@youversion/platform-core 0.6.0 → 0.7.0

package/src/__tests__/highlights.test.ts

@@ -3,7 +3,7 @@ import { ApiClient } from '../client';
 import { HighlightsClient } from '../highlights';
 import { YouVersionPlatformConfiguration } from '../YouVersionPlatformConfiguration';
 
-describe('HighlightsClient', () => {
+describe.skip('HighlightsClient', () => {
   let apiClient: ApiClient;
   let highlightsClient: HighlightsClient;
 
@@ -15,12 +15,12 @@ describe('HighlightsClient', () => {
     });
     highlightsClient = new HighlightsClient(apiClient);
     // Set a default token for tests that don't explicitly pass one
-    YouVersionPlatformConfiguration.setAccessToken('test-token');
+    YouVersionPlatformConfiguration.saveAuthData('test-token', null, null, null);
   });
 
   afterEach(() => {
     // Clean up token after each test
-    YouVersionPlatformConfiguration.setAccessToken(null);
+    YouVersionPlatformConfiguration.saveAuthData(null, null, null, null);
     vi.clearAllMocks(); // Reset all mocked calls between tests
   });
 
@@ -96,7 +96,7 @@ describe('HighlightsClient', () => {
     });
 
     it('should include lat parameter when token auto-retrieved from config', async () => {
-      YouVersionPlatformConfiguration.setAccessToken('config-token');
+      YouVersionPlatformConfiguration.saveAuthData('config-token', null, null, null);
       const fetchSpy = vi.spyOn(global, 'fetch');
 
       const highlights = await highlightsClient.getHighlights({ version_id: 1 });
@@ -112,7 +112,7 @@ describe('HighlightsClient', () => {
     });
 
     it('should throw an error when no token is available', async () => {
-      YouVersionPlatformConfiguration.setAccessToken(null);
+      YouVersionPlatformConfiguration.saveAuthData(null, null, null, null);
 
       await expect(highlightsClient.getHighlights({ version_id: 1 })).rejects.toThrow(
         'Authentication required. Please provide a token or sign in before accessing highlights.',
@@ -120,7 +120,7 @@ describe('HighlightsClient', () => {
     });
 
     it('should use explicit token over config token', async () => {
-      YouVersionPlatformConfiguration.setAccessToken('config-token');
+      YouVersionPlatformConfiguration.saveAuthData('config-token', null, null, null);
       const fetchSpy = vi.spyOn(global, 'fetch');
       const highlights = await highlightsClient.getHighlights({ version_id: 1 }, 'explicit-token');
 
@@ -269,7 +269,7 @@ describe('HighlightsClient', () => {
     });
 
     it('should include lat parameter when token auto-retrieved from config', async () => {
-      YouVersionPlatformConfiguration.setAccessToken('config-token');
+      YouVersionPlatformConfiguration.saveAuthData('config-token', null, null, null);
       const fetchSpy = vi.spyOn(global, 'fetch');
       const highlight = await highlightsClient.createHighlight({
         version_id: 111,
@@ -291,7 +291,7 @@ describe('HighlightsClient', () => {
     });
 
     it('should throw an error when no token is available', async () => {
-      YouVersionPlatformConfiguration.setAccessToken(null);
+      YouVersionPlatformConfiguration.saveAuthData(null, null, null, null);
 
       await expect(
         highlightsClient.createHighlight({
@@ -305,7 +305,7 @@ describe('HighlightsClient', () => {
     });
 
     it('should use explicit token over config token', async () => {
-      YouVersionPlatformConfiguration.setAccessToken('config-token');
+      YouVersionPlatformConfiguration.saveAuthData('config-token', null, null, null);
       const fetchSpy = vi.spyOn(global, 'fetch');
       const highlight = await highlightsClient.createHighlight(
         {
@@ -432,7 +432,7 @@ describe('HighlightsClient', () => {
     });
 
