server/tests/oauth.test.ts

/**
 * @deprecated
 */
import { afterAll, describe, expect, test } from "bun:test";
import type {
    Application as ApiApplication,
    Token as ApiToken,
} from "@versia/client/types";
import { fakeRequest, getTestUsers } from "./utils.ts";

let clientId: string;
let clientSecret: string;
let code: string;
let jwt: string;
let token: ApiToken;
const { users, passwords, deleteUsers } = await getTestUsers(1);

afterAll(async () => {
    await deleteUsers();
});

describe("POST /api/v1/apps/", () => {
    test("should create an application", async () => {
        const formData = new FormData();

        formData.append("client_name", "Test Application");
        formData.append("website", "https://example.com");
        formData.append("redirect_uris", "https://example.com");
        formData.append("scopes", "read write");

        const response = await fakeRequest("/api/v1/apps", {
            method: "POST",
            headers: {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({
                client_name: "Test Application",
                website: "https://example.com",
                redirect_uris: "https://example.com",
                scopes: "read write",
            }),
        });

        expect(response.status).toBe(200);
        expect(response.headers.get("content-type")).toContain(
            "application/json",
        );

        const json = await response.json();

        expect(json).toEqual({
            id: expect.any(String),
            name: "Test Application",
            website: "https://example.com",
            client_id: expect.any(String),
            client_secret: expect.any(String),
            redirect_uri: "https://example.com",
            vapid_link: null,
        });

        clientId = json.client_id;
        clientSecret = json.client_secret;
    });
});

describe("POST /api/auth/login/", () => {
    test("should get a JWT", async () => {
        const formData = new FormData();

        formData.append("identifier", users[0]?.data.email ?? "");
        formData.append("password", passwords[0]);

        const response = await fakeRequest(
            `/api/auth/login?client_id=${clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
            {
                method: "POST",
                body: formData,
            },
        );

        expect(response.status).toBe(302);

        jwt =
            response.headers.get("Set-Cookie")?.match(/jwt=([^;]+);/)?.[1] ??
            "";
    });
});

describe("GET /oauth/authorize/", () => {
    test("should get a code", async () => {
        const response = await fakeRequest("/oauth/authorize", {
            method: "POST",
            headers: {
                Cookie: `jwt=${jwt}`,
            },
            body: new URLSearchParams({
                client_id: clientId,
                client_secret: clientSecret,
                redirect_uri: "https://example.com",
                response_type: "code",
                scope: "read write",
                max_age: "604800",
            }),
        });

        expect(response.status).toBe(302);
        expect(response.headers.get("location")).toBeDefined();
        const locationHeader = new URL(
            response.headers.get("Location") ?? "",
            "",
        );

        expect(locationHeader.origin).toBe("https://example.com");

        code = locationHeader.searchParams.get("code") ?? "";
    });
});

describe("POST /oauth/token/", () => {
    test("should get an access token", async () => {
        const response = await fakeRequest("/oauth/token", {
            method: "POST",
            headers: {
                Authorization: `Bearer ${jwt}`,
                "Content-Type": "application/x-www-form-urlencoded",
            },
            body: new URLSearchParams({
                grant_type: "authorization_code",
                code,
                redirect_uri: "https://example.com",
                client_id: clientId,
                client_secret: clientSecret,
                scope: "read write",
            }),
        });

        const json = await response.json();

        expect(response.status).toBe(200);
        expect(response.headers.get("content-type")).toContain(
            "application/json",
        );
        expect(json).toEqual({
            access_token: expect.any(String),
            token_type: "Bearer",
            scope: "read write",
            created_at: expect.any(Number),
            expires_in: expect.any(Number),
            id_token: null,
            refresh_token: null,
        });

        token = json;
    });
});

describe("GET /api/v1/apps/verify_credentials", () => {
    test("should return the authenticated application's credentials", async () => {
        const response = await fakeRequest("/api/v1/apps/verify_credentials", {
            headers: {
                Authorization: `Bearer ${token.access_token}`,
            },
        });

        expect(response.status).toBe(200);
        expect(response.headers.get("content-type")).toContain(
            "application/json",
        );

        const credentials = (await response.json()) as Partial<ApiApplication>;

