import type { Configuration } from 'oidc-provider'; import { IdentityProviderFactory } from '../../../../src/identity/configuration/IdentityProviderFactory'; import type { AdapterFactory } from '../../../../src/identity/storage/AdapterFactory'; import type { ErrorHandler } from '../../../../src/ldp/http/ErrorHandler'; import type { ResponseWriter } from '../../../../src/ldp/http/ResponseWriter'; import type { HttpResponse } from '../../../../src/server/HttpResponse'; import type { KeyValueStorage } from '../../../../src/storage/keyvalue/KeyValueStorage'; /* eslint-disable @typescript-eslint/naming-convention */ jest.mock('oidc-provider', (): any => ({ Provider: jest.fn().mockImplementation((issuer: string, config: Configuration): any => ({ issuer, config })), })); const routes = { authorization: '/foo/idp/auth', check_session: '/foo/idp/session/check', code_verification: '/foo/idp/device', device_authorization: '/foo/idp/device/auth', end_session: '/foo/idp/session/end', introspection: '/foo/idp/token/introspection', jwks: '/foo/idp/jwks', pushed_authorization_request: '/foo/idp/request', registration: '/foo/idp/reg', revocation: '/foo/idp/token/revocation', token: '/foo/idp/token', userinfo: '/foo/idp/me', }; describe('An IdentityProviderFactory', (): void => { let baseConfig: Configuration; const baseUrl = 'http://test.com/foo/'; const idpPath = '/idp'; const webId = 'http://alice.test.com/card#me'; let adapterFactory: jest.Mocked; let storage: jest.Mocked>; let errorHandler: jest.Mocked; let responseWriter: jest.Mocked; let factory: IdentityProviderFactory; beforeEach(async(): Promise => { baseConfig = { claims: { webid: [ 'webid', 'client_webid' ]}}; adapterFactory = { createStorageAdapter: jest.fn().mockReturnValue('adapter!'), }; const map = new Map(); storage = { get: jest.fn((id: string): any => map.get(id)), set: jest.fn((id: string, value: any): any => map.set(id, value)), } as any; errorHandler = { handleSafe: jest.fn().mockResolvedValue({ statusCode: 500 }), } as any; responseWriter = { handleSafe: jest.fn() } as any; factory = new IdentityProviderFactory(baseConfig, { adapterFactory, baseUrl, idpPath, storage, errorHandler, responseWriter, }); }); it('errors if the idpPath parameter does not start with a slash.', async(): Promise => { expect((): any => new IdentityProviderFactory(baseConfig, { adapterFactory, baseUrl, idpPath: 'idp', storage, errorHandler, responseWriter, })).toThrow('idpPath needs to start with a /'); }); it('creates a correct configuration.', async(): Promise => { // This is the output of our mock function const provider = await factory.getProvider() as any; expect(provider.proxy).toBe(true); const { issuer, config } = provider as { issuer: string; config: Configuration }; expect(issuer).toBe(baseUrl); // Copies the base config expect(config.claims).toEqual(baseConfig.claims); (config.adapter as (name: string) => any)('test!'); expect(adapterFactory.createStorageAdapter).toHaveBeenCalledTimes(1); expect(adapterFactory.createStorageAdapter).toHaveBeenLastCalledWith('test!'); expect(config.cookies?.keys).toEqual([ expect.any(String) ]); expect(config.jwks).toEqual({ keys: [ expect.objectContaining({ kty: 'RSA' }) ]}); expect(config.routes).toEqual(routes); expect((config.interactions?.url as any)()).toEqual('/idp/'); expect((config.audiences as any)(null, null, {}, 'access_token')).toBe('solid'); expect((config.audiences as any)(null, null, { clientId: 'clientId' }, 'client_credentials')).toBe('clientId'); const findResult = await config.findAccount?.({ oidc: { client: { clientId: 'clientId' }}} as any, webId); expect(findResult?.accountId).toBe(webId); await expect((findResult?.claims as any)()).resolves.toEqual({ sub: webId, webid: webId }); expect((config.extraAccessTokenClaims as any)({}, {})).toEqual({}); expect((config.extraAccessTokenClaims as any)({}, { kind: 'AccessToken', accountId: webId, clientId: 'clientId' })) .toEqual({ webid: webId, client_id: 'clientId', }); // Test the renderError function const response = { } as HttpResponse; await expect((config.renderError as any)({ res: response }, null, 'error!')).resolves.toBeUndefined(); expect(errorHandler.handleSafe).toHaveBeenCalledTimes(1); expect(errorHandler.handleSafe) .toHaveBeenLastCalledWith({ error: 'error!', preferences: { type: { 'text/plain': 1 }}}); expect(responseWriter.handleSafe).toHaveBeenCalledTimes(1); expect(responseWriter.handleSafe).toHaveBeenLastCalledWith({ response, result: { statusCode: 500 }}); }); it('copies a field from the input config if values need to be added to it.', async(): Promise => { baseConfig.cookies = { long: { signed: true }, }; factory = new IdentityProviderFactory(baseConfig, { adapterFactory, baseUrl, idpPath, storage, errorHandler, responseWriter, }); const { config } = await factory.getProvider() as unknown as { issuer: string; config: Configuration }; expect(config.cookies?.long?.signed).toBe(true); }); it('caches the provider.', async(): Promise => { const result1 = await factory.getProvider() as unknown as { issuer: string; config: Configuration }; const result2 = await factory.getProvider() as unknown as { issuer: string; config: Configuration }; expect(result1).toBe(result2); }); it('uses cached keys in case they already exist.', async(): Promise => { const result1 = await factory.getProvider() as unknown as { issuer: string; config: Configuration }; // Create a new factory that is not cached yet const factory2 = new IdentityProviderFactory(baseConfig, { adapterFactory, baseUrl, idpPath, storage, errorHandler, responseWriter, }); const result2 = await factory2.getProvider() as unknown as { issuer: string; config: Configuration }; expect(result1.config.cookies).toEqual(result2.config.cookies); expect(result1.config.jwks).toEqual(result2.config.jwks); expect(storage.get).toHaveBeenCalledTimes(4); expect(storage.set).toHaveBeenCalledTimes(2); expect(storage.set).toHaveBeenCalledWith('/idp/jwks', result1.config.jwks); expect(storage.set).toHaveBeenCalledWith('/idp/cookie-secret', result1.config.cookies?.keys); }); });