From 7ee32d72578bc7ce9d2ee15b1c0cc2a6bd825099 Mon Sep 17 00:00:00 2001 From: P-Jeremy Date: Fri, 17 Jan 2025 15:46:20 +0100 Subject: [PATCH] feat(api): make audience in test more real usage friendly --- .../application/token.route.test.js | 12 ++++----- .../refresh-token.repository.test.js | 22 ++++++++-------- .../oidc-provider.controller.test.js | 6 ++--- .../unit/application/token.controller.test.js | 10 +++---- .../unit/domain/models/RefreshToken.test.js | 10 +++---- .../oidc-authentication-service_test.js | 2 +- .../authenticate-oidc-user.usecase.test.js | 4 +-- .../domain/usecases/authenticate-user_test.js | 26 +++++++++---------- ...s-token-from-refresh-token.usecase.test.js | 6 ++--- .../domain/services/token-service_test.js | 4 +-- 10 files changed, 51 insertions(+), 51 deletions(-) diff --git a/api/tests/identity-access-management/acceptance/application/token.route.test.js b/api/tests/identity-access-management/acceptance/application/token.route.test.js index dc41af0e0ce..3e5625c0a23 100644 --- a/api/tests/identity-access-management/acceptance/application/token.route.test.js +++ b/api/tests/identity-access-management/acceptance/application/token.route.test.js @@ -37,7 +37,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function () url: '/api/token', headers: { 'content-type': 'application/x-www-form-urlencoded', - 'x-forwarded-proto': 'http-proto', + 'x-forwarded-proto': 'https', 'x-forwarded-host': 'pix/orga', }, payload: querystring.stringify({ @@ -74,7 +74,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function () url: '/api/token', headers: { 'content-type': 'application/x-www-form-urlencoded', - 'x-forwarded-proto': 'http-proto', + 'x-forwarded-proto': 'https', 'x-forwarded-host': 'pix/orga', }, payload: querystring.stringify({ @@ -99,7 +99,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function () url: '/api/token', headers: { 'content-type': 'application/x-www-form-urlencoded', - 'x-forwarded-proto': 'http-proto', + 'x-forwarded-proto': 'https', 'x-forwarded-host': 'pix/orga', }, payload: querystring.stringify({ @@ -141,7 +141,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function () url: '/api/token', headers: { 'content-type': 'application/x-www-form-urlencoded', - 'x-forwarded-proto': 'http-proto', + 'x-forwarded-proto': 'https', 'x-forwarded-host': 'pix/orga', }, payload: querystring.stringify({ @@ -324,7 +324,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function () headers: { 'content-type': 'application/x-www-form-urlencoded', cookie: `locale=${localeFromCookie}`, - 'x-forwarded-proto': 'http-proto', + 'x-forwarded-proto': 'https', 'x-forwarded-host': 'pix/orga', }, payload: querystring.stringify({ @@ -361,7 +361,7 @@ describe('Acceptance | Identity Access Management | Route | Token', function () headers: { 'content-type': 'application/x-www-form-urlencoded', cookie: `locale=${localeFromCookie}`, - 'x-forwarded-proto': 'http-proto', + 'x-forwarded-proto': 'https', 'x-forwarded-host': 'pix/orga', }, payload: querystring.stringify({ diff --git a/api/tests/identity-access-management/integration/infrastructure/repositories/refresh-token.repository.test.js b/api/tests/identity-access-management/integration/infrastructure/repositories/refresh-token.repository.test.js index 6526d013ef3..52360f60d9b 100644 --- a/api/tests/identity-access-management/integration/infrastructure/repositories/refresh-token.repository.test.js +++ b/api/tests/identity-access-management/integration/infrastructure/repositories/refresh-token.repository.test.js @@ -19,7 +19,7 @@ describe('Integration | Identity Access Management | Infrastructure | Repository userId: 'userId!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://app.pix.fr!', }); await refreshTokenRepository.save({ refreshToken }); @@ -27,7 +27,7 @@ describe('Integration | Identity Access Management | Infrastructure | Repository userId: 'userId!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://app.certif.fr!', }); await refreshTokenRepository.save({ refreshToken: refreshToken2 }); @@ -46,7 +46,7 @@ describe('Integration | Identity Access Management | Infrastructure | Repository userId: 'userId!