        expect(credentials.name).toBe("Test Application");
        expect(credentials.website).toBe("https://example.com");
    });
});
feat(api): :art: Allow login with either username or email 2024-05-08 10:02:05 +02:00			`/**`
			`* @deprecated`
			`*/`
Remove Prisma once and for all 2024-04-14 02:46:33 +02:00			`import { afterAll, describe, expect, test } from "bun:test";`
refactor(api): :label: Replace API types with those from @lysand-org/client 2024-06-29 08:36:15 +02:00			`import type {`
			`Application as ApiApplication,`
			`Token as ApiToken,`
refactor(api): :recycle: Replace old client library with new version (@versia/client) 2024-08-26 19:40:15 +02:00			`} from "@versia/client/types";`
refactor: :truck: Explicitely add extensions to all imports 2024-10-04 15:22:48 +02:00			`import { fakeRequest, getTestUsers } from "./utils.ts";`
RAHHHHHHH 2023-09-14 04:25:45 +02:00
refactor: :rotating_light: Turn every linter rule on and fix issues (there were a LOT :3) 2024-06-13 04:26:43 +02:00			`let clientId: string;`
			`let clientSecret: string;`
RAHHHHHHH 2023-09-14 04:25:45 +02:00			`let code: string;`
feat(api): :sparkles: Make Lysand a full OAuth2/OpenID Connect provider as well as still Mastodon compatible 2024-04-18 10:42:12 +02:00			`let jwt: string;`
refactor(api): :label: Replace API types with those from @lysand-org/client 2024-06-29 08:36:15 +02:00			`let token: ApiToken;`
Remove Prisma once and for all 2024-04-14 02:46:33 +02:00			`const { users, passwords, deleteUsers } = await getTestUsers(1);`
RAHHHHHHH 2023-09-14 04:25:45 +02:00
Remove Prisma once and for all 2024-04-14 02:46:33 +02:00			`afterAll(async () => {`
			`await deleteUsers();`
			`});`
refactor(api): :art: Finish Hono refactor 2024-05-06 10:19:42 +02:00
Fix the last failing tests 2023-09-22 03:14:03 +02:00			`describe("POST /api/v1/apps/", () => {`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`test("should create an application", async () => {`
			`const formData = new FormData();`

			`formData.append("client_name", "Test Application");`
			`formData.append("website", "https://example.com");`
			`formData.append("redirect_uris", "https://example.com");`
			`formData.append("scopes", "read write");`

refactor: :recycle: Refactor tests to use a simpler syntax 2024-08-27 21:25:26 +02:00			`const response = await fakeRequest("/api/v1/apps", {`
			`method: "POST",`
			`headers: {`
			`"Content-Type": "application/json",`
			`},`
			`body: JSON.stringify({`
			`client_name: "Test Application",`
			`website: "https://example.com",`
			`redirect_uris: "https://example.com",`
			`scopes: "read write",`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`}),`
refactor: :recycle: Refactor tests to use a simpler syntax 2024-08-27 21:25:26 +02:00			`});`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
			`expect(response.status).toBe(200);`
refactor: :recycle: Use native Hono return functions instead of custom ones 2024-08-19 21:03:59 +02:00			`expect(response.headers.get("content-type")).toContain(`
			`"application/json",`
			`);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
			`const json = await response.json();`

			`expect(json).toEqual({`
			`id: expect.any(String),`
			`name: "Test Application",`
			`website: "https://example.com",`
			`client_id: expect.any(String),`
			`client_secret: expect.any(String),`
			`redirect_uri: "https://example.com",`
			`vapid_link: null,`
			`});`

refactor: :rotating_light: Turn every linter rule on and fix issues (there were a LOT :3) 2024-06-13 04:26:43 +02:00			`clientId = json.client_id;`
			`clientSecret = json.client_secret;`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`});`
RAHHHHHHH 2023-09-14 04:25:45 +02:00			`});`

Add interface to view post and user JSON data 2024-04-09 06:33:59 +02:00			`describe("POST /api/auth/login/", () => {`
feat(api): :sparkles: Make Lysand a full OAuth2/OpenID Connect provider as well as still Mastodon compatible 2024-04-18 10:42:12 +02:00			`test("should get a JWT", async () => {`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`const formData = new FormData();`

refactor(database): :art: Improve database handlers to have more consistent naming and methods 2024-06-13 02:45:07 +02:00			`formData.append("identifier", users[0]?.data.email ?? "");`
Remove Prisma once and for all 2024-04-14 02:46:33 +02:00			`formData.append("password", passwords[0]);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
refactor: :recycle: Refactor tests to use a simpler syntax 2024-08-27 21:25:26 +02:00			`const response = await fakeRequest(`
			`/api/auth/login?client_id=${clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
			`{`
			`method: "POST",`
			`body: formData,`
			`},`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`);`

