feat(api): make audience in test more real usage friendly

1024pix · Jan 17, 2025 · 7ee32d7 · 7ee32d7
1 parent 2de117f
commit 7ee32d7
Show file tree

Hide file tree

Showing 10 changed files with 51 additions and 51 deletions.
diff --git a/api/tests/identity-access-management/acceptance/application/token.route.test.js b/api/tests/identity-access-management/acceptance/application/token.route.test.js
@@ -37,7 +37,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function ()
         url: '/api/token',
         headers: {
           'content-type': 'application/x-www-form-urlencoded',
-          'x-forwarded-proto': 'http-proto',
+          'x-forwarded-proto': 'https',
           'x-forwarded-host': 'pix/orga',
         },
         payload: querystring.stringify({
@@ -74,7 +74,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function ()
         url: '/api/token',
         headers: {
           'content-type': 'application/x-www-form-urlencoded',
-          'x-forwarded-proto': 'http-proto',
+          'x-forwarded-proto': 'https',
           'x-forwarded-host': 'pix/orga',
         },
         payload: querystring.stringify({
@@ -99,7 +99,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function ()
           url: '/api/token',
           headers: {
             'content-type': 'application/x-www-form-urlencoded',
-            'x-forwarded-proto': 'http-proto',
+            'x-forwarded-proto': 'https',
             'x-forwarded-host': 'pix/orga',
           },
           payload: querystring.stringify({
@@ -141,7 +141,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function ()
             url: '/api/token',
             headers: {
               'content-type': 'application/x-www-form-urlencoded',
-              'x-forwarded-proto': 'http-proto',
+              'x-forwarded-proto': 'https',
               'x-forwarded-host': 'pix/orga',
             },
             payload: querystring.stringify({
@@ -324,7 +324,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function ()
             headers: {
               'content-type': 'application/x-www-form-urlencoded',
               cookie: `locale=${localeFromCookie}`,
-              'x-forwarded-proto': 'http-proto',
+              'x-forwarded-proto': 'https',
               'x-forwarded-host': 'pix/orga',
             },
             payload: querystring.stringify({
@@ -361,7 +361,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function ()
             headers: {
               'content-type': 'application/x-www-form-urlencoded',
               cookie: `locale=${localeFromCookie}`,
-              'x-forwarded-proto': 'http-proto',
+              'x-forwarded-proto': 'https',
               'x-forwarded-host': 'pix/orga',
             },
             payload: querystring.stringify({

diff --git a/...ccess-management/integration/infrastructure/repositories/refresh-token.repository.test.js b/...ccess-management/integration/infrastructure/repositories/refresh-token.repository.test.js
@@ -19,15 +19,15 @@ describe('Integration | Identity Access Management | Infrastructure | Repository
         userId: 'userId!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://app.pix.fr!',
       });
       await refreshTokenRepository.save({ refreshToken });
 
       const refreshToken2 = RefreshToken.generate({
         userId: 'userId!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://app.certif.fr!',
       });
       await refreshTokenRepository.save({ refreshToken: refreshToken2 });
 
@@ -46,23 +46,23 @@ describe('Integration | Identity Access Management | Infrastructure | Repository
         userId: 'userId!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://orga.pix.fr!',
       });
       await refreshTokenRepository.save({ refreshToken });
 
       const refreshToken2 = RefreshToken.generate({
         userId: 'userId!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://app.pix.fr!',
       });
       await refreshTokenRepository.save({ refreshToken: refreshToken2 });
 
       const refreshToken3 = RefreshToken.generate({
         userId: 'userId2!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://app.pix.fr!',
       });
       await refreshTokenRepository.save({ refreshToken: refreshToken3 });
 
@@ -81,7 +81,7 @@ describe('Integration | Identity Access Management | Infrastructure | Repository
         userId: 'userId!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://app.pix.fr!',
       });
 
