|
| 1 | +import { describe, it, expect, beforeEach } from "vitest"; |
| 2 | +import { OAuthProvider } from "./oauth-provider"; |
| 3 | + |
| 4 | +const config = { |
| 5 | + clientId: "test-client", |
| 6 | + clientSecret: "test-secret", |
| 7 | + authorizationEndpoint: "http://localhost/oauth/authorize", |
| 8 | + tokenEndpoint: "http://localhost/oauth/token", |
| 9 | + scope: "openid profile email", |
| 10 | + redirectUri: "http://localhost/callback", |
| 11 | +}; |
| 12 | + |
| 13 | +describe("OAuthProvider", () => { |
| 14 | + let provider: OAuthProvider; |
| 15 | + |
| 16 | + beforeEach(() => { |
| 17 | + provider = new OAuthProvider(config); |
| 18 | + }); |
| 19 | + |
| 20 | + it("should store and exchange authorization codes via public API", async () => { |
| 21 | + const code = "code123"; |
| 22 | + const codeChallenge = "challenge"; |
| 23 | + provider.storeAuthorizationCode(code, { |
| 24 | + clientId: config.clientId, |
| 25 | + redirectUri: config.redirectUri, |
| 26 | + scope: "openid", |
| 27 | + codeChallenge, |
| 28 | + codeChallengeMethod: "S256", |
| 29 | + expiresAt: new Date(Date.now() + 60000), |
| 30 | + }); |
| 31 | + // Should fail PKCE verification (challenge won't match), so returns null |
| 32 | + const result = await provider.exchangeAuthorizationCode( |
| 33 | + code, |
| 34 | + "wrong_verifier", |
| 35 | + config.clientId, |
| 36 | + config.redirectUri, |
| 37 | + ); |
| 38 | + expect(result).toBeNull(); |
| 39 | + |
| 40 | + // Now use correct PKCE verifier |
| 41 | + // To generate correct PKCE challenge: |
| 42 | + // S256: base64url(sha256(verifier)) === challenge |
| 43 | + // We'll use a helper here for the test |
| 44 | + const crypto = await import("node:crypto"); |
| 45 | + const verifier = "test_verifier"; |
| 46 | + const correctChallenge = crypto |
| 47 | + .createHash("sha256") |
| 48 | + .update(verifier) |
| 49 | + .digest("base64url"); |
| 50 | + provider.storeAuthorizationCode("code456", { |
| 51 | + clientId: config.clientId, |
| 52 | + redirectUri: config.redirectUri, |
| 53 | + scope: "openid", |
| 54 | + codeChallenge: correctChallenge, |
| 55 | + codeChallengeMethod: "S256", |
| 56 | + expiresAt: new Date(Date.now() + 60000), |
| 57 | + }); |
| 58 | + const validResult = await provider.exchangeAuthorizationCode( |
| 59 | + "code456", |
| 60 | + verifier, |
| 61 | + config.clientId, |
| 62 | + config.redirectUri, |
| 63 | + ); |
| 64 | + expect(validResult).not.toBeNull(); |
| 65 | + expect(validResult?.accessToken).toMatch(/^mcp_/); |
| 66 | + expect(validResult?.scope).toBe("openid"); |
| 67 | + }); |
| 68 | + |
| 69 | + it("should verify PKCE correctly", () => { |
| 70 | + // @ts-ignore |
| 71 | + expect(provider["verifyPKCE"]("abc", "").toString()).toBe("false"); |
| 72 | + // Real PKCE test would require correct challenge |
| 73 | + }); |
| 74 | + |
| 75 | + it("should generate user IDs in expected format", () => { |
| 76 | + // @ts-ignore |
| 77 | + const userId = provider["generateUserId"](); |
| 78 | + expect(userId.startsWith("user-")).toBe(true); |
| 79 | + expect(userId.length).toBeGreaterThan(10); |
| 80 | + }); |
| 81 | + |
| 82 | + it("should return valid: false for invalid token", async () => { |
| 83 | + const result = await provider.validateToken(""); |
| 84 | + expect(result.valid).toBe(false); |
| 85 | + }); |
| 86 | + |
| 87 | + // Add more tests for exchangeAuthorizationCode, cleanup, etc. as needed |
| 88 | +}); |
0 commit comments