@telicent-oss/fe-auth-lib 1.0.0 → 1.0.2-TELFE-1477.0

package/src/__tests__/methods/getRawIdToken.success.test.ts

@@ -0,0 +1,39 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { installTestEnv, resetTestEnv } from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("happy path - getRawIdToken returns stored token", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns auth_id_token from storage", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    sessionStorage.setItem("auth_id_token", "RAW_TOKEN");
+
+    const result = client.getRawIdToken();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": "RAW_TOKEN",
+      }
+    `);
+  });
+});

package/src/__tests__/methods/getUserInfo.failures.test.ts

@@ -0,0 +1,153 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { buildJwt, installTestEnv, resetTestEnv } from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("failure path - getUserInfo errors", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns null when token is missing", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+
+    const info = client.getUserInfo();
+
+    expect({ info }).toMatchInlineSnapshot(`
+      {
+        "info": null,
+      }
+    `);
+  });
+
+  it("returns null for invalid token", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    sessionStorage.setItem("auth_id_token", "not-a-jwt");
+
+    const info = client.getUserInfo();
+
+    expect({ info }).toMatchInlineSnapshot(`
+      {
+        "info": null,
+      }
+    `);
+  });
+
+  it("returns null for expired token", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+
+    const client = new AuthServerOAuth2Client(createConfig());
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) - 10,
+      iat: Math.floor(now / 1000) - 100,
+      email: "user@example.com",
+      preferred_name: "User One",
+      iss: "http://auth.telicent.localhost",
+      jti: "id-1",
+    });
+    sessionStorage.setItem("auth_id_token", token);
+
+    const info = client.getUserInfo();
+
+    expect({ info }).toMatchInlineSnapshot(`
+      {
+        "info": null,
+      }
+    `);
+
+    (Date.now as jest.Mock).mockRestore();
+  });
+
+  it("returns unvalidated info when schema validation fails", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+
+    const client = new AuthServerOAuth2Client(createConfig());
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) + 300,
+      iat: Math.floor(now / 1000),
+      iss: "http://auth.telicent.localhost",
+      jti: "id-1",
+    });
+    sessionStorage.setItem("auth_id_token", token);
+
+    const info = client.getUserInfo();
+
+    expect({
+      info,
+      warnings: (console.warn as jest.Mock).mock.calls.map((call) => call[0]),
+    }).toMatchInlineSnapshot(`
+      {
+        "info": {
+          "aud": "client-1",
+          "auth_time": undefined,
+          "azp": undefined,
+          "email": undefined,
+          "exp": 1700000300,
+          "externalProvider": {
+            "aud": "client-1",
+            "exp": 1700000300,
+            "iat": 1700000000,
+            "iss": "http://auth.telicent.localhost",
+            "jti": "id-1",
+            "sub": "user-1",
+          },
+          "iat": 1700000000,
+          "isActive": undefined,
+          "iss": "http://auth.telicent.localhost",
+          "jti": "id-1",
+          "name": "user-1",
+          "nonce": undefined,
+          "preferred_name": undefined,
+          "sid": undefined,
+          "source": "id_token",
+          "sub": "user-1",
+          "token_expired": false,
+          "token_expires_at": "2023-11-14T22:18:20.000Z",
+        },
+        "warnings": [
+          "Returning unvalidated user info. Validation errors:",
+        ],
+      }
+    `);
+
+    (Date.now as jest.Mock).mockRestore();
+  });
+
+  it("returns null when decodeJWT throws", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    sessionStorage.setItem("auth_id_token", "TOKEN");
+    jest.spyOn(client, "decodeJWT").mockImplementation(() => {
+      throw new Error("decode failed");
+    });
+
+    const info = client.getUserInfo();
+
+    expect({ info }).toMatchInlineSnapshot(`
+      {
+        "info": null,
+      }
+    `);
+  });
+});

package/src/__tests__/methods/getUserInfo.success.test.ts

@@ -0,0 +1,84 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { buildJwt, installTestEnv, resetTestEnv } from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("happy path - getUserInfo returns mapped user info", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns user info for valid token", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+
+    const client = new AuthServerOAuth2Client(createConfig());
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) + 300,
+      iat: Math.floor(now / 1000),
+      email: "user@example.com",
+      preferred_name: "User One",
+      iss: "http://auth.telicent.localhost",
+      jti: "id-1",
+      isActive: true,
+    });
+    sessionStorage.setItem("auth_id_token", token);
+
+    const info = client.getUserInfo();
+
+    expect({ info }).toMatchInlineSnapshot(`
+      {
+        "info": {
+          "aud": "client-1",
+          "auth_time": undefined,
+          "azp": undefined,
+          "email": "user@example.com",
+          "exp": 1700000300,
+          "externalProvider": {
+            "aud": "client-1",
+            "email": "user@example.com",
+            "exp": 1700000300,
+            "iat": 1700000000,
+            "isActive": true,
+            "iss": "http://auth.telicent.localhost",
+            "jti": "id-1",
+            "preferred_name": "User One",
+            "sub": "user-1",
+          },
+          "iat": 1700000000,
+          "isActive": true,
+          "iss": "http://auth.telicent.localhost",
+          "jti": "id-1",
+          "name": "User One",
+          "nonce": undefined,
+          "preferred_name": "User One",
+          "sid": undefined,
+          "source": "id_token",
+          "sub": "user-1",
+          "token_expired": false,
+          "token_expires_at": "2023-11-14T22:18:20.000Z",
+        },
+      }
+    `);
+
+    (Date.now as jest.Mock).mockRestore();
+  });
+});