     it('should include lat parameter when token auto-retrieved from config', async () => {
-      YouVersionPlatformConfiguration.setAccessToken('config-token');
+      YouVersionPlatformConfiguration.saveAuthData('config-token', null, null, null);
       let capturedStatus: number | undefined;
       const originalFetch = global.fetch;
       const fetchSpy = vi.spyOn(global, 'fetch').mockImplementation(async (...args) => {
@@ -453,7 +453,7 @@ describe('HighlightsClient', () => {
     });
 
     it('should throw an error when no token is available', async () => {
-      YouVersionPlatformConfiguration.setAccessToken(null);
+      YouVersionPlatformConfiguration.saveAuthData(null, null, null, null);
 
       await expect(highlightsClient.deleteHighlight('MAT.1.1')).rejects.toThrow(
         'Authentication required. Please provide a token or sign in before accessing highlights.',
@@ -461,7 +461,7 @@ describe('HighlightsClient', () => {
     });
 
     it('should use explicit token over config token', async () => {
-      YouVersionPlatformConfiguration.setAccessToken('config-token');
+      YouVersionPlatformConfiguration.saveAuthData('config-token', null, null, null);
       let capturedStatus: number | undefined;
       const originalFetch = global.fetch;
       const fetchSpy = vi.spyOn(global, 'fetch').mockImplementation(async (...args) => {

package/src/__tests__/mocks/browser.ts

@@ -0,0 +1,90 @@
+import { vi } from 'vitest';
+
+/**
+ * Creates a mock window.location object for testing
+ */
+export const createMockLocation = (): { href: string; search: string } => ({
+  href: '',
+  search: '',
+});
+
+/**
+ * Creates a mock window.history object for testing
+ */
+export const createMockHistory = (): { replaceState: ReturnType<typeof vi.fn> } => ({
+  replaceState: vi.fn(),
+});
+
+/**
+ * Creates a mock window object for testing
+ */
+export const createMockWindow = (): {
+  location: ReturnType<typeof createMockLocation>;
+  history: ReturnType<typeof createMockHistory>;
+} => ({
+  location: createMockLocation(),
+  history: createMockHistory(),
+});
+
+/**
+ * Creates a mock localStorage object for testing
+ */
+export const createMockLocalStorage = (): {
+  getItem: ReturnType<typeof vi.fn>;
+  setItem: ReturnType<typeof vi.fn>;
+  removeItem: ReturnType<typeof vi.fn>;
+  clear: ReturnType<typeof vi.fn>;
+} => ({
+  getItem: vi.fn(),
+  setItem: vi.fn(),
+  removeItem: vi.fn(),
+  clear: vi.fn(),
+});
+
+/**
+ * Creates a mock crypto API for testing
+ */
+export const createMockCrypto = (): {
+  getRandomValues: ReturnType<typeof vi.fn>;
+  randomUUID: ReturnType<typeof vi.fn>;
+  subtle: { digest: ReturnType<typeof vi.fn> };
+} => ({
+  getRandomValues: vi.fn(),
+  randomUUID: vi.fn(() => 'test-installation-id-123'),
+  subtle: {
+    digest: vi.fn(),
+  },
+});
+
+/**
+ * Sets up all browser-related mocks for testing
+ * @returns Object containing references to all created mocks
+ */
+export const setupBrowserMocks = (): {
+  window: ReturnType<typeof createMockWindow>;
+  localStorage: ReturnType<typeof createMockLocalStorage>;
+  crypto: ReturnType<typeof createMockCrypto>;
+  btoa: ReturnType<typeof vi.fn>;
+  atob: ReturnType<typeof vi.fn>;
+} => {
+  const window = createMockWindow();
+  const localStorage = createMockLocalStorage();
+  const crypto = createMockCrypto();
+  const btoa = vi.fn();
+  const atob = vi.fn();
+
+  vi.stubGlobal('window', window);
+  vi.stubGlobal('localStorage', localStorage);
+  vi.stubGlobal('crypto', crypto);
+  vi.stubGlobal('btoa', btoa);
+  vi.stubGlobal('atob', atob);
+
+  return { window, localStorage, crypto, btoa, atob };
+};
+
+/**
+ * Cleans up all browser-related mocks
+ */
+export const cleanupBrowserMocks = (): void => {
+  vi.unstubAllGlobals();
+};

