@telicent-oss/fe-auth-lib 1.0.1 → 1.0.2-TELFE-1477.0

package/src/__tests__/core.success.test.ts

@@ -0,0 +1,196 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../AuthServerOAuth2Client";
+import {
+  installTestEnv,
+  mockPkceValues,
+  resetTestEnv,
+  setWindowLocation,
+} from "./test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+) => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("happy path - constructor, domain detection, pkce, and login", () => {
+  beforeEach(() => {
+    installTestEnv();
+    setWindowLocation("http://app.telicent.localhost/home");
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("constructs client and detects same-domain", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+
+    expect({
+      clientId: client.config.clientId,
+      isCrossDomain: client.isCrossDomain,
+    }).toMatchInlineSnapshot(`
+      {
+        "clientId": "client-1",
+        "isCrossDomain": false,
+      }
+    `);
+  });
+
+  it("detects domains across common cases", () => {
+    const cases = [
+      {
+        current: "http://localhost",
+        authServerUrl: "http://localhost",
+      },
+      {
+        current: "http://app.telicent.localhost",
+        authServerUrl: "http://auth.telicent.localhost",
+      },
+      {
+        current: "http://localhost:3000",
+        authServerUrl: "https://dev.telicent.io",
+      },
+    ];
+
+    const results = cases.map((item) => {
+      setWindowLocation(item.current);
+      const client = new AuthServerOAuth2Client(
+        createConfig({ authServerUrl: item.authServerUrl })
+      );
+      return {
+        current: item.current,
+        auth: item.authServerUrl,
+        isCrossDomain: client.isCrossDomain,
+      };
+    });
+
+    expect(results).toMatchInlineSnapshot(`
+      [
+        {
+          "auth": "http://localhost",
+          "current": "http://localhost",
+          "isCrossDomain": false,
+        },
+        {
+          "auth": "http://auth.telicent.localhost",
+          "current": "http://app.telicent.localhost",
+          "isCrossDomain": false,
+        },
+        {
+          "auth": "https://dev.telicent.io",
+          "current": "http://localhost:3000",
+          "isCrossDomain": true,
+        },
+      ]
+    `);
+  });
+
+  it("generates readable pkce values, state, and nonce", async () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    const values = mockPkceValues(client);
+    const codeVerifier = client.generateCodeVerifier();
+    const codeChallenge = await client.generateCodeChallenge(codeVerifier);
+    const state = client.generateState();
+    const nonce = client.generateNonce();
+
+    expect({
+      codeVerifier,
+      codeChallenge,
+      state,
+      nonce,
+    }).toMatchInlineSnapshot(`
+      {
+        "codeChallenge": "ABC_codeChallenge_ABC",
+        "codeVerifier": "ABC_codeVerifier_ABC",
+        "nonce": "ABC_nonce_ABC",
+        "state": "ABC_state_ABC",
+      }
+    `);
+
+    expect(values).toMatchInlineSnapshot(`
+      {
+        "codeChallenge": "ABC_codeChallenge_ABC",
+        "codeVerifier": "ABC_codeVerifier_ABC",
+        "nonce": "ABC_nonce_ABC",
+        "state": "ABC_state_ABC",
+      }
+    `);
+  });
+
+  it("builds login redirect and stores pkce values", async () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    mockPkceValues(client);
+    await client.login();
+
+    const url = new URL(window.location.href);
+    const params = Object.fromEntries(url.searchParams.entries());
+
+    expect({
+      href: window.location.href,
+      params,
+      storage: {
+        state: sessionStorage.getItem("oauth_state"),
+        nonce: sessionStorage.getItem("oauth_nonce"),
+        codeVerifier: sessionStorage.getItem("oauth_code_verifier"),
+        redirectUri: sessionStorage.getItem("oauth_redirect_uri"),
+      },
+    }).toMatchInlineSnapshot(`
+      {
+        "href": "http://auth.telicent.localhost/oauth2/authorize?response_type=code&client_id=client-1&redirect_uri=http%3A%2F%2Fapp.telicent.localhost%2Fcallback&scope=openid+profile&state=ABC_state_ABC.aHR0cDovL2FwcC50ZWxpY2VudC5sb2NhbGhvc3QvaG9tZQ&nonce=ABC_nonce_ABC&code_challenge=ABC_codeChallenge_ABC&code_challenge_method=S256",
+        "params": {
+          "client_id": "client-1",
+          "code_challenge": "ABC_codeChallenge_ABC",
+          "code_challenge_method": "S256",
+          "nonce": "ABC_nonce_ABC",
+          "redirect_uri": "http://app.telicent.localhost/callback",
+          "response_type": "code",
+          "scope": "openid profile",
+          "state": "ABC_state_ABC.aHR0cDovL2FwcC50ZWxpY2VudC5sb2NhbGhvc3QvaG9tZQ",
+        },
+        "storage": {
+          "codeVerifier": "ABC_codeVerifier_ABC",
+          "nonce": "ABC_nonce_ABC",
+          "redirectUri": "http://app.telicent.localhost/callback",
+          "state": "ABC_state_ABC",
+        },
+      }
+    `);
+  });
+
+  it("opens popup and starts flow", async () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    mockPkceValues(client);
+    const popup = { close: jest.fn(), closed: false } as unknown as Window;
+    const openSpy = jest.spyOn(window, "open").mockReturnValue(popup);
+    const startSpy = jest.spyOn(client, "startPopupFlow");
+
+    await client.loginWithPopup();
+
+    expect({
+      openArgs: openSpy.mock.calls[0],
+      startCalls: startSpy.mock.calls.length,
+      state: sessionStorage.getItem("oauth_state"),
+    }).toMatchInlineSnapshot(`
+      {
+        "openArgs": [
+          "http://auth.telicent.localhost/oauth2/authorize?response_type=code&client_id=client-1&redirect_uri=http%3A%2F%2Fapp.telicent.localhost%2Fpopup&scope=openid+profile&state=ABC_state_ABC&nonce=ABC_nonce_ABC&code_challenge=ABC_codeChallenge_ABC&code_challenge_method=S256",
+          "_blank",
+          "width=600,height=700,scrollbars=yes,resizable=yes",
+        ],
+        "startCalls": 1,
+        "state": "ABC_state_ABC",
+      }
+    `);
+
+    openSpy.mockRestore();
+    startSpy.mockRestore();
+  });
+});

