2025-02-03 16:57:49 +01:00
|
|
|
|
const fetch = require('node-fetch');
|
2024-10-27 11:41:48 -04:00
|
|
|
|
const jwtDecode = require('jsonwebtoken/decode');
|
|
|
|
|
|
const { Issuer, Strategy: OpenIDStrategy } = require('openid-client');
|
2025-02-03 16:57:49 +01:00
|
|
|
|
const { findUser, createUser, updateUser } = require('~/models/userMethods');
|
2024-10-27 11:41:48 -04:00
|
|
|
|
const setupOpenId = require('./openidStrategy');
|
|
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// --- Mocks ---
|
|
|
|
|
|
jest.mock('node-fetch');
|
2024-10-27 11:41:48 -04:00
|
|
|
|
jest.mock('openid-client');
|
2025-02-03 16:57:49 +01:00
|
|
|
|
jest.mock('jsonwebtoken/decode');
|
2024-10-27 11:41:48 -04:00
|
|
|
|
jest.mock('~/server/services/Files/strategies', () => ({
|
|
|
|
|
|
getStrategyFunctions: jest.fn(() => ({
|
2025-02-03 16:57:49 +01:00
|
|
|
|
saveBuffer: jest.fn().mockResolvedValue('/fake/path/to/avatar.png'),
|
2024-10-27 11:41:48 -04:00
|
|
|
|
})),
|
|
|
|
|
|
}));
|
2025-02-03 16:57:49 +01:00
|
|
|
|
jest.mock('~/models/userMethods', () => ({
|
|
|
|
|
|
findUser: jest.fn(),
|
|
|
|
|
|
createUser: jest.fn(),
|
|
|
|
|
|
updateUser: jest.fn(),
|
|
|
|
|
|
}));
|
|
|
|
|
|
jest.mock('~/server/utils/crypto', () => ({
|
|
|
|
|
|
hashToken: jest.fn().mockResolvedValue('hashed-token'),
|
|
|
|
|
|
}));
|
|
|
|
|
|
jest.mock('~/server/utils', () => ({
|
|
|
|
|
|
isEnabled: jest.fn(() => false), // default to false, override per test if needed
|
|
|
|
|
|
}));
|
|
|
|
|
|
jest.mock('~/config', () => ({
|
|
|
|
|
|
logger: {
|
|
|
|
|
|
info: jest.fn(),
|
|
|
|
|
|
debug: jest.fn(),
|
|
|
|
|
|
error: jest.fn(),
|
2025-04-05 14:04:15 +02:00
|
|
|
|
warn: jest.fn(),
|
2025-02-03 16:57:49 +01:00
|
|
|
|
},
|
|
|
|
|
|
}));
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// Mock Issuer.discover so that setupOpenId gets a fake issuer and client
|
2024-10-27 11:41:48 -04:00
|
|
|
|
Issuer.discover = jest.fn().mockResolvedValue({
|
2025-02-03 16:57:49 +01:00
|
|
|
|
id_token_signing_alg_values_supported: ['RS256'],
|
|
|
|
|
|
Client: jest.fn().mockImplementation((clientMetadata) => {
|
|
|
|
|
|
return {
|
|
|
|
|
|
metadata: clientMetadata,
|
|
|
|
|
|
};
|
|
|
|
|
|
}),
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
// To capture the verify callback from the strategy, we grab it from the mock constructor
|
|
|
|
|
|
let verifyCallback;
|
|
|
|
|
|
OpenIDStrategy.mockImplementation((options, verify) => {
|
|
|
|
|
|
verifyCallback = verify;
|
|
|
|
|
|
return { name: 'openid', options, verify };
|
2024-10-27 11:41:48 -04:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
