versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

test(api): Add test to check state parameter during oauth

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-06-26 17:00:09 -10:00
parent a6c5f320e3
commit e1555e6fe7
No known key found for this signature in database
1 changed files with 40 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
server/api/api/auth/login/index.test.ts
View file

@ -108,6 +108,46 @@ describe(meta.route, () => {
expect(response.headers.get("Set-Cookie")).toMatch(/jwt=[^;]+;/);
});
test("should have state in the URL", async () => {
const formData = new FormData();
formData.append("identifier", users[0]?.data.email ?? "");
formData.append("password", passwords[0]);
const response = await sendTestRequest(
new Request(
new URL(
`/api/auth/login?client_id=${application.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write&state=abc`,
config.http.base_url,
),
{
method: "POST",
body: formData,
},
),
);
expect(response.status).toBe(302);
expect(response.headers.get("location")).toBeDefined();
const locationHeader = new URL(
response.headers.get("Location") ?? "",
config.http.base_url,
);
expect(locationHeader.pathname).toBe("/oauth/consent");
expect(locationHeader.searchParams.get("client_id")).toBe(
application.clientId,
);
expect(locationHeader.searchParams.get("redirect_uri")).toBe(
"https://example.com",
);
expect(locationHeader.searchParams.get("response_type")).toBe("code");
expect(locationHeader.searchParams.get("scope")).toBe("read write");
expect(locationHeader.searchParams.get("state")).toBe("abc");
expect(response.headers.get("Set-Cookie")).toMatch(/jwt=[^;]+;/);
});
describe("should reject invalid credentials", () => {
// Redirects to /oauth/authorize on invalid
test("invalid email", async () => {