npm - @telicent-oss/fe-auth-lib - Versions diffs - 1.0.1 → 1.0.2-TELFE-1477.0 - Mend

@telicent-oss/fe-auth-lib 1.0.1 → 1.0.2-TELFE-1477.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/src/__tests__/methods/validateIdToken.failures.test.ts ADDED Viewed

@@ -0,0 +1,177 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { buildJwt, installTestEnv, resetTestEnv } from "../test-utils";
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+describe("failure path - validateIdToken errors", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+  afterEach(() => {
+    resetTestEnv();
+  });
+  it("returns false when nonce is missing", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+    const client = new AuthServerOAuth2Client(createConfig());
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) + 300,
+      iat: Math.floor(now / 1000),
+      nonce: "ABC_nonce_ABC",
+    });
+    const result = client.validateIdToken(token);
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+    (Date.now as jest.Mock).mockRestore();
+  });
+  it("returns false when payload cannot be decoded", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    const result = client.validateIdToken("not-a-jwt");
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+  });
+  it("returns false when nonce does not match", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+    const client = new AuthServerOAuth2Client(createConfig());
+    sessionStorage.setItem("oauth_nonce", "ABC_nonce_ABC");
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) + 300,
+      iat: Math.floor(now / 1000),
+      nonce: "WRONG_NONCE",
+    });
+    const result = client.validateIdToken(token);
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+    (Date.now as jest.Mock).mockRestore();
+  });
+  it("returns false for audience mismatch", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+    const client = new AuthServerOAuth2Client(createConfig());
+    sessionStorage.setItem("oauth_nonce", "ABC_nonce_ABC");
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-2",
+      exp: Math.floor(now / 1000) + 300,
+      iat: Math.floor(now / 1000),
+      nonce: "ABC_nonce_ABC",
+    });
+    const result = client.validateIdToken(token);
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+    (Date.now as jest.Mock).mockRestore();
+  });
+  it("returns false for expired token", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+    const client = new AuthServerOAuth2Client(createConfig());
+    sessionStorage.setItem("oauth_nonce", "ABC_nonce_ABC");
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) - 10,
+      iat: Math.floor(now / 1000) - 100,
+      nonce: "ABC_nonce_ABC",
+    });
+    const result = client.validateIdToken(token);
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+    (Date.now as jest.Mock).mockRestore();
+  });
+  it("returns false for iat too old", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+    const client = new AuthServerOAuth2Client(createConfig());
+    sessionStorage.setItem("oauth_nonce", "ABC_nonce_ABC");
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) + 300,
+      iat: Math.floor(now / 1000) - 400,
+      nonce: "ABC_nonce_ABC",
+    });
+    const result = client.validateIdToken(token);
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+    (Date.now as jest.Mock).mockRestore();
+  });
+  it("returns false when decodeJWT throws", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    jest.spyOn(client, "decodeJWT").mockImplementation(() => {
+      throw new Error("decode failed");
+    });
+    const result = client.validateIdToken("token");
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+  });
+});

package/src/__tests__/methods/validateIdToken.success.test.ts ADDED Viewed

@@ -0,0 +1,55 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { buildJwt, installTestEnv, resetTestEnv } from "../test-utils";
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+describe("happy path - validateIdToken succeeds", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+  afterEach(() => {
+    resetTestEnv();
+  });
+  it("returns true and clears nonce", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+    const client = new AuthServerOAuth2Client(createConfig());
+    sessionStorage.setItem("oauth_nonce", "ABC_nonce_ABC");
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) + 300,
+      iat: Math.floor(now / 1000),
+      nonce: "ABC_nonce_ABC",
+    });
+    const result = client.validateIdToken(token);
+    expect({
+      result,
+      nonceAfter: sessionStorage.getItem("oauth_nonce"),
+    }).toMatchInlineSnapshot(`
+      {
+        "nonceAfter": null,
+        "result": true,
+      }
+    `);
+    (Date.now as jest.Mock).mockRestore();
+  });
+});

package/src/__tests__/methods/validateIdTokenForRecovery.failures.test.ts ADDED Viewed

