refactor(api): fix unit tests for oidc-authentication-service

1024pix · Mar 6, 2025 · 9f39809 · 9f39809
1 parent bddfb4a
commit 9f39809
Show file tree

Hide file tree

Showing 5 changed files with 263 additions and 237 deletions.
diff --git a/api/src/identity-access-management/domain/services/oidc-authentication-service.js b/api/src/identity-access-management/domain/services/oidc-authentication-service.js
@@ -30,7 +30,8 @@ const defaultSessionTemporaryStorage = temporaryStorage.withPrefix('oidc-session
 export class OidcAuthenticationService {
   #isReady = false;
   #isReadyForPixAdmin = false;
-  #oidcClientConfig = null;
+  #openIdClient;
+  #oidcClientConfig; // TODO: À modifier en openIdClientConfig
 
   constructor(
     {
@@ -55,7 +56,7 @@ export class OidcAuthenticationService {
       isVisible = true,
       claimMapping,
     },
-    { sessionTemporaryStorage = defaultSessionTemporaryStorage } = {},
+    { sessionTemporaryStorage = defaultSessionTemporaryStorage, openIdClient = client } = {},
   ) {
     this.accessTokenLifespanMs = ms(accessTokenLifespan);
     this.additionalRequiredProperties = additionalRequiredProperties;
@@ -76,6 +77,7 @@ export class OidcAuthenticationService {
     this.slug = slug;
     this.source = source;
     this.isVisible = isVisible;
+    this.#openIdClient = openIdClient;
 
     claimMapping = claimMapping || DEFAULT_CLAIM_MAPPING;
 
@@ -125,7 +127,7 @@ export class OidcAuthenticationService {
         ...this.openidClientExtraMetadata,
       };
 
-      this.#oidcClientConfig = await client.discovery(this.openidConfigurationUrl, this.clientId, metadata);
+      this.#oidcClientConfig = await this.#openIdClient.discovery(this.openidConfigurationUrl, this.clientId, metadata);
     } catch (error) {
       logger.error(`OIDC Provider "${this.identityProvider}" is UNAVAILABLE: ${error}`);
     }
@@ -158,7 +160,7 @@ export class OidcAuthenticationService {
       const checks = { nonce, state: sessionState };
       const tokenEndpointParameters = { code, state, iss };
 
-      tokenSet = await client.authorizationCodeGrant(
+      tokenSet = await this.#openIdClient.authorizationCodeGrant(
         this.#oidcClientConfig,
         this.redirectUri,
         checks,
@@ -190,7 +192,7 @@ export class OidcAuthenticationService {
 
   getAuthorizationUrl() {
     const state = randomUUID();
-    const nonce = randomUUID(); // TODO: client.randomNonce() ?
+    const nonce = randomUUID(); // TODO: this.#openIdClient.randomNonce() ?
 
     let redirectTarget;
 
@@ -203,7 +205,7 @@ export class OidcAuthenticationService {
         ...this.extraAuthorizationUrlParameters,
       };
 
-      redirectTarget = client.buildAuthorizationUrl(this.#oidcClientConfig, parameters);
+      redirectTarget = this.#openIdClient.buildAuthorizationUrl(this.#oidcClientConfig, parameters);
     } catch (error) {
       _monitorOidcError(error.message, {
         data: { organizationName: this.organizationName },
@@ -273,7 +275,7 @@ export class OidcAuthenticationService {
     }
 
     try {
-      const endSessionUrl = client.buildEndSessionUrl(this.#oidcClientConfig, parameters);
+      const endSessionUrl = this.#openIdClient.buildEndSessionUrl(this.#oidcClientConfig, parameters);
 
       await this.sessionTemporaryStorage.delete(key);
 
@@ -292,11 +294,7 @@ export class OidcAuthenticationService {
     let userInfo;
 
     try {
-      userInfo = await client.fetchUserInfo(
-        this.#oidcClientConfig,
-        accessToken,
-        expectedSubject || client.skipSubjectCheck,
-      );
+      userInfo = await this.#openIdClient.fetchUserInfo(this.#oidcClientConfig, accessToken, expectedSubject);
     } catch (error) {
       _monitorOidcError(error.message, {
         data: { organizationName: this.organizationName },

diff --git a/...c-authentication-service-registry_test.js → ...c-authentication-service-registry.test.js b/...c-authentication-service-registry_test.js → ...c-authentication-service-registry.test.js