       // when
@@ -100,14 +100,14 @@ describe('Integration | Identity Access Management | Infrastructure | Repository
         userId: 'userId!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://app.pix.fr!',
       });
       await refreshTokenRepository.save({ refreshToken: refreshToken1 });
       const refreshToken2 = RefreshToken.generate({
         userId: 'userId!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://app.orga.fr!',
       });
       await refreshTokenRepository.save({ refreshToken: refreshToken2 });
 
@@ -127,21 +127,21 @@ describe('Integration | Identity Access Management | Infrastructure | Repository
         userId: 'userId!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://app.pix.fr!',
       });
       await refreshTokenRepository.save({ refreshToken: refreshToken1 });
       const refreshToken2 = RefreshToken.generate({
         userId: 'userId!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://app.pix.fr!',
       });
       await refreshTokenRepository.save({ refreshToken: refreshToken2 });
       const refreshToken3 = RefreshToken.generate({
         userId: 'userId2!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://app.certif.fr!',
       });
       await refreshTokenRepository.save({ refreshToken: refreshToken3 });
 

diff --git a/api/tests/identity-access-management/unit/application/oidc-provider.controller.test.js b/api/tests/identity-access-management/unit/application/oidc-provider.controller.test.js
@@ -12,16 +12,16 @@ describe('Unit | Identity Access Management | Application | Controller | oidc-pr
     const iss = 'https://issuer.url';
     const identityProvider = 'OIDC_EXAMPLE_NET';
     const pixAccessToken = 'pixAccessToken';
-    const audience = 'http-proto://pix/toto';
+    const audience = 'https://app.pix.fr';
 
     let request;
 
     beforeEach(function () {
       request = {
         auth: { credentials: { userId: 123 } },
         headers: {
-          'x-forwarded-proto': 'http-proto',
-          'x-forwarded-host': 'pix/toto',
+          'x-forwarded-proto': 'https',
+          'x-forwarded-host': 'app.pix.fr',
         },
         deserializedPayload: {
           identityProvider,

diff --git a/api/tests/identity-access-management/unit/application/token.controller.test.js b/api/tests/identity-access-management/unit/application/token.controller.test.js
@@ -33,7 +33,7 @@ describe('Unit | Identity Access Management | Application | Controller | Token',
     const password = 'user_password';
     const scope = 'pix-orga';
     const source = 'pix';
-    const audience = 'http-proto://pix/toto';
+    const audience = 'https://app.pix.fr';
 
     /**
      * @see https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/
@@ -47,8 +47,8 @@ describe('Unit | Identity Access Management | Application | Controller | Token',
         const request = {
           headers: {
             'content-type': 'application/x-www-form-urlencoded',
-            'x-forwarded-proto': 'http-proto',
-            'x-forwarded-host': 'pix/toto',
+            'x-forwarded-proto': 'https',
+            'x-forwarded-host': 'app.pix.fr',
           },
           payload: {
             grant_type: 'password',
@@ -101,8 +101,8 @@ describe('Unit | Identity Access Management | Application | Controller | Token',
         const request = {
           headers: {
             'content-type': 'application/x-www-form-urlencoded',
-            'x-forwarded-proto': 'http-proto',
-            'x-forwarded-host': 'pix/toto',
+            'x-forwarded-proto': 'https',
+            'x-forwarded-host': 'app.pix.fr',
           },
           payload: { grant_type: 'refresh_token', refresh_token: refreshToken, scope },
         };

diff --git a/api/tests/identity-access-management/unit/domain/models/RefreshToken.test.js b/api/tests/identity-access-management/unit/domain/models/RefreshToken.test.js
@@ -21,15 +21,15 @@ describe('Unit | Identity Access Management | Domain | Model | RefreshToken', fu
         scope: 'scope!',
         source: 'source!',
         value: 'token!',
-        audience: 'audience!',
+        audience: 'https://app.pix.fr!',
       });
 
