@tstdl/base 0.93.182 → 0.93.184

package/authentication/tests/authentication.client-service-methods.test.js

@@ -1,177 +0,0 @@
-import { Subject } from 'rxjs';
-import { afterEach, beforeEach, describe, expect, test, vi } from 'vitest';
-import { AuthenticationClientService } from '../../authentication/client/authentication.service.js';
-import { AUTHENTICATION_API_CLIENT } from '../../authentication/client/tokens.js';
-import { CancellationSignal, CancellationToken } from '../../cancellation/token.js';
-import { Injector } from '../../injector/index.js';
-import { Lock } from '../../lock/index.js';
-import { Logger } from '../../logger/index.js';
-import { MessageBus } from '../../message-bus/index.js';
-import { configureDefaultSignalsImplementation } from '../../signals/implementation/configure.js';
-import { currentTimestampSeconds } from '../../utils/date-time.js';
-describe('AuthenticationClientService Methods', () => {
-    let injector;
-    let service;
-    let mockApiClient;
-    let mockLock;
-    let mockTokenUpdateBus;
-    let mockLoggedOutBus;
-    let mockLogger;
-    beforeEach(() => {
-        const storage = new Map();
-        globalThis.localStorage = {
-            getItem: vi.fn((key) => storage.get(key) ?? null),
-            setItem: vi.fn((key, value) => storage.set(key, value)),
-            removeItem: vi.fn((key) => storage.delete(key)),
-            clear: vi.fn(() => storage.clear()),
-        };
-        configureDefaultSignalsImplementation();
-        injector = new Injector('TestInjector');
-        mockApiClient = {
-            login: vi.fn(),
-            refresh: vi.fn(),
-            impersonate: vi.fn(),
-            unimpersonate: vi.fn(),
-            changePassword: vi.fn(),
-            initPasswordReset: vi.fn(),
-            resetPassword: vi.fn(),
-            checkPassword: vi.fn(),
-            listSessions: vi.fn(),
-            invalidateAllOtherSessions: vi.fn(),
-            timestamp: vi.fn().mockResolvedValue(currentTimestampSeconds()),
-            endSession: vi.fn().mockResolvedValue(undefined),
-        };
-        mockLock = {
-            tryUse: vi.fn(async (_timeout, callback) => {
-                const result = await callback({ lost: false });
-                return { success: true, result };
-            }),
-            use: vi.fn(async (_timeout, callback) => {
-                return await callback({ lost: false });
-            }),
-        };
-        mockTokenUpdateBus = {
-            publishAndForget: vi.fn(),
-            messages$: new Subject(),
-            allMessages$: new Subject(),
-            dispose: vi.fn(),
-        };
-        mockLoggedOutBus = {
-            publishAndForget: vi.fn(),
-            messages$: new Subject(),
-            allMessages$: new Subject(),
-            dispose: vi.fn(),
-        };
-        mockLogger = {
-            error: vi.fn(),
-            warn: vi.fn(),
-            info: vi.fn(),
-            debug: vi.fn(),
-        };
-        injector.register(AUTHENTICATION_API_CLIENT, { useValue: mockApiClient });
-        injector.register(Lock, { useValue: mockLock });
-        injector.register(MessageBus, {
-            useFactory: (argument) => {
-                if (argument === 'AuthenticationService:tokenUpdate')
-                    return mockTokenUpdateBus;
-                if (argument === 'AuthenticationService:loggedOut')
-                    return mockLoggedOutBus;
-                return undefined;
-            },
-        });
-        injector.register(Logger, { useValue: mockLogger });
-        const disposeToken = new CancellationToken();
-        injector.register(CancellationSignal, { useValue: disposeToken.signal });
-        service = injector.resolve(AuthenticationClientService);
-    });
-    afterEach(async () => {
-        await service.dispose();
-    });
-    test('impersonate should acquire lock and call api', async () => {
-        const token = { exp: Date.now() + 3600, jti: 'impersonated-token', subject: 'sub', impersonator: 'admin' };
-        mockApiClient.impersonate.mockResolvedValue(token);
-        await service.impersonate('target-subject');
-        expect(mockLock.use).toHaveBeenCalled();
-        expect(mockApiClient.impersonate).toHaveBeenCalledWith({ subject: 'target-subject', data: undefined });
-        expect(service.token()).toEqual(token);
-        expect(service.impersonated()).toBe(true);
-    });
-    test('impersonate should fail if already impersonating', async () => {
