@villedemontreal/jwt-validator 5.9.3 → 5.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/dist/scripts/showCoverage.js.map +1 -1
  2. package/dist/scripts/testUnits.js.map +1 -1
  3. package/dist/scripts/watch.js.map +1 -1
  4. package/dist/src/config/configs.js.map +1 -1
  5. package/dist/src/config/init.js +2 -3
  6. package/dist/src/config/init.js.map +1 -1
  7. package/dist/src/jwtValidator.js.map +1 -1
  8. package/dist/src/jwtValidator.test.js.map +1 -1
  9. package/dist/src/middleware/jwtMiddleware.js.map +1 -1
  10. package/dist/src/middleware/tokenTransformationMiddleware.js.map +1 -1
  11. package/dist/src/models/customError.js +2 -3
  12. package/dist/src/models/customError.js.map +1 -1
  13. package/dist/src/models/gluuUserType.js +1 -1
  14. package/dist/src/models/gluuUserType.js.map +1 -1
  15. package/dist/src/models/identities.d.ts +523 -0
  16. package/dist/src/models/identities.js +57 -0
  17. package/dist/src/models/identities.js.map +1 -0
  18. package/dist/src/models/publicKey.d.ts +0 -1
  19. package/dist/src/models/publicKey.js +1 -1
  20. package/dist/src/models/publicKey.js.map +1 -1
  21. package/dist/src/repositories/cachedPublicKeyRepository.js.map +1 -1
  22. package/dist/src/repositories/publicKeyRepository.js.map +1 -1
  23. package/dist/src/userValidator.js.map +1 -1
  24. package/dist/src/userValidator.test.js.map +1 -1
  25. package/dist/src/utils/createIdentityFromJwt.d.ts +39 -0
  26. package/dist/src/utils/createIdentityFromJwt.js +464 -0
  27. package/dist/src/utils/createIdentityFromJwt.js.map +1 -0
  28. package/dist/src/utils/createIdentityFromJwt.test.d.ts +1 -0
  29. package/dist/src/utils/createIdentityFromJwt.test.js +1433 -0
  30. package/dist/src/utils/createIdentityFromJwt.test.js.map +1 -0
  31. package/dist/src/utils/jwtMock.js.map +1 -1
  32. package/dist/src/utils/logger.js +2 -3
  33. package/dist/src/utils/logger.js.map +1 -1
  34. package/dist/src/utils/testingConfigurations.js +1 -2
  35. package/dist/src/utils/testingConfigurations.js.map +1 -1
  36. package/package.json +30 -30
  37. package/src/models/identities.ts +621 -0
  38. package/src/utils/createIdentityFromJwt.test.ts +1595 -0
  39. package/src/utils/createIdentityFromJwt.ts +540 -0
package/dist/src/utils/createIdentityFromJwt.test.js ADDED
@@ -0,0 +1,1433 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ const chai_1 = require("chai");
4
+ const mocha_1 = require("mocha");
5
+ const createIdentityFromJwt_1 = require("./createIdentityFromJwt");
6
+ (0, mocha_1.describe)('createIdentityFromJwt', () => {
7
+ (0, mocha_1.it)('should recognize an employee', () => {
8
+ const jwt = {
9
+ iss: 'security-identity-token-api',
10
+ exp: 1721783045,
11
+ iat: 1721777736,
12
+ keyId: 6,
13
+ displayName: 'infra-auth-auth-playground-dev',
14
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
15
+ name: 'John DOE',
16
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
17
+ userName: 'udoejo3',
18
+ givenName: 'John',
19
+ familyName: 'DOE',
20
+ userType: 'employee',
21
+ employeeNumber: '100674051',
22
+ department: '421408000000',
23
+ phoneMobileNumber: '5141111111',
24
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
25
+ realm: 'employees',
26
+ env: 'dev',
27
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
28
+ email: 'john.doe@montreal.ca',
29
+ };
30
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
31
+ // console.log(identity);
32
+ (0, chai_1.expect)(identity.toString()).to.equal('user:employee:udoejo3:John DOE:john.doe@montreal.ca:100674051:421408000000:vdm');
33
+ (0, chai_1.expect)(`${identity}`).to.equal('user:employee:udoejo3:John DOE:john.doe@montreal.ca:100674051:421408000000:vdm');
34
+ if (identity.type === 'user') {
35
+ // we test that the registration is optional when you don't know the type of user
36
+ if (identity.attributes.registrationNumber) {
37
+ (0, chai_1.expect)(identity.attributes.registrationNumber).to.eql('100674051');
38
+ }
39
+ else {
40
+ chai_1.expect.fail('expected to find the registration number');
41
+ }
42
+ if (identity.attributes.type === 'employee') {
43
+ // we test that the registrationNumber is not optional when type is employee
44
+ (0, chai_1.expect)(identity.attributes.registrationNumber.substring(0, 4)).to.eql('1006');
45
+ }
46
+ else {
47
+ chai_1.expect.fail('expected employee');
48
+ }
49
+ }
50
+ else {
51
+ chai_1.expect.fail('expected user identity');
52
+ }
53
+ delete identity.toString;
54
+ (0, chai_1.expect)(identity).to.eql({
55
+ type: 'user',
56
+ id: 'udoejo3',
57
+ displayName: 'John DOE',
58
+ attributes: {
59
+ type: 'employee',
60
+ email: 'john.doe@montreal.ca',
61
+ username: 'udoejo3',
62
+ registrationNumber: '100674051',
63
+ department: '421408000000',
64
+ firstName: 'John',
65
+ lastName: 'DOE',
66
+ accountProfile: 'vdm',
67
+ },
68
+ source: {
69
+ issuer: 'security-identity-token-api',
70
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
71
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
72
+ env: 'dev',
73
+ realm: 'employees',
74
+ claim: 'userName',
75
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
76
+ },
77
+ });
78
+ // console.log(JSON.stringify(identity));
79
+ (0, chai_1.expect)(JSON.stringify(identity)).to.eql(`{"type":"user","id":"udoejo3","displayName":"John DOE","attributes":{"type":"employee","email":"john.doe@montreal.ca","username":"udoejo3","registrationNumber":"100674051","department":"421408000000","firstName":"John","lastName":"DOE","accountProfile":"vdm"},"source":{"aud":"e5dd632b-cb97-48d7-a310-5147be717cde","issuer":"security-identity-token-api","accessTokenIssuer":"https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0","env":"dev","realm":"employees","claim":"userName","internalId":"0b64042a-9cce-42dc-b645-cd721cbbc179"}}`);
80
+ });
81
+ (0, mocha_1.it)('should recognize an employee of SPVM', () => {
82
+ const jwt = {
83
+ iss: 'security-identity-token-api',
84
+ exp: 1721783045,
85
+ iat: 1721777736,
86
+ keyId: 6,
87
+ displayName: 'infra-auth-auth-playground-dev',
88
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
89
+ name: 'John DOE',
90
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
91
+ userName: 'udoejo3',
92
+ givenName: 'John',
93
+ familyName: 'DOE',
94
+ userType: 'employee',
95
+ employeeNumber: '100674051',
96
+ department: 'PDQ 11',
97
+ phoneMobileNumber: '5141111111',
98
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
99
+ realm: 'employees',
100
+ env: 'dev',
101
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
102
+ email: 'john.doe@spvm.qc.ca',
103
+ };
104
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
105
+ // console.log(identity);
106
+ (0, chai_1.expect)(identity.toString()).to.equal('user:employee:udoejo3:John DOE:john.doe@spvm.qc.ca:100674051:PDQ 11:spvm');
107
+ delete identity.toString;
108
+ (0, chai_1.expect)(identity).to.eql({