       // then
       expect(refreshToken.value).to.equal('token!');
       expect(refreshToken.userId).to.equal('userId!');
       expect(refreshToken.scope).to.equal('scope!');
       expect(refreshToken.source).to.equal('source!');
-      expect(refreshToken.audience).to.equal('audience!');
+      expect(refreshToken.audience).to.equal('https://app.pix.fr!');
       expect(refreshToken.expirationDelaySeconds).to.equal(defaultRefreshTokenLifespanMs / 1000);
     });
 
@@ -47,7 +47,7 @@ describe('Unit | Identity Access Management | Domain | Model | RefreshToken', fu
           scope: 'pix-orga',
           source: 'source!',
           value: 'token!',
-          audience: 'audience!',
+          audience: 'https://app.pix.fr!',
         });
 
         // then
@@ -61,7 +61,7 @@ describe('Unit | Identity Access Management | Domain | Model | RefreshToken', fu
             userId: 'userId!',
             source: 'source!',
             value: 'token!',
-            audience: 'audience!',
+            audience: 'https://app.pix.fr!',
           });
 
           // then
@@ -81,7 +81,7 @@ describe('Unit | Identity Access Management | Domain | Model | RefreshToken', fu
         userId: 'userId!',
         scope: 'scope!',
         source: 'source!',
-        audience: 'audience!',
+        audience: 'https://app.pix.fr!',
       });
 
       // then

diff --git a/...tests/identity-access-management/unit/domain/services/oidc-authentication-service_test.js b/...tests/identity-access-management/unit/domain/services/oidc-authentication-service_test.js
@@ -122,7 +122,7 @@ describe('Unit | Domain | Services | oidc-authentication-service', function () {
       // given
       const userId = 42;
       const accessToken = Symbol('valid access token');
-      const audience = 'http-proto://pix/toto';
+      const audience = 'https://app.admin.fr';
       const payload = { user_id: userId, aud: audience };
       const jwtOptions = { expiresIn: ms('48h') / 1000 };
       sinon

diff --git a/...ts/identity-access-management/unit/domain/usecases/authenticate-oidc-user.usecase.test.js b/...ts/identity-access-management/unit/domain/usecases/authenticate-oidc-user.usecase.test.js
@@ -17,7 +17,7 @@ describe('Unit | Identity Access Management | Domain | UseCase | authenticate-oi
     let userLoginRepository;
     let oidcAuthenticationServiceRegistry;
     const externalIdentityId = '094b83ac-2e20-4aa8-b438-0bc91748e4a6';
-    const audience = 'https://pix/toto.fr';
+    const audience = 'https://app.pix.fr';
 
     beforeEach(function () {
       oidcAuthenticationService = {
@@ -333,7 +333,7 @@ describe('Unit | Identity Access Management | Domain | UseCase | authenticate-oi
     let userLoginRepository;
     let oidcAuthenticationServiceRegistry;
     const externalIdentityId = '094b83ac-2e20-4aa8-b438-0bc91748e4a6';
-    const audience = 'https://pix/toto.fr';
+    const audience = 'https://app.pix.fr';
 
     beforeEach(function () {
       oidcAuthenticationService = {

diff --git a/api/tests/identity-access-management/unit/domain/usecases/authenticate-user_test.js b/api/tests/identity-access-management/unit/domain/usecases/authenticate-user_test.js
@@ -51,7 +51,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
         // given
         const scope = PIX_ORGA.SCOPE;
         const user = new User({ email: userEmail, memberships: [] });
-        const audience = 'audience';
+        const audience = 'https://app.orga.fr';
         pixAuthenticationService.getUserByUsernameAndPassword.resolves(user);
 
