feat: add support for strict options (adrien2p#84)

* feat: add support for strict options * chore: Make strict optional * feat: update strict values * more tests * update docs * update last tests * lint
xponential-asia · Jun 26, 2023 · 3e18cb3 · 3e18cb3
1 parent d1642cc
commit 3e18cb3
Show file tree

Hide file tree

Showing 36 changed files with 1,613 additions and 617 deletions.
diff --git a/docs/pages/authentication/auth0.mdx b/docs/pages/authentication/auth0.mdx
@@ -35,6 +35,7 @@ newly added plugins. To do so here are the steps
     {
         resolve: "medusa-plugin-auth",
         options: {
+            // strict: "all", // or "none" or "store" or "admin"
             auth0: {
                 clientID: Auth0ClientId,
                 clientSecret: Auth0ClientSecret,
@@ -84,7 +85,7 @@ newly added plugins. To do so here are the steps
 
 ### Default behaviour
 
-The default `verifyCallback` flow looks as follow,
+The default `verifyCallback` flow looks as follow (unless the `strict` option is changed to `none` or `store` or `admin` depending on the targeted domain)
 - for the `admin`
     - if the user trying to authenticate exists
         - then we are looking in the metadata to find if the strategy identifier is present in `authProvider`.

diff --git a/docs/pages/authentication/azureoidc.mdx b/docs/pages/authentication/azureoidc.mdx
@@ -37,6 +37,7 @@ newly added plugins. To do so here are the steps
         resolve: "medusa-plugin-auth",
         options: {
             azure_oidc: {
+                // strict: "all", // or "none" or "store" or "admin"
                 admin: {
 					identityMetadata: AzureIdentityMetadata,
 					clientID: AzureClientId,
@@ -115,7 +116,7 @@ It has only been tested with default options. As of now only ResponseType.Code a
 
 ### Default behaviour
 
-The default `verifyCallback` flow looks as follow,
+The default `verifyCallback` flow looks as follow (unless the `strict` option is changed to `none` or `store` or `admin` depending on the targeted domain)
 - for the `admin`
     - if the user trying to authenticate exists
         - then we are looking in the metadata to find if the strategy identifier is present in `authProvider`.

diff --git a/docs/pages/authentication/facebook.mdx b/docs/pages/authentication/facebook.mdx
@@ -34,6 +34,7 @@ newly added plugins. To do so here are the steps
     {
         resolve: "medusa-plugin-auth",
         options: {
+            // strict: "all", // or "none" or "store" or "admin"
             facebook: {
                 clientID: FacebookClientId,
                 clientSecret: FacebookClientSecret,
@@ -90,7 +91,7 @@ newly added plugins. To do so here are the steps
 
 ### Default behaviour
 
-The default `verifyCallback` flow looks as follow,
+The default `verifyCallback` flow looks as follow (unless the `strict` option is changed to `none` or `store` or `admin` depending on the targeted domain)
 - for the `admin`
     - if the user trying to authenticate exists
         - then we are looking in the metadata to find if the strategy identifier is present in `authProvider`.

diff --git a/docs/pages/authentication/firebase.mdx b/docs/pages/authentication/firebase.mdx
@@ -33,6 +33,7 @@ newly added plugins. To do so here are the steps
     {
         resolve: "medusa-plugin-auth",
         options: {
+            // strict: "all", // or "none" or "store" or "admin"
             firebase: {
                 credentialJsonPath: CredentialJsonPath,
 
@@ -78,7 +79,7 @@ newly added plugins. To do so here are the steps
 
 ### Default behaviour
 
-The default `verifyCallback` flow looks as follow,
+The default `verifyCallback` flow looks as follow (unless the `strict` option is changed to `none` or `store` or `admin` depending on the targeted domain)
 - for the `admin`
     - if the user trying to authenticate exists
         - then we are looking in the metadata to find if the strategy identifier is present in `authProvider`.

