0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-20 21:32:31 -05:00

chore: add tests

This commit is contained in:
Gao Sun 2024-06-08 14:48:57 +08:00
parent 75ab459c0a
commit 128ee0c9bb
No known key found for this signature in database
GPG key ID: 13EBE123E4773688
5 changed files with 128 additions and 11 deletions

View file

@ -6,6 +6,7 @@ import {
type OrganizationWithFeatured,
type OrganizationScope,
type OrganizationEmailDomain,
type CreateOrganization,
} from '@logto/schemas';
import { authedAdminApi } from './api.js';
@ -17,10 +18,7 @@ type Query = {
page_size?: number;
};
export class OrganizationApi extends ApiFactory<
Organization,
{ name: string; description?: string }
> {
export class OrganizationApi extends ApiFactory<Organization, Omit<CreateOrganization, 'id'>> {
constructor() {
super('organizations');
}

View file

@ -152,6 +152,14 @@ export default class MockClient {
return this.logto.getAccessTokenClaims(resource);
}
public async getOrganizationTokenClaims(organizationId: string) {
return this.logto.getOrganizationTokenClaims(organizationId);
}
public async clearAccessToken() {
return this.logto.clearAccessToken();
}
public async getRefreshToken(): Promise<Nullable<string>> {
return this.logto.getRefreshToken();
}

View file

@ -4,7 +4,7 @@ import {
type Organization,
type OrganizationRoleWithScopes,
type OrganizationInvitationEntity,
type JsonObject,
type CreateOrganization,
} from '@logto/schemas';
import { trySafe } from '@silverhand/essentials';
@ -123,11 +123,7 @@ export class OrganizationApiTest extends OrganizationApi {
return this.#organizations;
}
override async create(data: {
name: string;
description?: string;
customData?: JsonObject;
}): Promise<Organization> {
override async create(data: Omit<CreateOrganization, 'id'>): Promise<Organization> {
const created = await super.create(data);
this.organizations.push(created);
return created;

View file

@ -152,7 +152,7 @@ describe('get access token', () => {
).resolves.toBeTruthy();
});
it('can sign in and get multiple Access Tokens by the same Refresh Token within refreshTokenReuseInterval', async () => {
it('can sign in and get multiple access tokens by the same refresh token within `refreshTokenReuseInterval`', async () => {
const client = new MockClient({ resources: [testApiResourceInfo.indicator] });
await client.initSession();

View file

@ -0,0 +1,115 @@
import { UserScope, buildOrganizationUrn } from '@logto/core-kit';
import { InteractionEvent, MfaFactor } from '@logto/schemas';
import { createUserMfaVerification, deleteUser } from '#src/api/admin-user.js';
import { putInteraction } from '#src/api/index.js';
import MockClient from '#src/client/index.js';
import { processSession } from '#src/helpers/client.js';
import { createUserByAdmin } from '#src/helpers/index.js';
import { OrganizationApiTest } from '#src/helpers/organization.js';
import { enableAllPasswordSignInMethods } from '#src/helpers/sign-in-experience.js';
import { generatePassword, generateUsername, randomString } from '#src/utils.js';
describe('get access token for organization', () => {
const username = generateUsername();
const password = generatePassword();
const scopeName = `read:${randomString()}`;
const scopeName2 = `read:other:${randomString()}`;
const client = new MockClient({
scopes: [scopeName, scopeName2, UserScope.Organizations],
});
/* eslint-disable @silverhand/fp/no-let */
let testApiScopeId: string;
let testApiScopeId2: string;
let testUserId: string;
let testOrganizationId: string;
let testOrganizationId2: string;
/* eslint-enable @silverhand/fp/no-let */
const organizationApi = new OrganizationApiTest();
/* eslint-disable @silverhand/fp/no-mutation */
beforeAll(async () => {
const user = await createUserByAdmin({ username, password });
testUserId = user.id;
const organization = await organizationApi.create({ name: 'org1' });
testOrganizationId = organization.id;
await organizationApi.addUsers(testOrganizationId, [user.id]);
const scope = await organizationApi.scopeApi.create({ name: scopeName });
testApiScopeId = scope.id;
const scope2 = await organizationApi.scopeApi.create({ name: scopeName2 });
testApiScopeId2 = scope2.id;
const role = await organizationApi.roleApi.create({ name: `role1:${randomString()}` });
await organizationApi.roleApi.addScopes(role.id, [scope.id]);
await organizationApi.addUserRoles(testOrganizationId, user.id, [role.id]);
const organization2 = await organizationApi.create({ name: 'org2' });
testOrganizationId2 = organization2.id;
await organizationApi.addUsers(testOrganizationId2, [user.id]);
const role2 = await organizationApi.roleApi.create({ name: `role2:${randomString()}` });
await organizationApi.roleApi.addScopes(role2.id, [scope2.id]);
await organizationApi.addUserRoles(testOrganizationId2, user.id, [role2.id]);
await enableAllPasswordSignInMethods();
// Prepare client
await client.initSession();
await client.successSend(putInteraction, {
event: InteractionEvent.SignIn,
identifier: { username, password },
});
const { redirectTo } = await client.submitInteraction();
await processSession(client, redirectTo);
});
/* eslint-enable @silverhand/fp/no-mutation */
afterAll(async () => {
await Promise.all([organizationApi.cleanUp(), deleteUser(testUserId)]);
});
it('should be able to get access token for organization with correct scopes', async () => {
await expect(client.getOrganizationTokenClaims(testOrganizationId)).resolves.toMatchObject({
aud: buildOrganizationUrn(testOrganizationId),
scope: scopeName,
});
await expect(client.getOrganizationTokenClaims(testOrganizationId2)).resolves.toMatchObject({
aud: buildOrganizationUrn(testOrganizationId2),
scope: scopeName2,
});
});
it('should be able to dynamically get access token according to the status quo', async () => {
const newOrganization = await organizationApi.create({ name: 'foo' });
await organizationApi.addUsers(newOrganization.id, [testUserId]);
await expect(client.getOrganizationTokenClaims(newOrganization.id)).resolves.toMatchObject({
aud: buildOrganizationUrn(newOrganization.id),
});
await organizationApi.deleteUser(newOrganization.id, testUserId);
await client.clearAccessToken();
await expect(
client.getOrganizationTokenClaims(newOrganization.id)
).rejects.toMatchInlineSnapshot('[Error: Access denied.]');
});
it('should throw when organization requires mfa but user has not configured', async () => {
await organizationApi.update(testOrganizationId, { isMfaRequired: true });
await client.clearAccessToken();
await expect(
client.getOrganizationTokenClaims(testOrganizationId)
).rejects.toMatchInlineSnapshot('[Error: Access denied.]');
});
it('should be able to get access token for organization when user has mfa configured', async () => {
await createUserMfaVerification(testUserId, MfaFactor.TOTP);
await expect(client.getOrganizationTokenClaims(testOrganizationId)).resolves.toMatchObject({
aud: buildOrganizationUrn(testOrganizationId),
});
});
});