Deploy to production

__test__/auth/CachingRepositoryAccessReaderConfig.ts → __test__/auth/CachingRepositoryAccessReaderConfig.test.ts

@@ -1,9 +1,9 @@
-import { CachingRepositoryAccessReaderConfig } from "../../src/features/auth/domain"
+import { CachingRepositoryAccessReader } from "../../src/features/auth/domain"
 
 test("It fetches repository names for user if they are not cached", async () => {
   let didFetchRepositoryNames = false
   let requestedUserId: string | undefined
-  const sut = new CachingRepositoryAccessReaderConfig({
+  const sut = new CachingRepositoryAccessReader({
     repository: {
       async get() {
         return null
@@ -27,7 +27,7 @@ test("It fetches repository names for user if they are not cached", async () =>
 
 test("It does not fetch repository names if they are cached", async () => {
   let didFetchRepositoryNames = false
-  const sut = new CachingRepositoryAccessReaderConfig({
+  const sut = new CachingRepositoryAccessReader({
     repository: {
       async get() {
         return "[\"foo\"]"
@@ -50,16 +50,16 @@ test("It does not fetch repository names if they are cached", async () => {
 test("It caches fetched repository names for user", async () => {
   let cachedUserId: string | undefined
   let cachedRepositoryNames: string | undefined
-  const sut = new CachingRepositoryAccessReaderConfig({
+  const sut = new CachingRepositoryAccessReader({
     repository: {
       async get() {
         return null
       },
-      async set(userId, value) {
+      async set() {},
+      async setExpiring(userId: string, value: string) {
         cachedUserId = userId
         cachedRepositoryNames = value
       },
-      async setExpiring() {},
       async delete() {}
     },
     repositoryAccessReader: {
@@ -74,7 +74,7 @@ test("It caches fetched repository names for user", async () => {
 })
 
 test("It decodes cached repository names", async () => {
-  const sut = new CachingRepositoryAccessReaderConfig({
+  const sut = new CachingRepositoryAccessReader({
     repository: {
       async get() {
         return "[\"foo\",\"bar\"]"

__test__/auth/GitHubOrganizationSessionValidator.test.ts

@@ -0,0 +1,83 @@
+import { 
+  GitHubOrganizationSessionValidator,
+  SessionValidity
+ } from "../../src/features/auth/domain"
+
+test("It requests organization membership status for the specified organization", async () => {
+  let queriedOrganizationName: string | undefined
+  const sut = new GitHubOrganizationSessionValidator({
+    acceptedOrganization: "foo",
+    organizationMembershipStatusReader: {
+      async getOrganizationMembershipStatus(request) {
+        queriedOrganizationName = request.organizationName
+        return { state: "active" }
+      }
+    }
+  })
+  await sut.validateSession()
+  expect(queriedOrganizationName).toBe("foo")
+})
+
+test("It considers session valid when membership state is \"active\"", async () => {
+  const sut = new GitHubOrganizationSessionValidator({
+    acceptedOrganization: "foo",
+    organizationMembershipStatusReader: {
+      async getOrganizationMembershipStatus() {
+        return { state: "active" }
+      }
+    }
+  })
+  const sessionValidity = await sut.validateSession()
+  expect(sessionValidity).toEqual(SessionValidity.VALID)
+})
+
+test("It considers user not to be part of the organization when membership state is \"pending\"", async () => {
+  const sut = new GitHubOrganizationSessionValidator({
+    acceptedOrganization: "foo",
+    organizationMembershipStatusReader: {
+      async getOrganizationMembershipStatus() {
+        return { state: "pending" }
+      }
+    }
+  })
+  const sessionValidity = await sut.validateSession()
+  expect(sessionValidity).toEqual(SessionValidity.OUTSIDE_GITHUB_ORGANIZATION)
+})
+
+test("It considers user not to be part of the organization when receiving HTTP 404", async () => {
+  const sut = new GitHubOrganizationSessionValidator({
+    acceptedOrganization: "foo",
+    organizationMembershipStatusReader: {
+      async getOrganizationMembershipStatus() {
+        throw { status: 404, message: "User is not member of organization"}
+      }
+    }
+  })
+  const sessionValidity = await sut.validateSession()
+  expect(sessionValidity).toEqual(SessionValidity.OUTSIDE_GITHUB_ORGANIZATION)
+})
+
+test("It considers organization to have blocked the GitHub app when receiving HTTP 403", async () => {
+  const sut = new GitHubOrganizationSessionValidator({
+    acceptedOrganization: "foo",
+    organizationMembershipStatusReader: {
+      async getOrganizationMembershipStatus() {
+        throw { status: 403, message: "Organization has blocked GitHub app"}
+      }
+    }
+  })
+  const sessionValidity = await sut.validateSession()
+  expect(sessionValidity).toEqual(SessionValidity.GITHUB_APP_BLOCKED)
+})
+
+test("It forwards error when getting membership status throws unknown error", async () => {
+  const sut = new GitHubOrganizationSessionValidator({
+    acceptedOrganization: "foo",
+    organizationMembershipStatusReader: {
+      async getOrganizationMembershipStatus() {
+        throw { status: 500 }
+      }
+    }
+  })
+  await expect(sut.validateSession()).rejects.toEqual({ status: 500 })
+})

