npm - @velocitycareerlabs/server-careerwallet - Versions diffs - 1.25.0-dev-build.12642c864 - Mend

@velocitycareerlabs/server-careerwallet 1.25.0-dev-build.12642c864

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

package/test/accounts-repo.test.js ADDED Viewed

@@ -0,0 +1,92 @@
+const { mongoDb } = require('@spencejs/spence-mongo-repos');
+const { ObjectId } = require('mongodb');
+const { hashAndEncodeHex } = require('@velocitycareerlabs/crypto');
+const { accountsRepoPlugin } = require('../src/entities/accounts/repos');
+const buildFastify = require('./helpers/careerwallet-build-fastify');
+const initAccountsFactory = require('./factories/accounts-factory');
+const testDID = 'test-did';
+const testDidKeyMetadatum = {
+  publicJwk: {
+    crv: 'secp256k1',
+    kty: 'EC',
+    use: 'sig',
+    x: 'Lm972sWcSp9dMzkbsXvbUZ7-E24mreaZRIXAR9rIG94',
+    y: 'jbSpGUpx0g4ZrNS2heAuwDqmr-F2JIWvK29l-6vJBKA',
+  },
+  keyId: 'keyId',
+  kid: `${testDID}#0`,
+  did: testDID,
+};
+const refreshToken = 'test-refresh-token';
+const newRefreshToken = 'new-refresh-token';
+describe('test suite for accounts repo', () => {
+  let accountsRepo;
+  let fastify;
+  let persistAccounts;
+  beforeAll(async () => {
+    fastify = buildFastify();
+    await fastify.ready();
+    accountsRepo = await accountsRepoPlugin(fastify)({
+      log: fastify.log,
+      config: fastify.config,
+    });
+    ({ persistAccounts } = initAccountsFactory(fastify));
+  });
+  afterAll(async () => {
+    await fastify.close();
+  });
+  beforeEach(async () => {
+    await mongoDb().collection('accounts').deleteMany({});
+    persistAccounts({
+      did: testDID,
+      refreshToken,
+      didKeyMetadatum: [testDidKeyMetadatum],
+    });
+  });
+  it('findAccountAndSetRefreshToken method should return account for correct did', async () => {
+    expect(
+      await accountsRepo.findAccountAndSetRefreshToken(
+        { 'didKeyMetadatum.did': testDID },
+        newRefreshToken
+      )
+    ).toEqual({
+      _id: expect.any(ObjectId),
+      did: testDID,
+      accountType: 'temp',
+      refreshToken: hashAndEncodeHex(newRefreshToken),
+      createdAt: expect.any(Date),
+      updatedAt: expect.any(Date),
+      scope: expect.any(Array),
+      didKeyMetadatum: [testDidKeyMetadatum],
+    });
+  });
+  it('findAccountAndSetRefreshToken method should return account for correct refreshToken', async () => {
+    expect(
+      await accountsRepo.findAccountAndSetRefreshToken(
+        { refreshToken },
+        newRefreshToken
+      )
+    ).toEqual({
+      _id: expect.any(ObjectId),
+      did: testDID,
+      accountType: 'temp',
+      refreshToken: hashAndEncodeHex(newRefreshToken),
+      createdAt: expect.any(Date),
+      updatedAt: expect.any(Date),
+      scope: expect.any(Array),
+      didKeyMetadatum: [testDidKeyMetadatum],
+    });
+  });
+});

package/test/careerwallet-config-controller.test.js ADDED Viewed

@@ -0,0 +1,142 @@
+const { mongoDb } = require('@spencejs/spence-mongo-repos');
+const initCareerWalletConfigFactory = require('./factories/career-wallet-config-factory');
+const buildFastify = require('./helpers/careerwallet-build-fastify');
+const baseUrl = '/api/v0.6/careerwallet/appconfig';
+describe('Career Wallet Config Test Suite', () => {
+  let fastify;
+  let persistCareerWalletConfig;
+  beforeAll(async () => {
+    fastify = buildFastify();
+    await fastify.ready();
+    ({ persistCareerWalletConfig } = initCareerWalletConfigFactory(fastify));
+  });
+  beforeEach(async () => {
+    await mongoDb().collection('careerWalletConfigs').deleteMany({});
+  });
+  afterAll(async () => {
+    await fastify.close();
+  });
+  it('Should 200 when yotiIDV is true', async () => {
+    await persistCareerWalletConfig();
+    const response = await fastify.injectJson({
+      method: 'GET',
+      url: `${baseUrl}`,
+    });
+    expect(response.statusCode).toEqual(200);
+    expect(response.json).toEqual({
+      ios: {
+        isWalletAvailable: true,
+      },
+      android: {