describe('setupOpenId', () => {
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// Helper to wrap the verify callback in a promise
|
|
|
|
|
|
const validate = (tokenset, userinfo) =>
|
|
|
|
|
|
new Promise((resolve, reject) => {
|
|
|
|
|
|
verifyCallback(tokenset, userinfo, (err, user, details) => {
|
|
|
|
|
|
if (err) {
|
2025-04-05 14:04:15 +02:00
|
|
|
|
return reject(err);
|
2025-02-03 16:57:49 +01:00
|
|
|
|
}
|
2025-04-05 14:04:15 +02:00
|
|
|
|
resolve({ user, details });
|
2025-02-03 16:57:49 +01:00
|
|
|
|
});
|
2024-10-27 11:41:48 -04:00
|
|
|
|
});
|
|
|
|
|
|
|
2025-04-05 14:04:15 +02:00
|
|
|
|
// Default tokenset: tokens now include a period to simulate a JWT
|
|
|
|
|
|
const validTokenSet = {
|
2025-04-05 13:36:42 +02:00
|
|
|
|
id_token: 'header.payload.signature',
|
|
|
|
|
|
access_token: 'header.payload.signature',
|
2025-02-03 16:57:49 +01:00
|
|
|
|
};
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
const baseUserinfo = {
|
|
|
|
|
|
sub: '1234',
|
|
|
|
|
|
email: 'test@example.com',
|
|
|
|
|
|
email_verified: true,
|
|
|
|
|
|
given_name: 'First',
|
|
|
|
|
|
family_name: 'Last',
|
|
|
|
|
|
name: 'My Full',
|
|
|
|
|
|
username: 'flast',
|
|
|
|
|
|
picture: 'https://example.com/avatar.png',
|
2025-04-05 14:04:15 +02:00
|
|
|
|
roles: ['requiredRole'],
|
2025-02-03 16:57:49 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
beforeEach(async () => {
|
|
|
|
|
|
// Clear previous mock calls and reset implementations
|
|
|
|
|
|
jest.clearAllMocks();
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// Reset environment variables needed by the strategy
|
|
|
|
|
|
process.env.OPENID_ISSUER = 'https://fake-issuer.com';
|
|
|
|
|
|
process.env.OPENID_CLIENT_ID = 'fake_client_id';
|
|
|
|
|
|
process.env.OPENID_CLIENT_SECRET = 'fake_client_secret';
|
|
|
|
|
|
process.env.DOMAIN_SERVER = 'https://example.com';
|
|
|
|
|
|
process.env.OPENID_CALLBACK_URL = '/callback';
|
|
|
|
|
|
process.env.OPENID_SCOPE = 'openid profile email';
|
|
|
|
|
|
process.env.OPENID_REQUIRED_ROLE = 'requiredRole';
|
|
|
|
|
|
process.env.OPENID_REQUIRED_ROLE_PARAMETER_PATH = 'roles';
|
|
|
|
|
|
process.env.OPENID_REQUIRED_ROLE_TOKEN_KIND = 'id';
|
2025-04-05 14:04:15 +02:00
|
|
|
|
process.env.OPENID_REQUIRED_ROLE_SOURCE = 'token';
|
2025-02-03 16:57:49 +01:00
|
|
|
|
delete process.env.OPENID_USERNAME_CLAIM;
|
|
|
|
|
|
delete process.env.OPENID_NAME_CLAIM;
|
|
|
|
|
|
delete process.env.PROXY;
|
|
|
|
|
|
|
2025-04-05 14:04:15 +02:00
|
|
|
|
// By default, jwtDecode returns a token that includes the required role.