package/src/__tests__/mocks/configuration.ts

@@ -0,0 +1,53 @@
+import { vi } from 'vitest';
+
+/**
+ * Creates a mock YouVersionPlatformConfiguration for testing
+ * Maintains internal state for access tokens and configuration
+ */
+export const createMockPlatformConfiguration = (): {
+  accessToken: string | null;
+  idToken: string | null;
+  refreshToken: string | null;
+  appKey: string;
+  apiHost: string;
+  installationId: string | null;
+  expiryDate: Date | null;
+  clearAuthTokens: ReturnType<typeof vi.fn>;
+  saveAuthData: ReturnType<typeof vi.fn>;
+} => {
+  const config = {
+    accessToken: null as string | null,
+    idToken: null as string | null,
+    refreshToken: null as string | null,
+    appKey: '',
+    apiHost: 'test-api.example.com',
+    installationId: null as string | null,
+    expiryDate: null as Date | null,
+    clearAuthTokens: vi.fn(function (this: typeof config) {
+      this.accessToken = null;
+      this.idToken = null;
+      this.refreshToken = null;
+      this.expiryDate = null;
+    }),
+    saveAuthData: vi.fn(function (
+      this: typeof config,
+      accessToken: string | null,
+      refreshToken: string | null,
+      idToken: string | null,
+      expiryDate?: Date | null,
+    ) {
+      this.accessToken = accessToken;
+      this.refreshToken = refreshToken;
+      this.idToken = idToken;
+      if (expiryDate !== undefined) {
+        this.expiryDate = expiryDate;
+      }
+    }),
+  };
+
+  // Bind methods to maintain context
+  config.clearAuthTokens = config.clearAuthTokens.bind(config);
+  config.saveAuthData = config.saveAuthData.bind(config);
+
+  return config;
+};

package/src/__tests__/mocks/jwt.ts

@@ -0,0 +1,93 @@
+import { vi } from 'vitest';
+
+/**
+ * Creates a mock JWT token for testing
+ * @param payload The JWT payload to encode
+ * @returns A mock JWT string with the format header.payload.signature
+ */
+export const createMockJWT = (payload: Record<string, unknown>): string => {
+  // Use a simple encoding for testing (not real base64)
+  const header = 'mockHeader';
+  const body = JSON.stringify(payload);
+  const signature = 'mock-signature';
+  return `${header}.${body}.${signature}`;
+};
+
+/**
+ * Creates a realistic-looking JWT token with proper base64url encoding
+ * @param payload The JWT payload
+ * @returns A properly formatted JWT token
+ */
+export const createRealisticJWT = (payload: Record<string, unknown>): string => {
+  const header = { alg: 'HS256', typ: 'JWT' };
+
+  // Simple base64url encoding for testing
+  const base64urlEncode = (str: string) => {
+    if (typeof btoa !== 'undefined') {
+      return btoa(str).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
+    }
+    // Fallback for test environment
+    return Buffer.from(str)
+      .toString('base64')
+      .replace(/=/g, '')
+      .replace(/\+/g, '-')
+      .replace(/\//g, '_');
+  };
+
+  const headerEncoded = base64urlEncode(JSON.stringify(header));
+  const payloadEncoded = base64urlEncode(JSON.stringify(payload));
+  const signature = 'invalid-signature'; // Mock signature
+
+  return `${headerEncoded}.${payloadEncoded}.${signature}`;
+};
+
+/**
+ * Sets up JWT-related mocks for atob/btoa functions
+ * @param payload The expected JWT payload to decode
+ */
+export const setupJWTMocks = (
+  payload: Record<string, unknown> = {},
+): { atob: ReturnType<typeof vi.fn>; btoa: ReturnType<typeof vi.fn> } => {
+  const atobMock = vi.fn((str: string) => {
+    // Handle base64 padding
+    let padded = str;
+    while (padded.length % 4 !== 0) {
+      padded += '=';
+    }
+
+    // For testing, just return the payload
+    if (str.includes('eyJ')) {
+      // Looks like a real base64 JWT part
+      return JSON.stringify(payload);
+    }
+
+    return str;
+  });
+
+  const btoaMock = vi.fn((str: string) => {
+    // Simple base64 encoding for testing
+    return `base64_${str.length}`;
+  });
+
+  vi.stubGlobal('atob', atobMock);
+  vi.stubGlobal('btoa', btoaMock);
+
+  return { atob: atobMock, btoa: btoaMock };
+};
+
+/**
+ * Creates a mock JWT with standard claims
+ * @param overrides Optional claim overrides
+ */
+export const createMockJWTWithClaims = (overrides: Record<string, unknown> = {}): string => {
+  const defaultClaims = {
+    sub: '1234567890',
+    name: 'John Doe',
+    email: 'john@example.com',
+    profile_picture: 'https://example.com/avatar.jpg',
+    iat: 1516239022,
+    exp: 1516242622,
+  };
+
+  return createRealisticJWT({ ...defaultClaims, ...overrides });
+};