+        isWalletAvailable: true,
+      },
+      yotiIDV: true,
+      latestAndroidVersion: '0.10.5',
+      latestIOSVersion: '0.10.5',
+      minAndroidVersion: '0.10.5',
+      minIOSVersion: '0.10.5',
+      pushUrl: 'https://example.com/push',
+      baseUrls: {
+        walletApi: 'https://example.walletapi.com',
+        verificationApi: 'https://example.verificationApi.com',
+        verificationServiceActionBaseUrl:
+          'https://example.publicVerificationApi.com',
+        presentationExtensionPeriodURL: 'https://example.get-extension-period',
+        libVnfUrl: 'https://example.lib.com',
+      },
+      sdk: {
+        cacheSequence: 1,
+      },
+      oauth: {
+        oauthAudience: 'testOauthAudience',
+        clientId: 'testOauthClientId',
+      },
+      idVerifierDid: 'idVerifierDid',
+      emailVerifierDid: 'emailVerifierDid',
+      phoneVerifierDid: 'phoneVerifierDid',
+      yotiNewSessionUrl: 'https://yoti.com',
+      verificationServiceDeepLink:
+        'https://example.verificationServiceDeepLink',
+      verificationServicePresentationLinkTemplate:
+        'https://example.verificationServicePresentationLinkTemplate',
+      commonUrls: {
+        supportLink: 'https://www.velocitycareerlabs.com/faq',
+        termsAndConditionsLink: 'https://app.prove.bio/privacy-policy',
+      },
+      linkedinEndpoints: {
+        authUrl: 'https://www.linkedin.com/oauth/v2',
+        apiUrl: 'https://api.linkedin.com/v2',
+        addToProfileUrl: 'https://www.linkedin.com/profile/add',
+        addToFeed: 'https://www.linkedin.com/feed/update',
+      },
+    });
+  });
+  it('Should 200 when yotiIDV is false', async () => {
+    await persistCareerWalletConfig({ yotiIDV: false });
+    const response = await fastify.injectJson({
+      method: 'GET',
+      url: `${baseUrl}`,
+    });
+    expect(response.statusCode).toEqual(200);
+    expect(response.json).toEqual({
+      ios: {
+        isWalletAvailable: true,
+      },
+      android: {
+        isWalletAvailable: true,
+      },
+      yotiIDV: false,
+      latestAndroidVersion: '0.10.5',
+      latestIOSVersion: '0.10.5',
+      minAndroidVersion: '0.10.5',
+      minIOSVersion: '0.10.5',
+      pushUrl: 'https://example.com/push',
+      baseUrls: {
+        walletApi: 'https://example.walletapi.com',
+        verificationApi: 'https://example.verificationApi.com',
+        verificationServiceActionBaseUrl:
+          'https://example.publicVerificationApi.com',
+        presentationExtensionPeriodURL: 'https://example.get-extension-period',
+        libVnfUrl: 'https://example.lib.com',
+      },
+      sdk: {
+        cacheSequence: 1,
+      },
+      oauth: {
+        oauthAudience: 'testOauthAudience',
+        clientId: 'testOauthClientId',
+      },
+      idVerifierDid: 'idVerifierDid',
+      emailVerifierDid: 'emailVerifierDid',
+      phoneVerifierDid: 'phoneVerifierDid',
+      yotiNewSessionUrl: 'https://yoti.com',
+      verificationServiceDeepLink:
+        'https://example.verificationServiceDeepLink',
+      verificationServicePresentationLinkTemplate:
+        'https://example.verificationServicePresentationLinkTemplate',
+      commonUrls: {
+        supportLink: 'https://www.velocitycareerlabs.com/faq',
+        termsAndConditionsLink: 'https://app.prove.bio/privacy-policy',
+      },
+      linkedinEndpoints: {
+        authUrl: 'https://www.linkedin.com/oauth/v2',
+        apiUrl: 'https://api.linkedin.com/v2',
+        addToProfileUrl: 'https://www.linkedin.com/profile/add',
+        addToFeed: 'https://www.linkedin.com/feed/update',
+      },
+    });
+  });
+});

package/test/careerwallet-consents-controller.test.js ADDED Viewed

@@ -0,0 +1,409 @@
+const { mongoDb } = require('@spencejs/spence-mongo-repos');
+const { hexFromJwk } = require('@velocitycareerlabs/jwt');
+const { errorResponseMatcher } = require('@velocitycareerlabs/tests-helpers');
+const { generateKeyPair } = require('@velocitycareerlabs/crypto');
+const initConsentCareerWalletFactory = require('./factories/consents-career-wallet-factory');
