mcp-oauth-provider 0.0.1

package/src/__tests__/oauth-flow.test.ts

@@ -0,0 +1,276 @@
+import { describe, expect, mock, test } from 'bun:test';
+import type { OAuthTokens } from '../client/config.js';
+import {
+  areTokensExpired,
+  calculateTokenExpiry,
+  refreshTokensWithRetry,
+} from '../client/oauth-flow.js';
+
+describe('oauth-flow utilities', () => {
+  describe('areTokensExpired', () => {
+    test('should return true for undefined tokens', () => {
+      expect(areTokensExpired(undefined)).toBe(true);
+    });
+
+    test('should return true when tokenExpiryTime is in the past', () => {
+      const tokens: OAuthTokens = {
+        access_token: 'test-token',
+        token_type: 'Bearer',
+        expires_in: 3600,
+      };
+      const pastExpiryTime = Date.now() - 1000;
+
+      expect(areTokensExpired(tokens, pastExpiryTime)).toBe(true);
+    });
+
+    test('should return true when tokenExpiryTime is within buffer period', () => {
+      const tokens: OAuthTokens = {
+        access_token: 'test-token',
+        token_type: 'Bearer',
+        expires_in: 3600,
+      };
+      // Expiry time 2 minutes in future (less than 5 minute buffer)
+      const soonExpiryTime = Date.now() + 120 * 1000;
+
+      expect(areTokensExpired(tokens, soonExpiryTime, 300)).toBe(true);
+    });
+
+    test('should return false when tokenExpiryTime is beyond buffer period', () => {
+      const tokens: OAuthTokens = {
+        access_token: 'test-token',
+        token_type: 'Bearer',
+        expires_in: 3600,
+      };
+      // Expiry time 10 minutes in future (beyond 5 minute buffer)
+      const futureExpiryTime = Date.now() + 600 * 1000;
+
+      expect(areTokensExpired(tokens, futureExpiryTime, 300)).toBe(false);
+    });
+
+    test('should return false when no expiry info and no tokenExpiryTime', () => {
+      const tokens: OAuthTokens = {
+        access_token: 'test-token',
+        token_type: 'Bearer',
+      };
+
+      expect(areTokensExpired(tokens)).toBe(false);
+    });
+
+    test('should return true when expires_in is less than buffer', () => {
+      const tokens: OAuthTokens = {
+        access_token: 'test-token',
+        token_type: 'Bearer',
+        expires_in: 100, // 100 seconds
+      };
+
+      expect(areTokensExpired(tokens, undefined, 300)).toBe(true);
+    });
+
+    test('should return false when expires_in is greater than buffer', () => {
+      const tokens: OAuthTokens = {
+        access_token: 'test-token',
+        token_type: 'Bearer',
+        expires_in: 600, // 600 seconds
+      };
+
+      expect(areTokensExpired(tokens, undefined, 300)).toBe(false);
+    });
+
+    test('should use custom buffer period', () => {
+      const tokens: OAuthTokens = {
+        access_token: 'test-token',
+        token_type: 'Bearer',
+        expires_in: 150,
+      };
+
+      expect(areTokensExpired(tokens, undefined, 100)).toBe(false);
+      expect(areTokensExpired(tokens, undefined, 200)).toBe(true);
+    });
+  });
+
+  describe('calculateTokenExpiry', () => {
+    test('should calculate correct expiry timestamp', () => {
+      const expiresIn = 3600; // 1 hour
+      const before = Date.now();
+      const expiry = calculateTokenExpiry(expiresIn);
+      const after = Date.now();
+      const expectedMin = before + expiresIn * 1000;
+      const expectedMax = after + expiresIn * 1000;
+
+      expect(expiry).toBeGreaterThanOrEqual(expectedMin);
+      expect(expiry).toBeLessThanOrEqual(expectedMax);
+    });
+
+    test('should handle different expiry values', () => {
+      const testCases = [60, 300, 3600, 7200];
+
+      for (const expiresIn of testCases) {
+        const expiry = calculateTokenExpiry(expiresIn);
+        const expectedApprox = Date.now() + expiresIn * 1000;
+        // Allow 100ms tolerance
+
+        expect(Math.abs(expiry - expectedApprox)).toBeLessThan(100);
+      }
+    });
+  });
+
+  describe('refreshTokensWithRetry', () => {
+    test('should successfully refresh tokens on first attempt', async () => {
+      const mockTokens: OAuthTokens = {