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://orga.pix.fr!', }); await refreshTokenRepository.save({ refreshToken }); @@ -54,7 +54,7 @@ describe('Integration | Identity Access Management | Infrastructure | Repository userId: 'userId!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://app.pix.fr!', }); await refreshTokenRepository.save({ refreshToken: refreshToken2 }); @@ -62,7 +62,7 @@ describe('Integration | Identity Access Management | Infrastructure | Repository userId: 'userId2!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://app.pix.fr!', }); await refreshTokenRepository.save({ refreshToken: refreshToken3 }); @@ -81,7 +81,7 @@ describe('Integration | Identity Access Management | Infrastructure | Repository userId: 'userId!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://app.pix.fr!', }); // when @@ -100,14 +100,14 @@ describe('Integration | Identity Access Management | Infrastructure | Repository userId: 'userId!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://app.pix.fr!', }); await refreshTokenRepository.save({ refreshToken: refreshToken1 }); const refreshToken2 = RefreshToken.generate({ userId: 'userId!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://app.orga.fr!', }); await refreshTokenRepository.save({ refreshToken: refreshToken2 }); @@ -127,21 +127,21 @@ describe('Integration | Identity Access Management | Infrastructure | Repository userId: 'userId!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://app.pix.fr!', }); await refreshTokenRepository.save({ refreshToken: refreshToken1 }); const refreshToken2 = RefreshToken.generate({ userId: 'userId!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://app.pix.fr!', }); await refreshTokenRepository.save({ refreshToken: refreshToken2 }); const refreshToken3 = RefreshToken.generate({ userId: 'userId2!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://app.certif.fr!', }); await refreshTokenRepository.save({ refreshToken: refreshToken3 }); diff --git a/api/tests/identity-access-management/unit/application/oidc-provider.controller.test.js b/api/tests/identity-access-management/unit/application/oidc-provider.controller.test.js index 9c39fb2f60f..3fbbf53722c 100644 --- a/api/tests/identity-access-management/unit/application/oidc-provider.controller.test.js +++ b/api/tests/identity-access-management/unit/application/oidc-provider.controller.test.js @@ -12,7 +12,7 @@ describe('Unit | Identity Access Management | Application | Controller | oidc-pr const iss = 'https://issuer.url'; const identityProvider = 'OIDC_EXAMPLE_NET'; const pixAccessToken = 'pixAccessToken'; - const audience = 'http-proto://pix/toto'; + const audience = 'https://app.pix.fr'; let request; @@ -20,8 +20,8 @@ describe('Unit | Identity Access Management | Application | Controller | oidc-pr request = { auth: { credentials: { userId: 123 } }, headers: { - 'x-forwarded-proto': 'http-proto', - 'x-forwarded-host': 'pix/toto', + 'x-forwarded-proto': 'https', + 'x-forwarded-host': 'app.pix.fr', }, deserializedPayload: { identityProvider, diff --git a/api/tests/identity-access-management/unit/application/token.controller.test.js b/api/tests/identity-access-management/unit/application/token.controller.test.js index 68d87305bc7..4c236a6cf18 100644 --- a/api/tests/identity-access-management/unit/application/token.controller.test.js +++ b/api/tests/identity-access-management/unit/application/token.controller.test.js @@ -33,7 +33,7 @@ describe('Unit | Identity Access Management | Application | Controller | Token', const password = 'user_password'; const scope = 'pix-orga'; const source = 'pix'; - const audience = 'http-proto://pix/toto'; + const audience = 'https://app.pix.fr'; /** * @see https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/ @@ -47,8 +47,8 @@ describe('Unit | Identity Access Management | Application | Controller | Token', const request = { headers: { 'content-type': 