+const buildFastify = require('./helpers/careerwallet-build-fastify');
+const consentsRepoPlugin = require('../src/controllers/api/v0.6/careerwallet/consents/repo');
+const { createAccessToken } = require('./helpers/access-token');
+const { accountScopes, adminScopes } = require('../src/entities');
+describe('Consents career wallet controller tests', () => {
+  let fastify;
+  const baseUrl = 'api/v0.6/careerwallet';
+  let persistConsentsCareerWallet;
+  let consentsRepo;
+  let publicKey;
+  let privateKey;
+  let clientAccessToken;
+  let serverClientAccessToken;
+  beforeAll(async () => {
+    ({ publicKey, privateKey } = generateKeyPair({ format: 'jwk' }));
+    fastify = buildFastify({
+      holderAppServerAccessTokenPublicKey: publicKey,
+      holderAppServerAccessTokenSigningKey: hexFromJwk(privateKey),
+    });
+    await fastify.ready();
+    ({ persistConsentsCareerWallet } = initConsentCareerWalletFactory(fastify));
+    clientAccessToken = await createAccessToken(
+      accountScopes.account,
+      privateKey,
+      'mocked-user-id'
+    );
+    serverClientAccessToken = await createAccessToken(
+      adminScopes.adminClient,
+      privateKey,
+      'https://webwallet.velocitycareerlabs.com/'
+    );
+    consentsRepo = await consentsRepoPlugin(fastify)({
+      log: fastify.log,
+      config: fastify.config,
+    });
+  });
+  beforeEach(async () => {
+    await mongoDb().collection('organizations').deleteMany({});
+    await mongoDb().collection('groups').deleteMany({});
+    await mongoDb().collection('consentsCareerWallet').deleteMany({});
+  });
+  afterAll(async () => {
+    await fastify.close();
+  });
+  describe('Add consents tests', () => {
+    it('should 400 if version does not exist in body', async () => {
+      const response = await fastify.injectJson({
+        method: 'POST',
+        url: `${baseUrl}/consents/add`,
+        payload: {},
+      });
+      expect(response.statusCode).toBe(400);
+      expect(response.json).toStrictEqual(
+        errorResponseMatcher({
+          error: 'Bad Request',
+          errorCode: 'request_validation_failed',
+          message: "body must have required property 'version'",
+          statusCode: 400,
+        })
+      );
+    });
+    it('should 400 if version is empty string', async () => {
+      const response = await fastify.injectJson({
+        method: 'POST',
+        url: `${baseUrl}/consents/add`,
+        payload: {
+          version: '',
+          accountId: 'mocked-user-id',
+        },
+      });
+      expect(response.statusCode).toBe(400);
+      expect(response.json).toStrictEqual(
+        errorResponseMatcher({
+          error: 'Bad Request',
+          errorCode: 'request_validation_failed',
+          message: 'body/version must match pattern "[0-9]+.[0-9]+"',
+          statusCode: 400,
+        })
+      );
+    });
+    it('should 400 if version does not match pattern', async () => {
+      const response = await fastify.injectJson({
+        method: 'POST',
+        url: `${baseUrl}/consents/add`,
+        payload: {
+          version: 'abc',
+          accountId: 'mocked-user-id',
+        },
+      });
+      expect(response.statusCode).toBe(400);
+      expect(response.json).toStrictEqual(
+        errorResponseMatcher({
+          error: 'Bad Request',
+          errorCode: 'request_validation_failed',
+          message: 'body/version must match pattern "[0-9]+.[0-9]+"',
+          statusCode: 400,
+        })
+      );
+    });
+    it('should 400 if accountId does not exist in body', async () => {
+      const response = await fastify.injectJson({
+        method: 'POST',
+        url: `${baseUrl}/consents/add`,
+        payload: {
+          version: '1.0',
+        },
+      });
+      expect(response.statusCode).toBe(400);
+      expect(response.json).toStrictEqual(
+        errorResponseMatcher({
+          error: 'Bad Request',
+          errorCode: 'request_validation_failed',
+          message: "body must have required property 'accountId'",