         // when
@@ -77,7 +77,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
         // given
         const scope = PIX_ADMIN.SCOPE;
         const user = new User({ email: userEmail });
-        const audience = 'audience';
+        const audience = 'https://app.admin.fr';
 
         pixAuthenticationService.getUserByUsernameAndPassword.resolves(user);
         adminMemberRepository.get.withArgs({ userId: user.id }).resolves();
@@ -104,7 +104,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
         // given
         const scope = PIX_ADMIN.SCOPE;
         const user = new User({ email: userEmail });
-        const audience = 'audience';
+        const audience = 'https://app.admin.fr';
         const adminMember = new AdminMember({
           id: 567,
           userId: user.id,
@@ -142,7 +142,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
         const scope = PIX_ADMIN.SCOPE;
         const source = 'pix';
         const user = new User({ id: 123, email: userEmail });
-        const audience = 'audience';
+        const audience = 'https://app.admin.fr';
         const adminMember = new AdminMember({
           id: 567,
           userId: user.id,
@@ -201,7 +201,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
           const accessToken = 'jwt.access.token';
           const expirationDelaySeconds = 1;
           const source = 'pix';
-          const audience = 'audience';
+          const audience = 'https://app.certif.fr';
 
           const user = domainBuilder.buildUser({
             email: userEmail,
@@ -249,7 +249,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
     const scope = 'mon-pix';
     const expirationDelaySeconds = 1;
     const user = domainBuilder.buildUser({ email: userEmail });
-    const audience = 'audience';
+    const audience = 'https://app.certif.fr';
 
     pixAuthenticationService.getUserByUsernameAndPassword.resolves(user);
 
@@ -289,7 +289,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
     const source = 'pix';
     const scope = 'mon-pix';
     const expirationDelaySeconds = 1;
-    const audience = 'audience';
+    const audience = 'https://app.certif.fr';
 
     const user = domainBuilder.buildUser({ email: userEmail });
 
@@ -320,7 +320,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
     // given
     const unknownUserEmail = '[email protected]';
     pixAuthenticationService.getUserByUsernameAndPassword.rejects(new UserNotFoundError());
-    const audience = 'audience';
+    const audience = 'https://app.certif.fr';
 
     // when
     const error = await catchErr(authenticateUser)({
@@ -339,7 +339,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
   it('should rejects an error when given password does not match the found user’s one', async function () {
     // given
     pixAuthenticationService.getUserByUsernameAndPassword.rejects(new MissingOrInvalidCredentialsError());
-    const audience = 'audience';
+    const audience = 'https://app.certif.fr';
 
     // when
     const error = await catchErr(authenticateUser)({
@@ -359,7 +359,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
     it('should throw UserShouldChangePasswordError', async function () {
       // given
       const tokenService = { createPasswordResetToken: sinon.stub() };
-      const audience = 'audience';
+      const audience = 'https://app.certif.fr';
 
       const user = domainBuilder.buildUser({ username: 'jean.neymar2008' });
       const authenticationMethod = domainBuilder.buildAuthenticationMethod.withPixAsIdentityProviderAndRawPassword({
@@ -404,7 +404,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
         const source = 'pix';
         const expirationDelaySeconds = 1;
         const user = domainBuilder.buildUser({ email: userEmail, locale: 'fr-FR' });
-        const audience = 'audience';
+        const audience = 'https://app.pix.fr';
 
         pixAuthenticationService.getUserByUsernameAndPassword.resolves(user);
         tokenService.createAccessTokenFromUser.resolves({ accessToken, expirationDelaySeconds });
@@ -436,7 +436,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
           const source = 'pix';
           const scope = 'mon-pix';
           const expirationDelaySeconds = 1;
-          const audience = 'audience';
+          const audience = 'https://app.pix.fr';
           const user = domainBuilder.buildUser({ email: userEmail, locale: null });
           const setLocaleIfNotAlreadySetStub = sinon.stub(user, 'setLocaleIfNotAlreadySet');
 
@@ -470,7 +470,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u
           const source = 'pix';
           const scope = 'mon-pix';
           const expirationDelaySeconds = 1;
-          const audience = 'audience';
+          const audience = 'https://app.pix.fr';
           const user = domainBuilder.buildUser({ email: userEmail, locale: undefined });
 
           pixAuthenticationService.getUserByUsernameAndPassword.resolves(user);