package/src/__tests__/env.success.test.ts

@@ -0,0 +1,17 @@
+describe("happy path - jsdom environment", () => {
+  it("exposes browser globals", () => {
+    const result = {
+      hasWindow: typeof window !== "undefined",
+      hasDocument: typeof document !== "undefined",
+      hasSessionStorage: typeof sessionStorage !== "undefined",
+    };
+
+    expect(result).toMatchInlineSnapshot(`
+      {
+        "hasDocument": true,
+        "hasSessionStorage": true,
+        "hasWindow": true,
+      }
+    `);
+  });
+});

package/src/__tests__/logout.success.test.ts

@@ -0,0 +1,151 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../AuthServerOAuth2Client";
+import { installTestEnv, resetTestEnv } from "./test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+const createFetchResponse = (options: {
+  ok?: boolean;
+  jsonData?: unknown;
+}): Response =>
+  ({
+    ok: options.ok ?? true,
+    json: jest.fn().mockResolvedValue(options.jsonData ?? {}),
+  } as unknown as Response);
+
+describe("happy path - logout flows", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("handles external logout redirect", async () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    const fetchMock = jest.fn().mockResolvedValue(
+      createFetchResponse({
+        jsonData: {
+          external_logout: true,
+          logout_url: "https://idp.example.com/logout",
+        },
+      })
+    );
+    globalThis.fetch = fetchMock;
+
+    await client.logout();
+
+    expect({
+      location: window.location.href,
+      onLogoutCalls: (client.config.onLogout as jest.Mock).mock.calls.length,
+    }).toMatchInlineSnapshot(`
+      {
+        "location": "http://localhost/",
+        "onLogoutCalls": 0,
+      }
+    `);
+  });
+
+  it("includes Authorization header for cross-domain logout", async () => {
+    const client = new AuthServerOAuth2Client(
+      createConfig({ authServerUrl: "https://auth.telicent.io" })
+    );
+    sessionStorage.setItem("auth_session_id", "SESSION_123");
+    const fetchMock = jest.fn().mockResolvedValue(
+      createFetchResponse({ jsonData: {} })
+    );
+    globalThis.fetch = fetchMock;
+
+    await client.logout();
+
+    expect({
+      headers: fetchMock.mock.calls[0][1]?.headers,
+    }).toMatchInlineSnapshot(`
+      {
+        "headers": {
+          "Accept": "application/json",
+          "Authorization": "Bearer SESSION_123",
+        },
+      }
+    `);
+  });
+
+  it("continues logout when response is not json", async () => {
+    const onLogout = jest.fn();
+    const client = new AuthServerOAuth2Client(createConfig({ onLogout }));
+    const fetchMock = jest.fn().mockResolvedValue(
+      ({
+        ok: true,
+        json: jest.fn().mockRejectedValue(new Error("bad json")),
+      } as unknown as Response)
+    );
+    globalThis.fetch = fetchMock;
+
+    await client.logout();
+
+    expect({
+      onLogoutCalls: onLogout.mock.calls.length,
+      warnings: (console.warn as jest.Mock).mock.calls.map((call) => call[0]),
+    }).toMatchInlineSnapshot(`
+      {
+        "onLogoutCalls": 1,
+        "warnings": [
+          "Logout response is not JSON, continuing with standard logout",
+        ],
+      }
+    `);
+  });
+
+  it("continues logout when fetch throws", async () => {
+    const onLogout = jest.fn();
+    const client = new AuthServerOAuth2Client(createConfig({ onLogout }));
+    globalThis.fetch = jest.fn().mockRejectedValue(new Error("network"));
+
+    await client.logout();
+
+    expect({
+      onLogoutCalls: onLogout.mock.calls.length,
+      errors: (console.error as jest.Mock).mock.calls.map((call) => call[0]),
+    }).toMatchInlineSnapshot(`
+      {
+        "errors": [
+          "Logout error (ignoring):",
+        ],
+        "onLogoutCalls": 1,
+      }
+    `);
+  });
+
+  it("calls onLogout on standard logout", async () => {
+    const onLogout = jest.fn();
+    const client = new AuthServerOAuth2Client(createConfig({ onLogout }));
+    const fetchMock = jest.fn().mockResolvedValue(
+      createFetchResponse({
+        jsonData: {},
+      })
+    );
+    globalThis.fetch = fetchMock;
+
+    await client.logout();
+
+    expect({
+      onLogoutCalls: onLogout.mock.calls.length,
+    }).toMatchInlineSnapshot(`
+      {
+        "onLogoutCalls": 1,
+      }
+    `);
+  });
+});

