versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-04-27 20:59:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(api): Fix all failing tests

Browse source
This commit is contained in:
Jesse Wierzbinski 2025-08-21 01:15:38 +02:00
parent 1bfc5fb013
commit 6f97903f3b
No known key found for this signature in database
11 changed files with 111 additions and 179 deletions
Download patch file Download diff file Expand all files Collapse all files

184
packages/api/routes/oauth/token.test.ts Normal file
View file

@ -0,0 +1,184 @@
import { afterAll, describe, expect, test } from "bun:test";
import { Application, db } from "@versia-server/kit/db";
import { fakeRequest, getTestUsers } from "@versia-server/tests";
import { randomUUIDv7 } from "bun";
import { eq } from "drizzle-orm";
import { randomString } from "@/math";
import { AuthorizationCodes } from "~/packages/kit/tables/schema";
const { deleteUsers, users } = await getTestUsers(1);
const application = await Application.insert({
id: randomUUIDv7(),
redirectUris: ["https://example.com/callback"],
scopes: ["openid", "profile", "email"],
secret: "test-secret",
name: "Test Application",
});
const authorizationCode = (
await db
.insert(AuthorizationCodes)
.values({
clientId: application.id,
code: randomString(10),
redirectUri: application.data.redirectUris[0],
userId: users[0].id,
expiresAt: new Date(Date.now() + 300 * 1000).toISOString(),
})
.returning()
)[0];
afterAll(async () => {
await deleteUsers();
await application.delete();
await db
.delete(AuthorizationCodes)
.where(eq(AuthorizationCodes.code, authorizationCode.code));
});
describe("/oauth/token", () => {
test("should return token with valid inputs", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
code: authorizationCode.code,
redirect_uri: application.data.redirectUris[0],
client_id: application.data.id,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(200);
const body = await response.json();
expect(body.access_token).toBeString();
expect(body.token_type).toBe("Bearer");
expect(body.expires_in).toBeNull();
});
test("should return error for missing code", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
redirect_uri: application.data.redirectUris[0],
client_id: application.data.id,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(422);
const body = await response.json();
expect(body.error).toInclude(`Expected string at "code"`);
});
test("should return error for missing redirect_uri", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
code: authorizationCode.code,
client_id: application.data.id,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(422);
const body = await response.json();
expect(body.error).toInclude(`Expected string at "redirect_uri"`);
});
test("should return error for missing client_id", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
code: authorizationCode.code,
redirect_uri: application.data.redirectUris[0],
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(422);
const body = await response.json();
expect(body.error).toInclude(`Expected string at "client_id"`);
});
test("should return error for invalid client credentials", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
code: authorizationCode.code,
redirect_uri: application.data.redirectUris[0],
client_id: application.data.id,
client_secret: "invalid-secret",
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("invalid_client");
expect(body.error_description).toBe("Invalid client credentials");
});
test("should return error for code not found", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
code: "invalid-code",
redirect_uri: application.data.redirectUris[0],
client_id: application.data.id,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(404);
const body = await response.json();
expect(body.error).toBe("invalid_grant");
expect(body.error_description).toBe(
"Authorization code not found or expired",
);
});
test("should return error for unsupported grant type", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "refresh_token",
code: authorizationCode.code,
redirect_uri: application.data.redirectUris[0],
client_id: application.data.id,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("unsupported_grant_type");
expect(body.error_description).toBe("Unsupported grant type");
});
});