AFFiNE/packages/backend/server/tests/auth.spec.ts

/// <reference types="../src/global.d.ts" />
import { Test, TestingModule } from '@nestjs/testing';
import { PrismaClient } from '@prisma/client';
import test from 'ava';

import { ConfigModule } from '../src/config';
import { GqlModule } from '../src/graphql.module';
import { MetricsModule } from '../src/metrics';
import { AuthModule } from '../src/modules/auth';
import { AuthResolver } from '../src/modules/auth/resolver';
import { AuthService } from '../src/modules/auth/service';
import { PrismaModule } from '../src/prisma';
import { mintChallengeResponse, verifyChallengeResponse } from '../src/storage';
import { RateLimiterModule } from '../src/throttler';

let authService: AuthService;
let authResolver: AuthResolver;
let module: TestingModule;

// cleanup database before each test
test.beforeEach(async () => {
  const client = new PrismaClient();
  await client.$connect();
  await client.user.deleteMany({});
  await client.$disconnect();
});

test.beforeEach(async () => {
  module = await Test.createTestingModule({
    imports: [
      ConfigModule.forRoot({
        auth: {
          accessTokenExpiresIn: 1,
          refreshTokenExpiresIn: 1,
          leeway: 1,
        },
        host: 'example.org',
        https: true,
      }),
      PrismaModule,
      GqlModule,
      AuthModule,
      MetricsModule,
      RateLimiterModule,
    ],
  }).compile();
  authService = module.get(AuthService);
  authResolver = module.get(AuthResolver);
});

test.afterEach.always(async () => {
  await module.close();
});

test('should be able to register and signIn', async t => {
  await authService.signUp('Alex Yang', 'alexyang@example.org', '123456');
  await authService.signIn('alexyang@example.org', '123456');
  t.pass();
});

test('should be able to verify', async t => {
  await authService.signUp('Alex Yang', 'alexyang@example.org', '123456');
  await authService.signIn('alexyang@example.org', '123456');
  const date = new Date();

  const user = {
    id: '1',
    name: 'Alex Yang',
    email: 'alexyang@example.org',
    emailVerified: date,
    createdAt: date,
    avatarUrl: '',
  };
  {
    const token = await authService.sign(user);
    const claim = await authService.verify(token);
    t.is(claim.id, '1');
    t.is(claim.name, 'Alex Yang');
    t.is(claim.email, 'alexyang@example.org');
    t.is(claim.emailVerified?.toISOString(), date.toISOString());
    t.is(claim.createdAt.toISOString(), date.toISOString());
  }
  {
    const token = await authService.refresh(user);
    const claim = await authService.verify(token);
    t.is(claim.id, '1');
    t.is(claim.name, 'Alex Yang');
    t.is(claim.email, 'alexyang@example.org');
    t.is(claim.emailVerified?.toISOString(), date.toISOString());
    t.is(claim.createdAt.toISOString(), date.toISOString());
  }
});

test('should not be able to return token if user is invalid', async t => {
  const date = new Date();
  const user = {
    id: '1',
    name: 'Alex Yang',
    email: 'alexyang@example.org',
    emailVerified: date,
    createdAt: date,
    avatarUrl: '',
  };
  const anotherUser = {
    id: '2',
    name: 'Alex Yang 2',
    email: 'alexyang@example.org',
    emailVerified: date,
    createdAt: date,
    avatarUrl: '',
  };
  await t.throwsAsync(
    authResolver.token(
      {
        req: {
          headers: {
            referer: 'https://example.org',
            host: 'example.org',
          },
        } as any,
      },
      user,
      anotherUser
    ),
    {
      message: 'Invalid user',
    }
  );
});

test('should not return sessionToken if request headers is invalid', async t => {
  const date = new Date();
  const user = {
    id: '1',
    name: 'Alex Yang',
    email: 'alexyang@example.org',
    emailVerified: date,
    createdAt: date,
    avatarUrl: '',
  };
  const result = await authResolver.token(
    {
      req: {
        headers: {},
      } as any,
    },
    user,
    user
  );
  t.is(result.sessionToken, undefined);
});

test('should return valid sessionToken if request headers valid', async t => {
  const date = new Date();
  const user = {
    id: '1',
    name: 'Alex Yang',
    email: 'alexyang@example.org',
    emailVerified: date,
    createdAt: date,
    avatarUrl: '',
  };
  const result = await authResolver.token(
    {
      req: {
        headers: {
          referer: 'https://example.org/open-app/test',
          host: 'example.org',
        },
        cookies: {
          'next-auth.session-token': '123456',
        },
      } as any,
    },
    user,
    user
  );
  t.is(result.sessionToken, '123456');
});

