-
-
Notifications
You must be signed in to change notification settings - Fork 53
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed some old APIs timing out when auth fails
Migrated /internal/auth/consumeAccessToken and /internal/auth/personalAccessTokens to the typed router architecture. Migrated /updateNotificationSettings to use the typed router's response logic. Added integration tests for all three routes.
- Loading branch information
1 parent
c5f9d9c
commit eb51358
Showing
15 changed files
with
377 additions
and
136 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
103 changes: 103 additions & 0 deletions
103
packages/backend/src/__tests__/integration/auth.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
import { resetLocalEmulators } from "../emulators.js"; | ||
import { setupAccessCode } from "../firebaseTesting.js"; | ||
import { fetchRoute } from "./utils/fetchRoute.js"; | ||
|
||
beforeEach(async () => { | ||
await resetLocalEmulators(); | ||
await setupAccessCode("test"); | ||
}); | ||
|
||
async function consumeAccessCode(accessCode: string) { | ||
return await fetchRoute(`/api/internal/auth/consumeAccessCode`, { | ||
method: "GET", | ||
authorization: { token: accessCode }, | ||
}); | ||
} | ||
|
||
describe("/internal/auth/consumeAccessCode", () => { | ||
test("returns a login token for valid access code", async () => { | ||
const { status, body } = await consumeAccessCode("test"); | ||
expect(status).toBe(200); | ||
expect(body).toMatch(/.+/); // i.e. to be a non-empty string | ||
}); | ||
|
||
test("fails when no authorization is provided", async () => { | ||
const { status, body } = await fetchRoute( | ||
`/api/internal/auth/consumeAccessCode`, | ||
{ | ||
method: "GET", | ||
}, | ||
); | ||
expect(status).toBe(401); | ||
expect(body).toBeUndefined(); | ||
}); | ||
|
||
test("fails when consuming an already-consumed code", async () => { | ||
await consumeAccessCode("test"); | ||
const { status, body } = await consumeAccessCode("test"); | ||
expect(status).toBe(401); | ||
expect(body).toBeUndefined(); | ||
}); | ||
|
||
test("fails when consuming a non-existent code", async () => { | ||
const { status, body } = await consumeAccessCode("test2"); | ||
expect(status).toBe(401); | ||
expect(body).toBeUndefined(); | ||
}); | ||
|
||
test("fails when consuming an expired code", async () => { | ||
await setupAccessCode( | ||
"testExpired", | ||
"testUserID", | ||
{}, | ||
new Date(Date.now() - 1000), | ||
); | ||
const { status, body } = await consumeAccessCode("testExpired"); | ||
expect(status).toBe(401); | ||
expect(body).toBeUndefined(); | ||
}); | ||
}); | ||
|
||
describe("/internal/auth/personalAccessTokens", () => { | ||
test("creates PAT from access code", async () => { | ||
const { status, body } = await fetchRoute( | ||
`/api/internal/auth/personalAccessTokens`, | ||
{ | ||
method: "POST", | ||
json: {}, | ||
authorization: { token: "test" }, | ||
}, | ||
); | ||
expect(status).toBe(200); | ||
expect(body.token).toMatch(/.+/); // i.e. to be a non-empty string | ||
|
||
// Personal access tokens can be used repeatedly. | ||
expect((await consumeAccessCode(body.token)).status).toBe(200); | ||
expect((await consumeAccessCode(body.token)).status).toBe(200); | ||
}); | ||
|
||
test("fails without auth", async () => { | ||
const { status, body } = await fetchRoute( | ||
`/api/internal/auth/personalAccessTokens`, | ||
{ | ||
method: "POST", | ||
json: {}, | ||
}, | ||
); | ||
expect(status).toBe(401); | ||
expect(body).toBeUndefined(); | ||
}); | ||
|
||
test("fails with invalid auth", async () => { | ||
const { status, body } = await fetchRoute( | ||
`/api/internal/auth/personalAccessTokens`, | ||
{ | ||
method: "POST", | ||
json: {}, | ||
authorization: { token: "invalid" }, | ||
}, | ||
); | ||
expect(status).toBe(401); | ||
expect(body).toBeUndefined(); | ||
}); | ||
}); |
72 changes: 72 additions & 0 deletions
72
packages/backend/src/__tests__/integration/updateNotificationSettings.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
import { UpdateNotificationSettingsAction } from "../../firebaseFunctions/updateNotificationSettings.js"; | ||
import { resetLocalEmulators } from "../emulators.js"; | ||
import { getTestUserMetadata, setupAuthToken } from "../firebaseTesting.js"; | ||
import { fetchRoute } from "./utils/fetchRoute.js"; | ||
|
||
beforeEach(async () => { | ||
await resetLocalEmulators(); | ||
}); | ||
|
||
async function attemptUpdate( | ||
action: UpdateNotificationSettingsAction, | ||
token: string | null, | ||
) { | ||
return await fetchRoute(`/updateNotificationSettings?action=${action}`, { | ||
method: "GET", | ||
authorization: token ? { token } : undefined, | ||
followRedirects: false, | ||
}); | ||
} | ||
|
||
describe("/updateNotificationSettings", () => { | ||
test("fails without auth", async () => { | ||
const { status, body } = await attemptUpdate("unsubscribe", null); | ||
expect(status).toBe(401); | ||
expect(body).toBeUndefined(); | ||
}); | ||
|
||
test("fails with invalid auth", async () => { | ||
const { status, body } = await attemptUpdate("unsubscribe", "invalid"); | ||
expect(status).toBe(401); | ||
expect(body).toBeUndefined(); | ||
}); | ||
|
||
test("unsubscribes", async () => { | ||
await setupAuthToken("test", "testUserID"); | ||
const { status, body } = await attemptUpdate("unsubscribe", "test"); | ||
expect(status).toBe(302); | ||
expect(body).toBeUndefined(); | ||
|
||
const metadata = await getTestUserMetadata("testUserID"); | ||
expect(metadata!.isUnsubscribedFromSessionNotifications).toBe(true); | ||
}); | ||
|
||
test("snoozes", async () => { | ||
await setupAuthToken("test", "testUserID"); | ||
const { status, body } = await attemptUpdate("snooze1Week", "test"); | ||
expect(status).toBe(302); | ||
expect(body).toBeUndefined(); | ||
|
||
const metadata = await getTestUserMetadata("testUserID"); | ||
expect(metadata!.isUnsubscribedFromSessionNotifications).toBe(false); | ||
expect( | ||
metadata!.snoozeSessionNotificationsUntilTimestampMillis, | ||
).toBeGreaterThan(Date.now()); | ||
}); | ||
|
||
test("unsubscribing then snoozing resubscribes", async () => { | ||
await setupAuthToken("test", "testUserID"); | ||
await attemptUpdate("unsubscribe", "test"); | ||
await attemptUpdate("snooze1Week", "test"); | ||
const metadata = await getTestUserMetadata("testUserID"); | ||
expect(metadata!.isUnsubscribedFromSessionNotifications).toBe(false); | ||
}); | ||
|
||
test("fails for unknown action", async () => { | ||
await setupAuthToken("test"); | ||
// @ts-ignore | ||
const { status, body } = await attemptUpdate("invalid", "test"); | ||
expect(status).toBe(400); | ||
expect(body).toBeUndefined(); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.