wildflock/test/services/auth-oidc/auth-oidc.test.ts

import assert from 'assert';
import { app } from '../../../src/app';
import * as sinon from 'sinon';
import config from 'config';
import { Issuer, generators } from 'openid-client';

describe('auth-oidc service', () => {
    let sandbox: sinon.SinonSandbox;

    beforeEach(() => {
        sandbox = sinon.createSandbox();
    });

    afterEach(() => {
        sandbox.restore();
    });

    it('registered the service', () => {
        const service = app.service('auth-oidc');

        assert.ok(service, 'Registered the service');
    });

    it('initiates OIDC authentication flow', async () => {
        const service = app.service('auth-oidc');

        const configGetStub = sandbox.stub(config, 'get');
        configGetStub.withArgs('oidc.gatewayUri').returns('https://oidc.example.com');
        configGetStub.withArgs('oidc.clientId').returns('client123');
        configGetStub.withArgs('oidc.clientSecret').returns('secret123');
        configGetStub.withArgs('oidc.redirectUris').returns(['https://app.example.com/auth-oidc/callback']);
        configGetStub.withArgs('oidc.responseTypes').returns('code');
        configGetStub.withArgs('oidc.signedResponseAlg').returns('RS256');
        configGetStub.withArgs('oidc.authMethod').returns('client_secret_basic');
        configGetStub.withArgs('clientUrl').returns('https://app.example.com');
        configGetStub.withArgs('oidc.scopes').returns('openid profile email');
        configGetStub.withArgs('oidc.codeChallengeMethod').returns('S256');

        const mockClient = {
            authorizationUrl: sandbox.stub().returns('https://oidc.example.com/auth?code_challenge=abc123'),
        };

        const mockIssuer = {
            Client: sandbox.stub().returns(mockClient),
        };

        sandbox.stub(Issuer, 'discover').resolves(mockIssuer as any);

        sandbox.stub(generators, 'codeVerifier').returns('verifier123');
        sandbox.stub(generators, 'codeChallenge').returns('challenge123');

        const params = {
            session: {} as any,
        };

        const result = await service.find(params);

        assert.strictEqual(typeof result, 'string', 'Result should be a string URL');
        assert.ok(result.includes('https://oidc.example.com/auth'), 'Result should be the auth URL');
        assert.strictEqual(params.session.codeVerifier, 'verifier123', 'Code verifier should be stored in session');
        assert.ok(mockClient.authorizationUrl.calledOnce, 'Authorization URL should be generated');
    });
});