-        const token = { exp: Date.now() + 3600, jti: 'impersonated-token', subject: 'sub', impersonator: 'admin' };
-        service.setNewToken(token); // Force state
-        await expect(service.impersonate('another-target')).rejects.toThrow('Already impersonating');
-    });
-    test('unimpersonate should acquire lock and call api', async () => {
-        const token = { exp: Date.now() + 3600, jti: 'original-token', subject: 'admin' };
-        mockApiClient.unimpersonate.mockResolvedValue(token);
-        await service.unimpersonate();
-        expect(mockLock.use).toHaveBeenCalled();
-        expect(mockApiClient.unimpersonate).toHaveBeenCalled();
-        expect(service.token()).toEqual(token);
-    });
-    test('changePassword should call api', async () => {
-        await service.changePassword('old', 'new');
-        expect(mockApiClient.changePassword).toHaveBeenCalledWith({ currentPassword: 'old', newPassword: 'new' });
-    });
-    test('initPasswordReset should call api', async () => {
-        await service.initPasswordReset({ tenantId: 't', subject: 's' }, { some: 'data' });
-        expect(mockApiClient.initPasswordReset).toHaveBeenCalledWith({ tenantId: 't', subject: 's', data: { some: 'data' } });
-    });
-    test('resetPassword should call api', async () => {
-        await service.resetPassword('token', 'new-password');
-        expect(mockApiClient.resetPassword).toHaveBeenCalledWith({ token: 'token', newPassword: 'new-password' });
-    });
-    test('updateRawTokens should update signals and storage', async () => {
-        service.updateRawTokens('raw', 'refresh', 'impersonator');
-        expect(service.rawToken()).toBe('raw');
-        expect(service.rawRefreshToken()).toBe('refresh');
-        expect(service.rawImpersonatorRefreshToken()).toBe('impersonator');
-        expect(globalThis.localStorage.setItem).toHaveBeenCalledWith('AuthenticationService:raw-token', JSON.stringify('raw'));
-    });
-    test('impersonate should rollback data on failure', async () => {
-        service.setAdditionalData({ role: 'admin' });
-        const originalData = service.authenticationData;
-        mockApiClient.impersonate.mockRejectedValue(new Error('Impersonation failed'));
-        await expect(service.impersonate('target')).rejects.toThrow('Impersonation failed');
-        // Should have restored original data
-        expect(service.authenticationData).toEqual(originalData);
-        expect(service.impersonatorAuthenticationData).toBeUndefined();
-    });
-    test('unimpersonate should handle failure', async () => {
-        mockApiClient.unimpersonate.mockRejectedValue(new Error('Unimpersonation failed'));
-        await expect(service.unimpersonate()).rejects.toThrow('Unimpersonation failed');
-    });
-    test('logout should handle concurrent calls and avoid multiple api requests', async () => {
-        let resolveEndSession;
-        const endSessionPromise = new Promise((resolve) => {
-            resolveEndSession = resolve;
-        });
-        mockApiClient.endSession.mockReturnValue(endSessionPromise);
-        const logout1 = service.logout();
-        const logout2 = service.logout();
-        // logout1 and logout2 will be different promises because the method is async
-        expect(mockApiClient.endSession).toHaveBeenCalledTimes(1);
-        resolveEndSession(undefined);
-        await Promise.all([logout1, logout2]);
-        expect(service.isLoggedIn()).toBe(false);
-        expect(mockTokenUpdateBus.publishAndForget).toHaveBeenCalledWith(undefined);
-        expect(mockLoggedOutBus.publishAndForget).toHaveBeenCalled();
-    });
-    test('syncClock should handle errors gracefully', async () => {
-        mockApiClient.timestamp.mockRejectedValue(new Error('Time sync failed'));
-        await service.syncClock();
-        expect(mockLogger.warn).toHaveBeenCalledWith(expect.stringContaining('Failed to synchronize clock'));
-        expect(service.clockOffset).toBe(0);
-    });
-    test('listSessions should call api', async () => {
-        const sessions = [{ id: '1', begin: 100, end: 200 }];
-        mockApiClient.listSessions.mockResolvedValue(sessions);
-        const result = await service.listSessions();
-        expect(mockApiClient.listSessions).toHaveBeenCalled();
-        expect(result).toEqual(sessions);
-    });
-    test('invalidateAllOtherSessions should call api', async () => {
-        await service.invalidateAllOtherSessions();
-        expect(mockApiClient.invalidateAllOtherSessions).toHaveBeenCalled();
-    });
-});