+        access_token: 'new-access-token',
+        token_type: 'Bearer',
+        expires_in: 3600,
+        refresh_token: 'new-refresh-token',
+      };
+      const mockFetch = mock(() =>
+        Promise.resolve(
+          new Response(JSON.stringify(mockTokens), {
+            status: 200,
+            headers: { 'Content-Type': 'application/json' },
+          })
+        )
+      );
+      const clientInfo = {
+        client_id: 'test-client-id',
+        client_secret: 'test-client-secret',
+      };
+
+      const result = await refreshTokensWithRetry(
+        'https://auth.example.com',
+        clientInfo,
+        'old-refresh-token',
+        undefined,
+        3,
+        100,
+        mockFetch as unknown as typeof fetch
+      );
+
+      expect(result).toEqual(mockTokens);
+      expect(mockFetch).toHaveBeenCalledTimes(1);
+    });
+
+    test('should retry on failure and eventually succeed', async () => {
+      const mockTokens: OAuthTokens = {
+        access_token: 'new-access-token',
+        token_type: 'Bearer',
+        expires_in: 3600,
+        refresh_token: 'refresh-token', // Include the refresh token that was sent
+      };
+      let callCount = 0;
+      const mockFetch = mock(() => {
+        callCount++;
+        if (callCount < 2) {
+          return Promise.reject(new Error('Network error'));
+        }
+
+        return Promise.resolve(
+          new Response(JSON.stringify(mockTokens), {
+            status: 200,
+            headers: { 'Content-Type': 'application/json' },
+          })
+        );
+      });
+      const clientInfo = { client_id: 'test-client-id' };
+
+      const result = await refreshTokensWithRetry(
+        'https://auth.example.com',
+        clientInfo,
+        'refresh-token',
+        undefined,
+        3,
+        10, // Short delay for testing
+        mockFetch as unknown as typeof fetch
+      );
+
+      expect(result).toEqual(mockTokens);
+      expect(callCount).toBe(2);
+    });
+
+    test('should throw error after max retries', async () => {
+      const mockFetch = mock(() => Promise.reject(new Error('Network error')));
+      const clientInfo = { client_id: 'test-client-id' };
+
+      await expect(
+        refreshTokensWithRetry(
+          'https://auth.example.com',
+          clientInfo,
+          'refresh-token',
+          undefined,
+          3,
+          10,
+          mockFetch as unknown as typeof fetch
+        )
+      ).rejects.toThrow('Token refresh failed after 3 attempts');
+
+      expect(mockFetch).toHaveBeenCalledTimes(3);
+    });
+
+    test('should use exponential backoff for retries', async () => {
+      const callTimes: number[] = [];
+      const mockFetch = mock(() => {
+        callTimes.push(Date.now());
+
+        return Promise.reject(new Error('Network error'));
+      });
+      const clientInfo = { client_id: 'test-client-id' };
+      const baseDelay = 50;
+
+      try {
+        await refreshTokensWithRetry(
+          'https://auth.example.com',
+          clientInfo,
+          'refresh-token',
+          undefined,
+          3,
+          baseDelay,
+          mockFetch as unknown as typeof fetch
+        );
+      } catch {
+        // Expected to fail
+      }
+
+      // Should have made 3 attempts
+      expect(callTimes.length).toBe(3);
+
+      // Calculate delays between attempts
+      const delay1 = callTimes[1]! - callTimes[0]!;
+      const delay2 = callTimes[2]! - callTimes[1]!;
+
+      // Verify exponential backoff (delays should increase)
+      // First retry should be approximately baseDelay * 1
+      expect(delay1).toBeGreaterThanOrEqual(baseDelay);
+      // Second retry should be approximately baseDelay * 2 and greater than first
+      expect(delay2).toBeGreaterThan(delay1);
+      expect(delay2).toBeGreaterThanOrEqual(baseDelay * 2);
+    });
+
+    test('should pass custom addClientAuth function', async () => {
+      const mockTokens: OAuthTokens = {
+        access_token: 'new-token',
+        token_type: 'Bearer',
+      };
