logto/packages/core/src/oidc/utils.test.ts

import { ApplicationType, CustomClientMetadataKey, GrantType } from '@logto/schemas';

import { mockEnvSet } from '#src/test-utils/env-set.js';

import {
  isOriginAllowed,
  buildOidcClientMetadata,
  getConstantClientMetadata,
  validateCustomClientMetadata,
} from './utils.js';

describe('getConstantClientMetadata()', () => {
  expect(getConstantClientMetadata(mockEnvSet, ApplicationType.SPA)).toEqual({
    application_type: 'web',
    grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.OrganizationToken],
    token_endpoint_auth_method: 'none',
  });
  expect(getConstantClientMetadata(mockEnvSet, ApplicationType.Native)).toEqual({
    application_type: 'native',
    grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.OrganizationToken],
    token_endpoint_auth_method: 'none',
  });
  expect(getConstantClientMetadata(mockEnvSet, ApplicationType.Traditional)).toEqual({
    application_type: 'web',
    grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.OrganizationToken],
    token_endpoint_auth_method: 'client_secret_basic',
  });
  expect(getConstantClientMetadata(mockEnvSet, ApplicationType.MachineToMachine)).toEqual({
    application_type: 'web',
    grant_types: [GrantType.ClientCredentials],
    token_endpoint_auth_method: 'client_secret_basic',
    response_types: [],
  });
});

describe('buildOidcClientMetadata()', () => {
  const metadata = {
    redirectUris: ['logto.dev'],
    postLogoutRedirectUris: ['logto.dev'],
    logoUri: 'logto.pnf',
  };
  expect(buildOidcClientMetadata()).toEqual({ redirectUris: [], postLogoutRedirectUris: [] });
  expect(buildOidcClientMetadata(metadata)).toEqual(metadata);
});

describe('validateMetadata', () => {
  describe('corsAllowedOrigins', () => {
    it('should not throw when corsAllowedOrigins is empty', () => {
      expect(() => {
        validateCustomClientMetadata('corsAllowedOrigins', []);
      }).not.toThrow();
    });

    it('should not throw when corsAllowedOrigins are all valid', () => {
      expect(() => {
        validateCustomClientMetadata('corsAllowedOrigins', [
          'http://localhost:3001',
          'https://logto.dev',
        ]);
      }).not.toThrow();
    });

    it('should throw when corsAllowedOrigins are not all valid', () => {
      expect(() => {
        validateCustomClientMetadata('corsAllowedOrigins', ['', 'logto.dev']);
      }).toThrow();
    });
  });

  describe.each(['idTokenTtl', 'refreshTokenTtl'])('%s', (ttlKey) => {
    test(`${ttlKey} should not throw when it is a number`, () => {
      expect(() => {
        validateCustomClientMetadata(ttlKey, 5000);
      }).not.toThrow();
    });

    test(`${ttlKey} should throw when it is not a number`, () => {
      expect(() => {
        validateCustomClientMetadata(ttlKey, 'string_value');
      }).toThrow();
    });
  });
});

describe('isOriginAllowed', () => {
  it('should return false if there is no corsAllowOrigins', () => {
    expect(isOriginAllowed('https://logto.dev', {})).toBeFalsy();
  });

  it('should return false if corsAllowOrigins is empty', () => {
    expect(
      isOriginAllowed('https://logto.dev', { [CustomClientMetadataKey.CorsAllowedOrigins]: [] })
    ).toBeFalsy();
  });

  it('should return false if corsAllowOrigins do not include the origin', () => {
    expect(
      isOriginAllowed('http://localhost:3001', {
        [CustomClientMetadataKey.CorsAllowedOrigins]: ['https://logto.dev'],
      })
    ).toBeFalsy();
  });

  it('should return true if corsAllowOrigins include the origin', () => {
    expect(
      isOriginAllowed('https://logto.dev', {
        [CustomClientMetadataKey.CorsAllowedOrigins]: ['https://logto.dev'],
      })
    ).toBeTruthy();
  });

  it('should return true if redirectUris include the origin', () => {
    expect(
      isOriginAllowed(
        'https://logto.dev',
        {
          [CustomClientMetadataKey.CorsAllowedOrigins]: [],
        },
        ['https://logto.dev/callback']
      )
    ).toBeTruthy();
  });
});
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`import { ApplicationType, CustomClientMetadataKey, GrantType } from '@logto/schemas';`
test(oidc): add oidc adapter test case (#266) add oidc adapter test case 2022-02-23 09:42:29 +08:00
refactor: fix alteration 2023-02-09 18:31:14 +08:00			`import { mockEnvSet } from '#src/test-utils/env-set.js';`
refactor: remove deprecated singleton instances 2023-01-11 16:41:53 +08:00
feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`import {`
			`isOriginAllowed,`
			`buildOidcClientMetadata,`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`getConstantClientMetadata,`
feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`validateCustomClientMetadata,`
refactor: use esm (batch 3) 2022-11-21 16:38:24 +08:00			`} from './utils.js';`
test(oidc): add oidc adapter test case (#266) add oidc adapter test case 2022-02-23 09:42:29 +08:00
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`describe('getConstantClientMetadata()', () => {`
refactor: fix alteration 2023-02-09 18:31:14 +08:00			`expect(getConstantClientMetadata(mockEnvSet, ApplicationType.SPA)).toEqual({`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`application_type: 'web',`
refactor(core): fix tests 2023-11-08 15:44:27 +08:00			`grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.OrganizationToken],`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`token_endpoint_auth_method: 'none',`
			`});`
refactor: fix alteration 2023-02-09 18:31:14 +08:00			`expect(getConstantClientMetadata(mockEnvSet, ApplicationType.Native)).toEqual({`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`application_type: 'native',`
refactor(core): fix tests 2023-11-08 15:44:27 +08:00			`grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.OrganizationToken],`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`token_endpoint_auth_method: 'none',`
			`});`
refactor: fix alteration 2023-02-09 18:31:14 +08:00			`expect(getConstantClientMetadata(mockEnvSet, ApplicationType.Traditional)).toEqual({`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`application_type: 'web',`
refactor(core): fix tests 2023-11-08 15:44:27 +08:00			`grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.OrganizationToken],`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`token_endpoint_auth_method: 'client_secret_basic',`
			`});`
refactor: fix alteration 2023-02-09 18:31:14 +08:00			`expect(getConstantClientMetadata(mockEnvSet, ApplicationType.MachineToMachine)).toEqual({`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`application_type: 'web',`
			`grant_types: [GrantType.ClientCredentials],`
			`token_endpoint_auth_method: 'client_secret_basic',`
			`response_types: [],`
			`});`
feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`});`

feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`describe('buildOidcClientMetadata()', () => {`
feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`const metadata = {`
			`redirectUris: ['logto.dev'],`
			`postLogoutRedirectUris: ['logto.dev'],`
			`logoUri: 'logto.pnf',`
			`};`
			`expect(buildOidcClientMetadata()).toEqual({ redirectUris: [], postLogoutRedirectUris: [] });`
			`expect(buildOidcClientMetadata(metadata)).toEqual(metadata);`
			`});`

			`describe('validateMetadata', () => {`
			`describe('corsAllowedOrigins', () => {`
			`it('should not throw when corsAllowedOrigins is empty', () => {`
			`expect(() => {`
			`validateCustomClientMetadata('corsAllowedOrigins', []);`
			`}).not.toThrow();`
			`});`

			`it('should not throw when corsAllowedOrigins are all valid', () => {`
			`expect(() => {`
			`validateCustomClientMetadata('corsAllowedOrigins', [`
			`'http://localhost:3001',`
			`'https://logto.dev',`
			`]);`
			`}).not.toThrow();`
			`});`

			`it('should throw when corsAllowedOrigins are not all valid', () => {`
			`expect(() => {`
			`validateCustomClientMetadata('corsAllowedOrigins', ['', 'logto.dev']);`
			`}).toThrow();`
			`});`
			`});`

			`describe.each(['idTokenTtl', 'refreshTokenTtl'])('%s', (ttlKey) => {`
			test(`${ttlKey} should not throw when it is a number`, () => {
			`expect(() => {`
			`validateCustomClientMetadata(ttlKey, 5000);`
			`}).not.toThrow();`
			`});`

			test(`${ttlKey} should throw when it is not a number`, () => {
			`expect(() => {`
			`validateCustomClientMetadata(ttlKey, 'string_value');`
			`}).toThrow();`
			`});`
			`});`
			`});`

feat(core): validate custom client metadata when post or patch application (#529) 2022-04-13 15:23:04 +08:00			`describe('isOriginAllowed', () => {`
feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`it('should return false if there is no corsAllowOrigins', () => {`
			`expect(isOriginAllowed('https://logto.dev', {})).toBeFalsy();`
			`});`

			`it('should return false if corsAllowOrigins is empty', () => {`
			`expect(`
			`isOriginAllowed('https://logto.dev', { [CustomClientMetadataKey.CorsAllowedOrigins]: [] })`
			`).toBeFalsy();`
			`});`

			`it('should return false if corsAllowOrigins do not include the origin', () => {`
			`expect(`
			`isOriginAllowed('http://localhost:3001', {`
			`[CustomClientMetadataKey.CorsAllowedOrigins]: ['https://logto.dev'],`
			`})`
			`).toBeFalsy();`
test(oidc): add oidc adapter test case (#266) add oidc adapter test case 2022-02-23 09:42:29 +08:00			`});`

feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`it('should return true if corsAllowOrigins include the origin', () => {`
			`expect(`
			`isOriginAllowed('https://logto.dev', {`
			`[CustomClientMetadataKey.CorsAllowedOrigins]: ['https://logto.dev'],`
			`})`
			`).toBeTruthy();`
test(oidc): add oidc adapter test case (#266) add oidc adapter test case 2022-02-23 09:42:29 +08:00			`});`
refactor: by default allow redirect URIs for CORS access (#1420) * refactor: by default allow redirect URIs for CORS access * refactor: improve wording Co-authored-by: IceHe.xyz <icehe@silverhand.io> Co-authored-by: IceHe.xyz <icehe@silverhand.io> 2022-07-05 17:36:43 +08:00
			`it('should return true if redirectUris include the origin', () => {`
			`expect(`
			`isOriginAllowed(`
			`'https://logto.dev',`
			`{`
			`[CustomClientMetadataKey.CorsAllowedOrigins]: [],`
			`},`
			`['https://logto.dev/callback']`
			`)`
			`).toBeTruthy();`
			`});`
test(oidc): add oidc adapter test case (#266) add oidc adapter test case 2022-02-23 09:42:29 +08:00			`});`