'application/x-www-form-urlencoded', - 'x-forwarded-proto': 'http-proto', - 'x-forwarded-host': 'pix/toto', + 'x-forwarded-proto': 'https', + 'x-forwarded-host': 'app.pix.fr', }, payload: { grant_type: 'password', @@ -101,8 +101,8 @@ describe('Unit | Identity Access Management | Application | Controller | Token', const request = { headers: { 'content-type': 'application/x-www-form-urlencoded', - 'x-forwarded-proto': 'http-proto', - 'x-forwarded-host': 'pix/toto', + 'x-forwarded-proto': 'https', + 'x-forwarded-host': 'app.pix.fr', }, payload: { grant_type: 'refresh_token', refresh_token: refreshToken, scope }, }; diff --git a/api/tests/identity-access-management/unit/domain/models/RefreshToken.test.js b/api/tests/identity-access-management/unit/domain/models/RefreshToken.test.js index 5bdcab54e5b..9e9f64c824b 100644 --- a/api/tests/identity-access-management/unit/domain/models/RefreshToken.test.js +++ b/api/tests/identity-access-management/unit/domain/models/RefreshToken.test.js @@ -21,7 +21,7 @@ describe('Unit | Identity Access Management | Domain | Model | RefreshToken', fu scope: 'scope!', source: 'source!', value: 'token!', - audience: 'audience!', + audience: 'https://app.pix.fr!', }); // then @@ -29,7 +29,7 @@ describe('Unit | Identity Access Management | Domain | Model | RefreshToken', fu expect(refreshToken.userId).to.equal('userId!'); expect(refreshToken.scope).to.equal('scope!'); expect(refreshToken.source).to.equal('source!'); - expect(refreshToken.audience).to.equal('audience!'); + expect(refreshToken.audience).to.equal('https://app.pix.fr!'); expect(refreshToken.expirationDelaySeconds).to.equal(defaultRefreshTokenLifespanMs / 1000); }); @@ -47,7 +47,7 @@ describe('Unit | Identity Access Management | Domain | Model | RefreshToken', fu scope: 'pix-orga', source: 'source!', value: 'token!', - audience: 'audience!', + audience: 'https://app.pix.fr!', }); // then @@ -61,7 +61,7 @@ describe('Unit | Identity Access Management | Domain | Model | RefreshToken', fu userId: 'userId!', source: 'source!', value: 'token!', - audience: 'audience!', + audience: 'https://app.pix.fr!', }); // then @@ -81,7 +81,7 @@ describe('Unit | Identity Access Management | Domain | Model | RefreshToken', fu userId: 'userId!', scope: 'scope!', source: 'source!', - audience: 'audience!', + audience: 'https://app.pix.fr!', }); // then diff --git a/api/tests/identity-access-management/unit/domain/services/oidc-authentication-service_test.js b/api/tests/identity-access-management/unit/domain/services/oidc-authentication-service_test.js index de854457d10..dc858ea2e39 100644 --- a/api/tests/identity-access-management/unit/domain/services/oidc-authentication-service_test.js +++ b/api/tests/identity-access-management/unit/domain/services/oidc-authentication-service_test.js @@ -122,7 +122,7 @@ describe('Unit | Domain | Services | oidc-authentication-service', function () { // given const userId = 42; const accessToken = Symbol('valid access token'); - const audience = 'http-proto://pix/toto'; + const audience = 'https://app.admin.fr'; const payload = { user_id: userId, aud: audience }; const jwtOptions = { expiresIn: ms('48h') / 1000 }; sinon diff --git a/api/tests/identity-access-management/unit/domain/usecases/authenticate-oidc-user.usecase.test.js b/api/tests/identity-access-management/unit/domain/usecases/authenticate-oidc-user.usecase.test.js index 86cdaabfab2..07a8f36813b 100644 --- a/api/tests/identity-access-management/unit/domain/usecases/authenticate-oidc-user.usecase.test.js +++ b/api/tests/identity-access-management/unit/domain/usecases/authenticate-oidc-user.usecase.test.js @@ -17,7 +17,7 @@ describe('Unit | Identity Access Management | Domain | UseCase | authenticate-oi let userLoginRepository; let oidcAuthenticationServiceRegistry; const externalIdentityId = '094b83ac-2e20-4aa8-b438-0bc91748e4a6'; - const audience = 'https://pix/toto.fr'; + const audience = 'https://app.pix.fr'; beforeEach(function () { oidcAuthenticationService = { @@ -333,7 +333,7 @@ describe('Unit | Identity Access Management | Domain | UseCase | authenticate-oi let userLoginRepository; let oidcAuthenticationServiceRegistry; const externalIdentityId = '094b83ac-2e20-4aa8-b438-0bc91748e4a6'; - const audience = 'https://pix/toto.fr'; + const audience = 'https://app.pix.fr'; beforeEach(function () { oidcAuthenticationService = { diff --git a/api/tests/identity-access-management/unit/domain/usecases/authenticate-user_test.js b/api/tests/identity-access-management/unit/domain/usecases/authenticate-user_test.js index 71536ca72b4..b52ceab1b1a 100644 --- a/api/tests/identity-access-management/unit/domain/usecases/authenticate-user_test.js +++ b/api/tests/identity-access-management/unit/domain/usecases/authenticate-user_test.js @@ -51,7 +51,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u // given const scope = PIX_ORGA.SCOPE; const user = new User({ email: userEmail, memberships: [] }); - const audience = 'audience'; + const audience = 'https://app.orga.fr'; pixAuthenticationService.getUserByUsernameAndPassword.resolves(user); // when @@ -77,7 +77,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u // given const scope = PIX_ADMIN.SCOPE; const user = new User({ email: userEmail }); - const audience = 'audience'; + const audience = 'https://app.admin.fr'; pixAuthenticationService.getUserByUsernameAndPassword.resolves(user); adminMemberRepository.get.withArgs({ userId: user.id }).resolves(); @@ -104,7 +104,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u // given const scope = PIX_ADMIN.SCOPE; const user = new User({ email: userEmail }); - const audience = 'audience'; + const audience = 'https://app.admin.fr'; const adminMember = new AdminMember({ id: 567, userId: user.id, @@ -142,7 +142,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u const scope = PIX_ADMIN.SCOPE; const source = 'pix'; const user = new User({ id: 123, email: userEmail }); - const audience = 'audience'; + const audience = 'https://app.admin.fr'; const adminMember = new AdminMember({ id: 567, userId: user.id, @@ -201,7 +201,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u const accessToken = 'jwt.access.token'; const expirationDelaySeconds = 1; const source = 'pix'; - const audience = 'audience'; + const audience = 'https://app.certif.fr'; const user = domainBuilder.buildUser({ email: userEmail, @@ -249,7 +249,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u const scope = 'mon-pix'; const expirationDelaySeconds = 1; const user = domainBuilder.buildUser({ email: userEmail }); - const audience = 'audience'; + const audience = 'https://app.certif.fr'; pixAuthenticationService.getUserByUsernameAndPassword.resolves(user); @@ -289,7 +289,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u const source = 'pix'; const scope = 'mon-pix'; const expirationDelaySeconds = 1; - const audience = 'audience'; + const audience = 'https://app.certif.fr'; const user = domainBuilder.buildUser({ email: userEmail }); @@ -320,7 +320,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u // given const unknownUserEmail = 'unknown_user_email@example.net'; pixAuthenticationService.getUserByUsernameAndPassword.rejects(new UserNotFoundError()); - const audience = 'audience'; + const audience = 'https://app.certif.fr'; // when const error = await catchErr(authenticateUser)({ @@ -339,7 +339,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u it('should rejects an error when given password does not match the found user’s one', async function () { // given pixAuthenticationService.getUserByUsernameAndPassword.rejects(new MissingOrInvalidCredentialsError()); - const audience = 'audience'; + const audience = 'https://app.certif.fr'; // when const error = await catchErr(authenticateUser)({ @@ -359,7 +359,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u it('should throw UserShouldChangePasswordError', async function () { // given const tokenService = { createPasswordResetToken: sinon.stub() }; - const audience = 'audience'; + const audience = 'https://app.certif.fr'; const user = domainBuilder.buildUser({ username: 'jean.neymar2008' }); const