OAuth token tests

N2D4 · N2D4 · commit 5072f1489171 · 2024-08-10T09:45:47.000-07:00
diff --git a/apps/backend/src/oauth/model.tsx b/apps/backend/src/oauth/model.tsx
@@ -104,9 +104,19 @@ export class OAuthModel implements AuthorizationCodeModel {
     token.client = client;
     token.user = user;
     return {
-      ...token,
+      accessToken: token.accessToken,
+      accessTokenExpiresAt: token.accessTokenExpiresAt,
+      refreshToken: token.refreshToken,
+      refreshTokenExpiresAt: token.refreshTokenExpiresAt,
+      scope: token.scope,
+      client: token.client,
+      user: token.user,
+
+      // TODO remove deprecated camelCase properties
       newUser: user.newUser,
+      is_new_user: user.newUser,
       afterCallbackRedirectUrl: user.afterCallbackRedirectUrl,
+      after_callback_redirect_url: user.afterCallbackRedirectUrl,
     };
   }
 
diff --git a/apps/e2e/tests/backend/backend-helpers.ts b/apps/e2e/tests/backend/backend-helpers.ts
@@ -1,6 +1,7 @@
 import { generateSecureRandomString } from "@stackframe/stack-shared/dist/utils/crypto";
 import { StackAssertionError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
 import { filterUndefined } from "@stackframe/stack-shared/dist/utils/objects";
+import { camelCaseToSnakeCase } from "@stackframe/stack-shared/dist/utils/strings";
 import { expect } from "vitest";
 import { Context, Mailbox, NiceRequestInit, NiceResponse, STACK_BACKEND_BASE_URL, STACK_INTERNAL_PROJECT_ADMIN_KEY, STACK_INTERNAL_PROJECT_CLIENT_KEY, STACK_INTERNAL_PROJECT_ID, STACK_INTERNAL_PROJECT_SERVER_KEY, createMailbox, localRedirectUrl, niceFetch, updateCookiesFromResponse } from "../helpers";
 
@@ -52,7 +53,7 @@ function expectSnakeCase(obj: unknown, path: string): void {
     }
   } else {
     for (const [key, value] of Object.entries(obj)) {
-      if (key.match(/[a-z0-9][A-Z][a-z0-9]+/) && !key.includes("_")) {
+      if (key.match(/[a-z0-9][A-Z][a-z0-9]+/) && !key.includes("_") && !["newUser", "afterCallbackRedirectUrl"].includes(key)) {
         throw new StackAssertionError(`Object has camelCase key (expected snake case): ${path}.${key}`);
       }
       expectSnakeCase(value, `${path}.${key}`);
@@ -438,6 +439,58 @@ export namespace Auth {
         authorizationCode: outerCallbackUrl.searchParams.get("code")!,
       };
     }
+
+    export async function signIn() {
+      const getAuthorizationCodeResult = await Auth.OAuth.getAuthorizationCode();
+
+      const projectKeys = backendContext.value.projectKeys;
+      if (projectKeys === "no-project") throw new Error("No project keys found in the backend context");
+
+      const tokenResponse = await niceBackendFetch("/api/v1/auth/oauth/token", {
+        method: "POST",
+        accessType: "client",
+        body: {
+          client_id: projectKeys.projectId,
+          client_secret: projectKeys.publishableClientKey ?? throwErr("No publishable client key found in the backend context"),
+          code: getAuthorizationCodeResult.authorizationCode,
+          redirect_uri: localRedirectUrl,
+          code_verifier: "some-code-challenge",
+          grant_type: "authorization_code",
+        },
+      });
+      expect(tokenResponse).toMatchInlineSnapshot(`
+        NiceResponse {
+          "status": 200,
+          "body": {
+            "access_token": <stripped field 'access_token'>,
+            "afterCallbackRedirectUrl": null,
+            "after_callback_redirect_url": null,
+            "expires_in": 3599,
+            "is_new_user": true,
+            "newUser": true,
+            "refresh_token": <stripped field 'refresh_token'>,
+            "scope": "legacy",
+            "token_type": "Bearer",
+          },
+          "headers": Headers {
+            "pragma": "no-cache",
+            <some fields may have been hidden>,
+          },
+        }
+      `);
+
+      backendContext.set({
+        userAuth: {
+          accessToken: tokenResponse.body.access_token,
+          refreshToken: tokenResponse.body.refresh_token,
+        },
+      });
+
+      return {
+        ...getAuthorizationCodeResult,
+        tokenResponse,
+      };
+    }
   }
 }
 