test('verify challenge', async t => {
  const resource = 'xp8D3rcXV9bMhWrb6abxl';
  const response = await mintChallengeResponse(resource, 20);
  const success = await verifyChallengeResponse(response, 20, resource);
  t.true(success);
});
test(server): move tests out of src folder (#4366) 2023-09-15 10:34:14 +03:00			`/// <reference types="../src/global.d.ts" />`
feat!: affine cloud support (#3813) Co-authored-by: Hongtao Lye <codert.sn@gmail.com> Co-authored-by: liuyi <forehalo@gmail.com> Co-authored-by: LongYinan <lynweklm@gmail.com> Co-authored-by: X1a0t <405028157@qq.com> Co-authored-by: JimmFly <yangjinfei001@gmail.com> Co-authored-by: Peng Xiao <pengxiao@outlook.com> Co-authored-by: xiaodong zuo <53252747+zuoxiaodong0815@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: Qi <474021214@qq.com> Co-authored-by: danielchim <kahungchim@gmail.com> 2023-08-29 13:07:05 +03:00			`import { Test, TestingModule } from '@nestjs/testing';`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`import { PrismaClient } from '@prisma/client';`
refactor(server): use ava (#4120) 2023-09-01 22:41:29 +03:00			`import test from 'ava';`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00
test(server): move tests out of src folder (#4366) 2023-09-15 10:34:14 +03:00			`import { ConfigModule } from '../src/config';`
			`import { GqlModule } from '../src/graphql.module';`
			`import { MetricsModule } from '../src/metrics';`
			`import { AuthModule } from '../src/modules/auth';`
			`import { AuthResolver } from '../src/modules/auth/resolver';`
			`import { AuthService } from '../src/modules/auth/service';`
			`import { PrismaModule } from '../src/prisma';`
feat: add captcha support for sign in/up (#4582) 2023-10-18 11:06:07 +03:00			`import { mintChallengeResponse, verifyChallengeResponse } from '../src/storage';`
test(server): move tests out of src folder (#4366) 2023-09-15 10:34:14 +03:00			`import { RateLimiterModule } from '../src/throttler';`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00
fix: get auth token for development (#4295) 2023-09-12 08:31:58 +03:00			`let authService: AuthService;`
			`let authResolver: AuthResolver;`
feat!: affine cloud support (#3813) Co-authored-by: Hongtao Lye <codert.sn@gmail.com> Co-authored-by: liuyi <forehalo@gmail.com> Co-authored-by: LongYinan <lynweklm@gmail.com> Co-authored-by: X1a0t <405028157@qq.com> Co-authored-by: JimmFly <yangjinfei001@gmail.com> Co-authored-by: Peng Xiao <pengxiao@outlook.com> Co-authored-by: xiaodong zuo <53252747+zuoxiaodong0815@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: Qi <474021214@qq.com> Co-authored-by: danielchim <kahungchim@gmail.com> 2023-08-29 13:07:05 +03:00			`let module: TestingModule;`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00
			`// cleanup database before each test`
refactor(server): use ava (#4120) 2023-09-01 22:41:29 +03:00			`test.beforeEach(async () => {`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`const client = new PrismaClient();`
			`await client.$connect();`
			`await client.user.deleteMany({});`
fix(server): flaky test (#4271) 2023-09-07 23:55:04 +03:00			`await client.$disconnect();`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`});`

