fix: make test pass

JeromeBu · JeromeBu · commit cacbee67f1cd · 2025-07-18T16:35:27.000+02:00
diff --git a/api/src/core/adapters/dbApi/kysely/createPgSessionRepository.ts b/api/src/core/adapters/dbApi/kysely/createPgSessionRepository.ts
@@ -21,6 +21,7 @@ export function createPgSessionRepository(db: Kysely<Database>): SessionReposito
                     email: null,
                     accessToken: null,
                     refreshToken: null,
+                    idToken: null,
                     expiresAt: null,
                     createdAt: new Date(),
                     updatedAt: new Date()
@@ -34,7 +35,7 @@ export function createPgSessionRepository(db: Kysely<Database>): SessionReposito
         findById: async id => db.selectFrom("user_sessions").selectAll().where("id", "=", id).executeTakeFirst(),
 
         update: async params => {
-            const { id, userId, email, accessToken, refreshToken, expiresAt, loggedOutAt } = params;
+            const { id, userId, email, accessToken, refreshToken, idToken, expiresAt, loggedOutAt } = params;
 
             const result = await db
                 .updateTable("user_sessions")
@@ -43,6 +44,7 @@ export function createPgSessionRepository(db: Kysely<Database>): SessionReposito
                     email,
                     accessToken,
                     refreshToken,
+                    idToken,
                     expiresAt,
                     loggedOutAt,
                     updatedAt: new Date()
diff --git a/api/src/core/adapters/dbApi/kysely/kysely.database.ts b/api/src/core/adapters/dbApi/kysely/kysely.database.ts
@@ -164,6 +164,7 @@ type SessionsTable = {
     email: string | null;
     accessToken: string | null;
     refreshToken: string | null;
+    idToken: string | null;
     expiresAt: Date | null;
     createdAt: Date;
     updatedAt: Date;
diff --git a/api/src/core/adapters/dbApi/kysely/migrations/1751616349982_create-sessions-table.ts b/api/src/core/adapters/dbApi/kysely/migrations/1751616349982_create-sessions-table.ts
@@ -14,6 +14,7 @@ export async function up(db: Kysely<any>): Promise<void> {
         .addColumn("email", "text")
         .addColumn("accessToken", "text")
         .addColumn("refreshToken", "text")
+        .addColumn("idToken", "text")
         .addColumn("expiresAt", "timestamptz")
         .addColumn("createdAt", "timestamptz", col => col.notNull().defaultTo("now()"))
         .addColumn("updatedAt", "timestamptz", col => col.notNull().defaultTo("now()"))
diff --git a/api/src/core/adapters/fetchExternalData.test.ts b/api/src/core/adapters/fetchExternalData.test.ts
@@ -325,7 +325,7 @@ describe("fetches software extra data (from different providers)", () => {
                     license: "Apache License v2.0",
                     logoUrl:
                         "//upload.wikimedia.org/wikipedia/commons/thumb/1/10/Apache_HTTP_server_logo_%282019-present%29.svg/250px-Apache_HTTP_server_logo_%282019-present%29.svg.png",
-                    sourceUrl: "https://github.com/apache/httpd",
+                    sourceUrl: "https://svn.apache.org/viewvc/httpd/httpd/",
                     websiteUrl: "https://httpd.apache.org/",
                     referencePublications: null,
                     identifiers: [],
diff --git a/api/src/core/bootstrap.ts b/api/src/core/bootstrap.ts
@@ -19,8 +19,8 @@ import { UiConfig, uiConfigSchema } from "./uiConfigSchema";
 import { UseCases } from "./usecases";
 import { makeHandleAuthCallback } from "./usecases/auth/handleAuthCallback";
 import { makeInitiateAuth } from "./usecases/auth/initiateAuth";
-import { makeLogout } from "./usecases/auth/logout";
-import { HttpOidcClient, type OidcParams } from "./usecases/auth/oidcClient";
+import { makeInitiateLogout } from "./usecases/auth/logout";
+import { HttpOidcClient, TestOidcClient, type OidcParams } from "./usecases/auth/oidcClient";
 import { makeGetUser } from "./usecases/getUser";
 import { makeGetSoftwareFormAutoFillDataFromExternalAndOtherSources } from "./usecases/getSoftwareFormAutoFillDataFromExternalAndOtherSources";
 import rawUiConfig from "../customization/ui-config.json";
@@ -32,6 +32,7 @@ type DbConfig = PgDbConfig;
 type ParamsOfBootstrapCore = {
     dbConfig: DbConfig;
     externalSoftwareDataOrigin: ExternalDataOrigin;
+    oidcKind: "http" | "test";
     oidcParams: OidcParams;
 };
 