+          statusCode: 400,
+        })
+      );
+    });
+    it('should create consent for authorized user', async () => {
+      const response = await fastify.injectJson({
+        method: 'POST',
+        url: `${baseUrl}/consents/add`,
+        payload: {
+          version: '1.0',
+          accountId: 'mocked-user-id',
+        },
+      });
+      const consent = await consentsRepo.findOne({
+        filter: {
+          accountId: 'mocked-user-id',
+        },
+      });
+      expect(response.statusCode).toStrictEqual(201);
+      expect(response.json.consent).toStrictEqual({
+        createdAt: expect.any(String),
+        id: expect.any(String),
+        accountId: 'mocked-user-id',
+        version: '1.0',
+      });
+      expect({
+        createdAt: consent.createdAt.toISOString(),
+        id: consent._id.toString(),
+        accountId: consent.accountId,
+        version: consent.version,
+      }).toStrictEqual(response.json.consent);
+    });
+    it('should create new one consent version if user already has consent', async () => {
+      const consent = await persistConsentsCareerWallet();
+      const response = await fastify.injectJson({
+        method: 'POST',
+        url: `${baseUrl}/consents/add`,
+        payload: {
+          version: '2.2',
+          accountId: 'mocked-user-id',
+        },
+      });
+      const consents = await consentsRepo.find({
+        filter: {
+          accountId: 'mocked-user-id',
+        },
+      });
+      expect(consents.length).toBe(2);
+      expect(response.statusCode).toStrictEqual(201);
+      expect([
+        {
+          createdAt: consents[0].createdAt.toISOString(),
+          id: consents[0]._id.toString(),
+          accountId: consents[0].accountId,
+          version: consents[0].version,
+        },
+        {
+          createdAt: consents[1].createdAt.toISOString(),
+          id: consents[1]._id.toString(),
+          accountId: consents[1].accountId,
+          version: consents[1].version,
+        },
+      ]).toStrictEqual([
+        response.json.consent,
+        {
+          createdAt: consent.createdAt,
+          id: consent._id.toString(),
+          accountId: consent.accountId,
+          version: consent.version,
+        },
+      ]);
+    });
+    it('should not create new one consent if version already exist', async () => {
+      const consent = await persistConsentsCareerWallet({
+        version: '2.2',
+      });
+      const response = await fastify.injectJson({
+        method: 'POST',
+        url: `${baseUrl}/consents/add`,
+        payload: {
+          version: '2.2',
+          accountId: 'mocked-user-id',
+        },
+      });
+      const consents = await consentsRepo.find({
+        filter: {
+          accountId: 'mocked-user-id',
+        },
+      });
+      expect(consents.length).toBe(1);
+      expect(response.statusCode).toEqual(201);
+      expect([
+        {
+          createdAt: consents[0].createdAt.toISOString(),
+          id: consents[0]._id.toString(),
+          accountId: consents[0].accountId,
+          version: consents[0].version,
+        },
+      ]).toEqual([response.json.consent]);
+      expect([
+        {
+          createdAt: consents[0].createdAt.toISOString(),
+          id: consents[0]._id.toString(),
+          accountId: consents[0].accountId,
+          version: consents[0].version,
+        },
+      ]).toStrictEqual([
+        {
+          createdAt: consent.createdAt,
+          id: consent._id.toString(),
+          accountId: consent.accountId,
+          version: consent.version,
+        },
+      ]);
+    });
+  });
+  describe('Get consents tests', () => {
+    it('should get latest consent', async () => {
+      await persistConsentsCareerWallet();
+      const consent = await persistConsentsCareerWallet({
+        version: '1.1',
+      });
+      const response = await fastify.injectJson({
+        method: 'GET',
+        url: `${baseUrl}/consents/latest`,
+        headers: {
+          authorization: `Bearer ${clientAccessToken}`,