package/src/__tests__/mocks/tokens.ts

@@ -0,0 +1,69 @@
+import { vi } from 'vitest';
+
+/**
+ * Creates a mock OAuth token response for testing
+ * @param overrides Optional properties to override the default values
+ */
+export const createMockTokenResponse = (
+  overrides: Record<string, unknown> = {},
+): Record<string, unknown> => ({
+  access_token: 'access-token-123',
+  expires_in: 3600,
+  id_token:
+    'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJlbWFpbCI6ImpvaG5AZXhhbXBsZS5jb20iLCJwcm9maWxlX3BpY3R1cmUiOiJodHRwczovL2V4YW1wbGUuY29tL2F2YXRhci5qcGcifQ.invalid-signature',
+  refresh_token: 'refresh-token-456',
+  scope: 'bibles highlights openid',
+  token_type: 'Bearer',
+  ...overrides,
+});
+
+/**
+ * Creates a mock fetch response for testing
+ * @param data The response data
+ * @param options Optional properties to override the default response
+ */
+export const createMockFetchResponse = (
+  data: unknown,
+  options: Record<string, unknown> = {},
+): Record<string, unknown> => ({
+  ok: true,
+  status: 200,
+  statusText: 'OK',
+  json: vi.fn().mockResolvedValue(data),
+  text: vi.fn().mockResolvedValue(JSON.stringify(data)),
+  clone: vi.fn(() => ({
+    text: vi.fn().mockResolvedValue(JSON.stringify(data)),
+  })),
+  ...options,
+});
+
+/**
+ * Creates a mock error fetch response for testing
+ * @param status The HTTP status code
+ * @param statusText The HTTP status text
+ */
+export const createMockErrorFetchResponse = (
+  status: number,
+  statusText: string,
+): Record<string, unknown> => ({
+  ok: false,
+  status,
+  statusText,
+  json: vi.fn().mockRejectedValue(new Error('Response not JSON')),
+  text: vi.fn().mockResolvedValue(''),
+});
+
+/**
+ * Creates a mock refresh token response for testing
+ * @param overrides Optional properties to override the default values
+ */
+export const createMockRefreshTokenResponse = (
+  overrides: Record<string, unknown> = {},
+): Record<string, unknown> => ({
+  access_token: 'new-access-token',
+  expires_in: 3600,
+  refresh_token: 'new-refresh-token',
+  scope: 'bibles highlights openid',
+  token_type: 'Bearer',
+  ...overrides,
+});

package/src/index.ts

@@ -6,9 +6,6 @@ export {
   type GetHighlightsOptions,
   type DeleteHighlightOptions,
 } from './highlights';
-export { AuthClient } from './authentication';
-export * from './AuthenticationStrategy';
-export { WebAuthenticationStrategy } from './WebAuthenticationStrategy';
 export * from './StorageStrategy';
 export * from './Users';
 export * from './YouVersionUserInfo';

