fix(oidc-auth): add tests

Signed-off-by: Axel Meinhardt <[email protected]>
honojs · Aug 25, 2024 · a02e424 · a02e424
1 parent 7637065
commit a02e424
Showing 1 changed file with 46 additions and 6 deletions.
diff --git a/packages/oidc-auth/test/index.test.ts b/packages/oidc-auth/test/index.test.ts
@@ -168,11 +168,12 @@ app.all('/*', async (c) => {
 
 beforeEach(() => {
   process.env.OIDC_ISSUER = MOCK_ISSUER
-  ;(process.env.OIDC_CLIENT_ID = MOCK_CLIENT_ID),
-    (process.env.OIDC_CLIENT_SECRET = MOCK_CLIENT_SECRET),
-    (process.env.OIDC_REDIRECT_URI = MOCK_REDIRECT_URI)
+  process.env.OIDC_CLIENT_ID = MOCK_CLIENT_ID
+  process.env.OIDC_CLIENT_SECRET = MOCK_CLIENT_SECRET
+  process.env.OIDC_REDIRECT_URI = MOCK_REDIRECT_URI
   process.env.OIDC_AUTH_SECRET = MOCK_AUTH_SECRET
   process.env.OIDC_AUTH_EXPIRES = MOCK_AUTH_EXPIRES
+  delete process.env.OIDC_COOKIE_PATH
 })
 describe('oidcAuthMiddleware()', () => {
   test('Should respond with 200 OK if session is active', async () => {
@@ -228,7 +229,7 @@ describe('oidcAuthMiddleware()', () => {
     const res = await app.request(req, {}, {})
     expect(res).not.toBeNull()
     expect(res.status).toBe(302)
-    expect(res.headers.get('set-cookie')).toMatch('oidc-auth=;')
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp('oidc-auth=; Max-Age=0; Path=/($|,)'))
   })
   test('Should delete session and redirect to authorization endpoint if the algorithm of the session JWT is invalid', async () => {
     const req = new Request('http://localhost/', {
@@ -238,7 +239,7 @@ describe('oidcAuthMiddleware()', () => {
     const res = await app.request(req, {}, {})
     expect(res).not.toBeNull()
     expect(res.status).toBe(302)
-    expect(res.headers.get('set-cookie')).toMatch('oidc-auth=;')
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp('oidc-auth=; Max-Age=0; Path=/($|,)'))
   })
 })
 describe('processOAuthCallback()', () => {
@@ -250,8 +251,35 @@ describe('processOAuthCallback()', () => {
       },
     })
     const res = await app.request(req, {}, {})
+    const path = new URL(MOCK_REDIRECT_URI).pathname
     expect(res).not.toBeNull()
     expect(res.status).toBe(302)
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp(`state=; Max-Age=0; Path=${path}($|,)`))
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp(`nonce=; Max-Age=0; Path=${path}($|,)`))
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp(`code_verifier=; Max-Age=0; Path=${path}($|,)`))
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp(`continue=; Max-Age=0; Path=${path}($|,)`))
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp('oidc-auth=[^;]+; Path=/; HttpOnly; Secure'))
+    expect(res.headers.get('location')).toBe('http://localhost/1234')
+  })
+  test('Should restrict the auth cookie to a given path', async () => {
+    const MOCK_COOKIE_PATH = process.env.OIDC_COOKIE_PATH = '/some/subpath/for/authentication'
+    process.env.OIDC_REDIRECT_URI = `http://localhost${MOCK_COOKIE_PATH}/callback`
+    const parentApp = new Hono().route(MOCK_COOKIE_PATH, app)
+    const path = new URL(process.env.OIDC_REDIRECT_URI).pathname
+    const req = new Request(`${process.env.OIDC_REDIRECT_URI}?code=1234&state=${MOCK_STATE}`, {
+      method: 'GET',
+      headers: {
+        cookie: `state=${MOCK_STATE}; nonce=${MOCK_NONCE}; code_verifier=1234; continue=http%3A%2F%2Flocalhost%2F1234`,
+      },
+    })
+    const res = await parentApp.request(req, {}, {})
+    expect(res).not.toBeNull()
+    expect(res.status).toBe(302)
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp(`state=; Max-Age=0; Path=${path}($|,)`))
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp(`nonce=; Max-Age=0; Path=${path}($|,)`))
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp(`code_verifier=; Max-Age=0; Path=${path}($|,)`))
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp(`continue=; Max-Age=0; Path=${path}($|,)`))
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp(`oidc-auth=[^;]+; Path=${process.env.OIDC_COOKIE_PATH}; HttpOnly; Secure`))
     expect(res.headers.get('location')).toBe('http://localhost/1234')
   })
   test('Should return an error if the state parameter does not match', async () => {
@@ -298,6 +326,18 @@ describe('RevokeSession()', () => {
     const res = await app.request(req, {}, {})
     expect(res).not.toBeNull()
     expect(res.status).toBe(200)
-    expect(res.headers.get('set-cookie')).toMatch('oidc-auth=;')
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp('oidc-auth=; Max-Age=0; Path=/($|,)'))
+  })
+  test('Should revoke the session of the given path', async () => {
+    const MOCK_COOKIE_PATH = process.env.OIDC_COOKIE_PATH = '/some/subpath/for/authentication'
+    const parentApp = new Hono().route(MOCK_COOKIE_PATH, app)
+    const req = new Request(`http://localhost${MOCK_COOKIE_PATH}/logout`, {
+      method: 'GET',
+      headers: { cookie: `oidc-auth=${MOCK_JWT_ACTIVE_SESSION}` },
+    })
+    const res = await parentApp.request(req, {}, {})
+    expect(res).not.toBeNull()
+    expect(res.status).toBe(200)
+    expect(res.headers.get('set-cookie')).toMatch(new RegExp(`oidc-auth=; Max-Age=0; Path=${MOCK_COOKIE_PATH}($|,)`))
   })
 })