authenticationMethod = domainBuilder.buildAuthenticationMethod.withPixAsIdentityProviderAndRawPassword({ @@ -404,7 +404,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u const source = 'pix'; const expirationDelaySeconds = 1; const user = domainBuilder.buildUser({ email: userEmail, locale: 'fr-FR' }); - const audience = 'audience'; + const audience = 'https://app.pix.fr'; pixAuthenticationService.getUserByUsernameAndPassword.resolves(user); tokenService.createAccessTokenFromUser.resolves({ accessToken, expirationDelaySeconds }); @@ -436,7 +436,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u const source = 'pix'; const scope = 'mon-pix'; const expirationDelaySeconds = 1; - const audience = 'audience'; + const audience = 'https://app.pix.fr'; const user = domainBuilder.buildUser({ email: userEmail, locale: null }); const setLocaleIfNotAlreadySetStub = sinon.stub(user, 'setLocaleIfNotAlreadySet'); @@ -470,7 +470,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | authenticate-u const source = 'pix'; const scope = 'mon-pix'; const expirationDelaySeconds = 1; - const audience = 'audience'; + const audience = 'https://app.pix.fr'; const user = domainBuilder.buildUser({ email: userEmail, locale: undefined }); pixAuthenticationService.getUserByUsernameAndPassword.resolves(user); diff --git a/api/tests/identity-access-management/unit/domain/usecases/create-access-token-from-refresh-token.usecase.test.js b/api/tests/identity-access-management/unit/domain/usecases/create-access-token-from-refresh-token.usecase.test.js index bcfc4256f24..ab2e2202d13 100644 --- a/api/tests/identity-access-management/unit/domain/usecases/create-access-token-from-refresh-token.usecase.test.js +++ b/api/tests/identity-access-management/unit/domain/usecases/create-access-token-from-refresh-token.usecase.test.js @@ -12,7 +12,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | create-access- const expirationDelaySeconds = 1; const scope = 'mon-pix'; const source = 'pix'; - const audience = 'http-proto://pix/toto'; + const audience = 'https://app.admin.fr'; const refreshToken = RefreshToken.generate({ userId, scope, source, audience }); @@ -46,7 +46,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | create-access- const expirationDelaySeconds = 1; const scope = 'mon-pix'; const source = 'pix'; - const audience = 'http-proto://pix/toto'; + const audience = 'https://app.admin.fr'; const refreshToken = RefreshToken.generate({ userId, scope, source, audience }); @@ -82,7 +82,7 @@ describe('Unit | Identity Access Management | Domain | UseCases | create-access- const expirationDelaySeconds = 1; const scope = 'mon-pix'; const source = 'pix'; - const audience = 'http-proto://pix/toto'; + const audience = 'https://app.admin.fr'; const refreshToken = RefreshToken.generate({ userId, scope, source, audience }); diff --git a/api/tests/shared/unit/domain/services/token-service_test.js b/api/tests/shared/unit/domain/services/token-service_test.js index 67917cee344..30bb47f4ca1 100644 --- a/api/tests/shared/unit/domain/services/token-service_test.js +++ b/api/tests/shared/unit/domain/services/token-service_test.js @@ -48,7 +48,7 @@ describe('Unit | Shared | Domain | Services | Token Service', function () { sinon.stub(settings.authentication, 'secret').value('a secret'); sinon.stub(settings.authentication, 'accessTokenLifespanMs').value(1000); const accessToken = 'valid access token'; - const audience = 'http-proto://pix/toto'; + const audience = 'https://app.admin.fr'; const expirationDelaySeconds = 1; const firstParameter = { user_id: userId, source, aud: audience }; const secondParameter = 'a secret'; @@ -121,7 +121,7 @@ describe('Unit | Shared | Domain | Services | Token Service', function () { it('should return userId if the accessToken is valid', function () { // given const userId = 123; - const audience = 'http-proto://pix/toto'; + const audience = 'https://app.admin.fr'; const accessToken = tokenService.createAccessTokenFromUser({ userId, source: 'pix', audience }).accessToken; // when