mirror of
https://github.com/freeCodeCamp/freeCodeCamp.git
synced 2025-12-30 03:03:06 -05:00
324 lines
9.7 KiB
TypeScript
324 lines
9.7 KiB
TypeScript
const COOKIE_DOMAIN = 'test.com';
|
|
import Fastify, { FastifyInstance } from 'fastify';
|
|
|
|
import { createUserInput } from '../utils/create-user';
|
|
import { AUTH0_DOMAIN, HOME_LOCATION } from '../utils/env';
|
|
import prismaPlugin from '../db/prisma';
|
|
import cookies, { sign, unsign } from './cookies';
|
|
import { auth0Client } from './auth0';
|
|
import redirectWithMessage, { formatMessage } from './redirect-with-message';
|
|
import auth from './auth';
|
|
import bouncer from './bouncer';
|
|
import { newUser } from './__fixtures__/user';
|
|
|
|
// eslint-disable-next-line @typescript-eslint/no-unsafe-return
|
|
jest.mock('../utils/env', () => ({
|
|
...jest.requireActual('../utils/env'),
|
|
COOKIE_DOMAIN
|
|
}));
|
|
|
|
describe('auth0 plugin', () => {
|
|
let fastify: FastifyInstance;
|
|
|
|
beforeAll(async () => {
|
|
fastify = Fastify();
|
|
|
|
await fastify.register(cookies);
|
|
await fastify.register(redirectWithMessage);
|
|
await fastify.register(auth);
|
|
await fastify.register(bouncer);
|
|
await fastify.register(auth0Client);
|
|
await fastify.register(prismaPlugin);
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await fastify.close();
|
|
});
|
|
|
|
describe('GET /signin', () => {
|
|
it('should redirect to the auth0 login page', async () => {
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/signin'
|
|
});
|
|
|
|
const redirectUrl = new URL(res.headers.location!);
|
|
expect(redirectUrl.host).toMatch(AUTH0_DOMAIN);
|
|
expect(redirectUrl.pathname).toBe('/authorize');
|
|
expect(res.statusCode).toBe(302);
|
|
});
|
|
|
|
it('sets a login-returnto cookie', async () => {
|
|
const returnTo = 'http://localhost:3000/learn';
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/signin',
|
|
headers: {
|
|
referer: returnTo
|
|
}
|
|
});
|
|
|
|
const cookie = res.cookies.find(c => c.name === 'login-returnto');
|
|
expect(unsign(cookie!.value).value).toBe(returnTo);
|
|
expect(cookie).toMatchObject({
|
|
domain: COOKIE_DOMAIN,
|
|
httpOnly: true,
|
|
secure: true,
|
|
sameSite: 'Lax'
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('GET /auth/auth0/callback', () => {
|
|
const email = 'new@user.com';
|
|
let getAccessTokenFromAuthorizationCodeFlowSpy: jest.SpyInstance;
|
|
let userinfoSpy: jest.SpyInstance;
|
|
|
|
const mockAuthSuccess = () => {
|
|
getAccessTokenFromAuthorizationCodeFlowSpy.mockResolvedValueOnce({
|
|
token: 'any token'
|
|
});
|
|
userinfoSpy.mockResolvedValueOnce(Promise.resolve({ email }));
|
|
};
|
|
|
|
beforeEach(() => {
|
|
getAccessTokenFromAuthorizationCodeFlowSpy = jest.spyOn(
|
|
fastify.auth0OAuth,
|
|
'getAccessTokenFromAuthorizationCodeFlow'
|
|
);
|
|
userinfoSpy = jest.spyOn(fastify.auth0OAuth, 'userinfo');
|
|
// @ts-expect-error - Only mocks part of the Sentry object.
|
|
fastify.Sentry = { captureException: () => '' };
|
|
});
|
|
|
|
afterEach(async () => {
|
|
jest.restoreAllMocks();
|
|
await fastify.prisma.user.deleteMany({ where: { email } });
|
|
});
|
|
|
|
it('should redirect to the client if authentication fails', async () => {
|
|
getAccessTokenFromAuthorizationCodeFlowSpy.mockRejectedValueOnce(
|
|
'any error'
|
|
);
|
|
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback'
|
|
});
|
|
|
|
expect(res.headers.location).toMatch(
|
|
`${HOME_LOCATION}/learn?${formatMessage({ type: 'danger', content: 'flash.generic-error' })}`
|
|
);
|
|
expect(res.statusCode).toBe(302);
|
|
});
|
|
|
|
it('should redirect to the client if the state is invalid', async () => {
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=invalid'
|
|
});
|
|
|
|
expect(res.headers.location).toMatch(
|
|
`${HOME_LOCATION}/learn?${formatMessage({ type: 'danger', content: 'flash.generic-error' })}`
|
|
);
|
|
expect(res.statusCode).toBe(302);
|
|
});
|
|
|
|
it('should log an error if the state is invalid', async () => {
|
|
jest.spyOn(fastify.log, 'error');
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=invalid'
|
|
});
|
|
|
|
expect(fastify.log.error).toHaveBeenCalledWith(
|
|
'Auth failed: invalid state'
|
|
);
|
|
expect(res.statusCode).toBe(302);
|
|
});
|
|
|
|
it('should not create a user if the state is invalid', async () => {
|
|
await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=invalid'
|
|
});
|
|
|
|
expect(await fastify.prisma.user.count()).toBe(0);
|
|
});
|
|
|
|
it('should block requests with "access_denied" error', async () => {
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?error=access_denied&error_description=Access denied from your location'