package/src/types/auth.ts

@@ -10,6 +10,7 @@ export interface AuthenticationState {
   isAuthenticated: boolean;
   isLoading: boolean;
   accessToken: string | null;
+  idToken: string | null;
   result: SignInWithYouVersionResult | null;
   error: Error | null;
 }

package/tsconfig.build.json

@@ -7,5 +7,5 @@
     "declaration": true,
     "declarationMap": true
   },
-  "include": ["src"]
+  "include": ["src", "global.d.ts"]
 }

package/tsconfig.json

@@ -7,6 +7,6 @@
       "@/*": ["./src/*"]
     }
   },
-  "include": ["src"],
+  "include": ["src", "global.d.ts"],
   "exclude": ["node_modules", "dist"]
 }

package/src/AuthenticationStrategy.ts

@@ -1,78 +0,0 @@
-/**
- * Platform-agnostic authentication strategy interface
- *
- * Implementations should handle platform-specific authentication flows
- * and return the callback URL containing the authentication result.
- */
-export interface AuthenticationStrategy {
-  /**
-   * Opens the authentication flow and returns the callback URL
-   *
-   * @param authUrl - The YouVersion authorization URL to open
-   * @returns Promise that resolves to the callback URL with auth result
-   * @throws Error if authentication fails or is cancelled
-   */
-  authenticate(authUrl: URL): Promise<URL>;
-}
-
-/**
- * Registry for platform-specific authentication strategies
- *
- * This singleton registry manages the current authentication strategy
- * and ensures only one strategy is active at a time.
- */
-export class AuthenticationStrategyRegistry {
-  private static strategy: AuthenticationStrategy | null = null;
-
-  /**
-   * Registers a platform-specific authentication strategy
-   *
-   * @param strategy - The authentication strategy to register
-   * @throws Error if strategy is null, undefined, or missing required methods
-   */
-  static register(strategy: AuthenticationStrategy): void {
-    if (!strategy) {
-      throw new Error('Authentication strategy cannot be null or undefined');
-    }
-
-    if (typeof strategy.authenticate !== 'function') {
-      throw new Error('Authentication strategy must implement authenticate method');
-    }
-
-    this.strategy = strategy;
-  }
-
-  /**
-   * Gets the currently registered authentication strategy
-   *
-   * @returns The registered authentication strategy
-   * @throws Error if no strategy has been registered
-   */
-  static get(): AuthenticationStrategy {
-    if (!this.strategy) {
-      throw new Error(
-        'No authentication strategy registered. Please register a platform-specific strategy using AuthenticationStrategyRegistry.register()',
-      );
-    }
-    return this.strategy;
-  }
-
-  /**
-   * Checks if a strategy is currently registered
-   *
-   * @returns true if a strategy is registered, false otherwise
-   */
-  static isRegistered(): boolean {
-    return this.strategy !== null;
-  }
-
-  /**
-   * Resets the registry by removing the current strategy
-   *
-   * This method is primarily intended for testing scenarios
-   * where you need to clean up between test cases.
-   */
-  static reset(): void {
-    this.strategy = null;
-  }
-}

