Add comprehensive test suite for auth extension

jddunn · jddunn · commit 3f57cc16413d · 2025-11-14T13:30:56.000-08:00
diff --git a/registry/curated/auth/tests/JWTAuthAdapter.test.ts b/registry/curated/auth/tests/JWTAuthAdapter.test.ts
@@ -0,0 +1,178 @@
+/**
+ * @file Tests for JWTAuthAdapter
+ */
+
+import { describe, it, expect, beforeEach } from 'vitest';
+import { JWTAuthAdapter } from '../src/adapters/JWTAuthAdapter.js';
+
+describe('JWTAuthAdapter', () => {
+  let auth: JWTAuthAdapter;
+
+  beforeEach(() => {
+    auth = new JWTAuthAdapter({
+      jwtSecret: 'test-secret-key-for-testing',
+      jwtExpiresIn: '1h',
+      bcryptSaltRounds: 4, // Lower for faster tests
+    });
+  });
+
+  describe('Token Generation', () => {
+    it('should generate a valid JWT token', () => {
+      const token = auth.generateToken('user123');
+      expect(token).toBeTruthy();
+      expect(typeof token).toBe('string');
+      expect(token.split('.')).toHaveLength(3); // JWT has 3 parts
+    });
+
+    it('should include additional claims in token', () => {
+      const token = auth.generateToken('user123', {
+        email: 'test@example.com',
+        roles: ['admin'],
+        tier: 'pro',
+      });
+
+      const decoded = JSON.parse(
+        Buffer.from(token.split('.')[1], 'base64').toString()
+      );
+
+      expect(decoded.sub).toBe('user123');
+      expect(decoded.email).toBe('test@example.com');
+      expect(decoded.roles).toEqual(['admin']);
+      expect(decoded.tier).toBe('pro');
+    });
+  });
+
+  describe('Token Validation', () => {
+    it('should validate a valid token', async () => {
+      const token = auth.generateToken('user123', {
+        email: 'test@example.com',
+        tier: 'pro',
+      });
+
+      const user = await auth.validateToken(token);
+
+      expect(user).toBeTruthy();
+      expect(user?.id).toBe('user123');
+      expect(user?.email).toBe('test@example.com');
+      expect(user?.tier).toBe('pro');
+    });
+
+    it('should reject an invalid token', async () => {
+      const user = await auth.validateToken('invalid.token.here');
+      expect(user).toBeNull();
+    });
+
+    it('should reject an empty token', async () => {
+      const user = await auth.validateToken('');
+      expect(user).toBeNull();
+    });
+
+    it('should reject a token signed with wrong secret', async () => {
+      const otherAuth = new JWTAuthAdapter({ jwtSecret: 'different-secret' });
+      const token = otherAuth.generateToken('user123');
+
+      const user = await auth.validateToken(token);
+      expect(user).toBeNull();
+    });
+  });
+
+  describe('Token Revocation', () => {
+    it('should revoke a token', async () => {
+      const token = auth.generateToken('user123');
+
+      // Token should be valid initially
+      const user1 = await auth.validateToken(token);
+      expect(user1).toBeTruthy();
+
+      // Revoke the token
+      await auth.revokeToken(token);
+
+      // Token should now be invalid
+      const user2 = await auth.validateToken(token);
+      expect(user2).toBeNull();
+    });
+  });
+
+  describe('Token Refresh', () => {
+    it('should refresh a token within refresh window', async () => {
+      // Create auth with short expiry for testing
+      const shortAuth = new JWTAuthAdapter({
+        jwtSecret: 'test-secret',
+        jwtExpiresIn: '10s',
+        refreshWindow: 20, // 20 seconds
+        enableTokenRefresh: true,
+      });
+
+      const originalToken = shortAuth.generateToken('user123', {
+        email: 'test@example.com',
+      });
+
+      const newToken = await shortAuth.refreshToken(originalToken);
+
+      expect(newToken).toBeTruthy();
+      expect(newToken).not.toBe(originalToken);
+
+      // New token should be valid
+      const user = await shortAuth.validateToken(newToken!);
