89 lines
2.6 KiB
TypeScript
89 lines
2.6 KiB
TypeScript
import { describe, expect, test } from "bun:test";
|
|
import {
|
|
getAuthMode,
|
|
mapOidcProfile,
|
|
isAuthRoute,
|
|
isProtectedPath,
|
|
type AuthEnv,
|
|
} from "./auth-config";
|
|
|
|
describe("optional OIDC auth config", () => {
|
|
test("disables auth when no OIDC settings are present", () => {
|
|
const env: AuthEnv = {};
|
|
|
|
expect(getAuthMode(env)).toEqual({ enabled: false, error: null });
|
|
});
|
|
|
|
test("does not enable auth when only non-OIDC auth settings are present", () => {
|
|
const env: AuthEnv = {
|
|
AUTH_SECRET: "session-secret",
|
|
OIDC_PROVIDER_NAME: "Casdoor",
|
|
};
|
|
|
|
expect(getAuthMode(env)).toEqual({ enabled: false, error: null });
|
|
});
|
|
|
|
test("enables auth when all required OIDC settings are present", () => {
|
|
const env: AuthEnv = {
|
|
OIDC_ISSUER: "https://door.example.com",
|
|
OIDC_CLIENT_ID: "analytics",
|
|
OIDC_CLIENT_SECRET: "secret",
|
|
AUTH_SECRET: "session-secret",
|
|
};
|
|
|
|
expect(getAuthMode(env)).toEqual({ enabled: true, error: null });
|
|
});
|
|
|
|
test("reports missing settings when OIDC config is partial", () => {
|
|
const env: AuthEnv = {
|
|
OIDC_ISSUER: "https://door.example.com",
|
|
OIDC_CLIENT_ID: "analytics",
|
|
};
|
|
|
|
expect(getAuthMode(env)).toEqual({
|
|
enabled: false,
|
|
error: "Missing required auth environment variables: OIDC_CLIENT_SECRET, AUTH_SECRET",
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("auth route matching", () => {
|
|
test("protects analytics pages and API data routes", () => {
|
|
expect(isProtectedPath("/")).toBe(true);
|
|
expect(isProtectedPath("/logs")).toBe(true);
|
|
expect(isProtectedPath("/detail/user/alice")).toBe(true);
|
|
expect(isProtectedPath("/api/overview")).toBe(true);
|
|
expect(isProtectedPath("/api/detail/user/alice")).toBe(true);
|
|
});
|
|
|
|
test("does not protect auth or static asset routes", () => {
|
|
expect(isProtectedPath("/api/auth/signin")).toBe(false);
|
|
expect(isProtectedPath("/_next/static/chunk.js")).toBe(false);
|
|
expect(isProtectedPath("/favicon.ico")).toBe(false);
|
|
expect(isProtectedPath("/icon.svg")).toBe(false);
|
|
});
|
|
|
|
test("detects auth routes", () => {
|
|
expect(isAuthRoute("/api/auth/signin")).toBe(true);
|
|
expect(isAuthRoute("/api/overview")).toBe(false);
|
|
});
|
|
});
|
|
|
|
describe("OIDC profile mapping", () => {
|
|
test("uses standard OIDC profile claims for the NextAuth user", () => {
|
|
expect(
|
|
mapOidcProfile({
|
|
sub: "user-123",
|
|
preferred_username: "alice",
|
|
email: "alice@example.com",
|
|
picture: "https://example.com/alice.png",
|
|
})
|
|
).toEqual({
|
|
id: "user-123",
|
|
name: "alice",
|
|
email: "alice@example.com",
|
|
image: "https://example.com/alice.png",
|
|
});
|
|
});
|
|
});
|