|
|
});
|
|
|
|
expect(res.statusCode).toBe(302);
|
|
expect(res.headers.location).toMatch(`${HOME_LOCATION}/blocked`);
|
|
|
|
const resWithoutDescription = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?error=access_denied'
|
|
});
|
|
|
|
expect(resWithoutDescription.statusCode).toBe(302);
|
|
expect(resWithoutDescription.headers.location).toMatch(
|
|
`${HOME_LOCATION}/learn?messages=`
|
|
);
|
|
});
|
|
|
|
it('creates a user if the state is valid', async () => {
|
|
mockAuthSuccess();
|
|
await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=valid'
|
|
});
|
|
|
|
expect(await fastify.prisma.user.count()).toBe(1);
|
|
});
|
|
|
|
it('handles userinfo errors', async () => {
|
|
getAccessTokenFromAuthorizationCodeFlowSpy.mockResolvedValueOnce({
|
|
token: 'any token'
|
|
});
|
|
userinfoSpy.mockResolvedValueOnce(Promise.reject('any error'));
|
|
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=valid'
|
|
});
|
|
|
|
expect(res.headers.location).toMatch('/signin');
|
|
expect(res.statusCode).toBe(302);
|
|
expect(await fastify.prisma.user.count()).toBe(0);
|
|
});
|
|
|
|
it('handles invalid userinfo responses', async () => {
|
|
getAccessTokenFromAuthorizationCodeFlowSpy.mockResolvedValueOnce({
|
|
token: 'any token'
|
|
});
|
|
userinfoSpy.mockResolvedValueOnce(Promise.resolve({}));
|
|
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=valid'
|
|
});
|
|
|
|
expect(res.headers.location).toMatch('/signin');
|
|
expect(res.statusCode).toBe(302);
|
|
expect(await fastify.prisma.user.count()).toBe(0);
|
|
});
|
|
|
|
it('redirects with the signin-success message on success', async () => {
|
|
mockAuthSuccess();
|
|
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=valid'
|
|
});
|
|
|
|
expect(res.headers.location).toMatch(
|
|
`?${formatMessage({ type: 'success', content: 'flash.signin-success' })}`
|
|
);
|
|
expect(res.statusCode).toBe(302);
|
|
});
|
|
|
|
it('should set the jwt_access_token cookie', async () => {
|
|
mockAuthSuccess();
|
|
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=valid'
|
|
});
|
|
|
|
expect(res.headers['set-cookie']).toEqual(
|
|
expect.stringMatching(/jwt_access_token=/)
|
|
);
|
|
});
|
|
|
|
it('should use the login-returnto cookie if present and valid', async () => {
|
|
mockAuthSuccess();
|
|
await fastify.prisma.user.create({
|
|
data: { ...createUserInput(email), acceptedPrivacyTerms: true }
|
|
});
|
|
const returnTo = 'https://www.freecodecamp.org/espanol/learn';
|
|
// /signin sets the cookie
|
|
const req = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/signin',
|
|
headers: {
|
|
referer: returnTo
|
|
}
|
|
});
|
|
const returnToCookie = req.cookies.find(c => c.name === 'login-returnto');
|
|
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=valid',
|
|
cookies: { 'login-returnto': returnToCookie!.value }
|
|
});
|
|
|
|
expect(res.headers.location).toBe(
|
|
`${returnTo}?${formatMessage({ type: 'success', content: 'flash.signin-success' })}`
|
|
);
|
|
});
|
|
|
|
it('should redirect home if the login-returnto cookie is invalid', async () => {
|
|
mockAuthSuccess();
|
|
const returnTo = 'https://www.evilcodecamp.org/espanol/learn';
|
|
// /signin sets the cookie
|
|
const req = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/signin',
|
|
headers: {
|
|
referer: returnTo
|
|
}
|
|
});
|
|
const returnToCookie = req.cookies.find(c => c.name === 'login-returnto');
|
|
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=valid',
|
|
cookies: { 'login-returnto': returnToCookie!.value }
|
|
});
|
|
|
|
expect(res.headers.location).toMatch(HOME_LOCATION);
|
|
});
|
|
|
|
it('should redirect to email-sign-up if the user has not acceptedPrivacyTerms', async () => {
|
|
mockAuthSuccess();
|
|
// Using an italian path to make sure redirection works.
|
|
const italianReturnTo = 'https://www.freecodecamp.org/italian/settings';
|
|
|
|
const res = await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=valid',
|
|
cookies: {
|
|
'login-returnto': sign(italianReturnTo)
|
|
}
|
|
});
|
|
|
|
expect(res.headers.location).toEqual(
|
|
expect.stringContaining(
|
|
'https://www.freecodecamp.org/italian/email-sign-up?'
|
|
)
|
|
);
|
|
});
|
|
|
|
it('should populate the user with the correct data', async () => {
|
|
mockAuthSuccess();
|
|
|
|
await fastify.inject({
|
|
method: 'GET',
|
|
url: '/auth/auth0/callback?state=valid'
|
|
});
|
|
|
|
const user = await fastify.prisma.user.findFirstOrThrow({
|
|
where: { email }
|
|
});
|
|
|
|
expect(user).toEqual(newUser(email));
|
|
expect(user.username).toBe(user.usernameDisplay);
|
|
});
|
|
});
|
|
});
|