Merge pull request #3 from xgui3783/chore/netlify

merge netlify branch to dev

.github/workflows/backend.yml

@@ -22,15 +22,7 @@ jobs:
       run: |
         cd deploy
         npm i
-    - name: test no env
+    - name: test
       run: |
         cd deploy
-        npm run testNoEnv
-    - name: test with env
-      env:
-        REFRESH_TOKEN: ${{ secrets.REFRESH_TOKEN }}
-        HBP_CLIENTID: ${{ secrets.HBP_CLIENTID }}
-        HBP_CLIENTSECRET: ${{ secrets.HBP_CLIENTSECRET }}
-      run: |
-        cd deploy
-        npm run testEnv
+        npm run test
\ No newline at end of file

deploy/auth/oidc.js

 const { Issuer, Strategy } = require('openid-client')
+const jwtDecode = require('jwt-decode')
 
 const defaultCb = (tokenset, {id, ...rest}, done) => {
   return done(null, {
@@ -7,6 +8,8 @@ const defaultCb = (tokenset, {id, ...rest}, done) => {
   })
 }
 
+exports.jwtDecode = jwtDecode
+
 exports.configureAuth = async ({ discoveryUrl, clientId, clientSecret, redirectUri, clientConfig = {}, cb = defaultCb, scope = 'openid' }) => {
   if (!discoveryUrl)
     throw new Error('discoveryUrl must be defined!')

deploy/auth/spec-helper.js

+
+const crypto = require('crypto')
+const { stub, spy } = require('sinon')
+
+class OIDCStub{
+
+  setupOIDCStub({ rejects, client: _client } = {}) {
+    
+    // delete require cache, so it can be imported again
+    // in case env are rewritten
+
+    delete require.cache[require.resolve('./oidc')]
+    const OIDC = require('./oidc')
+
+    this.jwtDecodeReturn = { exp: Math.floor( (Date.now() / 1e3) * 60 * 60 ) }
+    this.configureAuthStub = stub(OIDC, 'configureAuth')
+    this.jwtDecodeStub = stub(OIDC, 'jwtDecode').returns(this.jwtDecodeStub)
+    this.refresh = (...arg) => {
+      const {
+        access_token,
+        refresh_token,
+        id_token,
+      } = this
+      return {
+        access_token,
+        refresh_token,
+        id_token
+      }
+    }
+
+    this.access_token = crypto.randomBytes(16).toString('hex')
+    this.refresh_token = crypto.randomBytes(16).toString('hex')
+    this.id_token = crypto.randomBytes(16).toString('hex')
+
+    const { refresh } = this
+    const client = _client || { refresh }
+    
+    if (rejects) {
+      this.configureAuthStub.rejects()
+    } else {
+      this.configureAuthStub.resolves({ client })
+    }
+    
+    this.refreshSpy = client && client.refresh && spy(client, 'refresh')
+
+    const { access_token, id_token, refreshSpy, refresh_token, configureAuthStub, cleanup, jwtDecodeReturn, jwtDecodeStub } = this
+    return {
+      access_token,
+      refresh_token,
+      id_token,
+      configureAuthStub,
+      refreshSpy,
+      jwtDecodeReturn,
+      jwtDecodeStub,
+      cleanup: cleanup.bind(this)
+    }
+  }
+
+  cleanup(){
+    const { configureAuthStub, refreshSpy } = this
+    configureAuthStub && configureAuthStub.resetHistory()
+    refreshSpy && refreshSpy.resetHistory()
+  }
+}
+
+exports.OIDCStub = OIDCStub

deploy/auth/util.js

-const { configureAuth } = require('./oidc')
-const jwtDecode = require('jwt-decode')
+const { configureAuth, jwtDecode } = require('./oidc')
 
 const HOSTNAME = process.env.HOSTNAME || 'http://localhost:3000'
 const HOST_PATHNAME = process.env.HOST_PATHNAME || ''

deploy/auth/util.noenv-spec.js

-const mocha = require('mocha')
-const chai = require('chai')
-const assert = chai.assert
-const chaiAsPromised = require('chai-as-promised')
-chai.use(chaiAsPromised)
-const expect = chai.expect
-const should = chai.should()
-
-
-describe('mocha.js', () => {
-  it('mocha works properly', () => {
-    assert(true)
-  })
-})
-
-describe('chai-as-promised.js', () => {
-  it('resolving promise is resolved', () => {
-
-    return Promise.resolve(2 + 2).should.eventually.equal(4)
-    
-  })
-  it('rejecting promise is rejected', () => {
-    return Promise.reject('no reason').should.be.rejected
-  })
-})
-
-describe('util.js without env', (done) => {
-
-  const util = require('./util')
-  it('even when no env is set, it should fulfill', () => {
-    const getUtil = util()
-    return getUtil.should.be.fulfilled
-  })
-
-  it('if env is not set, getPublicToken method should fail', async () => {
-    const utilObj = await util()
-    const { getPublicAccessToken } = utilObj
-    return getPublicAccessToken().should.be.rejected
-  })
-})
\ No newline at end of file

deploy/auth/util.spec.js

-const mocha = require('mocha')
 const chai = require('chai')
-const assert = chai.assert
-const chaiAsPromised = require('chai-as-promised')
-chai.use(chaiAsPromised)
-const expect = chai.expect
-const should = chai.should()
+const { OIDCStub } = require('./spec-helper')
+chai.use(require('chai-as-promised'))
+const { stub, spy } = require('sinon')
+const { expect, assert, should } = require('chai')
+
+should()
+
+const crypto = require('crypto')
 
 describe('mocha.js', () => {
   it('mocha works properly', () => {
@@ -23,12 +25,173 @@ describe('chai-as-promised.js', () => {
   })
 })
 