|
2025-02-03 16:57:49 +01:00
|
|
|
|
jwtDecode.mockReturnValue({
|
|
|
|
|
|
roles: ['requiredRole'],
|
2024-10-27 11:41:48 -04:00
|
|
|
|
});
|
|
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// By default, assume that no user is found, so createUser will be called
|
|
|
|
|
|
findUser.mockResolvedValue(null);
|
|
|
|
|
|
createUser.mockImplementation(async (userData) => {
|
|
|
|
|
|
// simulate created user with an _id property
|
|
|
|
|
|
return { _id: 'newUserId', ...userData };
|
|
|
|
|
|
});
|
|
|
|
|
|
updateUser.mockImplementation(async (id, userData) => {
|
|
|
|
|
|
return { _id: id, ...userData };
|
|
|
|
|
|
});
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// For image download, simulate a successful response
|
|
|
|
|
|
const fakeBuffer = Buffer.from('fake image');
|
|
|
|
|
|
const fakeResponse = {
|
|
|
|
|
|
ok: true,
|
|
|
|
|
|
buffer: jest.fn().mockResolvedValue(fakeBuffer),
|
2024-10-27 11:41:48 -04:00
|
|
|
|
};
|
2025-02-03 16:57:49 +01:00
|
|
|
|
fetch.mockResolvedValue(fakeResponse);
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-04-05 14:04:15 +02:00
|
|
|
|
// Call setupOpenId so that passport.use gets called
|
2025-02-03 16:57:49 +01:00
|
|
|
|
await setupOpenId();
|
|
|
|
|
|
});
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
it('should create a new user with correct username when username claim exists', async () => {
|
|
|
|
|
|
// Arrange – our userinfo already has username 'flast'
|
|
|
|
|
|
const userinfo = { ...baseUserinfo };
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// Act
|
2025-04-05 14:04:15 +02:00
|
|
|
|
const { user } = await validate(validTokenSet, userinfo);
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// Assert
|
|
|
|
|
|
expect(user.username).toBe(userinfo.username);
|
|
|
|
|
|
expect(createUser).toHaveBeenCalledWith(
|
|
|
|
|
|
expect.objectContaining({
|
|
|
|
|
|
provider: 'openid',
|
|
|
|
|
|
openidId: userinfo.sub,
|
|
|
|
|
|
username: userinfo.username,
|
|
|
|
|
|
email: userinfo.email,
|
|
|
|
|
|
name: `${userinfo.given_name} ${userinfo.family_name}`,
|
|
|
|
|
|
}),
|
|
|
|
|
|
true,
|
|
|
|
|
|
true,
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
it('should use given_name as username when username claim is missing', async () => {
|
|
|
|
|
|
// Arrange – remove username from userinfo
|
|
|
|
|
|
const userinfo = { ...baseUserinfo };
|
|
|
|
|
|
delete userinfo.username;
|
2025-04-05 13:36:42 +02:00
|
|
|
|
// Expect the username to be the given name
|
2025-02-03 16:57:49 +01:00
|
|
|
|
const expectUsername = userinfo.given_name;
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// Act
|
2025-04-05 14:04:15 +02:00
|
|
|
|
const { user } = await validate(validTokenSet, userinfo);
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// Assert
|
|
|
|
|
|
expect(user.username).toBe(expectUsername);
|
|
|
|
|
|
expect(createUser).toHaveBeenCalledWith(
|
|
|
|
|
|
expect.objectContaining({ username: expectUsername }),
|
|
|
|
|
|
true,
|
|
|
|
|
|
true,
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
it('should use email as username when username and given_name are missing', async () => {
|
|
|
|
|
|
// Arrange – remove username and given_name
|
|
|
|
|
|
const userinfo = { ...baseUserinfo };
|
|
|
|
|
|
delete userinfo.username;
|
|
|
|
|
|
delete userinfo.given_name;
|
|
|
|
|
|
const expectUsername = userinfo.email;
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// Act
|
2025-04-05 14:04:15 +02:00
|
|
|
|
const { user } = await validate(validTokenSet, userinfo);
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// Assert
|
|
|
|
|
|
expect(user.username).toBe(expectUsername);
|
|