109
+ type: 'user',
110
+ id: 'udoejo3',
111
+ displayName: 'John DOE',
112
+ attributes: {
113
+ type: 'employee',
114
+ email: 'john.doe@spvm.qc.ca',
115
+ username: 'udoejo3',
116
+ registrationNumber: '100674051',
117
+ department: 'PDQ 11',
118
+ firstName: 'John',
119
+ lastName: 'DOE',
120
+ accountProfile: 'spvm',
121
+ },
122
+ source: {
123
+ issuer: 'security-identity-token-api',
124
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
125
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
126
+ env: 'dev',
127
+ realm: 'employees',
128
+ claim: 'userName',
129
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
130
+ },
131
+ });
132
+ // console.log(JSON.stringify(identity));
133
+ });
134
+ (0, mocha_1.it)('should recognize an employee using his admin profile (Prod)', () => {
135
+ const jwt = {
136
+ iss: 'security-identity-token-api',
137
+ exp: 1721783045,
138
+ iat: 1721777736,
139
+ keyId: 6,
140
+ displayName: 'infra-auth-auth-playground-dev',
141
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
142
+ name: 'John DOE',
143
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
144
+ userName: 'udoejo3',
145
+ givenName: 'John',
146
+ familyName: 'DOE',
147
+ userType: 'employee',
148
+ employeeNumber: '100674051',
149
+ department: '421408000000',
150
+ phoneMobileNumber: '5141111111',
151
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
152
+ realm: 'employees',
153
+ env: 'dev',
154
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
155
+ email: 'john.doe.adm@lavilledemontreal.omnicrosoft.com',
156
+ };
157
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
158
+ // console.log(identity);
159
+ (0, chai_1.expect)(identity.toString()).to.equal('user:employee:udoejo3:John DOE:john.doe.adm@lavilledemontreal.omnicrosoft.com:100674051:421408000000:vdm-admin');
160
+ delete identity.toString;
161
+ (0, chai_1.expect)(identity).to.eql({
162
+ type: 'user',
163
+ id: 'udoejo3',
164
+ displayName: 'John DOE',
165
+ attributes: {
166
+ type: 'employee',
167
+ email: 'john.doe.adm@lavilledemontreal.omnicrosoft.com',
168
+ username: 'udoejo3',
169
+ registrationNumber: '100674051',
170
+ department: '421408000000',
171
+ firstName: 'John',
172
+ lastName: 'DOE',
173
+ accountProfile: 'vdm-admin',
174
+ },
175
+ source: {
176
+ issuer: 'security-identity-token-api',
177
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
178
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
179
+ env: 'dev',
180
+ realm: 'employees',
181
+ claim: 'userName',
182
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
183
+ },
184
+ });
185
+ // console.log(JSON.stringify(identity));
186
+ });
187
+ (0, mocha_1.it)('should recognize an employee using his admin profile (LAB)', () => {
188
+ const jwt = {
189
+ iss: 'security-identity-token-api',
190
+ exp: 1721783045,
191
+ iat: 1721777736,
192
+ keyId: 6,
193
+ displayName: 'infra-auth-auth-playground-dev',
194
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
195
+ name: 'John DOE',
196
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
197
+ userName: 'udoejo3',
198
+ givenName: 'John',
199
+ familyName: 'DOE',
200
+ userType: 'employee',
201
+ employeeNumber: '100674051',
202
+ department: '421408000000',
203
+ phoneMobileNumber: '5141111111',
204
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
205
+ realm: 'employees',
206
+ env: 'dev',
207
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
208
+ email: 'john.doe.adm@montrealville.omnicrosoft.com',
209
+ };
210
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
211
+ // console.log(identity);
212
+ (0, chai_1.expect)(identity.toString()).to.equal('user:employee:udoejo3:John DOE:john.doe.adm@montrealville.omnicrosoft.com:100674051:421408000000:vdm-admin');
213
+ delete identity.toString;
214
+ (0, chai_1.expect)(identity).to.eql({
215
+ type: 'user',
216
+ id: 'udoejo3',
217
+ displayName: 'John DOE',
218
+ attributes: {
219
+ type: 'employee',
220
+ email: 'john.doe.adm@montrealville.omnicrosoft.com',
221
+ username: 'udoejo3',
222
+ registrationNumber: '100674051',
223
+ department: '421408000000',
224
+ firstName: 'John',
225
+ lastName: 'DOE',
226
+ accountProfile: 'vdm-admin',
227
+ },
228
+ source: {
229
+ issuer: 'security-identity-token-api',
230
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
231
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
232
+ env: 'dev',
233
+ realm: 'employees',
234
+ claim: 'userName',
235
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
236
+ },
237
+ });
238
+ // console.log(JSON.stringify(identity));
239
+ });
240
+ (0, mocha_1.it)('should recognize an external user by its username (codeX)', () => {
241
+ const jwt = {
242
+ iss: 'security-identity-token-api',
243
+ exp: 1721783045,
244
+ iat: 1721777736,
245
+ keyId: 6,
246
+ displayName: 'infra-auth-auth-playground-dev',
247
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
248
+ name: 'John DOE',
249
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
250
+ userName: 'xdoejo3',
251
+ givenName: 'John',
252
+ familyName: 'DOE',
253
+ userType: 'employee',
254
+ phoneMobileNumber: '5141111111',
255
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
256
+ realm: 'employees',
257
+ env: 'dev',
258
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
259
+ email: 'john.doe@montreal.ca',
260
+ };
261
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
262
+ // console.log(identity);
263
+ (0, chai_1.expect)(identity.toString()).to.equal('user:external:xdoejo3:John DOE:john.doe@montreal.ca::vdm');
264
+ delete identity.toString;
265
+ (0, chai_1.expect)(identity).to.eql({
266
+ type: 'user',
267
+ id: 'xdoejo3',
268
+ displayName: 'John DOE',
269
+ attributes: {
270
+ type: 'external',
271
+ email: 'john.doe@montreal.ca',
272
+ username: 'xdoejo3',
273
+ department: undefined,
274
+ firstName: 'John',
275
+ lastName: 'DOE',
276
+ accountProfile: 'vdm',
277
+ },
278
+ source: {
279
+ issuer: 'security-identity-token-api',
280
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
281
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
282
+ env: 'dev',
283
+ realm: 'employees',
284
+ claim: 'userName',
285
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
286
+ },
287
+ });
288
+ });
289
+ (0, mocha_1.it)('should recognize an external user by its email (.ext)', () => {
290
+ const jwt = {
291
+ iss: 'security-identity-token-api',
292
+ exp: 1721783045,
293
+ iat: 1721777736,
294
+ keyId: 6,
295
+ displayName: 'infra-auth-auth-playground-dev',
296
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
297
+ name: 'John DOE',
298
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
299
+ userName: 'foobar',
300
+ givenName: 'John',
301
+ familyName: 'DOE',
302
+ userType: 'employee',
303
+ phoneMobileNumber: '5141111111',
304
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
305
+ realm: 'employees',