refactor(server): use ava (#4120) 2023-09-01 22:41:29 +03:00			`test.beforeEach(async () => {`
feat!: affine cloud support (#3813) Co-authored-by: Hongtao Lye <codert.sn@gmail.com> Co-authored-by: liuyi <forehalo@gmail.com> Co-authored-by: LongYinan <lynweklm@gmail.com> Co-authored-by: X1a0t <405028157@qq.com> Co-authored-by: JimmFly <yangjinfei001@gmail.com> Co-authored-by: Peng Xiao <pengxiao@outlook.com> Co-authored-by: xiaodong zuo <53252747+zuoxiaodong0815@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: Qi <474021214@qq.com> Co-authored-by: danielchim <kahungchim@gmail.com> 2023-08-29 13:07:05 +03:00			`module = await Test.createTestingModule({`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`imports: [`
			`ConfigModule.forRoot({`
			`auth: {`
feat(server): auth server (#2773) 2023-06-21 09:08:32 +03:00			`accessTokenExpiresIn: 1,`
			`refreshTokenExpiresIn: 1,`
			`leeway: 1,`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`},`
fix: get auth token for development (#4295) 2023-09-12 08:31:58 +03:00			`host: 'example.org',`
			`https: true,`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`}),`
			`PrismaModule,`
			`GqlModule,`
			`AuthModule,`
feat!: affine cloud support (#3813) Co-authored-by: Hongtao Lye <codert.sn@gmail.com> Co-authored-by: liuyi <forehalo@gmail.com> Co-authored-by: LongYinan <lynweklm@gmail.com> Co-authored-by: X1a0t <405028157@qq.com> Co-authored-by: JimmFly <yangjinfei001@gmail.com> Co-authored-by: Peng Xiao <pengxiao@outlook.com> Co-authored-by: xiaodong zuo <53252747+zuoxiaodong0815@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: Qi <474021214@qq.com> Co-authored-by: danielchim <kahungchim@gmail.com> 2023-08-29 13:07:05 +03:00			`MetricsModule,`
feat: rate limiter (#4011) 2023-08-31 15:29:25 +03:00			`RateLimiterModule,`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`],`
			`}).compile();`
fix: get auth token for development (#4295) 2023-09-12 08:31:58 +03:00			`authService = module.get(AuthService);`
			`authResolver = module.get(AuthResolver);`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`});`

test: always exec afterEach in ava test (#4303) Co-authored-by: Peng Xiao <pengxiao@outlook.com> 2023-09-11 12:30:39 +03:00			`test.afterEach.always(async () => {`
feat!: affine cloud support (#3813) Co-authored-by: Hongtao Lye <codert.sn@gmail.com> Co-authored-by: liuyi <forehalo@gmail.com> Co-authored-by: LongYinan <lynweklm@gmail.com> Co-authored-by: X1a0t <405028157@qq.com> Co-authored-by: JimmFly <yangjinfei001@gmail.com> Co-authored-by: Peng Xiao <pengxiao@outlook.com> Co-authored-by: xiaodong zuo <53252747+zuoxiaodong0815@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: Qi <474021214@qq.com> Co-authored-by: danielchim <kahungchim@gmail.com> 2023-08-29 13:07:05 +03:00			`await module.close();`
			`});`

refactor(server): use ava (#4120) 2023-09-01 22:41:29 +03:00			`test('should be able to register and signIn', async t => {`
fix: get auth token for development (#4295) 2023-09-12 08:31:58 +03:00			`await authService.signUp('Alex Yang', 'alexyang@example.org', '123456');`
			`await authService.signIn('alexyang@example.org', '123456');`
refactor(server): use ava (#4120) 2023-09-01 22:41:29 +03:00			`t.pass();`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`});`

refactor(server): use ava (#4120) 2023-09-01 22:41:29 +03:00			`test('should be able to verify', async t => {`
fix: get auth token for development (#4295) 2023-09-12 08:31:58 +03:00			`await authService.signUp('Alex Yang', 'alexyang@example.org', '123456');`
			`await authService.signIn('alexyang@example.org', '123456');`
feat!: affine cloud support (#3813) Co-authored-by: Hongtao Lye <codert.sn@gmail.com> Co-authored-by: liuyi <forehalo@gmail.com> Co-authored-by: LongYinan <lynweklm@gmail.com> Co-authored-by: X1a0t <405028157@qq.com> Co-authored-by: JimmFly <yangjinfei001@gmail.com> Co-authored-by: Peng Xiao <pengxiao@outlook.com> Co-authored-by: xiaodong zuo <53252747+zuoxiaodong0815@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: Qi <474021214@qq.com> Co-authored-by: danielchim <kahungchim@gmail.com> 2023-08-29 13:07:05 +03:00			`const date = new Date();`

feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`const user = {`
			`id: '1',`
			`name: 'Alex Yang',`
			`email: 'alexyang@example.org',`
feat!: affine cloud support (#3813) Co-authored-by: Hongtao Lye <codert.sn@gmail.com> Co-authored-by: liuyi <forehalo@gmail.com> Co-authored-by: LongYinan <lynweklm@gmail.com> Co-authored-by: X1a0t <405028157@qq.com> Co-authored-by: JimmFly <yangjinfei001@gmail.com> Co-authored-by: Peng Xiao <pengxiao@outlook.com> Co-authored-by: xiaodong zuo <53252747+zuoxiaodong0815@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: Qi <474021214@qq.com> Co-authored-by: danielchim <kahungchim@gmail.com> 2023-08-29 13:07:05 +03:00			`emailVerified: date,`
			`createdAt: date,`
			`avatarUrl: '',`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`};`
			`{`
fix: get auth token for development (#4295) 2023-09-12 08:31:58 +03:00			`const token = await authService.sign(user);`
			`const claim = await authService.verify(token);`
test(server): use mock PrismaService in tests (#4101) 2023-09-05 11:01:45 +03:00			`t.is(claim.id, '1');`
			`t.is(claim.name, 'Alex Yang');`
			`t.is(claim.email, 'alexyang@example.org');`
			`t.is(claim.emailVerified?.toISOString(), date.toISOString());`
			`t.is(claim.createdAt.toISOString(), date.toISOString());`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`}`
			`{`
fix: get auth token for development (#4295) 2023-09-12 08:31:58 +03:00			`const token = await authService.refresh(user);`
			`const claim = await authService.verify(token);`
test(server): use mock PrismaService in tests (#4101) 2023-09-05 11:01:45 +03:00			`t.is(claim.id, '1');`
			`t.is(claim.name, 'Alex Yang');`
			`t.is(claim.email, 'alexyang@example.org');`
			`t.is(claim.emailVerified?.toISOString(), date.toISOString());`
			`t.is(claim.createdAt.toISOString(), date.toISOString());`
feat: init auth service (#2180) 2023-04-28 06:49:44 +03:00			`}`
			`});`
fix: get auth token for development (#4295) 2023-09-12 08:31:58 +03:00
			`test('should not be able to return token if user is invalid', async t => {`
			`const date = new Date();`
			`const user = {`
			`id: '1',`
			`name: 'Alex Yang',`
			`email: 'alexyang@example.org',`
			`emailVerified: date,`
			`createdAt: date,`
			`avatarUrl: '',`
			`};`
			`const anotherUser = {`
			`id: '2',`
			`name: 'Alex Yang 2',`
			`email: 'alexyang@example.org',`
			`emailVerified: date,`
			`createdAt: date,`
			`avatarUrl: '',`
			`};`
			`await t.throwsAsync(`
			`authResolver.token(`
			`{`
			`req: {`
			`headers: {`
			`referer: 'https://example.org',`
			`host: 'example.org',`
			`},`
			`} as any,`
			`},`
			`user,`
			`anotherUser`
			`),`
			`{`
			`message: 'Invalid user',`
			`}`
			`);`
			`});`

			`test('should not return sessionToken if request headers is invalid', async t => {`
			`const date = new Date();`
			`const user = {`
			`id: '1',`
			`name: 'Alex Yang',`
			`email: 'alexyang@example.org',`
			`emailVerified: date,`
			`createdAt: date,`
			`avatarUrl: '',`
			`};`
			`const result = await authResolver.token(`
			`{`
			`req: {`
			`headers: {},`
			`} as any,`
			`},`
			`user,`
			`user`
			`);`
			`t.is(result.sessionToken, undefined);`
			`});`

			`test('should return valid sessionToken if request headers valid', async t => {`
			`const date = new Date();`
			`const user = {`
			`id: '1',`
			`name: 'Alex Yang',`
			`email: 'alexyang@example.org',`
			`emailVerified: date,`
			`createdAt: date,`
			`avatarUrl: '',`
			`};`
			`const result = await authResolver.token(`
			`{`
			`req: {`
			`headers: {`
			`referer: 'https://example.org/open-app/test',`
			`host: 'example.org',`
			`},`
			`cookies: {`
			`'next-auth.session-token': '123456',`
			`},`
			`} as any,`
			`},`
			`user,`
			`user`
			`);`
			`t.is(result.sessionToken, '123456');`
			`});`
feat: add captcha support for sign in/up (#4582) 2023-10-18 11:06:07 +03:00
			`test('verify challenge', async t => {`
			`const resource = 'xp8D3rcXV9bMhWrb6abxl';`
			`const response = await mintChallengeResponse(resource, 20);`
			`const success = await verifyChallengeResponse(response, 20, resource);`
			`t.true(success);`
			`});`