From a9dbd2cc4e019deeafcbf5399c95c22d876501cf Mon Sep 17 00:00:00 2001 From: Jesse Wierzbinski Date: Fri, 21 Nov 2025 06:45:12 +0100 Subject: [PATCH] fix: :fire: Remove old tests and docs related to old auth endpoints --- docs/frontend/auth.md | 56 ++----------------------------- docs/frontend/routes.md | 2 +- packages/api/routes/oauth.test.ts | 30 ++--------------- 3 files changed, 5 insertions(+), 83 deletions(-) diff --git a/docs/frontend/auth.md b/docs/frontend/auth.md index cc156eb4..a062e8c4 100644 --- a/docs/frontend/auth.md +++ b/docs/frontend/auth.md @@ -3,7 +3,7 @@ Multiple API routes are exposed for authentication, to be used by frontend developers. > [!INFO] -> +> > These are different from the Client API routes, which are used by clients to interact with the Mastodon API. A frontend is a web application that is designed to be the primary user interface for an instance. It is used also used by clients to perform authentication. @@ -48,58 +48,6 @@ Frontend configuration. } ``` -## Sign In - -```http -POST /api/auth/login -``` - -Allows users to sign in to the instance. This is the first step in the authentication process. - -- **Returns**: `302 Found` with a `Location` header to redirect the user to the next step, as well as a `Set-Cookie` header with the session JWT. -- **Authentication**: Not required -- **Permissions**: None -- **Version History**: - - `0.7.0`: First documented. - -### Request - -- `identifier` (string, required): The username or email of the user. Case-insensitive. -- `password` (string, required): The password of the user. - -#### Query Parameters - -- `client_id` (string, required): Client ID of the [application](https://docs.joinmastodon.org/entities/Application/) that is making the request. -- `redirect_uri` (string, required): Redirect URI of the [application](https://docs.joinmastodon.org/entities/Application/) that is making the request. Must match the saved value. -- `response_type` (string, required): Must be `code`. -- `scope` (string, required): OAuth2 scopes. Must match the value indicated in the [application](https://docs.joinmastodon.org/entities/Application/). - -#### Example - -```http -POST /api/auth/login?client_id=123&redirect_uri=https%3A%2F%2Fexample.com%2Fauth&response_type=code&scope=read%20write -Content-Type: application/json - -{ - "identifier": "bobjones@gmail.com", - "password": "hunter2" -} -``` - -### Response - -#### `302 Found` - -Redirects the user to the consent page with some query parameters. The frontend should redirect the user to this URL. - -This response also has a `Set-Cookie` header with a [JSON Web Token](https://jwt.io/) that contains the user's session information. This JWT is signed with the instance's secret key, and must be included in all subsequent authentication requests. - -```http -HTTP/2.0 302 Found -Location: /oauth/consent?client_id=123&redirect_uri=https%3A%2F%2Fexample.com%2Fauth&response_type=code&scope=read%20write -Set-Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c; Path=/; HttpOnly; Secure; SameSite=Strict; Max-Age=3600 -``` - ## SSO Sign In ```http @@ -136,4 +84,4 @@ Redirects the user to the OpenID Connect provider's login page. ```http HTTP/2.0 302 Found Location: https://accounts.google.com/o/oauth2/auth?client_id=123&redirect_uri=https%3A%2F%2Fexample.com%2Fauth&response_type=code&scope=openid%20email&state=123 -``` \ No newline at end of file +``` diff --git a/docs/frontend/routes.md b/docs/frontend/routes.md index e40ad545..3fabb6f5 100644 --- a/docs/frontend/routes.md +++ b/docs/frontend/routes.md @@ -12,7 +12,7 @@ GET /oauth/authorize This route should display a login form for the user to enter their username and password, as well as a list of OpenID providers to use if available. -The form should submit to [`POST /api/auth/login`](./auth.md#sign-in), or to the OpenID Connect flow. +The form should submit to the OpenID Connect flow. Configurable in the Versia Server configuration at `frontend.routes.login`. diff --git a/packages/api/routes/oauth.test.ts b/packages/api/routes/oauth.test.ts index 66f79e4e..1d3dbfbe 100644 --- a/packages/api/routes/oauth.test.ts +++ b/packages/api/routes/oauth.test.ts @@ -1,12 +1,7 @@ import { afterAll, describe, expect, test } from "bun:test"; -import { - fakeRequest, - generateClient, - getTestUsers, -} from "@versia-server/tests"; +import { generateClient, getTestUsers } from "@versia-server/tests"; -let clientId: string; -const { users, passwords, deleteUsers } = await getTestUsers(1); +const { users, deleteUsers } = await getTestUsers(1); afterAll(async () => { await deleteUsers(); @@ -33,27 +28,6 @@ describe("Login flow", () => { redirect_uris: ["https://example.com"], scopes: ["read", "write"], }); - - clientId = data.client_id; - }); - - test("should get a JWT", async () => { - const formData = new FormData(); - - formData.append("identifier", users[0]?.data.email ?? ""); - formData.append("password", passwords[0]); - - const response = await fakeRequest( - `/api/auth/login?client_id=${clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`, - { - method: "POST", - body: formData, - }, - ); - - expect(response.status).toBe(302); - - //jwt = response.headers.get("Set-Cookie")?.match(/jwt=([^;]+);/)?.[1] ?? ""; }); // TODO: Test full flow including OpenID part