package/authentication/tests/authentication.client-service-refresh.test.d.ts

@@ -1 +0,0 @@
-export {};

package/authentication/tests/authentication.client-service-refresh.test.js

@@ -1,153 +0,0 @@
-import { Subject } from 'rxjs';
-import { afterEach, beforeEach, describe, expect, test, vi } from 'vitest';
-import { AuthenticationClientService } from '../../authentication/client/authentication.service.js';
-import { AUTHENTICATION_API_CLIENT } from '../../authentication/client/tokens.js';
-import { CancellationSignal, CancellationToken } from '../../cancellation/token.js';
-import { Injector } from '../../injector/index.js';
-import { Lock } from '../../lock/index.js';
-import { Logger } from '../../logger/index.js';
-import { MessageBus } from '../../message-bus/index.js';
-import { configureDefaultSignalsImplementation } from '../../signals/implementation/configure.js';
-import { currentTimestampSeconds } from '../../utils/date-time.js';
-import { timeout } from '../../utils/timing.js';
-describe('AuthenticationClientService Refresh Loop Reproduction', () => {
-    let injector;
-    let service;
-    let mockApiClient;
-    let mockLock;
-    let mockMessageBus;
-    let mockLogger;
-    let disposeToken;
-    beforeEach(() => {
-        const storage = new Map();
-        globalThis.localStorage = {
-            getItem: vi.fn((key) => storage.get(key) ?? null),
-            setItem: vi.fn((key, value) => storage.set(key, value)),
-            removeItem: vi.fn((key) => storage.delete(key)),
-            clear: vi.fn(() => storage.clear()),
-        };
-        configureDefaultSignalsImplementation();
-        injector = new Injector('Test');
-        mockApiClient = {
-            login: vi.fn(),
-            refresh: vi.fn(),
-            timestamp: vi.fn().mockResolvedValue(currentTimestampSeconds()),
-            endSession: vi.fn().mockResolvedValue(undefined),
-        };
-        mockLock = {
-            tryUse: vi.fn(async (_timeout, callback) => {
-                const result = await callback({ lost: false });
-                return { success: true, result };
-            }),
-            use: vi.fn(async (_timeout, callback) => {
-                return await callback({ lost: false });
-            }),
-        };
-        mockMessageBus = {
-            publishAndForget: vi.fn(),
-            messages$: new Subject(),
-            dispose: vi.fn(),
-        };
-        mockLogger = {
-            error: vi.fn(),
-            warn: vi.fn(),
-            info: vi.fn(),
-            debug: vi.fn(),
-        };
-        injector.register(AUTHENTICATION_API_CLIENT, { useValue: mockApiClient });
-        injector.register(Lock, { useValue: mockLock });
-        injector.register(MessageBus, { useValue: mockMessageBus });
-        injector.register(Logger, { useValue: mockLogger });
-        disposeToken = new CancellationToken();
-        injector.register(CancellationSignal, { useValue: disposeToken.signal });
-    });
-    afterEach(async () => {
-        disposeToken.set();
-        await injector.dispose();
-    });
-    test('Zombie Timer: loop should wake up immediately when token changes', async () => {
-        // 1. Mock a long expiration
-        const now = currentTimestampSeconds();
-        const initialToken = { iat: now - 3600, exp: now + 3600, jti: 'initial' };
-        // Set in storage so initialize() (called by resolve) loads it
-        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
-        service = injector.resolve(AuthenticationClientService);
-        // Wait for loop to enter the race condition (wait phase)
-        await timeout(20);
-        // 2. Change token
-        const newToken = { iat: now - 1800, exp: now + 3600, jti: 'new' };
-        mockApiClient.refresh.mockResolvedValue(newToken);
-        service.requestRefresh(); // This should trigger immediate wake up
-        // Wait for loop to process
-        await timeout(20);
-        expect(mockApiClient.refresh).toHaveBeenCalled();