@@ -0,0 +1,121 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { buildJwt, installTestEnv, resetTestEnv } from "../test-utils";
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+describe("failure path - validateIdTokenForRecovery errors", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+  afterEach(() => {
+    resetTestEnv();
+  });
+  it("returns false for expired token", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+    const client = new AuthServerOAuth2Client(createConfig());
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) - 10,
+      iat: Math.floor(now / 1000) - 3600,
+    });
+    const result = client.validateIdTokenForRecovery(token);
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+    (Date.now as jest.Mock).mockRestore();
+  });
+  it("returns false when payload cannot be decoded", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    const result = client.validateIdTokenForRecovery("not-a-jwt");
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+  });
+  it("returns false when iat is too old", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+    const client = new AuthServerOAuth2Client(createConfig());
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) + 300,
+      iat: Math.floor(now / 1000) - 7200,
+    });
+    const result = client.validateIdTokenForRecovery(token);
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+    (Date.now as jest.Mock).mockRestore();
+  });
+  it("returns false for audience mismatch", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+    const client = new AuthServerOAuth2Client(createConfig());
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-2",
+      exp: Math.floor(now / 1000) + 300,
+      iat: Math.floor(now / 1000),
+    });
+    const result = client.validateIdTokenForRecovery(token);
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+    (Date.now as jest.Mock).mockRestore();
+  });
+  it("returns false when decodeJWT throws", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    jest.spyOn(client, "decodeJWT").mockImplementation(() => {
+      throw new Error("decode failed");
+    });
+    const result = client.validateIdTokenForRecovery("token");
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": false,
+      }
+    `);
+  });
+});

package/src/__tests__/methods/validateIdTokenForRecovery.success.test.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../../AuthServerOAuth2Client";
+import { buildJwt, installTestEnv, resetTestEnv } from "../test-utils";
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+describe("happy path - validateIdTokenForRecovery succeeds", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+  afterEach(() => {
+    resetTestEnv();
+  });
+  it("returns true for valid token", () => {
+    const now = 1_700_000_000_000;
+    jest.spyOn(Date, "now").mockReturnValue(now);
+    const client = new AuthServerOAuth2Client(createConfig());
+    const token = buildJwt({
+      sub: "user-1",
+      aud: "client-1",
+      exp: Math.floor(now / 1000) + 300,
+      iat: Math.floor(now / 1000),
+    });
+    const result = client.validateIdTokenForRecovery(token);
+    expect({ result }).toMatchInlineSnapshot(`
+      {
+        "result": true,
+      }
+    `);
+    (Date.now as jest.Mock).mockRestore();
+  });
+});

