From ee663a12d9e12d0b5c9e8c7745c3b48c716754b2 Mon Sep 17 00:00:00 2001
From: Paulo Pinto <paulo.pinto@automattic.com>
Date: Mon, 25 Sep 2023 12:24:56 +0100
Subject: [PATCH] Add expectations in tests, and fail tests when expectations
 don't match

---
 tests/.env     |  2 +-
 tests/index.ts | 26 ++++++++++++++++++++++++--
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/tests/.env b/tests/.env
index a2dd392..16a06df 100644
--- a/tests/.env
+++ b/tests/.env
@@ -1,4 +1,4 @@
-ISSUER_URL="https://localhost:8443"
+ISSUER_URL="https://localhost:8443/"
 CLIENT_ID="oidc-server-plugin-tests"
 CLIENT_SECRET="oidc-server-plugin-tests"
 TLS_CA_CERT="../../matrix-oidc-playground/tls/ca/rootCA.pem"
diff --git a/tests/index.ts b/tests/index.ts
index 7073c9e..5fb84cb 100644
--- a/tests/index.ts
+++ b/tests/index.ts
@@ -72,11 +72,33 @@ async function run() {
     // Get access token.
     const request = await serverRequest;
     const tokenSet = await openIdClient.exchangeCodeForToken(request);
-    console.log("JWT token", parseJwt(tokenSet.id_token ?? ""));
+    const jwt = parseJwt(tokenSet.id_token ?? "");
+    console.log("JWT token", jwt);
 
     // Get userinfo.
     const userinfo = await openIdClient.userinfo(tokenSet.access_token ?? "");
     console.debug("userinfo", userinfo);
+
+    // Check JWT token.
+    if (jwt.iss !== env.ISSUER_URL) {
+        throw `JWT token iss doesn't match. Expected '${env.ISSUER_URL}', got '${jwt.iss}'`;
+    }
+    if (jwt.sub !== env.WORDPRESS_USER) {
+        throw `JWT token sub doesn't match. Expected '${env.WORDPRESS_USER}', got '${jwt.sub}'`;
+    }
+    if (jwt.aud !== env.CLIENT_ID) {
+        throw `JWT token aud doesn't match. Expected '${env.CLIENT_ID}', got '${jwt.aud}'`;
+    }
+
+    // Check userinfo response.
+    if (userinfo.scope !== "openid profile") {
+        throw `Userinfo scope doesn't match. Expected 'openid profile', got '${userinfo.scope}'`;
+    }
+    if (userinfo.sub !== env.WORDPRESS_USER) {
+        throw `Userinfo sub doesn't match. Expected ${env.WORDPRESS_USER}, got '${userinfo.sub}'`;
+    }
+
+    console.info("Tests passed");
 }
 
 async function grantAuthorization(httpsClient: HttpsClient, issuerUrl: string, response: AxiosResponse): Promise<AxiosResponse> {
@@ -110,7 +132,7 @@ function parseJwt(token: string) {
 }
 
 void run().catch(error => {
-    console.error(error);
+    console.error("Tests failed:", error);
     process.exit(1);
 }).finally(() => {
     if (httpsServer) {