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/auth/oauth/token.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/auth/oauth/token.test.ts
@@ -0,0 +1,76 @@
+
+import { describe } from "vitest";
+import { it } from "../../../../../../helpers";
+import { Auth, niceBackendFetch } from "../../../../../backend-helpers";
+
+describe("with grant_type === 'authorization_code'", async () => {
+  it("should sign in a user when called as part of the OAuth flow", async ({ expect }) => {
+    const response = await Auth.OAuth.signIn();
+    expect(response.tokenResponse).toMatchInlineSnapshot(`
+      NiceResponse {
+        "status": 200,
+        "body": {
+          "access_token": <stripped field 'access_token'>,
+          "afterCallbackRedirectUrl": null,
+          "after_callback_redirect_url": null,
+          "expires_in": 3599,
+          "is_new_user": true,
+          "newUser": true,
+          "refresh_token": <stripped field 'refresh_token'>,
+          "scope": "legacy",
+          "token_type": "Bearer",
+        },
+        "headers": Headers {
+          "pragma": "no-cache",
+          <some fields may have been hidden>,
+        },
+      }
+    `);
+    await Auth.expectToBeSignedIn();
+    const meResponse = await niceBackendFetch("/api/v1/users/me", { accessType: "client" });
+    expect(meResponse).toMatchInlineSnapshot(`
+      NiceResponse {
+        "status": 200,
+        "body": {
+          "auth_methods": [
+            {
+              "provider": {
+                "provider_user_id": "<stripped UUID>@stack-generated.example.com",
+                "type": "facebook",
+              },
+              "type": "oauth",
+            },
+          ],
+          "auth_with_email": false,
+          "client_metadata": null,
+          "connected_accounts": [
+            {
+              "provider": {
+                "provider_user_id": "<stripped UUID>@stack-generated.example.com",
+                "type": "facebook",
+              },
+              "type": "oauth",
+            },
+          ],
+          "display_name": null,
+          "has_password": false,
+          "id": "<stripped UUID>",
+          "oauth_providers": [
+            {
+              "account_id": "<stripped UUID>@stack-generated.example.com",
+              "email": "<stripped UUID>@stack-generated.example.com",
+              "id": "facebook",
+            },
+          ],
+          "primary_email": "<stripped UUID>@stack-generated.example.com",
+          "primary_email_verified": false,
+          "profile_image_url": null,
+          "selected_team": null,
+          "selected_team_id": null,
+          "signed_up_at_millis": <stripped field 'signed_up_at_millis'>,
+        },
+        "headers": Headers { <some fields may have been hidden> },
+      }
+    `);
+  });
+});
diff --git a/packages/stack-shared/src/interface/clientInterface.ts b/packages/stack-shared/src/interface/clientInterface.ts
@@ -685,7 +685,7 @@ export class StackClientInterface {
     return {
       accessToken: result.access_token,
       refreshToken: result.refresh_token,
-      newUser: result.new_user,
+      newUser: result.is_new_user,
     };
   }
 
@@ -782,8 +782,8 @@ export class StackClientInterface {
       throw new StackAssertionError("Outer OAuth error during authorization code response", { result });
     }
     return {
-      newUser: result.newUser as boolean,
-      afterCallbackRedirectUrl: result.afterCallbackRedirectUrl as string | undefined,
+      newUser: result.is_new_user as boolean,
+      afterCallbackRedirectUrl: result.after_callback_redirect_url as string | undefined,
       accessToken: result.access_token,
       refreshToken: result.refresh_token ?? throwErr("Refresh token not found in outer OAuth response"),
     };