package/src/__tests__/popup.success.test.ts ADDED Viewed

@@ -0,0 +1,277 @@
+import AuthServerOAuth2Client, {
+  AuthServerOAuth2ClientConfig,
+} from "../AuthServerOAuth2Client";
+import { installTestEnv, resetTestEnv } from "./test-utils";
+const createConfig = (
+  overrides: Partial<AuthServerOAuth2ClientConfig> = {}
+): AuthServerOAuth2ClientConfig => ({
+  clientId: "client-1",
+  authServerUrl: "http://auth.telicent.localhost",
+  redirectUri: "http://app.telicent.localhost/callback",
+  popupRedirectUri: "http://app.telicent.localhost/popup",
+  scope: "openid profile",
+  onLogout: jest.fn(),
+  ...overrides,
+});
+const createPopup = (): Window =>
+  ({
+    close: jest.fn(),
+    closed: false,
+  } as unknown as Window);
+describe("happy path - popup flow and callbacks", () => {
+  beforeEach(() => {
+    installTestEnv();
+  });
+  afterEach(() => {
+    resetTestEnv();
+    jest.useRealTimers();
+  });
+  it("dispatches oauth-success and closes popup", () => {
+    jest.useFakeTimers();
+    const client = new AuthServerOAuth2Client(createConfig());
+    const popup = createPopup();
+    const dispatchSpy = jest.spyOn(window, "dispatchEvent");
+    const removeSpy = jest.spyOn(window, "removeEventListener");
+    client.startPopupFlow(popup);
+    window.dispatchEvent(
+      new MessageEvent("message", {
+        data: { type: "oauth-success", clientId: "client-1" },
+      })
+    );
+    expect({
+      closeCalls: (popup.close as jest.Mock).mock.calls.length,
+      removeCalls: removeSpy.mock.calls.length,
+      dispatched: dispatchSpy.mock.calls.map((call) => ({
+        type: call[0].type,
+        detail: (call[0] as CustomEvent).detail,
+      })),
+    }).toMatchInlineSnapshot(`
+      {
+        "closeCalls": 1,
+        "dispatched": [
+          {
+            "detail": undefined,
+            "type": "message",
+          },
+          {
+            "detail": {
+              "clientId": "client-1",
+              "type": "oauth-success",
+            },
+            "type": "oauth-success",
+          },
+        ],
+        "removeCalls": 1,
+      }
+    `);
+  });
+  it("dispatches oauth-error and closes popup", () => {
+    jest.useFakeTimers();
+    const client = new AuthServerOAuth2Client(createConfig());
+    const popup = createPopup();
+    const dispatchSpy = jest.spyOn(window, "dispatchEvent");
+    client.startPopupFlow(popup);
+    window.dispatchEvent(
+      new MessageEvent("message", {
+        data: { type: "oauth-error", clientId: "client-1", message: "fail" },
+      })
+    );
+    expect({
+      closeCalls: (popup.close as jest.Mock).mock.calls.length,
+      dispatched: dispatchSpy.mock.calls.map((call) => ({
+        type: call[0].type,
+        detail: (call[0] as CustomEvent).detail,
+      })),
+    }).toMatchInlineSnapshot(`
+      {
+        "closeCalls": 1,
+        "dispatched": [
+          {
+            "detail": undefined,
+            "type": "message",
+          },
+          {
+            "detail": {
+              "clientId": "client-1",
+              "type": "oauth-success",
+            },
+            "type": "oauth-success",
+          },
+          {
+            "detail": undefined,
+            "type": "message",
+          },
+          {
+            "detail": {
+              "clientId": "client-1",
+              "message": "fail",
+              "type": "oauth-error",
+            },
+            "type": "oauth-error",
+          },
+        ],
+      }
+    `);
+  });
+  it("ignores messages from other clients", () => {
+    jest.useFakeTimers();
+    const client = new AuthServerOAuth2Client(createConfig());
+    const popup = createPopup();
+    const dispatchSpy = jest.spyOn(window, "dispatchEvent");
+    client.startPopupFlow(popup);
+    window.dispatchEvent(
+      new MessageEvent("message", {
+        data: { type: "oauth-success", clientId: "other-client" },
+      })
+    );
+    expect({
+      closeCalls: (popup.close as jest.Mock).mock.calls.length,
+      dispatchCalls: dispatchSpy.mock.calls.length,
+    }).toMatchInlineSnapshot(`
+      {
+        "closeCalls": 0,
+        "dispatchCalls": 5,
+      }
+    `);
+  });
+  it("dispatches oauth-callback and closes popup", () => {
+    jest.useFakeTimers();
+    const client = new AuthServerOAuth2Client(createConfig());
+    const popup = createPopup();
+    const dispatchSpy = jest.spyOn(window, "dispatchEvent");
+    client.startPopupFlow(popup);
+    window.dispatchEvent(
+      new MessageEvent("message", {
+        data: {
+          type: "oauth-callback",
+          clientId: "client-1",
+          callbackUrl: "http://app.telicent.localhost/callback?code=1",
+        },
+      })
+    );
+    expect({
+      closeCalls: (popup.close as jest.Mock).mock.calls.length,
+      dispatched: dispatchSpy.mock.calls.map((call) => ({
+        type: call[0].type,
+        detail: (call[0] as CustomEvent).detail,
+      })),
+    }).toMatchInlineSnapshot(`
+      {
+        "closeCalls": 1,
+        "dispatched": [
+          {
+            "detail": undefined,
+            "type": "message",
+          },
+          {
+            "detail": {
+              "clientId": "client-1",
+              "type": "oauth-success",
+            },
+            "type": "oauth-success",
+          },
+          {
+            "detail": undefined,
+            "type": "message",
+          },
+          {
+            "detail": {
+              "clientId": "client-1",
+              "message": "fail",
+              "type": "oauth-error",
+            },
+            "type": "oauth-error",
+          },
+          {
+            "detail": undefined,
+            "type": "message",
+          },
+          {
+            "detail": undefined,
+            "type": "message",
+          },
+          {
+            "detail": {
+              "callbackUrl": "http://app.telicent.localhost/callback?code=1",
+              "clientId": "client-1",
+              "type": "oauth-callback",
+            },
+            "type": "oauth-callback",
+          },
+          {
+            "detail": {
+              "callbackUrl": "http://app.telicent.localhost/callback?code=1",
+              "clientId": "client-1",
+              "type": "oauth-callback",
+            },
+            "type": "oauth-callback",
+          },
+        ],
+      }
+    `);
+  });
+  it("posts callback data to opener", () => {
+    const client = new AuthServerOAuth2Client(createConfig());
+    const postMessage = jest.fn();
+    Object.defineProperty(window, "opener", {
+      value: { postMessage },
+      writable: true,
+    });
+    Object.defineProperty(window, "location", {
+      value: { href: "http://app.telicent.localhost/callback?code=123" },
+      writable: true,
+    });
+    client.finishPopupFlow();
+    expect({ postMessageArgs: postMessage.mock.calls[0] })
+      .toMatchInlineSnapshot(`
+      {
+        "postMessageArgs": [
+          {
+            "callbackUrl": "http://app.telicent.localhost/callback?code=123",
+            "clientId": "client-1",
+            "type": "oauth-callback",
+          },
+          "*",
+        ],
+      }
+    `);
+  });
+  it("cleans up listeners when popup closes", () => {
+    jest.useFakeTimers();
+    const client = new AuthServerOAuth2Client(createConfig());
+    const popup = createPopup() as Window & { closed: boolean };
+    const removeSpy = jest.spyOn(window, "removeEventListener");
+    client.startPopupFlow(popup);
+    popup.closed = true;
+    jest.advanceTimersByTime(1000);
+    expect({
+      removeCalls: removeSpy.mock.calls.length,
+    }).toMatchInlineSnapshot(`
+      {
+        "removeCalls": 5,
+      }
+    `);
+  });
+});