+      const mockFetch = mock(() =>
+        Promise.resolve(
+          new Response(JSON.stringify(mockTokens), { status: 200 })
+        )
+      );
+      const mockAddClientAuth = mock(() => {
+        // Mock implementation
+      });
+      const clientInfo = { client_id: 'test-client-id' };
+
+      await refreshTokensWithRetry(
+        'https://auth.example.com',
+        clientInfo,
+        'refresh-token',
+        mockAddClientAuth,
+        3,
+        10,
+        mockFetch as unknown as typeof fetch
+      );
+
+      // The SDK's refreshAuthorization should have been called with addClientAuth
+      expect(mockFetch).toHaveBeenCalled();
+    });
+  });
+});

package/src/__tests__/server.test.ts

@@ -0,0 +1,391 @@
+import { afterEach, describe, expect, test } from 'bun:test';
+import { OAuthCallbackServer } from '../server/callback.js';
+
+describe('OAuthCallbackServer', () => {
+  let server: OAuthCallbackServer;
+  let testPort = 9876;
+  const testHostname = 'localhost';
+
+  const startServer = async () => {
+    if (server) {
+      await server.stop();
+    }
+
+    // Use a new port for each test to avoid port conflicts
+    testPort++;
+
+    server = new OAuthCallbackServer();
+
+    return server.start({
+      port: testPort,
+      hostname: testHostname,
+    });
+  };
+
+  afterEach(async () => {
+    if (server) {
+      try {
+        await server.stop();
+      } catch (error) {
+        // Ignore "Server stopped" errors from rejected promises
+        if (
+          error instanceof Error &&
+          !error.message.includes('Server stopped')
+        ) {
+          throw error;
+        }
+      }
+    }
+  });
+
+  describe('server lifecycle', () => {
+    test('should start server successfully', async () => {
+      await startServer();
+
+      // Verify server is running by making a request
+      const response = await fetch(
+        `http://${testHostname}:${testPort}/unknown`
+      );
+
+      expect(response.status).toBe(404);
+    });
+
+    test('should stop server successfully', async () => {
+      await startServer();
+
+      expect(server.isRunning()).toBe(true);
+
+      await server.stop();
+
+      expect(server.isRunning()).toBe(false);
+    });
+
+    test('should throw error when starting already running server', async () => {
+      await startServer();
+
+      await expect(
+        server.start({
+          port: testPort + 1,
+          hostname: testHostname,
+        })
+      ).rejects.toThrow('Server is already running');
+    });
+
+    test('should handle abort signal during start', async () => {
+      const abortController = new AbortController();
+
+      abortController.abort();
+
+      await expect(
+        server.start({
+          port: testPort,
+          hostname: testHostname,
+          signal: abortController.signal,
+        })
+      ).rejects.toThrow('Operation aborted');
+    });
+
+    test('should stop server when abort signal is triggered', async () => {
+      const abortController = new AbortController();
+
+      await server.start({
+        port: testPort,
+        hostname: testHostname,
+        signal: abortController.signal,
+      });
+
+      expect(server.isRunning()).toBe(true);
+
+      // Trigger abort
+      abortController.abort();
+
+      // Give it a moment to cleanup
+      await new Promise(resolve => setTimeout(resolve, 100));
+
+      expect(server.isRunning()).toBe(false);
+    });
+  });
+
+  describe('callback handling', () => {
+    test('should handle successful OAuth callback', async () => {
+      await startServer();
+      const callbackPath = '/callback/success';
+      const expectedCode = 'test-auth-code-12345';
+      const expectedState = 'test-state-67890';
+
+      // Start waiting for callback first
+      const callbackPromise = server.waitForCallback(callbackPath, 5000);
+
+      // Delay to ensure listener registration completes
+      await new Promise(resolve => setTimeout(resolve, 10));
+
+      // Make the HTTP request
+      const fetchPromise = fetch(