306
+ env: 'dev',
307
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
308
+ email: 'john.doe.ext@montreal.ca',
309
+ };
310
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
311
+ // console.log(identity);
312
+ (0, chai_1.expect)(identity.toString()).to.equal('user:external:foobar:John DOE:john.doe.ext@montreal.ca::vdm');
313
+ delete identity.toString;
314
+ (0, chai_1.expect)(identity).to.eql({
315
+ type: 'user',
316
+ id: 'foobar',
317
+ displayName: 'John DOE',
318
+ attributes: {
319
+ type: 'external',
320
+ email: 'john.doe.ext@montreal.ca',
321
+ username: 'foobar',
322
+ department: undefined,
323
+ firstName: 'John',
324
+ lastName: 'DOE',
325
+ accountProfile: 'vdm',
326
+ },
327
+ source: {
328
+ issuer: 'security-identity-token-api',
329
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
330
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
331
+ env: 'dev',
332
+ realm: 'employees',
333
+ claim: 'userName',
334
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
335
+ },
336
+ });
337
+ });
338
+ (0, mocha_1.it)('should recognize a generic user', () => {
339
+ const jwt = {
340
+ iss: 'security-identity-token-api',
341
+ exp: 1722376780,
342
+ iat: 1722371805,
343
+ keyId: 6,
344
+ displayName: 'infra-auth-auth-playground-dev',
345
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
346
+ name: 'C.Generique dsec developpeur2',
347
+ sub: 'mlKfaYaESpCXWGoHE3ej-kCaUBwfsQzqayvRvXXQHJo',
348
+ userName: 'cgdsecdev2',
349
+ givenName: 'C.Generique',
350
+ familyName: 'dsec developpeur2',
351
+ userType: 'employee',
352
+ department: '4211',
353
+ oid: '74096b4e-c090-4a97-af04-bbe25dc4f7d6',
354
+ isGenericAccount: true,
355
+ realm: 'employees',
356
+ env: 'dev',
357
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
358
+ };
359
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
360
+ // console.log(identity);
361
+ (0, chai_1.expect)(identity.toString()).to.equal('user:generic:cgdsecdev2:C.Generique dsec developpeur2::4211:vdm');
362
+ delete identity.toString;
363
+ (0, chai_1.expect)(identity).to.eql({
364
+ type: 'user',
365
+ id: 'cgdsecdev2',
366
+ displayName: 'C.Generique dsec developpeur2',
367
+ attributes: {
368
+ type: 'generic',
369
+ username: 'cgdsecdev2',
370
+ email: undefined,
371
+ department: '4211',
372
+ firstName: 'C.Generique',
373
+ lastName: 'dsec developpeur2',
374
+ accountProfile: 'vdm',
375
+ },
376
+ source: {
377
+ issuer: 'security-identity-token-api',
378
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
379
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
380
+ env: 'dev',
381
+ realm: 'employees',
382
+ claim: 'userName',
383
+ internalId: '74096b4e-c090-4a97-af04-bbe25dc4f7d6',
384
+ },
385
+ });
386
+ });
387
+ (0, mocha_1.it)('should recognize a guest user', () => {
388
+ const jwt = {
389
+ iss: 'security-identity-token-api',
390
+ exp: 1722376780,
391
+ iat: 1722371805,
392
+ keyId: 6,
393
+ displayName: 'infra-auth-auth-playground-dev',
394
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
395
+ name: 'doe.daniel@hydro.qc.ca',
396
+ sub: 'mlKfaYaGoHEESpCXW3ej-kCaUBwfsQzqayvRvXXQHJo',
397
+ userName: 'doe.daniel_hydro.qc.ca#EXT#@lavilledemontreal.omnicrosoft.com',
398
+ userType: 'employee',
399
+ oid: '74096b4e-90c0-974a-af04-bbe25dc4f7d6',
400
+ realm: 'employees',
401
+ env: 'dev',
402
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
403
+ email: 'doe.daniel@hydro.qc.ca',
404
+ };
405
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
406
+ // console.log(identity);
407
+ (0, chai_1.expect)(identity.toString()).to.equal('user:guest:employees:doe.daniel_hydro.qc.ca#EXT#@lavilledemontreal.omnicrosoft.com:doe.daniel@hydro.qc.ca:doe.daniel@hydro.qc.ca');
408
+ delete identity.toString;
409
+ (0, chai_1.expect)(identity).to.eql({
410
+ type: 'user',
411
+ id: 'doe.daniel_hydro.qc.ca#EXT#@lavilledemontreal.omnicrosoft.com',
412
+ displayName: 'doe.daniel@hydro.qc.ca',
413
+ attributes: {
414
+ type: 'guest',
415
+ email: 'doe.daniel@hydro.qc.ca',
416
+ username: 'doe.daniel_hydro.qc.ca#EXT#@lavilledemontreal.omnicrosoft.com',
417
+ department: undefined,
418
+ firstName: undefined,
419
+ lastName: undefined,
420
+ accountProfile: 'vdm',
421
+ },
422
+ source: {
423
+ issuer: 'security-identity-token-api',
424
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
425
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
426
+ env: 'dev',
427
+ realm: 'employees',
428
+ claim: 'userName',
429
+ internalId: '74096b4e-90c0-974a-af04-bbe25dc4f7d6',
430
+ },
431
+ });
432
+ });
433
+ (0, mocha_1.it)('should recognize an anonymous user', () => {
434
+ const jwt = {
435
+ iss: 'security-identity-token-api',
436
+ exp: 1722377045,
437
+ iat: 1722373445,
438
+ keyId: 6,
439
+ displayName: 'Account Identity Managment',
440
+ aud: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0008!2212.0010',
441
+ name: 'srvAcc Anonymous',
442
+ sub: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!0000.1111.0020',
443
+ inum: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!0000.1111.0020',
444
+ userName: 'srvAccAnonymous',
445
+ givenName: 'srvAcc',
446
+ familyName: 'Anonymous',
447
+ userType: 'anonymous',
448
+ realm: 'anonymous',
449
+ env: 'dev',
450
+ accessTokenIssuer: 'security-identity-anonymous-token-api',
451
+ };
452
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
453
+ // console.log(identity);
454
+ (0, chai_1.expect)(identity.toString()).to.equal('anonymous:srvAccAnonymous:srvAcc Anonymous');
455
+ delete identity.toString;
456
+ (0, chai_1.expect)(identity).to.eql({
457
+ type: 'anonymous',
458
+ id: 'srvAccAnonymous',
459
+ displayName: 'srvAcc Anonymous',
460
+ attributes: {
461
+ type: 'anonymous',
462
+ username: 'srvAccAnonymous',
463
+ },
464
+ source: {
465
+ issuer: 'security-identity-token-api',
466
+ accessTokenIssuer: 'security-identity-anonymous-token-api',
467
+ aud: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0008!2212.0010',
468
+ env: 'dev',
469
+ realm: 'anonymous',
470
+ claim: 'userName',
471
+ internalId: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!0000.1111.0020',
472
+ },
473
+ });
474
+ });
475
+ (0, mocha_1.it)('should recognize a client service account', () => {
476
+ const jwt = {
477
+ iss: 'security-identity-token-api',
478
+ exp: 1721782408,
479
+ iat: 1721778508,
480
+ keyId: 6,
481
+ displayName: 'infra-auth-auth-playground-dev',
482
+ aud: 'e5dd632b-cb97-48d7-a310-cde5147be717',
483
+ sub: 'e5dd632b-cb97-48d7-a310-cde5147be717',
484
+ userType: 'client',
485
+ oid: '18e8a9b0-876f-4a78-9934-ce3774903c2a',
486
+ realm: 'employees',
487
+ env: 'dev',
488
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
489
+ };
490
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
491
+ // console.log(identity);
492
+ (0, chai_1.expect)(identity.toString()).to.equal('service-account:client:e5dd632b-cb97-48d7-a310-cde5147be717:infra-auth-auth-playground-dev');