diff --git a/docs/pages/authentication/google.mdx b/docs/pages/authentication/google.mdx
@@ -34,6 +34,7 @@ newly added plugins. To do so here are the steps
     {
         resolve: "medusa-plugin-auth",
         options: {
+            // strict: "all", // or "none" or "store" or "admin"
             google: {
                 clientID: GoogleClientId,
                 clientSecret: GoogleClientSecret,
@@ -90,7 +91,7 @@ newly added plugins. To do so here are the steps
 
 ### Default behaviour
 
-The default `verifyCallback` flow looks as follow,
+The default `verifyCallback` flow looks as follow (unless the `strict` option is changed to `none` or `store` or `admin` depending on the targeted domain)
 - for the `admin`
     - if the user trying to authenticate exists
         - then we are looking in the metadata to find if the strategy identifier is present in `authProvider`.

diff --git a/docs/pages/authentication/linkedin.mdx b/docs/pages/authentication/linkedin.mdx
@@ -33,6 +33,7 @@ newly added plugins. To do so here are the steps
     ```js
     {
         resolve: "medusa-plugin-auth",
+        // strict: "all", // or "none" or "store" or "admin"
         options: {
             linkedin: {
                 clientID: LinkedinClientId,
@@ -90,7 +91,7 @@ newly added plugins. To do so here are the steps
 
 ### Default behaviour
 
-The default `verifyCallback` flow looks as follow,
+The default `verifyCallback` flow looks as follow (unless the `strict` option is changed to `none` or `store` or `admin` depending on the targeted domain)
 - for the `admin`
     - if the user trying to authenticate exists
         - then we are looking in the metadata to find if the strategy identifier is present in `authProvider`.

diff --git a/...ages/medusa-plugin-auth/src/auth-strategies/auth0/__tests__/admin/verify-callback.spec.ts b/...ages/medusa-plugin-auth/src/auth-strategies/auth0/__tests__/admin/verify-callback.spec.ts
@@ -60,66 +60,139 @@ describe('Auth0 admin strategy verify callback', function () {
 				return container_[name];
 			},
 		} as MedusaContainer;
-
-		auth0AdminStrategy = new Auth0AdminStrategy(
-			container,
-			{} as ConfigModule,
-			{
-				auth0Domain: 'fakeDomain',
-				clientID: 'fake',
-				clientSecret: 'fake',
-				admin: { callbackUrl: '/fakeCallbackUrl' },
-			} as Auth0Options
-		);
-	});
-
-	afterEach(() => {
-		jest.clearAllMocks();
-	});
-
-	it('should succeed', async () => {
-		profile = {
-			emails: [{ value: existsEmailWithProviderKey }],
-		};
-
-		const data = await auth0AdminStrategy.validate(req, accessToken, refreshToken, extraParams, profile);
-		expect(data).toEqual(
-			expect.objectContaining({
-				id: 'test2',
-			})
-		);
-	});
-
-	it('should fail when a user exists without the auth provider metadata', async () => {
-		profile = {
-			emails: [{ value: existsEmail }],
-		};
-
-		const err = await auth0AdminStrategy
-			.validate(req, accessToken, refreshToken, extraParams, profile)
-			.catch((err) => err);
-		expect(err).toEqual(new Error(`Admin with email ${existsEmail} already exists`));
 	});
 