__test__/auth/GuestAccessTokenRepository.test.ts

@@ -0,0 +1,52 @@
+import { GuestAccessTokenRepository } from "../../src/features/auth/domain"
+
+test("It reads access token for user", async () => {
+  let readUserId: string | undefined
+  const sut = new GuestAccessTokenRepository({
+    async get(userId) {
+      readUserId = userId
+      return "foo"
+    },
+    async setExpiring() {},
+    async delete() {}
+  })
+  const accessToken = await sut.get("1234")
+  expect(readUserId).toBe("1234")
+  expect(accessToken).toBe("foo")
+})
+
+test("It stores access token for user", async () => {
+  let storedUserId: string | undefined
+  let storedToken: string | undefined
+  let storedTimeToLive: number | undefined
+  const sut = new GuestAccessTokenRepository({
+    async get() {
+      return "foo"
+    },
+    async setExpiring(userId, token, timeToLive) {
+      storedUserId = userId
+      storedToken = token
+      storedTimeToLive = timeToLive
+    },
+    async delete(userId) {}
+  })
+  await sut.set("1234", "bar")
+  expect(storedUserId).toBe("1234")
+  expect(storedToken).toBe("bar")
+  expect(storedTimeToLive).toBeGreaterThan(0)
+})
+
+test("It deletes access token for user", async () => {
+  let deletedUserId: string | undefined
+  const sut = new GuestAccessTokenRepository({
+    async get() {
+      return "foo"
+    },
+    async setExpiring() {},
+    async delete(userId) {
+      deletedUserId = userId
+    }
+  })
+  await sut.delete("1234")
+  expect(deletedUserId).toBe("1234")
+})

__test__/auth/GuestAccessTokenService.test.ts

@@ -13,7 +13,7 @@ test("It gets the access token for the user", async () => {
         readUserId = userId
         return "foo"
       },
-      async setExpiring() {}
+      async set() {}
     },
     dataSource: {
       async getAccessToken() {
@@ -25,28 +25,3 @@ test("It gets the access token for the user", async () => {
   expect(readUserId).toBe("1234")
   expect(accessToken).toBe("foo")
 })
-
-test("It refreshes access token on demand when there is no cached access token", async () => {
-  let didRefreshAccessToken = false
-  const sut = new GuestAccessTokenService({
-    userIdReader: {
-      async getUserId() {
-        return "1234"
-      }
-    },
-    repository: {
-      async get() {
-        return null
-      },
-      async setExpiring() {}
-    },
-    dataSource: {
-      async getAccessToken() {
-        didRefreshAccessToken = true
-        return "foo"
-      }
-    }
-  })
-  await sut.getAccessToken()
-  expect(didRefreshAccessToken).toBeTruthy()
-})

__test__/auth/HostOnlySessionValidator.test.ts

@@ -0,0 +1,43 @@
+import {
+  HostOnlySessionValidator,
+  SessionValidity
+} from "../../src/features/auth/domain"
+
+test("It validates session when user is host", async () => {
+  let didValidateSession = false
+  const sut = new HostOnlySessionValidator({
+    isGuestReader: {
+      async getIsGuest() {
+        return false
+      }
+    },
+    sessionValidator: {
+      async validateSession() {
+        didValidateSession = true
+        return SessionValidity.VALID
+      },
+    }
+  })
+  await sut.validateSession()
+  expect(didValidateSession).toBeTruthy()
+})
+
+
+test("It does not validate session when user is guest", async () => {
+  let didValidateSession = false
+  const sut = new HostOnlySessionValidator({
+    isGuestReader: {
+      async getIsGuest() {
+        return true
+      }
+    },
+    sessionValidator: {
+      async validateSession() {
+        didValidateSession = true
+        return SessionValidity.VALID
+      },
+    }
+  })
+  await sut.validateSession()
+  expect(didValidateSession).toBeFalsy()
+})

__test__/auth/SessionValidity.test.ts

@@ -0,0 +1,28 @@
+import {
+  mergeSessionValidity,
+  SessionValidity
+} from "../../src/features/auth/domain"
+
+test("It returns invalid validity when left-hand side validity indicates that the session is invalid", async () => {
+  const sut = mergeSessionValidity(
+    SessionValidity.INVALID_ACCESS_TOKEN,
+    SessionValidity.VALID
+  )
+  expect(sut).toEqual(SessionValidity.INVALID_ACCESS_TOKEN)
+})
+
+test("It returns invalid validity when right-hand side validity indicates that the session is invalid", async () => {
+  const sut = mergeSessionValidity(
+    SessionValidity.VALID,
+    SessionValidity.INVALID_ACCESS_TOKEN
+  )
+  expect(sut).toEqual(SessionValidity.INVALID_ACCESS_TOKEN)
+})
+
+test("It returns valid validity when both validities indicate that the session is valid", async () => {
+  const sut = mergeSessionValidity(
+    SessionValidity.VALID,
+    SessionValidity.VALID
+  )
+  expect(sut).toEqual(SessionValidity.VALID)
+})