assert.equal(manager.get(sessionId), null);
-    });
-
-    test('returns null for nonexistent session', function(assert) {
-      const manager = new SessionManager(3600);
-      const user = manager.validate('missing');
-
-      assert.equal(user, null);
-    });
-  });
-
-  module('destroy', function() {
-    test('removes the session', function(assert) {
-      const manager = new SessionManager(3600);
-      const { sessionId } = manager.create(mockUser, mockTokens);
-
-      manager.destroy(sessionId);
-
-      assert.equal(manager.get(sessionId), null);
-    });
-  });
-});

package/test/unit/state-validation-test.js

@@ -1,118 +0,0 @@
-import QUnit from 'qunit';
-
-const { module, test } = QUnit;
-
-/**
- * Tests for OAuth state token validation logic.
- *
- * These tests exercise the pendingStates map and validation directly,
- * mirroring the logic in OAuth.handleCallback without requiring the
- * full module initialization (which depends on stonyx config/modules).
- */
-
-const TEN_MINUTES = 10 * 60 * 1000;
-
-function validateState(pendingStates, stateToken) {
-  if (!stateToken || !pendingStates.has(stateToken)) {
-    throw new Error('Invalid or missing state token');
-  }
-
-  const stateCreatedAt = pendingStates.get(stateToken);
-  pendingStates.delete(stateToken);
-
-  if (Date.now() - stateCreatedAt > TEN_MINUTES) {
-    throw new Error('State token has expired');
-  }
-}
-
-module('[Unit] State Validation', function() {
-  test('accepts a valid pending state token', function(assert) {
-    const pendingStates = new Map();
-    pendingStates.set('valid-token', Date.now());
-
-    validateState(pendingStates, 'valid-token');
-    assert.ok(true, 'did not throw');
-  });
-
-  test('consumes the state token after validation', function(assert) {
-    const pendingStates = new Map();
-    pendingStates.set('one-time-token', Date.now());
-
-    validateState(pendingStates, 'one-time-token');
-    assert.false(pendingStates.has('one-time-token'), 'token removed from pending states');
-  });
-
-  test('rejects a missing state token', function(assert) {
-    const pendingStates = new Map();
-
-    assert.throws(
-      () => validateState(pendingStates, undefined),
-      /Invalid or missing state token/,
-    );
-  });
-
-  test('rejects an empty string state token', function(assert) {
-    const pendingStates = new Map();
-
-    assert.throws(
-      () => validateState(pendingStates, ''),
-      /Invalid or missing state token/,
-    );
-  });
-
-  test('rejects an unknown state token', function(assert) {
-    const pendingStates = new Map();
-    pendingStates.set('known-token', Date.now());
-
-    assert.throws(
-      () => validateState(pendingStates, 'unknown-token'),
-      /Invalid or missing state token/,
-    );
-  });
-
-  test('rejects an expired state token (older than 10 minutes)', function(assert) {
-    const pendingStates = new Map();
-    const elevenMinutesAgo = Date.now() - (11 * 60 * 1000);
-    pendingStates.set('expired-token', elevenMinutesAgo);
-
-    assert.throws(
-      () => validateState(pendingStates, 'expired-token'),
-      /State token has expired/,
-    );
-  });
-
-  test('expired state token is still consumed', function(assert) {
-    const pendingStates = new Map();
-    const elevenMinutesAgo = Date.now() - (11 * 60 * 1000);
-    pendingStates.set('expired-token', elevenMinutesAgo);
-
-    try {
-      validateState(pendingStates, 'expired-token');
-    } catch {
-      // expected
-    }
-
-    assert.false(pendingStates.has('expired-token'), 'expired token removed from map');
-  });
-
-  test('accepts a token just under 10 minutes old', function(assert) {
-    const pendingStates = new Map();
-    const nineMinutesAgo = Date.now() - (9 * 60 * 1000);
-    pendingStates.set('fresh-token', nineMinutesAgo);
-
-    validateState(pendingStates, 'fresh-token');
-    assert.ok(true, 'did not throw');
-  });
-
-  test('rejects reuse of a previously valid token', function(assert) {
-    const pendingStates = new Map();
-    pendingStates.set('use-once', Date.now());
-
-    validateState(pendingStates, 'use-once');
-
-    assert.throws(
-      () => validateState(pendingStates, 'use-once'),
-      /Invalid or missing state token/,
-    );
-  });
-});

package/test/unit/token-manager-test.js

@@ -1,76 +0,0 @@
-import QUnit from 'qunit';
-import TokenManager from '../../src/token-manager.js';
-
-const { module, test } = QUnit;
-
-function createMockFlow() {
-  return {
-    exchangeCode: async (code) => ({
-      accessToken: `token-for-${code}`,
-      refreshToken: 'refresh-123',
-      expiresIn: 3600,
-    }),
-    refreshAccessToken: async (refreshToken) => ({
-      accessToken: 'new-access',
-      refreshToken,
-      expiresIn: 7200,
-    }),
-    revokeToken: async () => {},
-  };
-}
-
-module('[Unit] TokenManager', function() {
-  module('getTokens', function() {
-    test('delegates to flow.exchangeCode and sets expiresAt', async function(assert) {
-      const manager = new TokenManager(createMockFlow());
-      const before = Date.now();
-      const result = await manager.getTokens('my-code');
-
-      assert.equal(result.accessToken, 'token-for-my-code');
-      assert.equal(result.refreshToken, 'refresh-123');
-      assert.ok(result.expiresAt >= before + 3600 * 1000);
-    });
-  });
-
-  module('refresh', function() {
-    test('delegates to flow.refreshAccessToken and sets expiresAt', async function(assert) {
-      const manager = new TokenManager(createMockFlow());
-      const result = await manager.refresh('refresh-123');
-
-      assert.equal(result.accessToken, 'new-access');
-      assert.ok(result.expiresAt > Date.now());
-    });
-  });
-
-  module('revoke', function() {
-    test('delegates to flow.revokeToken', async function(assert) {
-      let revoked = false;
-      const flow = { ...createMockFlow(), revokeToken: async () => { revoked = true; } };
-      const manager = new TokenManager(flow);
-
-      await manager.revoke('some-token');
-      assert.ok(revoked);
-    });
-  });
-
-  module('isExpired', function() {
-    test('returns true if expiresAt is in the past', function(assert) {
-      const manager = new TokenManager(createMockFlow());
-
-      assert.true(manager.isExpired({ expiresAt: Date.now() - 1000 }));
-    });
-
-    test('returns false if expiresAt is in the future', function(assert) {
-      const manager = new TokenManager(createMockFlow());
-
-      assert.false(manager.isExpired({ expiresAt: Date.now() + 60000 }));
-    });
-
-    test('returns true if tokenData is null or missing expiresAt', function(assert) {
-      const manager = new TokenManager(createMockFlow());
-
-      assert.true(manager.isExpired(null));
-      assert.true(manager.isExpired({}));
-    });
-  });
-});