493
+ delete identity.toString;
494
+ (0, chai_1.expect)(identity).to.eql({
495
+ type: 'service-account',
496
+ id: 'e5dd632b-cb97-48d7-a310-cde5147be717',
497
+ displayName: 'infra-auth-auth-playground-dev',
498
+ attributes: {
499
+ type: 'client',
500
+ },
501
+ source: {
502
+ issuer: 'security-identity-token-api',
503
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
504
+ aud: 'e5dd632b-cb97-48d7-a310-cde5147be717',
505
+ env: 'dev',
506
+ realm: 'employees',
507
+ claim: 'aud',
508
+ internalId: '18e8a9b0-876f-4a78-9934-ce3774903c2a',
509
+ },
510
+ });
511
+ });
512
+ (0, mocha_1.it)('should recognize a user service account', () => {
513
+ const jwt = {
514
+ iss: 'security-identity-token-api',
515
+ exp: 1722375517,
516
+ iat: 1722373717,
517
+ keyId: 6,
518
+ displayName: 'DiagnosticsCanary',
519
+ aud: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0008!2212.0130',
520
+ name: 'srvAcc Diagnostics Canary',
521
+ sub: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!0000.2222.0080',
522
+ inum: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!0000.2222.0080',
523
+ userName: 'srvAccDiagCanary',
524
+ givenName: 'srvAcc',
525
+ familyName: 'srvAccDiagCanary',
526
+ userType: 'serviceAccount',
527
+ realm: 'citizens',
528
+ env: 'dev',
529
+ accessTokenIssuer: 'https://auth.dev.interne.montreal.ca',
530
+ };
531
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
532
+ // console.log(identity);
533
+ (0, chai_1.expect)(identity.toString()).to.equal('service-account:user:srvAccDiagCanary:srvAcc Diagnostics Canary');
534
+ delete identity.toString;
535
+ (0, chai_1.expect)(identity).to.eql({
536
+ type: 'service-account',
537
+ id: 'srvAccDiagCanary',
538
+ displayName: 'srvAcc Diagnostics Canary',
539
+ attributes: {
540
+ type: 'user',
541
+ username: 'srvAccDiagCanary',
542
+ },
543
+ source: {
544
+ issuer: 'security-identity-token-api',
545
+ accessTokenIssuer: 'https://auth.dev.interne.montreal.ca',
546
+ aud: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0008!2212.0130',
547
+ env: 'dev',
548
+ realm: 'citizens',
549
+ claim: 'userName',
550
+ internalId: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!0000.2222.0080',
551
+ },
552
+ });
553
+ });
554
+ (0, mocha_1.it)('should recognize a citizen', () => {
555
+ const jwt = {
556
+ iss: 'security-identity-token-api',
557
+ exp: 1722377562,
558
+ iat: 1722373962,
559
+ keyId: 6,
560
+ displayName: 'infra-auth-auth-playground',
561
+ aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
562
+ name: 'John Doe',
563
+ sub: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!3F39.BEDB.4ADB.F74D',
564
+ inum: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!3F39.BEDB.4ADB.F74D',
565
+ userName: 'john.doe@mailinator.com',
566
+ givenName: 'John',
567
+ familyName: 'Doe',
568
+ oid: '7d69384b-dcf4-4972-ebb3-d546551c700f',
569
+ realm: 'citizens',
570
+ env: 'dev',
571
+ accessTokenIssuer: 'https://connexion.dev.montreal.ca/1543b575-116b-4325-a0bf-3ccdd7925321/v2.0/',
572
+ mtlIdentityId: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!3F39.BEDB.4ADB.F74D',
573
+ email: 'john.doe@mailinator.com',
574
+ };
575
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
576
+ // console.log(identity);
577
+ (0, chai_1.expect)(identity.toString()).to.equal('user:citizen:@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!3F39.BEDB.4ADB.F74D:John Doe:john.doe@mailinator.com');
578
+ delete identity.toString;
579
+ (0, chai_1.expect)(identity).to.eql({
580
+ type: 'user',
581
+ id: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!3F39.BEDB.4ADB.F74D',
582
+ displayName: 'John Doe',
583
+ attributes: {
584
+ type: 'citizen',
585
+ username: 'john.doe@mailinator.com',
586
+ email: 'john.doe@mailinator.com',
587
+ firstName: 'John',
588
+ lastName: 'Doe',
589
+ },
590
+ source: {
591
+ issuer: 'security-identity-token-api',
592
+ accessTokenIssuer: 'https://connexion.dev.montreal.ca/1543b575-116b-4325-a0bf-3ccdd7925321/v2.0/',
593
+ aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
594
+ env: 'dev',
595
+ realm: 'citizens',
596
+ claim: 'mtlIdentityId',
597
+ internalId: '7d69384b-dcf4-4972-ebb3-d546551c700f',
598
+ },
599
+ });
600
+ });
601
+ (0, mocha_1.it)('should default to unknown user identity', () => {
602
+ const jwt = {
603
+ iss: 'security-identity-token-api',
604
+ exp: 1722377562,
605
+ iat: 1722373962,
606
+ keyId: 6,
607
+ displayName: 'infra-auth-auth-playground',
608
+ aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
609
+ name: 'John Doe',
610
+ sub: '12345',
611
+ userName: 'john.doe',
612
+ userType: 'SomeUnknownType',
613
+ givenName: 'John',
614
+ familyName: 'Doe',
615
+ realm: 'employees',
616
+ env: 'dev',
617
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
618
+ email: 'john.doe@mailinator.com',
619
+ };
620
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
621
+ // console.log(identity);
622
+ (0, chai_1.expect)(identity.toString()).to.equal('user:unknown:john.doe:John Doe:john.doe@mailinator.com:::vdm');
623
+ delete identity.toString;
624
+ (0, chai_1.expect)(identity).to.eql({
625
+ type: 'user',
626
+ id: 'john.doe',
627
+ displayName: 'John Doe',
628
+ attributes: {
629
+ type: 'unknown',
630
+ email: 'john.doe@mailinator.com',
631
+ username: 'john.doe',
632
+ registrationNumber: undefined,
633
+ department: undefined,
634
+ firstName: 'John',
635
+ lastName: 'Doe',
636
+ accountProfile: 'vdm',
637
+ },
638
+ source: {
639
+ issuer: 'security-identity-token-api',
640
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
641
+ aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
642
+ env: 'dev',
643
+ realm: 'employees',
644
+ claim: 'userName',
645
+ internalId: '12345',
646
+ },
647
+ });
648
+ });
649
+ (0, mocha_1.it)('should default to unknown identity, with name', () => {
650
+ const jwt = {
651
+ iss: 'security-identity-token-api',
652
+ exp: 1722377562,
653
+ iat: 1722373962,
654
+ keyId: 6,
655
+ displayName: 'infra-auth-auth-playground',
656
+ aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
657
+ name: 'John Doe',
658
+ sub: '12345',
659
+ userType: 'SomeUnknownType',
660
+ realm: 'employees',
661
+ env: 'dev',
662
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
663
+ };
664
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
665
+ // console.log(identity);
666
+ (0, chai_1.expect)(identity.toString()).to.equal('unknown:12345:John Doe');
667
+ delete identity.toString;
668
+ (0, chai_1.expect)(identity).to.eql({
669
+ type: 'unknown',
670
+ id: '12345',
671
+ displayName: 'John Doe',
672
+ attributes: {
673
+ type: 'unknown',
674
+ },
675
+ source: {
676
+ issuer: 'security-identity-token-api',
677
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
678
+ aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
679
+ env: 'dev',
