wildflock/test/services/auth-oidc/callback/callback.test.ts

import assert from 'assert';
import { app } from '../../../../src/app';
import * as sinon from 'sinon';
import config from 'config';
import { Issuer } from 'openid-client';

describe('auth-oidc/callback service', () => {
    let sandbox: sinon.SinonSandbox;

    beforeEach(() => {
        sandbox = sinon.createSandbox();
    });

    afterEach(() => {
        sandbox.restore();
    });

    it('registered the service', () => {
        const service = app.service('auth-oidc/callback');

        assert.ok(service, 'Registered the service');
    });

    it('completes OIDC authentication and sets user session', async () => {
        const service = app.service('auth-oidc/callback');

        const configGetStub = sandbox.stub(config, 'get');
        configGetStub.withArgs('oidc.gatewayUri').returns('https://oidc.example.com');
        configGetStub.withArgs('oidc.clientId').returns('client123');
        configGetStub.withArgs('oidc.clientSecret').returns('secret123');
        configGetStub.withArgs('oidc.redirectUris').returns(['https://app.example.com/auth-oidc/callback']);
        configGetStub.withArgs('clientUrl').returns('https://app.example.com');

        const mockTokenSet = {
            access_token: 'access123',
            id_token: 'id123',
        };

        const mockUserinfo = {
            sub: 'user123',
            email: 'user@example.com',
            name: 'Test User',
        };

        const mockClient = {
            callback: sandbox.stub().resolves(mockTokenSet),
            userinfo: sandbox.stub().resolves(mockUserinfo),
        };

        const mockIssuer = {
            Client: sandbox.stub().returns(mockClient),
        };

        sandbox.stub(Issuer, 'discover').resolves(mockIssuer as any);

        const params = {
            session: { codeVerifier: 'verifier123' } as any,
            query: {
                iss: 'https://oidc.example.com',
                code: 'authcode123',
            },
        };

        const result = await service.find(params);

        assert.strictEqual(result, '/', 'Result should be the redirect path');
        assert.deepStrictEqual(params.session.user, mockUserinfo, 'User info should be stored in session');
        assert.ok(mockClient.callback.calledOnce, 'Callback should be called');
        assert.ok(mockClient.userinfo.calledOnce, 'Userinfo should be fetched');
    });
});