+        },
+      });
+      expect(response.statusCode).toEqual(200);
+      expect(response.json).toEqual({
+        consent: {
+          createdAt: expect.any(String),
+          id: consent._id.toString(),
+          accountId: 'mocked-user-id',
+          version: '1.1',
+        },
+      });
+    });
+    it('should get 400 if consents not found', async () => {
+      const response = await fastify.injectJson({
+        method: 'GET',
+        url: `${baseUrl}/consents/latest`,
+        headers: {
+          authorization: `Bearer ${clientAccessToken}`,
+        },
+      });
+      expect(response.statusCode).toEqual(400);
+      expect(response.json).toEqual(
+        errorResponseMatcher({
+          error: 'Bad Request',
+          message: 'Consents not found',
+          errorCode: 'missing_error_code',
+          statusCode: 400,
+        })
+      );
+    });
+    it('should get 400 if token invalid', async () => {
+      const response = await fastify.injectJson({
+        method: 'GET',
+        url: `${baseUrl}/consents/latest`,
+        headers: {
+          authorization: `Bearer qwe${clientAccessToken}`,
+        },
+      });
+      expect(response.statusCode).toEqual(401);
+      expect(response.json).toEqual(
+        errorResponseMatcher({
+          error: 'Unauthorized',
+          message: 'invalid authorization header',
+          errorCode: 'missing_error_code',
+          statusCode: 401,
+        })
+      );
+    });
+    it('Should 401 if jwt token not set', async () => {
+      const response = await fastify.injectJson({
+        method: 'GET',
+        url: `${baseUrl}/consents/latest`,
+        headers: {
+          authorization: '',
+        },
+      });
+      expect(response.statusCode).toEqual(401);
+      expect(response.json).toEqual(
+        errorResponseMatcher({
+          error: 'Unauthorized',
+          message: 'missing authorization header',
+          errorCode: 'missing_error_code',
+          statusCode: 401,
+        })
+      );
+    });
+  });
+  it('should return latest consent if requested by the server client with valid M2M token', async () => {
+    await persistConsentsCareerWallet();
+    const consent = await persistConsentsCareerWallet({
+      version: '1.1',
+    });
+    const response = await fastify.injectJson({
+      method: 'GET',
+      url: `${baseUrl}/consents/latest?accountId=mocked-user-id`,
+      headers: {
+        authorization: `Bearer ${serverClientAccessToken}`,
+      },
+    });
+    expect(response.statusCode).toEqual(200);
+    expect(response.json).toEqual({
+      consent: {
+        createdAt: expect.any(String),
+        id: consent._id.toString(),
+        accountId: 'mocked-user-id',
+        version: '1.1',
+      },
+    });
+  });
+  it('should return 400 if requested by the server client with valid M2M token but accountId is not set', async () => {
+    const response = await fastify.injectJson({
+      method: 'GET',
+      url: `${baseUrl}/consents/latest`,
+      headers: {
+        authorization: `Bearer ${serverClientAccessToken}`,
+      },
+    });
+    expect(response.statusCode).toEqual(400);
+    expect(response.json).toEqual(
+      errorResponseMatcher({
+        error: 'Bad Request',
+        message: 'AccountId query param is missed',
+        errorCode: 'missing_error_code',
+        statusCode: 400,
+      })
+    );
+  });
+  it('should return 400 if requested by the regular client but accountId and sub are different', async () => {
+    const response = await fastify.injectJson({
+      method: 'GET',
+      url: `${baseUrl}/consents/latest?accountId=mocked-user-id-mismatched`,
+      headers: {
+        authorization: `Bearer ${clientAccessToken}`,
+      },
+    });
+    expect(response.statusCode).toEqual(400);
+    expect(response.json).toEqual(
+      errorResponseMatcher({
+        error: 'Bad Request',
+        message: 'Param accountId and sub mismatch',
+        errorCode: 'missing_error_code',
+        statusCode: 400,
+      })
+    );
+  });
+});