@@ -75,7 +76,8 @@ export async function bootstrapCore(
 
     const wikidataSource = await dbApi.source.getWikidataSource();
 
-    const oidcClient = await HttpOidcClient.create(oidcParams);
+    const oidcClient =
+        params.oidcKind === "http" ? await HttpOidcClient.create(oidcParams) : new TestOidcClient(oidcParams);
 
     const useCases: UseCases = {
         getSoftwareFormAutoFillDataFromExternalAndOtherSources:
@@ -96,7 +98,7 @@ export async function bootstrapCore(
                 userRepository: dbApi.user,
                 oidcClient
             }),
-            logout: makeLogout({ sessionRepository: dbApi.session, oidcClient })
+            initiateLogout: makeInitiateLogout({ sessionRepository: dbApi.session, oidcClient })
         }
     };
 
diff --git a/api/src/core/ports/DbApiV2.ts b/api/src/core/ports/DbApiV2.ts
@@ -140,6 +140,7 @@ export type Session = {
     email: string | null;
     accessToken: string | null;
     refreshToken: string | null;
+    idToken: string | null;
     expiresAt: Date | null;
     createdAt: Date;
     updatedAt: Date;
diff --git a/api/src/core/usecases/auth/auth.test.ts b/api/src/core/usecases/auth/auth.test.ts
@@ -7,22 +7,22 @@ import { Database } from "../../adapters/dbApi/kysely/kysely.database";
 import { createPgDialect } from "../../adapters/dbApi/kysely/kysely.dialect";
 import { expectToEqual, expectToMatchObject, testPgUrl } from "../../../tools/test.helpers";
 import { HandleAuthCallback, makeHandleAuthCallback } from "./handleAuthCallback";
-import { makeLogout, Logout } from "./logout";
+import { makeInitiateLogout, InitiateLogout } from "./logout";
 import { createPgUserRepository } from "../../adapters/dbApi/kysely/createPgUserRepository";
 
 describe("Authentication workflow", () => {
     let oidcClient: TestOidcClient;
     let initiateAuth: InitiateAuth;
     let handleAuthCallback: HandleAuthCallback;
-    let logout: Logout;
+    let initiateLogout: InitiateLogout;
     let db: Kysely<Database>;
 
     beforeEach(async () => {
         oidcClient = new TestOidcClient({
             issuerUri: "https://auth.example.com",
             clientId: "test-client-id",
             clientSecret: "test-client-secret",
-            redirectUri: "https://example.com/callback"
+            appUrl: "https://example.com"
         });
 
         db = new Kysely<Database>({ dialect: createPgDialect(testPgUrl) });
@@ -36,7 +36,7 @@ describe("Authentication workflow", () => {
             userRepository: createPgUserRepository(db),
             oidcClient
         });
-        logout = makeLogout({
+        initiateLogout = makeInitiateLogout({
             sessionRepository: createPgSessionRepository(db),
             oidcClient
         });
@@ -97,15 +97,18 @@ describe("Authentication workflow", () => {
             }
         ]);
 
-        await logout({ sessionId });
+        const { logoutUrl } = await initiateLogout({ sessionId });
+        expectToEqual(typeof logoutUrl, "string");
+        expectToEqual(logoutUrl.includes("logout"), true);
+
         expectToEqual(oidcClient.calls, [
             { method: "getAuthorizationEndpoint", args: [] },
             { method: "exchangeCodeForTokens", args: [fakeCode] },
             {
                 method: "getUserInfo",
                 args: ["test-token-my-identity-provided-code"]
             },
-            { method: "logout", args: ["test-token-my-identity-provided-code"] }
+            { method: "logout", args: ["test-id-token-my-identity-provided-code"] }
         ]);
 