			`expect(response.status).toBe(302);`
feat(api): :sparkles: Make Lysand a full OAuth2/OpenID Connect provider as well as still Mastodon compatible 2024-04-18 10:42:12 +02:00
			`jwt =`
			`response.headers.get("Set-Cookie")?.match(/jwt=([^;]+);/)?.[1] ??`
			`"";`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`});`
RAHHHHHHH 2023-09-14 04:25:45 +02:00			`});`

refactor(api): :art: Finish Hono refactor 2024-05-06 10:19:42 +02:00			`describe("GET /oauth/authorize/", () => {`
feat(api): :sparkles: Make Lysand a full OAuth2/OpenID Connect provider as well as still Mastodon compatible 2024-04-18 10:42:12 +02:00			`test("should get a code", async () => {`
refactor: :recycle: Refactor tests to use a simpler syntax 2024-08-27 21:25:26 +02:00			`const response = await fakeRequest("/oauth/authorize", {`
			`method: "POST",`
			`headers: {`
			Cookie: `jwt=${jwt}`,
			`},`
			`body: new URLSearchParams({`
			`client_id: clientId,`
			`client_secret: clientSecret,`
			`redirect_uri: "https://example.com",`
			`response_type: "code",`
			`scope: "read write",`
			`max_age: "604800",`
fix(api): :bug: Fix incorrect OAuth changes 2024-05-06 10:40:26 +02:00			`}),`
refactor: :recycle: Refactor tests to use a simpler syntax 2024-08-27 21:25:26 +02:00			`});`
feat(api): :sparkles: Make Lysand a full OAuth2/OpenID Connect provider as well as still Mastodon compatible 2024-04-18 10:42:12 +02:00
			`expect(response.status).toBe(302);`
			`expect(response.headers.get("location")).toBeDefined();`
			`const locationHeader = new URL(`
			`response.headers.get("Location") ?? "",`
			`"",`
			`);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
feat(api): :sparkles: Make Lysand a full OAuth2/OpenID Connect provider as well as still Mastodon compatible 2024-04-18 10:42:12 +02:00			`expect(locationHeader.origin).toBe("https://example.com");`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
feat(api): :sparkles: Make Lysand a full OAuth2/OpenID Connect provider as well as still Mastodon compatible 2024-04-18 10:42:12 +02:00			`code = locationHeader.searchParams.get("code") ?? "";`
			`});`
			`});`

			`describe("POST /oauth/token/", () => {`
			`test("should get an access token", async () => {`
refactor: :recycle: Refactor tests to use a simpler syntax 2024-08-27 21:25:26 +02:00			`const response = await fakeRequest("/oauth/token", {`
			`method: "POST",`
			`headers: {`
			Authorization: `Bearer ${jwt}`,
			`"Content-Type": "application/x-www-form-urlencoded",`
			`},`
			`body: new URLSearchParams({`
			`grant_type: "authorization_code",`
			`code,`
			`redirect_uri: "https://example.com",`
			`client_id: clientId,`
			`client_secret: clientSecret,`
			`scope: "read write",`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`}),`
refactor: :recycle: Refactor tests to use a simpler syntax 2024-08-27 21:25:26 +02:00			`});`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
			`const json = await response.json();`

			`expect(response.status).toBe(200);`
refactor: :recycle: Use native Hono return functions instead of custom ones 2024-08-19 21:03:59 +02:00			`expect(response.headers.get("content-type")).toContain(`
			`"application/json",`
			`);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`expect(json).toEqual({`
			`access_token: expect.any(String),`
			`token_type: "Bearer",`
			`scope: "read write",`
fix(api): :bug: Fix oauth token endpoint returning an ISO-8601 string instead of a unix timestamp 2024-05-13 02:01:37 +02:00			`created_at: expect.any(Number),`
feat(api): :sparkles: Make Lysand a full OAuth2/OpenID Connect provider as well as still Mastodon compatible 2024-04-18 10:42:12 +02:00			`expires_in: expect.any(Number),`
			`id_token: null,`
			`refresh_token: null,`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`});`

			`token = json;`
			`});`
Add new endpoint - verify_credentials 2023-09-22 03:41:12 +02:00			`});`

			`describe("GET /api/v1/apps/verify_credentials", () => {`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`test("should return the authenticated application's credentials", async () => {`
refactor: :recycle: Refactor tests to use a simpler syntax 2024-08-27 21:25:26 +02:00			`const response = await fakeRequest("/api/v1/apps/verify_credentials", {`
			`headers: {`
			Authorization: `Bearer ${token.access_token}`,
			`},`
			`});`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
			`expect(response.status).toBe(200);`
refactor: :recycle: Use native Hono return functions instead of custom ones 2024-08-19 21:03:59 +02:00			`expect(response.headers.get("content-type")).toContain(`
			`"application/json",`
			`);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
refactor(api): :label: Replace API types with those from @lysand-org/client 2024-06-29 08:36:15 +02:00			`const credentials = (await response.json()) as Partial<ApiApplication>;`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
			`expect(credentials.name).toBe("Test Application");`
			`expect(credentials.website).toBe("https://example.com");`
			`});`
RAHHHHHHH 2023-09-14 04:25:45 +02:00			`});`