More changes

Author: mridang

jest.config.mjs

@@ -15,9 +15,9 @@ export default {
   testPathIgnorePatterns: ['/node_modules/', '/frontend/', '/dist/'],
   resetModules: false,
   collectCoverage: true,
-  coverageDirectory: './.out',
+  coverageDirectory: './build/coverage',
   collectCoverageFrom: ['src/**/*.{ts,tsx,js,jsx}', '!src/**/*.d.ts'],
-  coverageReporters: ['lcov', 'text'],
+  coverageReporters: ['clover'],
   coveragePathIgnorePatterns: ['/dist/', '/node_modules/'],
   testTimeout: 60000,
   extensionsToTreatAsEsm: ['.ts', '.tsx', '.mts'],

src/auth/authenticator.ts

@@ -16,7 +16,7 @@ export abstract class Authenticator {
    * @param hostName The base URL for all authentication endpoints.
    */
   protected constructor(hostName: string) {
-    this.hostName = new URL(hostName);
+    this.hostName = new URL(new URL(hostName).origin);
   }
 
   /**

src/auth/client-credentials-authenticator.ts

@@ -65,6 +65,9 @@ export class ClientCredentialsAuthenticator extends OAuthAuthenticator {
       client,
       this.clientAuth,
       this.parameters,
+      {
+        [oauth.allowInsecureRequests]: process.env.JEST_WORKER_ID !== undefined,
+      },
     );
 
     return oauth.processClientCredentialsResponse(authServer, client, response);

src/auth/oauth-authenticator.ts

@@ -74,14 +74,6 @@ export abstract class OAuthAuthenticator extends Authenticator {
     }
   }
 
-  /**
-   * Retrieves the client metadata.
-   * @returns The client metadata.
-   */
-  public getClient(): oauth.Client {
-    return this.client;
-  }
-
   protected abstract performTokenRequest(
     authServer: oauth.AuthorizationServer,
     client: oauth.Client,

src/auth/openid.ts

@@ -32,9 +32,15 @@ export class OpenId {
     if (!hostname.startsWith('http')) {
       hostname = `https://${hostname}`;
     }
-    const issuer = new URL(hostname);
+    const issuer = new URL(
+      '/.well-known/openid-configuration',
+      new URL(hostname).origin,
+    );
+    // noinspection JSDeprecatedSymbols
     const authServer = await oauth
-      .discoveryRequest(issuer)
+      .discoveryRequest(issuer, {
+        [oauth.allowInsecureRequests]: process.env.JEST_WORKER_ID !== undefined,
+      })
       .then((response) => oauth.processDiscoveryResponse(issuer, response));
     return new OpenId(authServer);
   }

src/auth/webtoken-authenticator.ts

@@ -134,6 +134,9 @@ export class WebTokenAuthenticator extends OAuthAuthenticator {
       this.clientAuth,
       this.grantType,
       parameters,
+      {
+        [oauth.allowInsecureRequests]: process.env.JEST_WORKER_ID !== undefined,
+      },
     );
 
     return oauth.processGenericTokenEndpointResponse(

test/auth/client-credentials-authenticator.test.ts

@@ -1,5 +1,5 @@
 import { ClientCredentialsAuthenticator } from '../../src/auth/client-credentials-authenticator.js';
-import { withOauthContainer } from './oauth-authenticator.test.js';
+import { withOauthContainer } from './oauth-authenticator-test.js';
 
 const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));
 
@@ -10,8 +10,9 @@ const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));
  * refreshes its token and returns the proper Authorization header.
  */
 describe('ClientCredentialsAuthenticatorTest', () => {
-  withOauthContainer((oauthHost: string) => {
+  withOauthContainer((getOauthHost) => {
     test('testRefreshToken', async () => {
+      const oauthHost = getOauthHost();
       await sleep(20);
 
       const authenticator = await ClientCredentialsAuthenticator.builder(

test/auth/oauth-authenticator-test.ts

@@ -0,0 +1,28 @@
+// file: test/auth/oauth-authenticator.test.ts
+import { GenericContainer, StartedTestContainer, Wait } from 'testcontainers';
+
+export function withOauthContainer(
+  defineTests: (getOauthHost: () => string) => void,
+): void {
+  let container: StartedTestContainer;
+  let oauthHost = '';
+
+  beforeAll(async () => {
+    container = await new GenericContainer(
+      'ghcr.io/navikt/mock-oauth2-server:2.1.10',
+    )
+      .withExposedPorts(8080)
+      .withWaitStrategy(Wait.forHttp('/', 8080).forStatusCode(405))
+      .start();
+
+    oauthHost = `http://${container.getHost()}:${container.getMappedPort(8080)}`;
+  }, 30_000);
+
+  afterAll(async () => {
+    await container.stop();
+  });
+
+  describe('with mock OAuth2 server', () => {
+    defineTests(() => oauthHost); // 👈 defer access to when test runs
+  });
+}

test/auth/oauth-authenticator.test.ts

@@ -1,29 +1,30 @@
 import { generateKeyPair } from 'node:crypto';
 import { WebTokenAuthenticator } from '../../src/auth/webtoken-authenticator.js';
-import { withOauthContainer } from './oauth-authenticator.test.js';
+import { withOauthContainer } from './oauth-authenticator-test.js';
 
 describe('WebTokenAuthenticatorTest', () => {
-  withOauthContainer((oauthHost: string) => {
-    const getPrivateKey = (): Promise<string> => {
-      return new Promise((resolve, reject) => {
-        generateKeyPair(
-          'rsa',
-          {
-            modulusLength: 2048,
-            publicKeyEncoding: { type: 'spki', format: 'pem' },
-            privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
-          },
-          (err, publicKey, privKey) => {
-            if (err) {
-              return reject(err);
-            }
-            resolve(privKey);
-          },
-        );
-      });
-    };
+  const getPrivateKey = (): Promise<string> => {
+    return new Promise((resolve, reject) => {
+      generateKeyPair(
+        'rsa',
+        {
+          modulusLength: 2048,
+          publicKeyEncoding: { type: 'spki', format: 'pem' },
+          privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+        },
+        (err, publicKey, privKey) => {
+          if (err) {
+            return reject(err);
+          }
+          resolve(privKey);
+        },
+      );
+    });
+  };
 
+  withOauthContainer((getOauthHost) => {
     test('testRefreshToken', async () => {
+      const oauthHost = getOauthHost();
       const authenticator = await WebTokenAuthenticator.builder(
         oauthHost,
         '1',
@@ -35,7 +36,6 @@ describe('WebTokenAuthenticatorTest', () => {
       expect(await authenticator.getAuthToken()).not.toBeFalsy();
       const token = await authenticator.refreshToken();
       expect(token.access_token).not.toBeFalsy();
-      const expiresIn = token.expires_in ?? 0;
       expect(token.expires_in && token.expires_in > 0).toBe(true);
       expect(token.access_token).toBe(await authenticator.getAuthToken());
       expect(authenticator.getHost().toString()).toBe(oauthHost + '/');
@@ -45,6 +45,7 @@ describe('WebTokenAuthenticatorTest', () => {
     }, 30000);
 
     test('testRefreshTokenWithRS256', async () => {
+      const oauthHost = getOauthHost();
       const authenticator = await WebTokenAuthenticator.builder(
         oauthHost,
         '1',
@@ -65,6 +66,7 @@ describe('WebTokenAuthenticatorTest', () => {
     }, 30000);
 
     test('testRefreshTokenWithExtendedLifetime', async () => {
+      const oauthHost = getOauthHost();
       const authenticator = await WebTokenAuthenticator.builder(
         oauthHost,
         '1',