From ba2b499637abb4f6c2e2750e3421c11719a0236e Mon Sep 17 00:00:00 2001 From: Wang Sijie Date: Wed, 2 Mar 2022 11:24:15 +0800 Subject: [PATCH] test(core): session consent (#304) --- packages/core/src/routes/session.test.ts | 100 ++++++++++++++++++++++- 1 file changed, 97 insertions(+), 3 deletions(-) diff --git a/packages/core/src/routes/session.test.ts b/packages/core/src/routes/session.test.ts index 7c58494d2..504de5f66 100644 --- a/packages/core/src/routes/session.test.ts +++ b/packages/core/src/routes/session.test.ts @@ -42,13 +42,30 @@ jest.mock('@/lib/passcode', () => ({ })); const grantSave = jest.fn(async () => 'finalGrantId'); +const grantAddOIDCScope = jest.fn(); +const grantAddResourceScope = jest.fn(); const interactionResult = jest.fn(async () => 'redirectTo'); const interactionDetails: jest.MockedFunction<() => Promise> = jest.fn(async () => ({})); + +class Grant { + static async find(id: string) { + return id === 'exists' ? new Grant() : undefined; + } + + save: typeof grantSave; + addOIDCScope: typeof grantAddOIDCScope; + addResourceScope: typeof grantAddResourceScope; + + constructor() { + this.save = grantSave; + this.addOIDCScope = grantAddOIDCScope; + this.addResourceScope = grantAddResourceScope; + } +} + jest.mock('oidc-provider', () => ({ Provider: jest.fn(() => ({ - Grant: jest.fn(() => ({ - save: grantSave, - })), + Grant, interactionDetails, interactionResult, })), @@ -307,6 +324,83 @@ describe('sessionRoutes', () => { }); }); + describe('POST /session/consent', () => { + describe('should call grant.save() and assign interaction results', () => { + it('with empty details and reusing old grant', async () => { + interactionDetails.mockResolvedValueOnce({ + session: { accountId: 'accountId' }, + params: { client_id: 'clientId' }, + prompt: { details: {} }, + }); + const response = await sessionRequest.post('/session/consent'); + expect(response.statusCode).toEqual(200); + expect(grantSave).toHaveBeenCalled(); + expect(interactionResult).toHaveBeenCalledWith( + expect.anything(), + expect.anything(), + expect.objectContaining({ + consent: { grantId: 'finalGrantId' }, + }), + expect.anything() + ); + }); + it('with empty details and creating new grant', async () => { + interactionDetails.mockResolvedValueOnce({ + session: { accountId: 'accountId' }, + params: { client_id: 'clientId' }, + prompt: { details: {} }, + grantId: 'exists', + }); + const response = await sessionRequest.post('/session/consent'); + expect(response.statusCode).toEqual(200); + expect(grantSave).toHaveBeenCalled(); + expect(interactionResult).toHaveBeenCalledWith( + expect.anything(), + expect.anything(), + expect.objectContaining({ + consent: { grantId: 'finalGrantId' }, + }), + expect.anything() + ); + }); + it('missingOIDCScope and missingResourceScopes', async () => { + interactionDetails.mockResolvedValueOnce({ + session: { accountId: 'accountId' }, + params: { client_id: 'clientId' }, + prompt: { + details: { + missingOIDCScope: ['scope1', 'scope2'], + missingResourceScopes: { + resource1: ['scope1', 'scope2'], + resource2: ['scope3'], + }, + }, + }, + }); + const response = await sessionRequest.post('/session/consent'); + expect(response.statusCode).toEqual(200); + expect(grantAddOIDCScope).toHaveBeenCalledWith('scope1 scope2'); + expect(grantAddResourceScope).toHaveBeenCalledWith('resource1', 'scope1 scope2'); + expect(grantAddResourceScope).toHaveBeenCalledWith('resource2', 'scope3'); + expect(interactionResult).toHaveBeenCalledWith( + expect.anything(), + expect.anything(), + expect.objectContaining({ + consent: { grantId: 'finalGrantId' }, + }), + expect.anything() + ); + }); + }); + it('throws if session is missing', async () => { + interactionDetails.mockResolvedValueOnce({}); + await expect(sessionRequest.post('/session/consent')).resolves.toHaveProperty( + 'statusCode', + 400 + ); + }); + }); + it('DELETE /session', async () => { const response = await sessionRequest.delete('/session'); expect(response.body).toHaveProperty('redirectTo');