680
+ realm: 'employees',
681
+ claim: 'sub',
682
+ internalId: '12345',
683
+ },
684
+ });
685
+ });
686
+ (0, mocha_1.it)('should default to unknown identity, without name', () => {
687
+ const jwt = {
688
+ iss: 'security-identity-token-api',
689
+ exp: 1722377562,
690
+ iat: 1722373962,
691
+ keyId: 6,
692
+ displayName: 'infra-auth-auth-playground',
693
+ aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
694
+ // name: 'John Doe',
695
+ sub: '12345',
696
+ userType: 'SomeUnknownType',
697
+ realm: 'employees',
698
+ env: 'dev',
699
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
700
+ };
701
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
702
+ // console.log(identity);
703
+ (0, chai_1.expect)(identity.toString()).to.equal('unknown:12345:unknown');
704
+ delete identity.toString;
705
+ (0, chai_1.expect)(identity).to.eql({
706
+ type: 'unknown',
707
+ id: '12345',
708
+ displayName: 'unknown',
709
+ attributes: {
710
+ type: 'unknown',
711
+ },
712
+ source: {
713
+ issuer: 'security-identity-token-api',
714
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
715
+ aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
716
+ env: 'dev',
717
+ realm: 'employees',
718
+ claim: 'sub',
719
+ internalId: '12345',
720
+ },
721
+ });
722
+ });
723
+ (0, mocha_1.describe)('should not recognize an employee when some required attributes are missing', () => {
724
+ (0, mocha_1.it)('no registration number', () => {
725
+ const jwt = {
726
+ iss: 'security-identity-token-api',
727
+ exp: 1721783045,
728
+ iat: 1721777736,
729
+ keyId: 6,
730
+ displayName: 'infra-auth-auth-playground-dev',
731
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
732
+ name: 'John DOE',
733
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
734
+ userName: 'udoejo3',
735
+ givenName: 'John',
736
+ familyName: 'DOE',
737
+ userType: 'employee',
738
+ // employeeNumber: '100674051',
739
+ department: '421408000000',
740
+ phoneMobileNumber: '5141111111',
741
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
742
+ realm: 'employees',
743
+ env: 'dev',
744
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
745
+ email: 'john.doe@montreal.ca',
746
+ };
747
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
748
+ // console.log(identity);
749
+ (0, chai_1.expect)(identity.toString()).to.equal('user:unknown:udoejo3:John DOE:john.doe@montreal.ca::421408000000:vdm');
750
+ delete identity.toString;
751
+ (0, chai_1.expect)(identity).to.eql({
752
+ type: 'user',
753
+ id: 'udoejo3',
754
+ displayName: 'John DOE',
755
+ attributes: {
756
+ type: 'unknown',
757
+ email: 'john.doe@montreal.ca',
758
+ username: 'udoejo3',
759
+ registrationNumber: undefined,
760
+ department: '421408000000',
761
+ firstName: 'John',
762
+ lastName: 'DOE',
763
+ accountProfile: 'vdm',
764
+ },
765
+ source: {
766
+ issuer: 'security-identity-token-api',
767
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
768
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
769
+ env: 'dev',
770
+ realm: 'employees',
771
+ claim: 'userName',
772
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
773
+ },
774
+ });
775
+ // console.log(JSON.stringify(identity));
776
+ });
777
+ (0, mocha_1.it)('no department', () => {
778
+ const jwt = {
779
+ iss: 'security-identity-token-api',
780
+ exp: 1721783045,
781
+ iat: 1721777736,
782
+ keyId: 6,
783
+ displayName: 'infra-auth-auth-playground-dev',
784
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
785
+ name: 'John DOE',
786
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
787
+ userName: 'udoejo3',
788
+ givenName: 'John',
789
+ familyName: 'DOE',
790
+ userType: 'employee',
791
+ employeeNumber: '100674051',
792
+ // department: '421408000000',
793
+ phoneMobileNumber: '5141111111',
794
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
795
+ realm: 'employees',
796
+ env: 'dev',
797
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
798
+ email: 'john.doe@montreal.ca',
799
+ };
800
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
801
+ // console.log(identity);
802
+ (0, chai_1.expect)(identity.toString()).to.equal('user:unknown:udoejo3:John DOE:john.doe@montreal.ca:100674051::vdm');
803
+ delete identity.toString;
804
+ (0, chai_1.expect)(identity).to.eql({
805
+ type: 'user',
806
+ id: 'udoejo3',
807
+ displayName: 'John DOE',
808
+ attributes: {
809
+ type: 'unknown',
810
+ email: 'john.doe@montreal.ca',
811
+ username: 'udoejo3',
812
+ registrationNumber: '100674051',
813
+ department: undefined,
814
+ firstName: 'John',
815
+ lastName: 'DOE',
816
+ accountProfile: 'vdm',
817
+ },
818
+ source: {
819
+ issuer: 'security-identity-token-api',
820
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
821
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
822
+ env: 'dev',
823
+ realm: 'employees',
824
+ claim: 'userName',
825
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
826
+ },
827
+ });
828
+ // console.log(JSON.stringify(identity));
829
+ });
830
+ (0, mocha_1.it)('no valid codeU', () => {
831
+ const jwt = {
832
+ iss: 'security-identity-token-api',
833
+ exp: 1721783045,
834
+ iat: 1721777736,
835
+ keyId: 6,
836
+ displayName: 'infra-auth-auth-playground-dev',
837
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
838
+ name: 'John DOE',
839
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
840
+ userName: 'usr_foo33',
841
+ givenName: 'John',
842
+ familyName: 'DOE',
843
+ userType: 'employee',
844
+ employeeNumber: '100674051',
845
+ department: '421408000000',
846
+ phoneMobileNumber: '5141111111',
847
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
848
+ realm: 'employees',
849
+ env: 'dev',
850
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
851
+ email: 'john.doe@montreal.ca',
852
+ };
853
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
854
+ // console.log(identity);
855
+ (0, chai_1.expect)(identity.toString()).to.equal('user:unknown:usr_foo33:John DOE:john.doe@montreal.ca:100674051:421408000000:vdm');
856
+ delete identity.toString;
857
+ (0, chai_1.expect)(identity).to.eql({
858
+ type: 'user',
859
+ id: 'usr_foo33',
860
+ displayName: 'John DOE',
861
+ attributes: {
862
+ type: 'unknown',
863
+ email: 'john.doe@montreal.ca',
864
+ username: 'usr_foo33',
865
+ registrationNumber: '100674051',
866
+ department: '421408000000',
867
+ firstName: 'John',
868
+ lastName: 'DOE',
869
+ accountProfile: 'vdm',
870
+ },
871
+ source: {
872
+ issuer: 'security-identity-token-api',
873
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
874
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
875
+ env: 'dev',
876
+ realm: 'employees',
877
+ claim: 'userName',
878
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
879
+ },
880
+ });
881
+ // console.log(JSON.stringify(identity));
882
+ });
883
+ (0, mocha_1.it)('no username', () => {
884
+ const jwt = {
885
