/
email.test.ts
59 lines (52 loc) · 1.58 KB
/
email.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import { createCSRF, handler } from "./lib"
import EmailProvider from "../src/providers/email"
const originalEmail = "balazs@email.com"
test.each([
[originalEmail, `,<a href="example.com">Click here!</a>`],
[originalEmail, ""],
])("Sanitize email", async (emailOriginal, emailCompromised) => {
const sendEmail = jest.fn()
const { secret, csrf } = createCSRF()
const email = {
original: emailOriginal,
compromised: `${emailOriginal}${emailCompromised}`,
}
const { res } = await handler(
{
providers: [EmailProvider({ sendVerificationRequest: sendEmail })],
adapter: {
getUserByEmail: (email) => ({ id: "1", email, emailVerified: null }),
createVerificationToken: (token) => token,
} as any,
secret,
},
{
prod: true,
path: "signin/email",
requestInit: {
method: "POST",
body: JSON.stringify({
email: email.compromised,
csrfToken: csrf.value,
}),
headers: { "Content-Type": "application/json", Cookie: csrf.cookie },
},
}
)
if (!emailCompromised) {
expect(res.redirect).toBe(
"http://localhost:3000/api/auth/verify-request?provider=email&type=email"
)
expect(sendEmail).toHaveBeenCalledWith(
expect.objectContaining({
identifier: email.original,
token: expect.any(String),
})
)
} else {
expect(res.redirect).not.toContain("error=EmailSignin")
const emailTo = sendEmail.mock.calls[0][0].identifier
expect(emailTo).not.toBe(email.compromised)
expect(emailTo).toBe(email.original)
}
})