|
|
|
|
expect(createUser).toHaveBeenCalledWith(
|
|
|
|
|
|
expect.objectContaining({ username: expectUsername }),
|
|
|
|
|
|
true,
|
|
|
|
|
|
true,
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
it('should override username with OPENID_USERNAME_CLAIM when set', async () => {
|
|
|
|
|
|
// Arrange – set OPENID_USERNAME_CLAIM so that the sub claim is used
|
|
|
|
|
|
process.env.OPENID_USERNAME_CLAIM = 'sub';
|
|
|
|
|
|
const userinfo = { ...baseUserinfo };
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// Act
|
2025-04-05 14:04:15 +02:00
|
|
|
|
const { user } = await validate(validTokenSet, userinfo);
|
2025-02-03 16:57:49 +01:00
|
|
|
|
|
|
|
|
|
|
// Assert – username should equal the sub (converted as-is)
|
|
|
|
|
|
expect(user.username).toBe(userinfo.sub);
|
|
|
|
|
|
expect(createUser).toHaveBeenCalledWith(
|
|
|
|
|
|
expect.objectContaining({ username: userinfo.sub }),
|
|
|
|
|
|
true,
|
|
|
|
|
|
true,
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
it('should set the full name correctly when given_name and family_name exist', async () => {
|
|
|
|
|
|
// Arrange
|
|
|
|
|
|
const userinfo = { ...baseUserinfo };
|
|
|
|
|
|
const expectedFullName = `${userinfo.given_name} ${userinfo.family_name}`;
|
2024-10-27 11:41:48 -04:00
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
// Act
|
2025-04-05 14:04:15 +02:00
|
|
|
|
const { user } = await validate(validTokenSet, userinfo);
|
2025-02-03 16:57:49 +01:00
|
|
|
|
|
|
|
|
|
|
// Assert
|
|
|
|
|
|
expect(user.name).toBe(expectedFullName);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it('should override full name with OPENID_NAME_CLAIM when set', async () => {
|
|
|
|
|
|
// Arrange – use the name claim as the full name
|
|
|
|
|
|
process.env.OPENID_NAME_CLAIM = 'name';
|
|
|
|
|
|
const userinfo = { ...baseUserinfo, name: 'Custom Name' };
|
|
|
|
|
|
|
|
|
|
|
|
// Act
|
2025-04-05 14:04:15 +02:00
|
|
|
|
const { user } = await validate(validTokenSet, userinfo);
|
2025-02-03 16:57:49 +01:00
|
|
|
|
|
|
|
|
|
|
// Assert
|
|
|
|
|
|
expect(user.name).toBe('Custom Name');
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it('should update an existing user on login', async () => {
|
|
|
|
|
|
// Arrange – simulate that a user already exists
|
|
|
|
|
|
const existingUser = {
|
|
|
|
|
|
_id: 'existingUserId',
|
|
|
|
|
|
provider: 'local',
|
|
|
|
|
|
email: baseUserinfo.email,
|
|
|
|
|
|
openidId: '',
|
|
|
|
|
|
username: '',
|
|
|
|
|
|
name: '',
|
|
|
|
|
|
};
|
|
|
|
|
|
findUser.mockImplementation(async (query) => {
|
|
|
|
|
|
if (query.openidId === baseUserinfo.sub || query.email === baseUserinfo.email) {
|
|
|
|
|
|
return existingUser;
|
|
|
|
|
|
}
|
|
|
|
|
|
return null;
|
2024-10-27 11:41:48 -04:00
|
|
|
|
});
|
|
|
|
|
|
|
2025-02-03 16:57:49 +01:00
|
|
|
|
const userinfo = { ...baseUserinfo };
|
|
|
|
|
|
|
|
|
|
|
|
// Act
|
2025-04-05 14:04:15 +02:00
|
|
|
|
await validate(validTokenSet, userinfo);
|
2025-02-03 16:57:49 +01:00
|
|
|
|
|
|
|
|
|
|
// Assert – updateUser should be called and the user object updated
|
2025-02-03 16:08:34 -05:00
|
|
|
|
expect(updateUser).toHaveBeenCalledWith(
|
|
|
|
|
|
existingUser._id,
|
|
|
|
|
|
expect.objectContaining({
|
|
|
|
|
|
provider: 'openid',
|
|
|
|
|
|
openidId: baseUserinfo.sub,
|
|
|
|
|
|
username: baseUserinfo.username,
|
|
|
|
|
|
name: `${baseUserinfo.given_name} ${baseUserinfo.family_name}`,
|
|
|
|
|
|
}),
|
|
|
|
|
|
);
|
2025-02-03 16:57:49 +01:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it('should enforce the required role and reject login if missing', async () => {
|
|
|
|
|
|
// Arrange – simulate a token without the required role.