+      expect(user?.id).toBe('user123');
+      expect(user?.email).toBe('test@example.com');
+    });
+
+    it('should not refresh when disabled', async () => {
+      const noRefreshAuth = new JWTAuthAdapter({
+        jwtSecret: 'test-secret',
+        enableTokenRefresh: false,
+      });
+
+      const token = noRefreshAuth.generateToken('user123');
+      const refreshed = await noRefreshAuth.refreshToken(token);
+
+      expect(refreshed).toBeNull();
+    });
+  });
+
+  describe('Password Hashing', () => {
+    it('should hash a password', async () => {
+      const password = 'secure-password-123';
+      const hash = await auth.hashPassword(password);
+
+      expect(hash).toBeTruthy();
+      expect(hash).not.toBe(password);
+      expect(hash.startsWith('$2')).toBe(true); // BCrypt hashes start with $2
+    });
+
+    it('should verify correct password', async () => {
+      const password = 'secure-password-123';
+      const hash = await auth.hashPassword(password);
+
+      const isValid = await auth.verifyPassword(password, hash);
+      expect(isValid).toBe(true);
+    });
+
+    it('should reject incorrect password', async () => {
+      const password = 'secure-password-123';
+      const hash = await auth.hashPassword(password);
+
+      const isValid = await auth.verifyPassword('wrong-password', hash);
+      expect(isValid).toBe(false);
+    });
+
+    it('should handle invalid hash gracefully', async () => {
+      const isValid = await auth.verifyPassword('password', 'invalid-hash');
+      expect(isValid).toBe(false);
+    });
+  });
+
+  describe('Initialization', () => {
+    it('should initialize with config', async () => {
+      const newAuth = new JWTAuthAdapter({ jwtSecret: 'initial-secret' });
+
+      await newAuth.initialize({ jwtSecret: 'updated-secret' });
+
+      // Should use updated secret
+      const token = newAuth.generateToken('user123');
+      expect(token).toBeTruthy();
+    });
+  });
+});
+
diff --git a/registry/curated/auth/tests/SubscriptionAdapter.test.ts b/registry/curated/auth/tests/SubscriptionAdapter.test.ts
@@ -0,0 +1,167 @@
+/**
+ * @file Tests for SubscriptionAdapter
+ */
+
+import { describe, it, expect, beforeEach } from 'vitest';
+import { SubscriptionAdapter } from '../src/adapters/SubscriptionAdapter.js';
+
+describe('SubscriptionAdapter', () => {
+  let subscriptions: SubscriptionAdapter;
+
+  beforeEach(() => {
+    subscriptions = new SubscriptionAdapter({
+      defaultTier: 'free',
+      tiers: [
+        { name: 'free', level: 0, features: [], isActive: true },
+        { name: 'basic', level: 1, features: ['FEATURE_A'], isActive: true },
+        { name: 'pro', level: 2, features: ['FEATURE_A', 'FEATURE_B'], isActive: true },
+        { name: 'enterprise', level: 3, features: ['FEATURE_A', 'FEATURE_B', 'FEATURE_C'], isActive: true },
+      ],
+    });
+  });
+
+  describe('User Tier Management', () => {
+    it('should return default tier for new user', async () => {
+      const tier = await subscriptions.getUserSubscription('user123');
+
+      expect(tier).toBeTruthy();
+      expect(tier?.name).toBe('free');
+      expect(tier?.level).toBe(0);
+    });
+
+    it('should set and get user tier', async () => {
+      subscriptions.setUserTier('user123', 'pro');
+
+      const tier = await subscriptions.getUserSubscription('user123');
+      expect(tier?.name).toBe('pro');
+      expect(tier?.level).toBe(2);
+    });
+
+    it('should throw error for invalid tier', () => {
+      expect(() => {
+        subscriptions.setUserTier('user123', 'invalid-tier');
+      }).toThrow();
+    });
+
+    it('should return null for empty userId', async () => {
+      const tier = await subscriptions.getUserSubscription('');
+      expect(tier).toBeNull();
+    });
+  });
+
+  describe('Tier Information', () => {
