swaf/test/AuthenticationApprovalMode.test.ts

import querystring from "querystring";
import supertest from "supertest";

import User from "../src/auth/models/User.js";
import UserApprovedComponent from "../src/auth/models/UserApprovedComponent.js";
import useApp from "./_app.js";
import {authAppProvider, followMagicLinkFromMail} from "./_authentication_common.js";
import {popEmail} from "./_mail_server.js";

const app = useApp(authAppProvider(true, true));

let agent: supertest.SuperTest<supertest.Test>;

beforeAll(() => {
    agent = supertest(app().getExpressApp());
});

test('Approval Mode', () => {
    expect(User.isApprovalMode()).toStrictEqual(true);
});

describe('Register with username and password (password)', () => {
    let cookies: string[];
    let csrf: string;

    test('General case', async () => {
        const res = await agent.get('/csrf').expect(200);
        cookies = res.get('Set-Cookie');
        csrf = res.text;

        // Register user
        await agent.post('/auth/register')
            .set('Cookie', cookies)
            .send({
                csrf: csrf,
                auth_method: 'password',
                identifier: 'entrapta2',
                password: 'darla_is_cute',
                password_confirmation: 'darla_is_cute',
                terms: 'on',
            })
            .expect(302)
            .expect('Location', '/auth/');

        // Verify saved user
        const user = await User.select()
            .where('name', 'entrapta2')
            .first();

        expect(user).toBeDefined();
        expect(user?.isApproved()).toBeFalsy();
        expect(user?.as(UserApprovedComponent).approved).toBeFalsy();

        // Proof must be revoked
        await agent.get('/has-any-password-auth-proof')
            .set('Cookie', cookies)
            .expect(404);

        await popEmail();
    });
});

describe('Register with email (magic_link)', () => {
    test('General case', async () => {
        const res = await agent.get('/csrf').expect(200);
        const cookies = res.get('Set-Cookie');
        const csrf = res.text;

        await agent.post('/auth/register?' + querystring.stringify({redirect_uri: '/redirect-uri'}))
            .set('Cookie', cookies)
            .send({
                csrf: csrf,
                auth_method: 'magic_link',
                identifier: 'glimmer2@example.org',
                name: 'glimmer2',
            })
            .expect(302)
            .expect('Location', '/magic/lobby?redirect_uri=%2Fredirect-uri');

        await followMagicLinkFromMail(agent, cookies, '/auth/');

        // Verify saved user
        const user = await User.select()
            .with('mainEmail')
            .where('name', 'glimmer2')
            .first();

        expect(user).toBeDefined();

        const email = user?.mainEmail.getOrFail();
        expect(email).toBeDefined();

        expect(user?.isApproved()).toBeFalsy();
        expect(user?.as(UserApprovedComponent).approved).toBeFalsy();

        // Proof must be revoked
        await agent.get('/has-any-magic-link')
            .set('Cookie', cookies)
            .expect(404);

        await popEmail();
    });
});


describe('Authenticate with username and password (password)', () => {
    test('Force auth_method', async () => {
        const res = await agent.get('/csrf').expect(200);
        const cookies = res.get('Set-Cookie');
        const csrf = res.text;

        // Not authenticated
        await agent.get('/is-auth').set('Cookie', cookies).expect(401);

        // Authenticate
        await agent.post('/auth/login?' + querystring.stringify({redirect_uri: '/redirect-uri'}))
            .set('Cookie', cookies)
            .send({
                csrf: csrf,
                identifier: 'entrapta2',
                password: 'darla_is_cute',
                auth_method: 'password',
            })
            .expect(302)
            .expect('Location', '/auth/');

        // Proof must be revoked
        await agent.get('/has-any-password-auth-proof')
            .set('Cookie', cookies)
            .expect(404);
    });
});

describe('Authenticate with email (magic_link)', () => {
    test('Force auth_method', async () => {
        const res = await agent.get('/csrf').expect(200);
        const cookies = res.get('Set-Cookie');
        const csrf = res.text;

        // Not authenticated
        await agent.get('/is-auth').set('Cookie', cookies).expect(401);

        // Authenticate
        await agent.post('/auth/login?' + querystring.stringify({redirect_uri: '/redirect-uri'}))
            .accept('json')
            .set('Cookie', cookies)
            .send({
                csrf: csrf,
                identifier: 'glimmer2@example.org',
                auth_method: 'magic_link',
            })
            .expect(302)
            .expect('Location', '/magic/lobby?redirect_uri=%2Fredirect-uri');

        await followMagicLinkFromMail(agent, cookies, '/auth/');

        // Proof must be revoked
        await agent.get('/has-any-magic-link')
            .set('Cookie', cookies)
            .expect(404);
    });
});