         const sessionAfterLogout = await db
diff --git a/api/src/core/usecases/auth/handleAuthCallback.ts b/api/src/core/usecases/auth/handleAuthCallback.ts
@@ -69,6 +69,7 @@ export const makeHandleAuthCallback = ({
             email: userInfoFromProvider.email,
             accessToken: tokens.access_token,
             refreshToken: tokens.refresh_token ?? null,
+            idToken: tokens.id_token ?? null,
             expiresAt: tokens.expires_in
                 ? new Date(Date.now() + tokens.expires_in * 1000)
                 : new Date(Date.now() + twoDaysInMilliseconds)
diff --git a/api/src/core/usecases/auth/initiateAuth.ts b/api/src/core/usecases/auth/initiateAuth.ts
@@ -33,7 +33,7 @@ export const makeInitiateAuth = ({ sessionRepository, oidcClient }: InitiateAuth
             client_id: oidcClient.clientId,
             redirect_uri: oidcClient.redirectUri,
             state,
-            scope: "openid email profile given_name family_name usual_name name"
+            scope: "openid email profile"
         }).toString();
 
         return { sessionId, authUrl: authUrl.toString() };
diff --git a/api/src/core/usecases/auth/logout.ts b/api/src/core/usecases/auth/logout.ts
@@ -5,23 +5,30 @@
 import { SessionRepository } from "../../ports/DbApiV2";
 import { OidcClient } from "./oidcClient";
 
-type LogoutDependencies = {
+type InitiateLogoutDependencies = {
     sessionRepository: SessionRepository;
     oidcClient: OidcClient;
 };
 
-type LogoutParams = {
+type InitiateLogoutParams = {
     sessionId: string;
 };
 
-export type Logout = ReturnType<typeof makeLogout>;
-export const makeLogout =
-    ({ sessionRepository, oidcClient }: LogoutDependencies) =>
-    async ({ sessionId }: LogoutParams): Promise<void> => {
+export type InitiateLogout = ReturnType<typeof makeInitiateLogout>;
+export const makeInitiateLogout =
+    ({ sessionRepository, oidcClient }: InitiateLogoutDependencies) =>
+    async ({ sessionId }: InitiateLogoutParams): Promise<{ logoutUrl: string }> => {
         const session = await sessionRepository.findById(sessionId);
 
-        if (!session) return;
+        if (!session) {
+            throw new Error(`Session not found: ${sessionId}`);
+        }
 
-        await oidcClient.logout(session.accessToken);
+        // Mark session as logged out immediately
         await sessionRepository.update({ ...session, loggedOutAt: new Date() });
+
+        // Get logout URL from OIDC client
+        const logoutUrl = await oidcClient.logout(session.idToken);
+
+        return { logoutUrl };
     };
diff --git a/api/src/core/usecases/auth/oidcClient.ts b/api/src/core/usecases/auth/oidcClient.ts
@@ -6,7 +6,7 @@ export type OidcParams = {
     issuerUri: string;
     clientId: string;
     clientSecret: string;
-    redirectUri: string;
+    appUrl: string;
 };
 
 type OidcConfiguration = {
@@ -33,9 +33,10 @@ export interface OidcClient {
         refresh_token?: string;
         expires_in?: number;
         token_type: string;
+        id_token?: string;
     }>;
     getUserInfo(accessToken: string): Promise<OidcUserInfo>;
-    logout(accessToken: string | null): Promise<void>;
+    logout(idToken: string | null): Promise<string>;
 }
 
 export class HttpOidcClient implements OidcClient {
@@ -72,19 +73,24 @@ export class HttpOidcClient implements OidcClient {
     }
 
     get redirectUri(): string {
-        return this.#oidcParams.redirectUri;
+        return `${this.#oidcParams.appUrl}/api/auth/callback`;
+    }
+
+    get logoutRedirectUri(): string {
+        return `${this.#oidcParams.appUrl}/api/auth/logout/callback`;
     }
 
     async exchangeCodeForTokens(code: string): Promise<{
         access_token: string;
         refresh_token?: string;
         expires_in?: number;
         token_type: string;
+        id_token?: string;
     }> {
         const body = new URLSearchParams({
             grant_type: "authorization_code",
             code,
-            redirect_uri: this.#oidcParams.redirectUri,
+            redirect_uri: this.redirectUri,
             client_id: this.#oidcParams.clientId,
             client_secret: this.#oidcParams.clientSecret
         });
@@ -115,28 +121,23 @@ export class HttpOidcClient implements OidcClient {
 
         const responseBody = await response.text();
 