+    it('should get tier by name', async () => {
+      const tier = await subscriptions.getTierByName('pro');
+
+      expect(tier).toBeTruthy();
+      expect(tier?.name).toBe('pro');
+      expect(tier?.level).toBe(2);
+      expect(tier?.features).toContain('FEATURE_A');
+      expect(tier?.features).toContain('FEATURE_B');
+    });
+
+    it('should return null for unknown tier', async () => {
+      const tier = await subscriptions.getTierByName('unknown');
+      expect(tier).toBeNull();
+    });
+
+    it('should list all tiers in order', async () => {
+      const tiers = await subscriptions.listTiers();
+
+      expect(tiers).toHaveLength(4);
+      expect(tiers[0].name).toBe('free');
+      expect(tiers[1].name).toBe('basic');
+      expect(tiers[2].name).toBe('pro');
+      expect(tiers[3].name).toBe('enterprise');
+
+      // Check they're sorted by level
+      for (let i = 1; i < tiers.length; i++) {
+        expect(tiers[i].level).toBeGreaterThan(tiers[i - 1].level);
+      }
+    });
+  });
+
+  describe('Feature Access', () => {
+    it('should allow access to feature in tier', async () => {
+      subscriptions.setUserTier('user123', 'pro');
+
+      const hasFeatureA = await subscriptions.validateAccess('user123', 'FEATURE_A');
+      const hasFeatureB = await subscriptions.validateAccess('user123', 'FEATURE_B');
+
+      expect(hasFeatureA).toBe(true);
+      expect(hasFeatureB).toBe(true);
+    });
+
+    it('should deny access to feature not in tier', async () => {
+      subscriptions.setUserTier('user123', 'basic');
+
+      const hasFeatureB = await subscriptions.validateAccess('user123', 'FEATURE_B');
+      expect(hasFeatureB).toBe(false);
+    });
+
+    it('should deny access for user with no tier', async () => {
+      const hasFeature = await subscriptions.validateAccess('', 'FEATURE_A');
+      expect(hasFeature).toBe(false);
+    });
+  });
+
+  describe('Tier Comparison', () => {
+    it('should validate user meets minimum tier', async () => {
+      subscriptions.setUserTier('user123', 'pro');
+
+      const meetsBasic = await subscriptions.validateTierAccess('user123', 'basic');
+      expect(meetsBasic).toBe(true);
+
+      const meetsPro = await subscriptions.validateTierAccess('user123', 'pro');
+      expect(meetsPro).toBe(true);
+    });
+
+    it('should reject user below minimum tier', async () => {
+      subscriptions.setUserTier('user123', 'basic');
+
+      const meetsPro = await subscriptions.validateTierAccess('user123', 'pro');
+      expect(meetsPro).toBe(false);
+    });
+
+    it('should handle unknown minimum tier', async () => {
+      subscriptions.setUserTier('user123', 'pro');
+
+      const result = await subscriptions.validateTierAccess('user123', 'unknown');
+      expect(result).toBe(false);
+    });
+  });
+
+  describe('Tier Management', () => {
+    it('should add new tier', async () => {
+      subscriptions.addTier({
+        name: 'custom',
+        level: 4,
+        features: ['FEATURE_CUSTOM'],
+        isActive: true,
+      });
+
+      const tier = await subscriptions.getTierByName('custom');
+      expect(tier).toBeTruthy();
+      expect(tier?.level).toBe(4);
+    });
+
+    it('should update existing tier', async () => {
+      subscriptions.addTier({
+        name: 'pro',
+        level: 2,
+        features: ['FEATURE_A', 'FEATURE_B', 'FEATURE_NEW'],
+        isActive: true,
+      });
+
+      const tier = await subscriptions.getTierByName('pro');
+      expect(tier?.features).toContain('FEATURE_NEW');
+    });
+  });
+
+  describe('Initialization', () => {
+    it('should initialize successfully', async () => {
+      await expect(subscriptions.initialize()).resolves.not.toThrow();
+    });
+  });
+});
+
diff --git a/registry/curated/auth/tests/integration.test.ts b/registry/curated/auth/tests/integration.test.ts