-    });
-    test('Forced Refresh Loss: forceRefreshToken should not be cleared on failure', async () => {
-        const now = currentTimestampSeconds();
-        const initialToken = { iat: now - 3600, exp: now + 3600, jti: 'initial' };
-        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
-        service = injector.resolve(AuthenticationClientService);
-        await timeout(20);
-        // 1. Mock refresh failure
-        mockApiClient.refresh.mockRejectedValue(new Error('Network Error'));
-        service.requestRefresh();
-        // Wait for loop to attempt refresh and fail
-        await timeout(50);
-        expect(mockApiClient.refresh).toHaveBeenCalled();
-        expect(service.forceRefreshRequested()).toBe(true); // Should STILL be set
-    });
-    test('Lock Contention Backoff: should wait 5 seconds and not busy-loop', async () => {
-        const now = currentTimestampSeconds();
-        const initialToken = { iat: now - 3600, exp: now + 5, jti: 'initial' }; // Expiring soon
-        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
-        // 1. Mock lock already held
-        mockLock.tryUse.mockResolvedValue(undefined); // lockAcquired = false
-        const startTime = Date.now();
-        service = injector.resolve(AuthenticationClientService);
-        // We expect it to try once, fail to get lock, and then wait some time.
-        await timeout(50);
-        expect(mockLock.tryUse).toHaveBeenCalledTimes(1);
-        // Check if it's still waiting (not finished loop)
-        const duration = Date.now() - startTime;
-        expect(duration).toBeLessThan(500);
-    });
-    test('Busy Loop: should not busy loop when forceRefreshToken is set and lock is held', async () => {
-        const now = currentTimestampSeconds();
-        const initialToken = { iat: now - 3600, exp: now + 3600, jti: 'initial' };
-        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
-        // Mock lock already held
-        mockLock.tryUse.mockResolvedValue(undefined);
-        service = injector.resolve(AuthenticationClientService);
-        await timeout(20);
-        service.requestRefresh(); // Set the flag
-        await timeout(50);
-        // If it busy loops, this will be much higher than 1.
-        expect(mockLock.tryUse.mock.calls.length).toBeLessThan(5);
-    });
-    test('refresh() should call timestamp() to sync clock', async () => {
-        service = injector.resolve(AuthenticationClientService);
-        const newToken = { iat: 1000, exp: 2000, jti: 'new' };
-        mockApiClient.refresh.mockResolvedValue(newToken);
-        await service.refresh();
-        expect(mockApiClient.timestamp).toHaveBeenCalled();
-    });
-    test('Cross-tab Sync: should not refresh if another tab already did (simulated via localStorage update)', async () => {
-        const now = currentTimestampSeconds();
-        const initialToken = { iat: now - 3600, exp: now + 5, jti: 'initial' }; // Expiring soon
-        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
-        // 1. Mock lock behavior to simulate another tab refreshing while we wait for the lock
-        mockLock.tryUse.mockImplementation(async (_timeout, callback) => {
-            // Simulate another tab refreshing and updating localStorage
-            const newToken = { iat: now, exp: now + 3600, jti: 'refreshed-by-other-tab' };
-            globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(newToken));
-            const result = await callback({ lost: false });
-            return { success: true, result };
-        });
-        service = injector.resolve(AuthenticationClientService);
-        // Wait for loop to run
-        await timeout(100);
-        // Should NOT have called refresh because loadToken() inside the lock updated the token
-        expect(mockApiClient.refresh).not.toHaveBeenCalled();
-        expect(service.token()?.jti).toBe('refreshed-by-other-tab');
-    });
-});