+ iss: 'security-identity-token-api',
886
+ exp: 1721783045,
887
+ iat: 1721777736,
888
+ keyId: 6,
889
+ displayName: 'infra-auth-auth-playground-dev',
890
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
891
+ name: 'John DOE',
892
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
893
+ // userName: 'usr_foo33',
894
+ givenName: 'John',
895
+ familyName: 'DOE',
896
+ userType: 'employee',
897
+ employeeNumber: '100674051',
898
+ department: '421408000000',
899
+ phoneMobileNumber: '5141111111',
900
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
901
+ realm: 'employees',
902
+ env: 'dev',
903
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
904
+ email: 'john.doe@montreal.ca',
905
+ };
906
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
907
+ // console.log(identity);
908
+ (0, chai_1.expect)(identity.toString()).to.equal('user:unknown:john.doe@montreal.ca:John DOE:john.doe@montreal.ca:100674051:421408000000:vdm');
909
+ delete identity.toString;
910
+ (0, chai_1.expect)(identity).to.eql({
911
+ type: 'user',
912
+ id: 'john.doe@montreal.ca',
913
+ displayName: 'John DOE',
914
+ attributes: {
915
+ type: 'unknown',
916
+ email: 'john.doe@montreal.ca',
917
+ username: undefined,
918
+ registrationNumber: '100674051',
919
+ department: '421408000000',
920
+ firstName: 'John',
921
+ lastName: 'DOE',
922
+ accountProfile: 'vdm',
923
+ },
924
+ source: {
925
+ issuer: 'security-identity-token-api',
926
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
927
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
928
+ env: 'dev',
929
+ realm: 'employees',
930
+ claim: 'email',
931
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
932
+ },
933
+ });
934
+ // console.log(JSON.stringify(identity));
935
+ });
936
+ (0, mocha_1.it)('no name', () => {
937
+ const jwt = {
938
+ iss: 'security-identity-token-api',
939
+ exp: 1721783045,
940
+ iat: 1721777736,
941
+ keyId: 6,
942
+ displayName: 'infra-auth-auth-playground-dev',
943
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
944
+ // name: 'John DOE',
945
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
946
+ userName: 'udoejo3',
947
+ givenName: 'John',
948
+ familyName: 'DOE',
949
+ userType: 'employee',
950
+ employeeNumber: '100674051',
951
+ department: '421408000000',
952
+ phoneMobileNumber: '5141111111',
953
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
954
+ realm: 'employees',
955
+ env: 'dev',
956
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
957
+ email: 'john.doe@montreal.ca',
958
+ };
959
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
960
+ // console.log(identity);
961
+ (0, chai_1.expect)(identity.toString()).to.equal('user:unknown:udoejo3:john.doe@montreal.ca:john.doe@montreal.ca:100674051:421408000000:vdm');
962
+ delete identity.toString;
963
+ (0, chai_1.expect)(identity).to.eql({
964
+ type: 'user',
965
+ id: 'udoejo3',
966
+ displayName: 'john.doe@montreal.ca',
967
+ attributes: {
968
+ type: 'unknown',
969
+ email: 'john.doe@montreal.ca',
970
+ username: 'udoejo3',
971
+ registrationNumber: '100674051',
972
+ department: '421408000000',
973
+ firstName: 'John',
974
+ lastName: 'DOE',
975
+ accountProfile: 'vdm',
976
+ },
977
+ source: {
978
+ issuer: 'security-identity-token-api',
979
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
980
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
981
+ env: 'dev',
982
+ realm: 'employees',
983
+ claim: 'userName',
984
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
985
+ },
986
+ });
987
+ // console.log(JSON.stringify(identity));
988
+ });
989
+ (0, mocha_1.it)('no name and no email', () => {
990
+ const jwt = {
991
+ iss: 'security-identity-token-api',
992
+ exp: 1721783045,
993
+ iat: 1721777736,
994
+ keyId: 6,
995
+ displayName: 'infra-auth-auth-playground-dev',
996
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
997
+ // name: 'John DOE',
998
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
999
+ userName: 'udoejo3',
1000
+ givenName: 'John',
1001
+ familyName: 'DOE',
1002
+ userType: 'employee',
1003
+ employeeNumber: '100674051',
1004
+ department: '421408000000',
1005
+ phoneMobileNumber: '5141111111',
1006
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1007
+ realm: 'employees',
1008
+ env: 'dev',
1009
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1010
+ // email: 'john.doe@montreal.ca',
1011
+ };
1012
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
1013
+ // console.log(identity);
1014
+ (0, chai_1.expect)(identity.toString()).to.equal('user:unknown:udoejo3:udoejo3::100674051:421408000000:vdm');
1015
+ delete identity.toString;
1016
+ (0, chai_1.expect)(identity).to.eql({
1017
+ type: 'user',
1018
+ id: 'udoejo3',
1019
+ displayName: 'udoejo3',
1020
+ attributes: {
1021
+ type: 'unknown',
1022
+ email: undefined,
1023
+ username: 'udoejo3',
1024
+ registrationNumber: '100674051',
1025
+ department: '421408000000',
1026
+ firstName: 'John',
1027
+ lastName: 'DOE',
1028
+ accountProfile: 'vdm',
1029
+ },
1030
+ source: {
1031
+ issuer: 'security-identity-token-api',
1032
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1033
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1034
+ env: 'dev',
1035
+ realm: 'employees',
1036
+ claim: 'userName',
1037
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1038
+ },
1039
+ });
1040
+ // console.log(JSON.stringify(identity));
1041
+ });
1042
+ (0, mocha_1.it)('no first name', () => {
1043
+ const jwt = {
1044
+ iss: 'security-identity-token-api',
1045
+ exp: 1721783045,
1046
+ iat: 1721777736,
1047
+ keyId: 6,
1048
+ displayName: 'infra-auth-auth-playground-dev',
1049
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1050
+ name: 'John DOE',
1051
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
1052
+ userName: 'udoejo3',
1053
+ // givenName: 'John',
1054
+ familyName: 'DOE',
1055
+ userType: 'employee',
1056
+ employeeNumber: '100674051',
1057
+ department: '421408000000',
1058
+ phoneMobileNumber: '5141111111',
1059
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1060
+ realm: 'employees',
1061
+ env: 'dev',
1062
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1063
+ email: 'john.doe@montreal.ca',
1064
+ };
1065
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
1066
+ // console.log(identity);
1067
+ (0, chai_1.expect)(identity.toString()).to.equal('user:unknown:udoejo3:John DOE:john.doe@montreal.ca:100674051:421408000000:vdm');
1068
+ delete identity.toString;
1069
+ (0, chai_1.expect)(identity).to.eql({
1070
+ type: 'user',
1071
+ id: 'udoejo3',
1072
+ displayName: 'John DOE',
1073
+ attributes: {
1074
+ type: 'unknown',
1075
+ email: 'john.doe@montreal.ca',
1076
+ username: 'udoejo3',
1077
+ registrationNumber: '100674051',
1078
+ department: '421408000000',
1079
+ firstName: undefined,
1080
+ lastName: 'DOE',
1081
+ accountProfile: 'vdm',
1082
+ },
1083
+ source: {