package/src/WebAuthenticationStrategy.ts

@@ -1,127 +0,0 @@
-import type { AuthenticationStrategy } from './AuthenticationStrategy';
-import { SessionStorageStrategy, type StorageStrategy } from './StorageStrategy';
-
-/* Web-based authentication strategy
- * Uses redirect flow
- */
-export class WebAuthenticationStrategy implements AuthenticationStrategy {
-  private redirectUri: string;
-  private callbackPath: string;
-  private timeout: number;
-  private storage: StorageStrategy;
-  private static pendingAuthResolve: ((url: URL) => void) | null = null;
-  private static pendingAuthReject: ((error: Error) => void) | null = null;
-  private static timeoutId: ReturnType<typeof setTimeout> | null = null;
-
-  constructor(options?: {
-    redirectUri?: string;
-    callbackPath?: string;
-    timeout?: number;
-    storage?: StorageStrategy;
-  }) {
-    this.callbackPath = options?.callbackPath ?? '/auth/callback';
-    this.redirectUri = options?.redirectUri ?? window.location.origin + this.callbackPath;
-    this.timeout = options?.timeout ?? 300000; // 5 minutes default
-    this.storage = options?.storage ?? new SessionStorageStrategy();
-  }
-
-  async authenticate(authUrl: URL): Promise<URL> {
-    // Update the redirect URI in the auth URL
-    authUrl.searchParams.set('redirect_uri', this.redirectUri);
-
-    return this.authenticateWithRedirect(authUrl);
-  }
-
-  /**
-   * Call this method when your app loads to handle the redirect callback
-   */
-  static handleCallback(callbackPath: string = '/auth/callback'): boolean {
-    const currentUrl = new URL(window.location.href);
-
-    // Check if this is a callback URL
-    if (currentUrl.pathname === callbackPath && currentUrl.searchParams.has('status')) {
-      // For web apps, use the HTTP URL directly (no need to convert to youversionauth scheme)
-      const callbackUrl = new URL(currentUrl.toString());
-
-      if (WebAuthenticationStrategy.pendingAuthResolve) {
-        WebAuthenticationStrategy.pendingAuthResolve(callbackUrl);
-        WebAuthenticationStrategy.cleanup();
-      } else {
-        // Store the callback URL for later retrieval
-        const storageStrategy = new SessionStorageStrategy();
-        storageStrategy.setItem('youversion-auth-callback', callbackUrl.toString());
-      }
-
-      const storageStrategy = new SessionStorageStrategy();
-      const returnUrl = storageStrategy.getItem('youversion-auth-return') ?? '/';
-      storageStrategy.removeItem('youversion-auth-return');
-      window.history.replaceState({}, '', returnUrl);
-
-      return true;
-    }
-
-    return false;
-  }
-
-  /**
-   * Clean up pending authentication state
-   */
-  static cleanup(): void {
-    if (WebAuthenticationStrategy.timeoutId) {
-      clearTimeout(WebAuthenticationStrategy.timeoutId);
-      WebAuthenticationStrategy.timeoutId = null;
-    }
-    WebAuthenticationStrategy.pendingAuthResolve = null;
-    WebAuthenticationStrategy.pendingAuthReject = null;
-  }
-
-  /**
-   * Retrieve stored callback result if available
-   */
-  static getStoredCallback(): URL | null {
-    const storageStrategy = new SessionStorageStrategy();
-    const stored = storageStrategy.getItem('youversion-auth-callback');
-    if (stored) {
-      storageStrategy.removeItem('youversion-auth-callback');
-      try {
-        return new URL(stored);
-      } catch {
-        return null;
-      }
-    }
-    return null;
-  }
-
-  private authenticateWithRedirect(authUrl: URL): Promise<URL> {
-    // Clean up any existing state
-    WebAuthenticationStrategy.cleanup();
-
-    // Store return URL in configured storage
-    this.storage.setItem('youversion-auth-return', window.location.href);
-
-    // Set up the promise that will be resolved when we come back
-    return new Promise((resolve, reject) => {
-      WebAuthenticationStrategy.pendingAuthResolve = resolve;
-      WebAuthenticationStrategy.pendingAuthReject = reject;
-
-      // Set up timeout
-      WebAuthenticationStrategy.timeoutId = setTimeout(() => {
-        WebAuthenticationStrategy.cleanup();
-        reject(new Error('Authentication timeout'));
-      }, this.timeout);
-
-      // Handle cases where navigation might fail
-      try {
-        // Redirect to auth URL
-        window.location.href = authUrl.toString();
-      } catch (error) {
-        WebAuthenticationStrategy.cleanup();
-        reject(
-          new Error(
-            `Failed to navigate to auth URL: ${error instanceof Error ? error.message : 'Unknown error'}`,
-          ),
-        );
-      }
-    });
-  }
-}