|
1 | | -import { IdentityClient } from '@frontegg/client'; |
2 | | -import { IEntityWithRoles } from '@frontegg/client/dist/src/clients/identity/types'; |
3 | 1 | import { FastifyRequest } from 'fastify'; |
4 | | -import { |
5 | | - getCloudToken, |
6 | | - getCloudUser, |
7 | | -} from '../../../../src/app/user-info/cloud-auth'; |
| 2 | +import jwt from 'jsonwebtoken'; |
| 3 | +import { getVerifiedUser } from '../../../../src/app/user-info/cloud-auth'; |
8 | 4 |
|
9 | 5 | type MockFastifyRequest = FastifyRequest & { |
10 | 6 | cookies: Record<string, string>; |
@@ -41,75 +37,62 @@ function createMockRequest(options: { |
41 | 37 | } as unknown as MockFastifyRequest; |
42 | 38 | } |
43 | 39 |
|
44 | | -describe('cloud-auth', () => { |
45 | | - describe('getCloudToken', () => { |
46 | | - it('should extract token from Authorization header', () => { |
47 | | - const mockRequest = createMockRequest({ |
48 | | - headers: { authorization: 'Bearer test-token' }, |
49 | | - cookies: {}, |
50 | | - }); |
| 40 | +describe('getVerifiedUser', () => { |
| 41 | + const publicKey = 'test-public-key'; |
51 | 42 |
|
52 | | - expect(getCloudToken(mockRequest)).toBe('test-token'); |
53 | | - }); |
| 43 | + beforeEach(() => { |
| 44 | + jest.spyOn(jwt, 'verify').mockReset(); |
| 45 | + }); |
54 | 46 |
|
55 | | - it('should get token from cookie when Authorization header is missing', () => { |
56 | | - const mockRequest = createMockRequest({ |
57 | | - headers: {}, |
58 | | - cookies: { 'cloud-token': 'cookie-token' }, |
59 | | - }); |
| 47 | + it('should return undefined when no token is present (no header, no cookie)', () => { |
| 48 | + const mockRequest = createMockRequest({ headers: {}, cookies: {} }); |
60 | 49 |
|
61 | | - expect(getCloudToken(mockRequest)).toBe('cookie-token'); |
62 | | - }); |
| 50 | + const result = getVerifiedUser(mockRequest, publicKey); |
63 | 51 |
|
64 | | - it('should return undefined when no token is present', () => { |
65 | | - const mockRequest = createMockRequest({ |
66 | | - headers: {}, |
67 | | - cookies: {}, |
68 | | - }); |
| 52 | + expect(result).toBeUndefined(); |
| 53 | + expect(jwt.verify).not.toHaveBeenCalled(); |
| 54 | + }); |
69 | 55 |
|
70 | | - expect(getCloudToken(mockRequest)).toBeUndefined(); |
| 56 | + it('should verify token from Authorization header', () => { |
| 57 | + const payload = { sub: '123' } as any; |
| 58 | + (jwt.verify as jest.Mock).mockReturnValue(payload); |
| 59 | + const mockRequest = createMockRequest({ |
| 60 | + headers: { authorization: 'Bearer header-token' }, |
| 61 | + cookies: {}, |
71 | 62 | }); |
72 | | - }); |
73 | 63 |
|
74 | | - describe('getCloudUser', () => { |
75 | | - let mockIdentityClient: jest.Mocked<IdentityClient>; |
| 64 | + const result = getVerifiedUser(mockRequest, publicKey); |
76 | 65 |
|
77 | | - beforeEach(() => { |
78 | | - mockIdentityClient = { |
79 | | - validateIdentityOnToken: jest.fn(), |
80 | | - } as never; |
81 | | - }); |
| 66 | + expect(jwt.verify).toHaveBeenCalledWith('header-token', publicKey); |
| 67 | + expect(result).toEqual(payload); |
| 68 | + }); |
82 | 69 |
|
83 | | - it('should return null when no token is provided', async () => { |
84 | | - const result = await getCloudUser(mockIdentityClient); |
85 | | - expect(result).toBeNull(); |
| 70 | + it('should verify token from cookie when Authorization header is missing', () => { |
| 71 | + const payload = { sub: 'abc' } as any; |
| 72 | + (jwt.verify as jest.Mock).mockReturnValue(payload); |
| 73 | + const mockRequest = createMockRequest({ |
| 74 | + headers: {}, |
| 75 | + cookies: { 'cloud-token': 'cookie-token' }, |
86 | 76 | }); |
87 | 77 |
|
88 | | - it('should return user when validation succeeds', async () => { |
89 | | - const mockUser = { id: '123', roles: [] }; |
90 | | - mockIdentityClient.validateIdentityOnToken.mockResolvedValue( |
91 | | - mockUser as unknown as IEntityWithRoles, |
92 | | - ); |
| 78 | + const result = getVerifiedUser(mockRequest, publicKey); |
93 | 79 |
|
94 | | - const result = await getCloudUser(mockIdentityClient, 'valid-token'); |
| 80 | + expect(jwt.verify).toHaveBeenCalledWith('cookie-token', publicKey); |
| 81 | + expect(result).toEqual(payload); |
| 82 | + }); |
95 | 83 |
|
96 | | - expect(result).toEqual(mockUser); |
97 | | - expect(mockIdentityClient.validateIdentityOnToken).toHaveBeenCalledWith( |
98 | | - 'valid-token', |
99 | | - ); |
| 84 | + it('should return undefined when verification fails (throws)', () => { |
| 85 | + (jwt.verify as jest.Mock).mockImplementation(() => { |
| 86 | + throw new Error('invalid'); |
| 87 | + }); |
| 88 | + const mockRequest = createMockRequest({ |
| 89 | + headers: { authorization: 'Bearer bad-token' }, |
| 90 | + cookies: {}, |
100 | 91 | }); |
101 | 92 |
|
102 | | - it('should return null when validation fails', async () => { |
103 | | - mockIdentityClient.validateIdentityOnToken.mockRejectedValue( |
104 | | - new Error('Invalid token'), |
105 | | - ); |
106 | | - |
107 | | - const result = await getCloudUser(mockIdentityClient, 'invalid-token'); |
| 93 | + const result = getVerifiedUser(mockRequest, publicKey); |
108 | 94 |
|
109 | | - expect(result).toBeNull(); |
110 | | - expect(mockIdentityClient.validateIdentityOnToken).toHaveBeenCalledWith( |
111 | | - 'invalid-token', |
112 | | - ); |
113 | | - }); |
| 95 | + expect(result).toBeUndefined(); |
| 96 | + expect(jwt.verify).toHaveBeenCalledWith('bad-token', publicKey); |
114 | 97 | }); |
115 | 98 | }); |
0 commit comments