1084
+ issuer: 'security-identity-token-api',
1085
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1086
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1087
+ env: 'dev',
1088
+ realm: 'employees',
1089
+ claim: 'userName',
1090
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1091
+ },
1092
+ });
1093
+ // console.log(JSON.stringify(identity));
1094
+ });
1095
+ (0, mocha_1.it)('no last name', () => {
1096
+ const jwt = {
1097
+ iss: 'security-identity-token-api',
1098
+ exp: 1721783045,
1099
+ iat: 1721777736,
1100
+ keyId: 6,
1101
+ displayName: 'infra-auth-auth-playground-dev',
1102
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1103
+ name: 'John DOE',
1104
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
1105
+ userName: 'udoejo3',
1106
+ givenName: 'John',
1107
+ // familyName: 'DOE',
1108
+ userType: 'employee',
1109
+ employeeNumber: '100674051',
1110
+ department: '421408000000',
1111
+ phoneMobileNumber: '5141111111',
1112
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1113
+ realm: 'employees',
1114
+ env: 'dev',
1115
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1116
+ email: 'john.doe@montreal.ca',
1117
+ };
1118
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
1119
+ // console.log(identity);
1120
+ (0, chai_1.expect)(identity.toString()).to.equal('user:unknown:udoejo3:John DOE:john.doe@montreal.ca:100674051:421408000000:vdm');
1121
+ delete identity.toString;
1122
+ (0, chai_1.expect)(identity).to.eql({
1123
+ type: 'user',
1124
+ id: 'udoejo3',
1125
+ displayName: 'John DOE',
1126
+ attributes: {
1127
+ type: 'unknown',
1128
+ email: 'john.doe@montreal.ca',
1129
+ username: 'udoejo3',
1130
+ registrationNumber: '100674051',
1131
+ department: '421408000000',
1132
+ firstName: 'John',
1133
+ lastName: undefined,
1134
+ accountProfile: 'vdm',
1135
+ },
1136
+ source: {
1137
+ issuer: 'security-identity-token-api',
1138
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1139
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1140
+ env: 'dev',
1141
+ realm: 'employees',
1142
+ claim: 'userName',
1143
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1144
+ },
1145
+ });
1146
+ // console.log(JSON.stringify(identity));
1147
+ });
1148
+ });
1149
+ (0, mocha_1.describe)('should not recognize an external user when some required attributes are missing', () => {
1150
+ (0, mocha_1.it)('invalid codeX', () => {
1151
+ const jwt = {
1152
+ iss: 'security-identity-token-api',
1153
+ exp: 1721783045,
1154
+ iat: 1721777736,
1155
+ keyId: 6,
1156
+ displayName: 'infra-auth-auth-playground-dev',
1157
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1158
+ name: 'John DOE',
1159
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
1160
+ userName: 'xdr_foo',
1161
+ givenName: 'John',
1162
+ familyName: 'DOE',
1163
+ userType: 'employee',
1164
+ phoneMobileNumber: '5141111111',
1165
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1166
+ realm: 'employees',
1167
+ env: 'dev',
1168
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1169
+ email: 'john.doe@montreal.ca',
1170
+ };
1171
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
1172
+ // console.log(identity);
1173
+ (0, chai_1.expect)(identity.toString()).to.equal('user:unknown:xdr_foo:John DOE:john.doe@montreal.ca:::vdm');
1174
+ delete identity.toString;
1175
+ (0, chai_1.expect)(identity).to.eql({
1176
+ type: 'user',
1177
+ id: 'xdr_foo',
1178
+ displayName: 'John DOE',
1179
+ attributes: {
1180
+ type: 'unknown',
1181
+ email: 'john.doe@montreal.ca',
1182
+ username: 'xdr_foo',
1183
+ registrationNumber: undefined,
1184
+ department: undefined,
1185
+ firstName: 'John',
1186
+ lastName: 'DOE',
1187
+ accountProfile: 'vdm',
1188
+ },
1189
+ source: {
1190
+ issuer: 'security-identity-token-api',
1191
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1192
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1193
+ env: 'dev',
1194
+ realm: 'employees',
1195
+ claim: 'userName',
1196
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1197
+ },
1198
+ });
1199
+ });
1200
+ (0, mocha_1.it)('no name', () => {
1201
+ const jwt = {
1202
+ iss: 'security-identity-token-api',
1203
+ exp: 1721783045,
1204
+ iat: 1721777736,
1205
+ keyId: 6,
1206
+ displayName: 'infra-auth-auth-playground-dev',
1207
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1208
+ // name: 'John DOE',
1209
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
1210
+ userName: 'xdoejo3',
1211
+ givenName: 'John',
1212
+ familyName: 'DOE',
1213
+ userType: 'employee',
1214
+ phoneMobileNumber: '5141111111',
1215
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1216
+ realm: 'employees',
1217
+ env: 'dev',
1218
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1219
+ email: 'john.doe@montreal.ca',
1220
+ };
1221
+ const identity = (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt);
1222
+ // console.log(identity);
1223
+ (0, chai_1.expect)(identity.toString()).to.equal('user:unknown:xdoejo3:john.doe@montreal.ca:john.doe@montreal.ca:::vdm');
1224
+ delete identity.toString;
1225
+ (0, chai_1.expect)(identity).to.eql({
1226
+ type: 'user',
1227
+ id: 'xdoejo3',
1228
+ displayName: 'john.doe@montreal.ca',
1229
+ attributes: {
1230
+ type: 'unknown',
1231
+ email: 'john.doe@montreal.ca',
1232
+ username: 'xdoejo3',
1233
+ registrationNumber: undefined,
1234
+ department: undefined,
1235
+ firstName: 'John',
1236
+ lastName: 'DOE',
1237
+ accountProfile: 'vdm',
1238
+ },
1239
+ source: {
1240
+ issuer: 'security-identity-token-api',
1241
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1242
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1243
+ env: 'dev',
1244
+ realm: 'employees',
1245
+ claim: 'userName',
1246
+ internalId: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1247
+ },
1248
+ });
1249
+ });
1250
+ });
1251
+ (0, mocha_1.describe)('Exceptions', () => {
1252
+ (0, mocha_1.it)('the jwt parameter is mandatory', () => {
1253
+ (0, chai_1.expect)(() => (0, createIdentityFromJwt_1.createIdentityFromJwt)(null)).throws('"jwt" parameter is required');
1254
+ });
1255
+ (0, mocha_1.it)('the jwt MUST have a sub', () => {
1256
+ const jwt = {
1257
+ iss: 'security-identity-token-api',
1258
+ exp: 1721783045,
1259
+ iat: 1721777736,
1260
+ keyId: 6,
1261
+ displayName: 'infra-auth-auth-playground-dev',
1262
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1263
+ name: 'John DOE',
1264
+ // sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
1265
+ userName: 'xdoejo3',
1266
+ givenName: 'John',
1267
+ familyName: 'DOE',
1268
+ userType: 'employee',
1269
+ phoneMobileNumber: '5141111111',
1270
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1271
+ realm: 'employees',
1272
+ env: 'dev',
1273
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1274
+ email: 'john.doe@montreal.ca',
1275
+ };
1276