package/authentication/tests/authentication.client-service.test.d.ts

@@ -1 +0,0 @@
-export {};

package/authentication/tests/authentication.client-service.test.js

@@ -1,76 +0,0 @@
-import { afterAll, beforeAll, beforeEach, describe, expect, test, vi } from 'vitest';
-import { AuthenticationClientService } from '../../authentication/client/index.js';
-import { AuthenticationService as AuthenticationServerService } from '../../authentication/server/index.js';
-import { HttpClientOptions } from '../../http/client/index.js';
-import { HttpServer } from '../../http/server/index.js';
-import { runInInjectionContext } from '../../injector/index.js';
-import { clearTenantData, setupIntegrationTest } from '../../testing/index.js';
-import { SubjectService } from '../server/subject.service.js';
-import { DefaultAuthenticationAncillaryService } from './authentication.test-ancillary-service.js';
-describe('AuthenticationClientService Integration', () => {
-    let injector;
-    let database;
-    let service;
-    let serverService;
-    let subjectService;
-    let server;
-    const schema = 'authentication';
-    const tenantId = crypto.randomUUID();
-    beforeAll(async () => {
-        const storage = new Map();
-        globalThis.localStorage = {
-            getItem: vi.fn((key) => storage.get(key) ?? null),
-            setItem: vi.fn((key, value) => storage.set(key, value)),
-            removeItem: vi.fn((key) => storage.delete(key)),
-            clear: vi.fn(() => storage.clear()),
-        };
-        ({ injector, database } = await setupIntegrationTest({
-            modules: { authentication: true, audit: true, keyValueStore: true, signals: true, api: true },
-            authentication: {
-                ancillaryService: DefaultAuthenticationAncillaryService,
-            },
-        }));
-        await runInInjectionContext(injector, async () => {
-            server = injector.resolve(HttpServer);
-            const httpClientOptions = injector.resolve(HttpClientOptions);
-            httpClientOptions.baseUrl = `http://localhost:${server.port}`;
-            serverService = await injector.resolveAsync(AuthenticationServerService);
-            subjectService = await injector.resolveAsync(SubjectService);
-            service = await injector.resolveAsync(AuthenticationClientService);
-            service.initialize();
-        });
-    });
-    afterAll(async () => {
-        await server?.close(1000);
-        await injector?.dispose();
-    });
-    beforeEach(async () => {
-        globalThis.localStorage?.clear();
-        await clearTenantData(database, schema, ['password', 'session', 'user', 'service_account', 'system_account', 'subject'], tenantId);
-    });
-    test('login and logout should work', async () => {
-        const user = await subjectService.createUser({ tenantId, email: 'client-test@example.com', firstName: 'C', lastName: 'T' });
-        await serverService.setPassword(user, 'Strong-Pass-2026!');
-        expect(service.isLoggedIn()).toBe(false);
-        await service.login({ tenantId, subject: user.id }, 'Strong-Pass-2026!');
-        expect(service.isLoggedIn()).toBe(true);
-        expect(service.subjectId()).toBe(user.id);
-        await service.logout();
-        expect(service.isLoggedIn()).toBe(false);
-    });
-    test('refresh should work', async () => {
-        const user = await subjectService.createUser({ tenantId, email: 'refresh-test@example.com', firstName: 'R', lastName: 'T' });
-        await serverService.setPassword(user, 'Strong-Pass-2026!');
-        await service.login({ tenantId, subject: user.id }, 'Strong-Pass-2026!');
-        const initialToken = service.token()?.jti;
-        await service.refresh();
-        expect(service.token()?.jti).not.toBe(initialToken);
-        expect(service.isLoggedIn()).toBe(true);
-    });
-    test('checkPassword should work', async () => {
-        const result = await service.checkPassword('123');
-        expect(result.strength).toBeLessThan(2);
-        const strongResult = await service.checkPassword('Very-Strong-Password-2026-!@#$');
-        expect(strongResult.strength).toBeGreaterThanOrEqual(2);
-    });
-});