|
|
|
|
|
|
jwtDecode.mockReturnValue({
|
|
|
|
|
|
roles: ['SomeOtherRole'],
|
2024-10-27 11:41:48 -04:00
|
|
|
|
});
|
2025-02-03 16:57:49 +01:00
|
|
|
|
const userinfo = { ...baseUserinfo };
|
|
|
|
|
|
|
|
|
|
|
|
// Act
|
2025-04-05 14:04:15 +02:00
|
|
|
|
const { user, details } = await validate(validTokenSet, userinfo);
|
2025-02-03 16:57:49 +01:00
|
|
|
|
|
|
|
|
|
|
// Assert – verify that the strategy rejects login
|
|
|
|
|
|
expect(user).toBe(false);
|
2025-02-03 16:08:34 -05:00
|
|
|
|
expect(details.message).toBe('You must have the "requiredRole" role to log in.');
|
2024-10-27 11:41:48 -04:00
|
|
|
|
});
|
2025-02-03 16:57:49 +01:00
|
|
|
|
|
|
|
|
|
|
it('should attempt to download and save the avatar if picture is provided', async () => {
|
|
|
|
|
|
// Arrange – ensure userinfo contains a picture URL
|
|
|
|
|
|
const userinfo = { ...baseUserinfo };
|
|
|
|
|
|
|
|
|
|
|
|
// Act
|
2025-04-05 14:04:15 +02:00
|
|
|
|
const { user } = await validate(validTokenSet, userinfo);
|
2025-02-03 16:57:49 +01:00
|
|
|
|
|
|
|
|
|
|
// Assert – verify that download was attempted and the avatar field was set via updateUser
|
|
|
|
|
|
expect(fetch).toHaveBeenCalled();
|
|
|
|
|
|
expect(user.avatar).toBe('/fake/path/to/avatar.png');
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it('should not attempt to download avatar if picture is not provided', async () => {
|
|
|
|
|
|
// Arrange – remove picture
|
|
|
|
|
|
const userinfo = { ...baseUserinfo };
|
|
|
|
|
|
delete userinfo.picture;
|
|
|
|
|
|
|
|
|
|
|
|
// Act
|
2025-04-05 14:04:15 +02:00
|
|
|
|
await validate(validTokenSet, userinfo);
|
2025-02-03 16:57:49 +01:00
|
|
|
|
|
|
|
|
|
|
// Assert – fetch should not be called and avatar should remain undefined or empty
|
|
|
|
|
|
expect(fetch).not.toHaveBeenCalled();
|
|
|
|
|
|
});
|
2025-04-05 14:04:15 +02:00
|
|
|
|
|
|
|
|
|
|
it('should fallback to userinfo roles if the id_token is invalid (missing a period)', async () => {
|
|
|
|
|
|
// Arrange – simulate an invalid id_token and ensure userinfo.roles contains the required role
|
|
|
|
|
|
const invalidTokenSet = { ...validTokenSet, id_token: 'invalidtoken' };
|
|
|
|
|
|
const userinfo = { ...baseUserinfo, roles: ['requiredRole'] };
|
|
|
|
|
|
|
|
|
|
|
|
// Act
|
|
|
|
|
|
const { user } = await validate(invalidTokenSet, userinfo);
|
|
|
|
|
|
|
|
|
|
|
|
// Assert – login should succeed using roles from userinfo
|
|
|
|
|
|
expect(user).toBeDefined();
|
|
|
|
|
|
expect(createUser).toHaveBeenCalled();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it('should handle downloadImage failure gracefully and not set an avatar', async () => {
|
|
|
|
|
|
// Arrange – force fetch to reject, simulating a network error for image download
|
|
|
|
|
|
fetch.mockRejectedValue(new Error('network error'));
|
|
|
|
|
|
const userinfo = { ...baseUserinfo };
|
|
|
|
|
|
|
|
|
|
|
|
// Act
|
|
|
|
|
|
const { user } = await validate(validTokenSet, userinfo);
|
|
|
|
|
|
|
|
|
|
|
|
// Assert – verify that fetch was called but avatar is not updated
|
|
|
|
|
|
expect(fetch).toHaveBeenCalled();
|
|
|
|
|
|