package/src/__tests__/methods/base64URLEncode.success.test.ts

@@ -0,0 +1,39 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { installTestEnv, resetTestEnv } from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("happy path - base64URLEncode", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("encodes bytes to base64url", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    const bytes = new Uint8Array([65, 66, 67]);
+
+    const result = client.base64URLEncode(bytes);
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": "QUJD",
+      }
+    `);
+  });
+});

package/src/__tests__/methods/generateCodeChallenge.success.test.ts

@@ -0,0 +1,43 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import {
+  installCryptoMock,
+  installTestEnv,
+  resetTestEnv,
+} from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("happy path - generateCodeChallenge", () => {
+  beforeEach(() => {
+    installTestEnv();
+    installCryptoMock({ digestBytes: [65, 66, 67] });
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns challenge", async () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+
+    const result = await client.generateCodeChallenge("VERIFIER");
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": "QUJD",
+      }
+    `);
+  });
+});

package/src/__tests__/methods/generateCodeVerifier.success.test.ts

@@ -0,0 +1,43 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import {
+  installCryptoMock,
+  installTestEnv,
+  resetTestEnv,
+} from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("happy path - generateCodeVerifier", () => {
+  beforeEach(() => {
+    installTestEnv();
+    installCryptoMock({ fillByte: 65 });
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns verifier", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+
+    const result = client.generateCodeVerifier();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": "QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE",
+      }
+    `);
+  });
+});

package/src/__tests__/methods/generateNonce.success.test.ts

@@ -0,0 +1,43 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import {
+  installCryptoMock,
+  installTestEnv,
+  resetTestEnv,
+} from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("happy path - generateNonce", () => {
+  beforeEach(() => {
+    installTestEnv();
+    installCryptoMock({ fillByte: 66 });
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns nonce", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+
+    const result = client.generateNonce();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": "QkJCQkJCQkJCQkJCQkJCQg",
+      }
+    `);
+  });
+});

package/src/__tests__/methods/generateState.success.test.ts

@@ -0,0 +1,43 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import {
+  installCryptoMock,
+  installTestEnv,
+  resetTestEnv,
+} from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("happy path - generateState", () => {
+  beforeEach(() => {
+    installTestEnv();
+    installCryptoMock({ fillByte: 67 });
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns state", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+
+    const result = client.generateState();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": "Q0NDQ0NDQ0NDQ0NDQ0NDQw",
+      }
+    `);
+  });
+});

package/src/__tests__/methods/getCsrfToken.failures.test.ts

@@ -0,0 +1,54 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { installTestEnv, resetTestEnv, setWindowLocation } from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("failure path - getCsrfToken errors", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns null for cross-domain clients", () => {
+    setWindowLocation("http://app.telicent.localhost/home");
+    const client = new AuthServerOAuth2Client(
+      createConfig({ authServerUrl: "https://auth.telicent.io" })
+    );
+
+    const result = client.getCsrfToken();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": null,
+      }
+    `);
+  });
+
+  it("returns null when cookie is missing", () => {
+    setWindowLocation("http://app.telicent.localhost/home");
+    const client = new AuthServerOAuth2Client(createConfig());
+
+    const result = client.getCsrfToken();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": null,
+      }
+    `);
+  });
+});

package/src/__tests__/methods/getCsrfToken.success.test.ts

@@ -0,0 +1,45 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import {
+  installTestEnv,
+  resetTestEnv,
+  setCookies,
+  setWindowLocation,
+} from "../test-utils";
+
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+
+describe("happy path - getCsrfToken returns cookie token", () => {
+  beforeEach(() => {
+    installTestEnv();
+    setWindowLocation("http://app.telicent.localhost/home");
+  });
+
+  afterEach(() => {
+    resetTestEnv();
+  });
+
+  it("returns decoded csrf token for same-domain", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    setCookies("XSRF-TOKEN=csrf-123");
+
+    const result = client.getCsrfToken();
+
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": "csrf-123",
+      }
+    `);
+  });
+});