+        `http://${testHostname}:${testPort}${callbackPath}?code=${expectedCode}&state=${expectedState}`
+      );
+
+      const [result, response] = await Promise.all([
+        callbackPromise,
+        fetchPromise,
+      ]);
+
+      // Should get success page
+      expect(response.status).toBe(200);
+
+      const html = await response.text();
+
+      expect(html).toContain('Authorization Successful');
+
+      // Should resolve with callback data
+      expect(result).toMatchObject({
+        code: expectedCode,
+        state: expectedState,
+      });
+    });
+
+    test('should handle OAuth error callback', async () => {
+      await startServer();
+      const callbackPath = '/callback/error';
+      const expectedError = 'access_denied';
+      const expectedDescription = 'User denied authorization';
+
+      const callbackPromise = server.waitForCallback(callbackPath, 5000);
+
+      await new Promise(resolve => setTimeout(resolve, 10));
+
+      const fetchPromise = fetch(
+        `http://${testHostname}:${testPort}${callbackPath}?error=${expectedError}&error_description=${encodeURIComponent(expectedDescription)}`
+      );
+
+      const [result, response] = await Promise.all([
+        callbackPromise,
+        fetchPromise,
+      ]);
+
+      expect(response.status).toBe(400);
+
+      const html = await response.text();
+
+      expect(html).toContain('Authorization Failed');
+
+      expect(result).toMatchObject({
+        error: expectedError,
+        error_description: expectedDescription,
+      });
+    });
+
+    test('should timeout when callback takes too long', async () => {
+      await startServer();
+      const callbackPath = '/callback/timeout';
+
+      // Wait with very short timeout
+      await expect(server.waitForCallback(callbackPath, 100)).rejects.toThrow(
+        'OAuth callback timeout'
+      );
+    });
+
+    test('should handle multiple callback parameters', async () => {
+      await startServer();
+      const callbackPath = '/oauth/callback';
+      const params = {
+        code: 'auth-code',
+        state: 'state-value',
+        scope: 'openid profile email',
+        session_state: 'session-123',
+      };
+      const queryString = new URLSearchParams(params).toString();
+
+      const callbackPromise = server.waitForCallback(callbackPath, 5000);
+
+      await new Promise(resolve => setTimeout(resolve, 10));
+
+      const fetchPromise = fetch(
+        `http://${testHostname}:${testPort}${callbackPath}?${queryString}`
+      );
+
+      const [result] = await Promise.all([callbackPromise, fetchPromise]);
+
+      expect(result).toMatchObject(params);
+    });
+
+    test('should return 404 for unknown paths', async () => {
+      await startServer();
+      const response = await fetch(
+        `http://${testHostname}:${testPort}/unknown-path`
+      );
+
+      expect(response.status).toBe(404);
+
+      const text = await response.text();
+
+      expect(text).toBe('Not Found');
+    });
+
+    test('should cleanup listeners after successful callback', async () => {
+      await startServer();
+      const callbackPath = '/callback/cleanup';
+
+      // First callback
+      await Promise.all([
+        server.waitForCallback(callbackPath, 5000),
+        fetch(
+          `http://${testHostname}:${testPort}${callbackPath}?code=code1&state=state1`
+        ),
+      ]);
+
+      // Second callback to same path should work
+      const [result2] = await Promise.all([
+        server.waitForCallback(callbackPath, 5000),
+        fetch(
+          `http://${testHostname}:${testPort}${callbackPath}?code=code2&state=state2`
+        ),
+      ]);
+
+      expect(result2.code).toBe('code2');
+    });
+
+    test('should use custom success HTML template', async () => {
+      await startServer();
+      const customServer = new OAuthCallbackServer();
+
+      await customServer.start({
+        hostname: testHostname,
+        port: testPort + 1,
+        successHtml: '<html><body>Custom Success!</body></html>',
+      });
+
+      const callbackPath = '/callback/custom-success';