expect(user.avatar).toBeUndefined();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it('should allow login if no required role is specified', async () => {
|
|
|
|
|
|
// Arrange – remove role requirements
|
|
|
|
|
|
delete process.env.OPENID_REQUIRED_ROLE;
|
|
|
|
|
|
delete process.env.OPENID_REQUIRED_ROLE_PARAMETER_PATH;
|
|
|
|
|
|
// Ensure jwtDecode returns empty roles (should not matter now)
|
|
|
|
|
|
jwtDecode.mockReturnValue({});
|
|
|
|
|
|
const userinfo = { ...baseUserinfo };
|
|
|
|
|
|
|
|
|
|
|
|
// Act
|
|
|
|
|
|
const { user } = await validate(validTokenSet, userinfo);
|
|
|
|
|
|
|
|
|
|
|
|
// Assert – login should succeed without checking for roles
|
|
|
|
|
|
expect(user).toBeDefined();
|
|
|
|
|
|
expect(createUser).toHaveBeenCalled();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it('should use roles from userinfo when OPENID_REQUIRED_ROLE_SOURCE is set to "userinfo"', async () => {
|
|
|
|
|
|
// Arrange – force roleSource to be userinfo and have jwtDecode return empty roles
|
|
|
|
|
|
process.env.OPENID_REQUIRED_ROLE_SOURCE = 'userinfo';
|
|
|
|
|
|
jwtDecode.mockReturnValue({});
|
|
|
|
|
|
const userinfo = { ...baseUserinfo, roles: ['requiredRole'] };
|
|
|
|
|
|
|
|
|
|
|
|
// Act
|
|
|
|
|
|
const { user } = await validate(validTokenSet, userinfo);
|
|
|
|
|
|
|
|
|
|
|
|
// Assert – login should succeed because roles are taken from userinfo
|
|
|
|
|
|
expect(user).toBeDefined();
|
|
|
|
|
|
expect(createUser).toHaveBeenCalled();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it('should call done with error when createUser fails', async () => {
|
|
|
|
|
|
// Arrange – simulate createUser throwing an error
|
|
|
|
|
|
const errorMessage = 'createUser failed';
|
|
|
|
|
|
createUser.mockImplementation(async () => {
|
|
|
|
|
|
throw new Error(errorMessage);
|
|
|
|
|
|
});
|
|
|
|
|
|
const userinfo = { ...baseUserinfo };
|
|
|
|
|
|
|
|
|
|
|
|
// Act & Assert – verify that the verify callback rejects with the error
|
|
|
|
|
|
await expect(validate(validTokenSet, userinfo)).rejects.toThrow(errorMessage);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it('should not download avatar if existing user has avatar marked as manual', async () => {
|
|
|
|
|
|
// Arrange – simulate an existing user with a manually set avatar
|
|
|
|
|
|
const existingUser = {
|
|
|
|
|
|
_id: 'existingUserId',
|
|
|
|
|
|
provider: 'local',
|
|
|
|
|
|
email: baseUserinfo.email,
|
|
|
|
|
|
openidId: '',
|
|
|
|
|
|
username: '',
|
|
|
|
|
|
name: '',
|
|
|
|
|
|
avatar: 'some/path?manual=true',
|
|
|
|
|
|
};
|
|
|
|
|
|
findUser.mockResolvedValue(existingUser);
|
|
|
|
|
|
const userinfo = { ...baseUserinfo };
|
|
|
|
|
|
|
|
|
|
|
|
// Act
|
|
|
|
|
|
const { user } = await validate(validTokenSet, userinfo);
|
|
|
|
|
|
|
|
|
|
|
|
// Assert – fetch should not be called since avatar is manually set
|
|
|
|
|
|
expect(fetch).not.toHaveBeenCalled();
|
|
|
|
|
|
expect(updateUser).toHaveBeenCalledWith(
|
|
|
|
|
|
existingUser._id,
|
|
|
|
|
|
expect.objectContaining({ avatar: existingUser.avatar }),
|
|
|
|
|
|
);
|
|
|
|
|
|
expect(user.avatar).toBe(existingUser.avatar);
|
|
|
|
|
|
});
|
2025-02-03 16:08:34 -05:00
|
|
|
|
});
|