-	it('should fail when a user exists with the wrong auth provider key', async () => {
-		profile = {
-			emails: [{ value: existsEmailWithWrongProviderKey }],
-		};
-
-		const err = await auth0AdminStrategy
-			.validate(req, accessToken, refreshToken, extraParams, profile)
-			.catch((err) => err);
-		expect(err).toEqual(new Error(`Admin with email ${existsEmailWithWrongProviderKey} already exists`));
+	describe('when strict is set to admin', function () {
+		beforeEach(() => {
+			auth0AdminStrategy = new Auth0AdminStrategy(
+				container,
+				{} as ConfigModule,
+				{
+					auth0Domain: 'fakeDomain',
+					clientID: 'fake',
+					clientSecret: 'fake',
+					admin: { callbackUrl: '/fakeCallbackUrl' },
+				} as Auth0Options,
+				'admin'
+			);
+		});
+
+		afterEach(() => {
+			jest.clearAllMocks();
+		});
+
+		it('should succeed', async () => {
+			profile = {
+				emails: [{ value: existsEmailWithProviderKey }],
+			};
+
+			const data = await auth0AdminStrategy.validate(req, accessToken, refreshToken, extraParams, profile);
+			expect(data).toEqual(
+				expect.objectContaining({
+					id: 'test2',
+				})
+			);
+		});
+
+		it('should fail when a user exists without the auth provider metadata', async () => {
+			profile = {
+				emails: [{ value: existsEmail }],
+			};
+
+			const err = await auth0AdminStrategy
+				.validate(req, accessToken, refreshToken, extraParams, profile)
+				.catch((err) => err);
+			expect(err).toEqual(new Error(`Admin with email ${existsEmail} already exists`));
+		});
+
+		it('should fail when a user exists with the wrong auth provider key', async () => {
+			profile = {
+				emails: [{ value: existsEmailWithWrongProviderKey }],
+			};
+
+			const err = await auth0AdminStrategy
+				.validate(req, accessToken, refreshToken, extraParams, profile)
+				.catch((err) => err);
+			expect(err).toEqual(new Error(`Admin with email ${existsEmailWithWrongProviderKey} already exists`));
+		});
+
+		it('should fail when the user does not exist', async () => {
+			profile = {
+				emails: [{ value: 'fake' }],
+			};
+
+			const err = await auth0AdminStrategy
+				.validate(req, accessToken, refreshToken, extraParams, profile)
+				.catch((err) => err);
+			expect(err).toEqual(new Error(`Unable to authenticate the user with the email fake`));
+		});
 	});
 
-	it('should fail when the user does not exist', async () => {
-		profile = {
-			emails: [{ value: 'fake' }],
-		};
-
-		const err = await auth0AdminStrategy
-			.validate(req, accessToken, refreshToken, extraParams, profile)
-			.catch((err) => err);
-		expect(err).toEqual(new Error(`Unable to authenticate the user with the email fake`));
+	describe('when strict is set for store only', function () {
+		beforeEach(() => {
+			auth0AdminStrategy = new Auth0AdminStrategy(
+				container,
+				{} as ConfigModule,
+				{
+					auth0Domain: 'fakeDomain',
+					clientID: 'fake',
+					clientSecret: 'fake',
+					admin: { callbackUrl: '/fakeCallbackUrl' },
+				} as Auth0Options,
+				'store'
+			);
+		});
+
+		afterEach(() => {
+			jest.clearAllMocks();
+		});
+
+		it('should succeed', async () => {
+			profile = {
+				emails: [{ value: existsEmailWithProviderKey }],
+			};
+
+			const data = await auth0AdminStrategy.validate(req, accessToken, refreshToken, extraParams, profile);
+			expect(data).toEqual(
+				expect.objectContaining({
+					id: 'test2',
+				})
+			);
+		});
+
+		it('should succeed when a user exists without the auth provider metadata', async () => {
+			profile = {
+				emails: [{ value: existsEmail }],
+			};
+
+			const data = await auth0AdminStrategy.validate(req, accessToken, refreshToken, extraParams, profile);
+			expect(data).toEqual({
+				accessToken: undefined,
+				id: 'test',
+			});
+		});
+
+		it('should succeed when a user exists with the wrong auth provider key', async () => {
+			profile = {
+				emails: [{ value: existsEmailWithWrongProviderKey }],
+			};
+
+			const data = await auth0AdminStrategy.validate(req, accessToken, refreshToken, extraParams, profile);
+			expect(data).toEqual({
+				accessToken: undefined,
+				id: 'test3',
+			});
+		});
+
+		it('should fail when the user does not exist', async () => {
+			profile = {
+				emails: [{ value: 'fake' }],
+			};
+
+			const err = await auth0AdminStrategy
+				.validate(req, accessToken, refreshToken, extraParams, profile)
+				.catch((err) => err);
+			expect(err).toEqual(new Error(`Unable to authenticate the user with the email fake`));
+		});
 	});
 });