+ (0, chai_1.expect)(() => (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt)).throws('expected to find the "sub" claim in the JWT');
1277
+ });
1278
+ (0, mocha_1.it)('optional string claim should be a string and not a number', () => {
1279
+ const jwt = {
1280
+ iss: 'security-identity-token-api',
1281
+ exp: 1721783045,
1282
+ iat: 1721777736,
1283
+ keyId: 6,
1284
+ displayName: 'infra-auth-auth-playground-dev',
1285
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1286
+ name: 'John DOE',
1287
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
1288
+ userName: 'xdoejo3',
1289
+ givenName: 'John',
1290
+ familyName: 'DOE',
1291
+ userType: 'employee',
1292
+ phoneMobileNumber: '5141111111',
1293
+ oid: 1234,
1294
+ realm: 'employees',
1295
+ env: 'dev',
1296
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1297
+ email: 'john.doe@montreal.ca',
1298
+ };
1299
+ (0, chai_1.expect)(() => (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt)).throws(`claim 'oid' to contain a string but received: 1234`);
1300
+ });
1301
+ (0, mocha_1.it)('external users should belong to the employees realm', () => {
1302
+ const jwt = {
1303
+ iss: 'security-identity-token-api',
1304
+ exp: 1721783045,
1305
+ iat: 1721777736,
1306
+ keyId: 6,
1307
+ displayName: 'infra-auth-auth-playground-dev',
1308
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1309
+ name: 'John DOE',
1310
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
1311
+ userName: 'xdoejo3',
1312
+ givenName: 'John',
1313
+ familyName: 'DOE',
1314
+ userType: 'employee',
1315
+ phoneMobileNumber: '5141111111',
1316
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1317
+ realm: 'citizens',
1318
+ env: 'dev',
1319
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1320
+ email: 'john.doe@montreal.ca',
1321
+ };
1322
+ (0, chai_1.expect)(() => (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt)).throws('expected token to belong to the "employees" realm');
1323
+ });
1324
+ (0, mocha_1.it)('anonymous users should belong to the anonymous realm', () => {
1325
+ const jwt = {
1326
+ iss: 'security-identity-token-api',
1327
+ exp: 1722377045,
1328
+ iat: 1722373445,
1329
+ keyId: 6,
1330
+ displayName: 'Account Identity Managment',
1331
+ aud: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0008!2212.0010',
1332
+ name: 'srvAcc Anonymous',
1333
+ sub: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!0000.1111.0020',
1334
+ inum: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!0000.1111.0020',
1335
+ userName: 'srvAccAnonymous',
1336
+ givenName: 'srvAcc',
1337
+ familyName: 'Anonymous',
1338
+ userType: 'anonymous',
1339
+ realm: 'employees',
1340
+ env: 'dev',
1341
+ accessTokenIssuer: 'security-identity-anonymous-token-api',
1342
+ };
1343
+ (0, chai_1.expect)(() => (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt)).throws('anonymous: expected token to belong to the "anonymous" realm');
1344
+ });
1345
+ (0, mocha_1.it)('citizen users should belong to the citizens realm', () => {
1346
+ const jwt = {
1347
+ iss: 'security-identity-token-api',
1348
+ exp: 1722377562,
1349
+ iat: 1722373962,
1350
+ keyId: 6,
1351
+ displayName: 'infra-auth-auth-playground',
1352
+ aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
1353
+ name: 'John Doe',
1354
+ sub: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!3F39.BEDB.4ADB.F74D',
1355
+ inum: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!3F39.BEDB.4ADB.F74D',
1356
+ userName: 'john.doe@mailinator.com',
1357
+ givenName: 'John',
1358
+ familyName: 'Doe',
1359
+ oid: '7d69384b-dcf4-4972-ebb3-d546551c700f',
1360
+ realm: 'employees',
1361
+ env: 'dev',
1362
+ accessTokenIssuer: 'https://connexion.dev.montreal.ca/1543b575-116b-4325-a0bf-3ccdd7925321/v2.0/',
1363
+ mtlIdentityId: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!3F39.BEDB.4ADB.F74D',
1364
+ email: 'john.doe@mailinator.com',
1365
+ };
1366
+ (0, chai_1.expect)(() => (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt)).throws('user:citizen: expected token to belong to the "citizens" realm');
1367
+ });
1368
+ (0, mocha_1.it)('employee users should belong to the employees realm', () => {
1369
+ const jwt = {
1370
+ iss: 'security-identity-token-api',
1371
+ exp: 1721783045,
1372
+ iat: 1721777736,
1373
+ keyId: 6,
1374
+ displayName: 'infra-auth-auth-playground-dev',
1375
+ aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
1376
+ name: 'John DOE',
1377
+ sub: 'uuUOZLMFfuURgumF2hE2Z0ZIrVLqLoDy85AeicCJSHQ',
1378
+ userName: 'udoejo3',
1379
+ givenName: 'John',
1380
+ familyName: 'DOE',
1381
+ userType: 'employee',
1382
+ employeeNumber: '100674051',
1383
+ department: '421408000000',
1384
+ phoneMobileNumber: '5141111111',
1385
+ oid: '0b64042a-9cce-42dc-b645-cd721cbbc179',
1386
+ realm: 'citizens',
1387
+ env: 'dev',
1388
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1389
+ email: 'john.doe@montreal.ca',
1390
+ };
1391
+ (0, chai_1.expect)(() => (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt)).throws('user:employee: expected token to belong to the "employees" realm');
1392
+ });
1393
+ (0, mocha_1.it)('getStringClaim with identityType error', () => {
1394
+ const jwt = {
1395
+ iss: 'security-identity-token-api',
1396
+ exp: 1722377045,
1397
+ iat: 1722373445,
1398
+ keyId: 6,
1399
+ displayName: 'Account Identity Managment',
1400
+ aud: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0008!2212.0010',
1401
+ name: 'srvAcc Anonymous',
1402
+ sub: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!0000.1111.0020',
1403
+ inum: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0000!0000.1111.0020',
1404
+ // userName: 'srvAccAnonymous',
1405
+ givenName: 'srvAcc',
1406
+ familyName: 'Anonymous',
1407
+ userType: 'anonymous',
1408
+ realm: 'anonymous',
1409
+ env: 'dev',
1410
+ accessTokenIssuer: 'security-identity-anonymous-token-api',
1411
+ };
1412
+ (0, chai_1.expect)(() => (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt)).throws('anonymous: expected to find the "userName" claim in the JWT');
1413
+ });
1414
+ (0, mocha_1.it)('getStringClaim with identityType and subType error', () => {
1415
+ const jwt = {
1416
+ iss: 'security-identity-token-api',
1417
+ exp: 1721782408,
1418
+ iat: 1721778508,
1419
+ keyId: 6,
1420
+ // displayName: 'infra-auth-auth-playground-dev',
1421
+ aud: 'e5dd632b-cb97-48d7-a310-cde5147be717',
1422
+ sub: 'e5dd632b-cb97-48d7-a310-cde5147be717',
1423
+ userType: 'client',
1424
+ oid: '18e8a9b0-876f-4a78-9934-ce3774903c2a',
1425
+ realm: 'employees',
1426
+ env: 'dev',
1427
+ accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
1428
+ };
1429
+ (0, chai_1.expect)(() => (0, createIdentityFromJwt_1.createIdentityFromJwt)(jwt)).throws('service-account: client: expected to find the "displayName" claim in the JWT');
1430
+ });
1431
+ });
1432
+ });
1433
+ //# sourceMappingURL=createIdentityFromJwt.test.js.map