-describe('util.js with env', async () => {
+const oidcStubInstance = new OIDCStub()
+const setupOIDCStub = oidcStubInstance.setupOIDCStub.bind(oidcStubInstance)
 
-  it('when client id and client secret and refresh token is set, util should not throw', async () => {
-    
-    const util = require('./util')
-    const { getPublicAccessToken } = await util()
-    return getPublicAccessToken().should.be.fulfilled
+describe('util.js', async () => {
+
+  describe('> if configureAuth throws', () => {
+
+    let cleanup
+    before(() => {
+      const obj = setupOIDCStub({ rejects: true })
+      cleanup = obj.cleanup
+    })
+
+    after(() => cleanup())
+
+    it('> calling util throws', async () => {
+      const util = require('./util')
+      try {
+        await util()
+        assert(false, 'Util funciton should throw/reject')
+      } catch (e) {
+        assert(true)
+      }
+    })
+  })
+
+  describe('> if configureauth does not return object', () => {
+    let cleanup
+    before(() => {
+      const obj = setupOIDCStub({
+        client: 42
+      })
+      cleanup = obj.cleanup
+    })
+
+    after(() => {
+      cleanup()
+    })
+
+    it('> calling util throws', () => {
+      try {
+        require('./util')()
+        assert(false, 'if configure auth does not return object, calling util throw throw')
+      } catch (e) {
+        assert(true)
+      }
+    })
+  })
+
+  const env = {
+    HOSTNAME : 'http://localhost:3333',
+    HOST_PATHNAME : '/testpath',
+    HBP_CLIENTID : crypto.randomBytes(16).toString('hex'),
+    HBP_CLIENTSECRET : crypto.randomBytes(16).toString('hex'),
+    REFRESH_TOKEN : crypto.randomBytes(16).toString('hex'),
+  }
+
+  describe('> if env var is provided', () => {
+
+    const tmp = {}
+    let cleanup
+    let oidcStub
+    before(() => {
+
+      delete require.cache[require.resolve('./util')]
+
+      for (const key in env) {
+        tmp[key] = process.env[key]
+        process.env[key] = env[key]
+      }
+      try {
+
+        const obj = setupOIDCStub()
+        cleanup = obj.cleanup
+        
+        oidcStub = obj
+      } catch (e) {
+        console.log(e)
+      }
+    })
+
+    after(() => {
+      for (const key in env) {
+        process.env[key] = tmp[key]
+      }
+      cleanup()
+    })
+
+    it('> configureAuth and refresh called with correct param', async () => {
+      const util = require('./util')
+      const { getPublicAccessToken } = await util()
+      const token = await getPublicAccessToken()
+
+      const {
+        access_token,
+        refresh_token,
+        id_token,
+        configureAuthStub,
+        refreshSpy,
+        jwtDecodeReturn,
+        jwtDecodeStub
+      } = oidcStub
+      const { HBP_CLIENTID, HBP_CLIENTSECRET, HOSTNAME, HOST_PATHNAME, REFRESH_TOKEN } = env
+      
+      // configuAuthStub
+      assert(configureAuthStub.calledOnce)
+      const { args } = configureAuthStub.firstCall
+      const arg = args[0]
+      expect(arg).to.include({
+        clientId: HBP_CLIENTID,
+        clientSecret: HBP_CLIENTSECRET,
+        redirectUri: `${HOSTNAME}${HOST_PATHNAME}/hbp-oidc/cb`
+      })
+
+      // refresh spy
+      assert(refreshSpy.calledWith(REFRESH_TOKEN))
+      
+      // jwtStub
+      assert(jwtDecodeStub.calledWith(access_token))
+
+      // return val
+      expect(token).to.be.equal(access_token)
+    })
+  })
+
+  describe('> if refresh token is missing', () => {
+
+    const noRefreshEnv = {
+      ...env,
+      REFRESH_TOKEN: null
+    }
+    const tmp = {}
+    let cleanup
+    before(() => {
+      
+      delete require.cache[require.resolve('./util')]
+
+      for (const key in noRefreshEnv) {
+        tmp[key] = process.env[key]
+        process.env[key] = noRefreshEnv[key]
+      }
+      try {
+
+        const obj = setupOIDCStub()
+        cleanup = obj.cleanup
+      } catch (e) {
+        console.log(e)
+      }
+    })
+
+    after(() => {
+      for (const key in noRefreshEnv) {
+        process.env[key] = tmp[key]
+      }
+      cleanup()
+    })
+
+    it('> refresh getPublicAccessToken will reject', async () => {
+      const util = require('./util')
+      const { getPublicAccessToken } = await util()
+
+      try {
+        await getPublicAccessToken()
+        assert(false, 'get public access token should be rejected')
+      } catch (e) {
+        assert(true)
+      }
+    })
   })
 })

deploy/package.json

@@ -5,11 +5,8 @@
   "main": "index.js",
   "scripts": {
     "start": "node server.js",
-    "test": "npm run testEnv && npm run testNoEnv",
-    "testEnv": "DISABLE_LIMITER=1 node -r dotenv/config ./node_modules/.bin/mocha ./**/*.spec.js --timeout 60000",
-    "testNoEnv": "node ./node_modules/.bin/mocha ./**/*.noenv-spec.js --timeout 60000",
-    "mocha": "mocha",
-    "mocha-env": "node -r dotenv/config ./node_modules/.bin/mocha"
+    "test": "DISABLE_LIMITER=1 node -r dotenv/config ./node_modules/.bin/mocha ./**/*.spec.js --timeout 60000",
+    "mocha": "mocha"
   },
   "keywords": [],
   "author": "",