package/authentication/tests/authentication.refresh-busy-loop.test.d.ts

@@ -1 +0,0 @@
-export {};

package/authentication/tests/authentication.refresh-busy-loop.test.js

@@ -1,84 +0,0 @@
-import { afterEach, beforeEach, describe, expect, test, vi } from 'vitest';
-import { AuthenticationClientService } from '../../authentication/client/authentication.service.js';
-import { AUTHENTICATION_API_CLIENT } from '../../authentication/client/tokens.js';
-import { CancellationSignal, CancellationToken } from '../../cancellation/token.js';
-import { Injector } from '../../injector/index.js';
-import { Lock } from '../../lock/index.js';
-import { Logger } from '../../logger/index.js';
-import { MessageBus } from '../../message-bus/index.js';
-import { configureDefaultSignalsImplementation } from '../../signals/implementation/configure.js';
-import { timeout } from '../../utils/timing.js';
-import { Subject } from 'rxjs';
-describe('AuthenticationClientService Refresh Busy Loop Prevention', () => {
-    let injector;
-    let service;
-    let mockApiClient;
-    let mockLock;
-    let mockMessageBus;
-    let mockLogger;
-    let disposeToken;
-    beforeEach(() => {
-        const storage = new Map();
-        globalThis.localStorage = {
-            getItem: vi.fn((key) => storage.get(key) ?? null),
-            setItem: vi.fn((key, value) => storage.set(key, value)),
-            removeItem: vi.fn((key) => storage.delete(key)),
-            clear: vi.fn(() => storage.clear()),
-        };
-        configureDefaultSignalsImplementation();
-        injector = new Injector('Test');
-        mockApiClient = {
-            login: vi.fn(),
-            refresh: vi.fn(),
-            timestamp: vi.fn().mockResolvedValue(1000), // Fixed timestamp
-            endSession: vi.fn().mockResolvedValue(undefined),
-        };
-        mockLock = {
-            tryUse: vi.fn(async (_timeout, callback) => {
-                const result = await callback({ lost: false });
-                return { success: true, result };
-            }),
-            use: vi.fn(async (_timeout, callback) => {
-                return await callback({ lost: false });
-            }),
-        };
-        mockMessageBus = {
-            publishAndForget: vi.fn(),
-            messages$: new Subject(),
-            dispose: vi.fn(),
-        };
-        mockLogger = {
-            error: vi.fn(),
-            warn: vi.fn(),
-            info: vi.fn(),
-            debug: vi.fn(),
-        };
-        injector.register(AUTHENTICATION_API_CLIENT, { useValue: mockApiClient });
-        injector.register(Lock, { useValue: mockLock });
-        injector.register(MessageBus, { useValue: mockMessageBus });
-        injector.register(Logger, { useValue: mockLogger });
-        disposeToken = new CancellationToken();
-        injector.register(CancellationSignal, { useValue: disposeToken.signal });
-    });
-    afterEach(async () => {
-        disposeToken.set();
-        await injector.dispose();
-    });
-    test('should not busy loop when refresh fails to produce a valid token', async () => {
-        // 1. Mock a token that is ALWAYS expired
-        // Server time is 1000. Token expires at 500.
-        const expiredToken = { iat: 0, exp: 500, jti: 'expired', session: 's', tenant: 't', subject: 'sub' };
-        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(expiredToken));
-        // refresh() will return the SAME expired token
-        mockApiClient.refresh.mockResolvedValue(expiredToken);
-        // 2. Start service
-        service = injector.resolve(AuthenticationClientService);
-        // 3. Wait a bit
-        // With 100ms mandatory yield + minRefreshDelay (1 min) protection, it should only try once or twice in 500ms
-        // WITHOUT protection, it would try thousands of times.
-        await timeout(500);
-        // It should have tried to refresh
-        expect(mockApiClient.refresh.mock.calls.length).toBeLessThan(5);
-        expect(mockLogger.warn).toHaveBeenCalledWith(expect.stringContaining('Token still needs refresh after attempt'));
-    });
-});

package/authentication/tests/authentication.service.test.d.ts

@@ -1 +0,0 @@
-export {};