package/src/__tests__/methods/isAuthenticated.failures.test.ts

@@ -0,0 +1,62 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { installTestEnv, resetTestEnv, setWindowLocation } from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+const createFetchResponse = (options: { ok?: boolean }): Response =>
+  ({
+    ok: options.ok ?? false,
+    json: jest.fn().mockResolvedValue({}),
+  } as unknown as Response);
+
+describe("failure path - isAuthenticated errors", () => {
+  beforeEach(() => {
+    installTestEnv();
+    setWindowLocation("http://app.telicent.localhost/home");
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns false when response is not ok", async () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    const fetchMock = jest.fn().mockResolvedValue(
+      createFetchResponse({ ok: false })
+    );
+    globalThis.fetch = fetchMock;
+
+    const result = await client.isAuthenticated();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+  });
+
+  it("returns false when fetch throws", async () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    globalThis.fetch = jest.fn().mockRejectedValue(new Error("network"));
+
+    const result = await client.isAuthenticated();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+  });
+});

package/src/__tests__/methods/isAuthenticated.success.test.ts

@@ -0,0 +1,84 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { installTestEnv, resetTestEnv, setWindowLocation } from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+const createFetchResponse = (options: {
+  ok?: boolean;
+  jsonData?: unknown;
+}): Response =>
+  ({
+    ok: options.ok ?? true,
+    json: jest.fn().mockResolvedValue(options.jsonData ?? {}),
+  } as unknown as Response);
+
+describe("happy path - isAuthenticated succeeds", () => {
+  beforeEach(() => {
+    installTestEnv();
+    setWindowLocation("http://app.telicent.localhost/home");
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns true and stores id token", async () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    const fetchMock = jest.fn().mockResolvedValue(
+      createFetchResponse({ jsonData: { id_token: "ID_TOKEN_1" } })
+    );
+    globalThis.fetch = fetchMock;
+
+    const result = await client.isAuthenticated();
+
+    expect({
+      result,
+      authIdToken: sessionStorage.getItem("auth_id_token"),
+      fetchUrl: fetchMock.mock.calls[0][0],
+    }).toMatchInlineSnapshot(`
+      {
+        "authIdToken": "ID_TOKEN_1",
+        "fetchUrl": "http://auth.telicent.localhost/session/check",
+        "result": true,
+      }
+    `);
+  });
+
+  it("sends Authorization header for cross-domain session", async () => {
+    const client = new AuthServerOAuth2Client(
+      createConfig({ authServerUrl: "https://auth.telicent.io" })
+    );
+    sessionStorage.setItem("auth_session_id", "SESSION_ABC");
+    const fetchMock = jest.fn().mockResolvedValue(
+      createFetchResponse({ jsonData: { id_token: "ID_TOKEN_2" } })
+    );
+    globalThis.fetch = fetchMock;
+
+    const result = await client.isAuthenticated();
+
+    expect({
+      result,
+      headers: fetchMock.mock.calls[0][1]?.headers,
+    }).toMatchInlineSnapshot(`
+      {
+        "headers": {
+          "Accept": "application/json",
+          "Authorization": "Bearer SESSION_ABC",
+        },
+        "result": true,
+      }
+    `);
+  });
+});

package/src/__tests__/methods/isIdTokenExpired.failures.test.ts

@@ -0,0 +1,77 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { buildJwt, installTestEnv, resetTestEnv } from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("failure path - isIdTokenExpired errors", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns true when token is missing", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+
+    const result = client.isIdTokenExpired();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": true,
+      }
+    `);
+  });
+
+  it("returns true for expired token", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+
+    const client = new AuthServerOAuth2Client(createConfig());
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) - 10,
+    });
+    sessionStorage.setItem("auth_id_token", token);
+
+    const result = client.isIdTokenExpired();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": true,
+      }
+    `);
+
+    (Date.now as jest.Mock).mockRestore();
+  });
+
+  it("returns true when decodeJWT throws", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    sessionStorage.setItem("auth_id_token", "TOKEN");
+    jest.spyOn(client, "decodeJWT").mockImplementation(() => {
+      throw new Error("decode failed");
+    });
+
+    const result = client.isIdTokenExpired();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": true,
+      }
+    `);
+  });
+});

package/src/__tests__/methods/isIdTokenExpired.success.test.ts

@@ -0,0 +1,49 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { buildJwt, installTestEnv, resetTestEnv } from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("happy path - isIdTokenExpired returns false", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns false for valid token", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+
+    const client = new AuthServerOAuth2Client(createConfig());
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) + 300,
+    });
+    sessionStorage.setItem("auth_id_token", token);
+
+    const result = client.isIdTokenExpired();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+
+    (Date.now as jest.Mock).mockRestore();
+  });
+});