+
+      const [, response] = await Promise.all([
+        customServer.waitForCallback(callbackPath, 5000),
+        fetch(
+          `http://${testHostname}:${testPort + 1}${callbackPath}?code=test`
+        ),
+      ]);
+
+      const html = await response.text();
+
+      expect(html).toContain('Custom Success!');
+
+      await customServer.stop();
+    });
+
+    test('should use custom error HTML template', async () => {
+      await startServer();
+      const customServer = new OAuthCallbackServer();
+
+      await customServer.start({
+        hostname: testHostname,
+        port: testPort + 2,
+        errorHtml: '<html><body>Custom Error!</body></html>',
+      });
+
+      const callbackPath = '/callback/custom-error';
+
+      const [, response] = await Promise.all([
+        customServer.waitForCallback(callbackPath, 5000),
+        fetch(
+          `http://${testHostname}:${testPort + 2}${callbackPath}?error=test`
+        ),
+      ]);
+
+      const html = await response.text();
+
+      expect(html).toContain('Custom Error!');
+
+      await customServer.stop();
+    });
+
+    test('should call onRequest callback', async () => {
+      await startServer();
+      await server.stop();
+
+      const requests: Request[] = [];
+
+      // Use a new port for this second server instance
+      testPort++;
+
+      await server.start({
+        port: testPort,
+        hostname: testHostname,
+        onRequest: req => requests.push(req),
+      });
+
+      await fetch(`http://${testHostname}:${testPort}/test`);
+
+      expect(requests).toHaveLength(1);
+      expect(requests[0]).toBeInstanceOf(Request);
+    });
+  });
+
+  describe('edge cases', () => {
+    test('should handle callback with no query parameters', async () => {
+      await startServer();
+      const callbackPath = '/callback/no-params';
+
+      // Start waiting for callback first to ensure listener is registered
+      const callbackPromise = server.waitForCallback(callbackPath, 5000);
+
+      // Small delay to ensure listener registration completes
+      await new Promise(resolve => setImmediate(resolve));
+
+      // Now make the HTTP request
+      const fetchPromise = fetch(
+        `http://${testHostname}:${testPort}${callbackPath}`
+      );
+
+      const [result] = await Promise.all([callbackPromise, fetchPromise]);
+
+      expect(result).toEqual({});
+    });
+
+    test('should handle special characters in parameters', async () => {
+      await startServer();
+      const callbackPath = '/callback/special-chars';
+      const specialState = 'state-with-special-chars_123';
+
+      const callbackPromise = server.waitForCallback(callbackPath, 5000);
+
+      await new Promise(resolve => setTimeout(resolve, 10));
+
+      const fetchPromise = fetch(
+        `http://${testHostname}:${testPort}${callbackPath}?code=test&state=${encodeURIComponent(specialState)}`
+      );
+
+      const [result] = await Promise.all([callbackPromise, fetchPromise]);
+
+      expect(result.state).toBe(specialState);
+    });
+
+    test('should handle concurrent callbacks to different paths', async () => {
+      await startServer();
+      const path1 = '/callback1';
+      const path2 = '/callback2';
+
+      // Register both listeners first
+      const promise1 = server.waitForCallback(path1, 5000);
+      const promise2 = server.waitForCallback(path2, 5000);
+
+      // Use a longer delay to ensure both listeners are registered
+      await new Promise(resolve => setTimeout(resolve, 10));
+
+      // Now make both HTTP requests
+      const fetch1 = fetch(
+        `http://${testHostname}:${testPort}${path1}?code=code1&state=state1`
+      );
+      const fetch2 = fetch(
+        `http://${testHostname}:${testPort}${path2}?code=code2&state=state2`
+      );
+
+      const [result1, result2] = await Promise.all([
+        promise1,
+        promise2,
+        fetch1,
+        fetch2,
+      ]);
+
+      expect(result1.code).toBe('code1');
+      expect(result2.code).toBe('code2');
+    });
+  });
+});