-        const userInfoAsString = responseBody.split("ey") ? atob(responseBody.split("ey")[1]) : responseBody;
+        const userInfoAsString = responseBody.startsWith("ey") ? atob(responseBody.split(".")[1]) : responseBody;
 
         return JSON.parse(userInfoAsString);
     }
 
-    async logout(accessToken: string | null): Promise<void> {
+    async logout(idToken: string | null): Promise<string> {
         if (!this.#config.end_session_endpoint) {
-            return;
+            throw new Error("OIDC provider does not support logout");
         }
 
-        const url = new URL(this.#config.end_session_endpoint);
-        if (accessToken) {
-            url.searchParams.set("id_token_hint", accessToken);
-        }
+        const logoutUrl = new URL(this.#config.end_session_endpoint);
+        logoutUrl.search = new URLSearchParams({
+            post_logout_redirect_uri: this.logoutRedirectUri,
+            ...(idToken ? { id_token_hint: idToken } : {})
+        }).toString();
 
-        const response = await fetch(url.toString(), {
-            method: "POST"
-        });
-
-        if (!response.ok) {
-            console.warn(`Partner logout failed: ${response.statusText}`);
-        }
+        return logoutUrl.toString();
     }
 }
 
@@ -177,14 +178,19 @@ export class TestOidcClient implements OidcClient {
     }
 
     get redirectUri(): string {
-        return this.#oidcParams.redirectUri;
+        return `${this.#oidcParams.appUrl}/api/auth/callback`;
+    }
+
+    get logoutRedirectUri(): string {
+        return `${this.#oidcParams.appUrl}/api/auth/logout/callback`;
     }
 
     async exchangeCodeForTokens(code: string): Promise<{
         access_token: string;
         refresh_token?: string;
         expires_in?: number;
         token_type: string;
+        id_token?: string;
     }> {
         this.#calls.push({
             method: "exchangeCodeForTokens",
@@ -194,7 +200,8 @@ export class TestOidcClient implements OidcClient {
             access_token: `test-token-${code}`,
             refresh_token: `test-refresh-${code}`,
             expires_in: 3600,
-            token_type: "Bearer"
+            token_type: "Bearer",
+            id_token: `test-id-token-${code}`
         };
     }
 
@@ -212,11 +219,23 @@ export class TestOidcClient implements OidcClient {
         };
     }
 
-    async logout(accessToken: string): Promise<void> {
+    async logout(idToken: string | null): Promise<string> {
         this.#calls.push({
             method: "logout",
-            args: [accessToken]
+            args: [idToken]
         });
-        return;
+
+        if (!this.#config.end_session_endpoint) {
+            throw new Error("OIDC provider does not support logout");
+        }
+
+        const logoutUrl = new URL(this.#config.end_session_endpoint);
+
+        logoutUrl.search = new URLSearchParams({
+            post_logout_redirect_uri: this.logoutRedirectUri,
+            ...(idToken ? { id_token_hint: idToken } : {})
+        }).toString();
+
+        return logoutUrl.toString();
     }
 }
diff --git a/api/src/core/usecases/index.ts b/api/src/core/usecases/index.ts
@@ -7,7 +7,7 @@ import { GetUser } from "./getUser";
 import type { GetSoftwareFormAutoFillDataFromExternalAndOtherSources } from "./getSoftwareFormAutoFillDataFromExternalAndOtherSources";
 import { InitiateAuth } from "./auth/initiateAuth";
 import { HandleAuthCallback } from "./auth/handleAuthCallback";
-import { Logout } from "./auth/logout";
+import { InitiateLogout } from "./auth/logout";
 
 export type UseCases = {
     getSoftwareFormAutoFillDataFromExternalAndOtherSources: GetSoftwareFormAutoFillDataFromExternalAndOtherSources;
@@ -16,6 +16,6 @@ export type UseCases = {
     auth: {
         initiateAuth: InitiateAuth;
         handleAuthCallback: HandleAuthCallback;
-        logout: Logout;
+        initiateLogout: InitiateLogout;
     };
 };
diff --git a/api/src/env.ts b/api/src/env.ts
@@ -45,7 +45,7 @@ export const env = {
     ...envConfiguration,
     "oidcParams": {
         ...envConfiguration.oidcParams,
-        "redirectUri": `${envConfiguration.appUrl}/api/auth/callback`
+        "appUrl": envConfiguration.appUrl
     },
     "isDevEnvironnement": envConfiguration.isDevEnvironnement ?? false
 };
diff --git a/api/src/rpc/createTestCaller.ts b/api/src/rpc/createTestCaller.ts
diff --git a/api/src/rpc/start.ts b/api/src/rpc/start.ts
