CCM-10893 Utils and unit tests

Author: nicki-nhs

frontend/src/__tests__/utils/amplify-utils.test.ts

@@ -10,7 +10,13 @@ import {
 } from '../../utils/amplify-utils';
 
 jest.mock('aws-amplify/auth/server');
-jest.mock('@aws-amplify/adapter-nextjs/api');
+
+jest.mock('@aws-amplify/adapter-nextjs', () => ({
+  createServerRunner: () => ({
+    runWithAmplifyServerContext: async ({ operation }: any) => operation({}),
+  }),
+}));
+
 jest.mock('next/headers', () => ({
   cookies: () => ({
     getAll: jest.fn(),
@@ -27,7 +33,7 @@ describe('amplify-utils', () => {
     jest.resetAllMocks();
   });
 
-  test('getSessionServer - should return the auth token and clientID', async () => {
+  test('getSessionServer - should return the auth tokens and clientID', async () => {
     const mockAccessToken = {
       toString: () =>
         sign(
@@ -38,16 +44,24 @@ describe('amplify-utils', () => {
         ),
       payload: {},
     };
+    const mockIdToken = {
+      toString: () =>
+        sign({ ['nhs-notify:client-name']: 'client name' }, 'mockToken'),
+      payload: {},
+    };
+
     fetchAuthSessionMock.mockResolvedValueOnce({
       tokens: {
         accessToken: mockAccessToken,
+        idToken: mockIdToken,
       },
     });
 
     const result = await getSessionServer();
 
     expect(result).toEqual({
       accessToken: mockAccessToken.toString(),
+      idToken: mockIdToken.toString(),
       clientId: 'client1',
     });
   });
@@ -57,9 +71,16 @@ describe('amplify-utils', () => {
       toString: () => sign({}, 'mockToken'),
       payload: {},
     };
+    const mockIdToken = {
+      toString: () =>
+        sign({ ['nhs-notify:client-name']: 'client name' }, 'mockToken'),
+      payload: {},
+    };
+
     fetchAuthSessionMock.mockResolvedValueOnce({
       tokens: {
         accessToken: mockAccessToken,
+        idToken: mockIdToken,
       },
     });
 
@@ -73,7 +94,11 @@ describe('amplify-utils', () => {
 
     const result = await getSessionServer();
 
-    expect(result).toEqual({ accessToken: undefined });
+    expect(result).toEqual({
+      accessToken: undefined,
+      idToken: undefined,
+      clientId: undefined,
+    });
   });
 
   test('getSessionServer - should return undefined properties if an error occurs', async () => {
@@ -83,7 +108,11 @@ describe('amplify-utils', () => {
 
     const result = await getSessionServer();
 
-    expect(result).toEqual({ accessToken: undefined });
+    expect(result).toEqual({
+      accessToken: undefined,
+      idToken: undefined,
+      clientId: undefined,
+    });
   });
 
   describe('getSessionId', () => {

frontend/src/__tests__/utils/token-utils.test.ts

@@ -0,0 +1,137 @@
+/**
+ * @jest-environment node
+ */
+import { sign } from 'jsonwebtoken';
+import { decodeJwt, getClaim, getIdTokenClaims } from '@utils/token-utils';
+import { JWT } from 'aws-amplify/auth';
+
+describe('token-utils', () => {
+  describe('decodeJwt', () => {
+    it('decodes a valid JWT payload', () => {
+      const token = sign({ testKey: 'value', testNum: 1 }, 'secret');
+      const claims = decodeJwt(token);
+
+      expect(claims.testKey).toBe('value');
+      expect(claims.testNum).toBe(1);
+    });
+  });
+
+  describe('getClaim', () => {
+    it('returns a string when the claim exists (string)', () => {
+      const claims = { testKey: 'value' } as unknown as JWT['payload'];
+
+      expect(getClaim(claims, 'testKey')).toBe('value');
+    });
+
+    it('returns stringified value for non-strings', () => {
+      const claims = { num: 123, bool: true } as unknown as JWT['payload'];
+
+      expect(getClaim(claims, 'num')).toBe('123');
+      expect(getClaim(claims, 'bool')).toBe('true');
+    });
+
+    it('returns undefined when the claim is missing, null or undefined', () => {
+      const claims = { a: null, b: undefined } as unknown as JWT['payload'];
+
+      expect(getClaim(claims, 'missing')).toBeUndefined();
+      expect(getClaim(claims, 'a')).toBeUndefined();
+      expect(getClaim(claims, 'b')).toBeUndefined();
+    });
+  });
+
+  describe('getIdTokenClaims', () => {
+    it('includes clientName when present', () => {
+      const token = sign(
+        {
+          'nhs-notify:client-name': 'Test client',
+        },
+        'secret'
+      );
+
+      const claims = getIdTokenClaims(token);
+
+      expect(claims.clientName).toBe('Test client');
+    });
+
+    it('returns undefined clientName when no suitable claim exists', () => {
+      const token = sign({ displayName: 'Test name' }, 'secret');
+
+      const claims = getIdTokenClaims(token);
+
+      expect(claims.clientName).toBeUndefined();
+    });
+
+    it('prefers preferred_username as display name when present', () => {
+      const token = sign(
+        {
+          'nhs-notify:client-name': 'Test client',
+          preferred_username: 'Preferred Name',
+          display_name: 'Display Name',
+          given_name: 'Given',
+          family_name: 'Family',
+          email: '[email protected]',
+        },
+        'secret'
+      );
+
+      const claims = getIdTokenClaims(token);
+
+      expect(claims.displayName).toBe('Preferred Name');
+    });
+
+    it('falls back to display_name when preferred_username is missing', () => {
+      const token = sign(
+        {
+          'nhs-notify:client-name': 'Test client',
+          display_name: 'Display Name',
+          given_name: 'Given',
+          family_name: 'Family',
+          email: '[email protected]',
+        },
+        'secret'
+      );
+
+      const claims = getIdTokenClaims(token);
+
+      expect(claims.displayName).toBe('Display Name');
+    });
+
+    it('falls back to given_name + family_name when no preferred/display name', () => {
+      const token = sign(
+        {
+          given_name: 'Given',
+          family_name: 'Family',
+          email: '[email protected]',
+        },
+        'secret'
+      );
+
+      const claims = getIdTokenClaims(token);
+
+      expect(claims.clientName).toBeUndefined();
+      expect(claims.displayName).toBe('Given Family');
+    });
+
+    it('falls back to email when no preferred/display/full name', () => {
+      const token = sign(
+        {
+          email: '[email protected]',
+        },
+        'secret'
+      );
+
+      const claims = getIdTokenClaims(token);
+
+      expect(claims.clientName).toBeUndefined();
+      expect(claims.displayName).toBe('[email protected]');
+    });
+
+    it('returns undefined displayName when no suitable claim exists', () => {
+      const token = sign({ clientName: 'client' }, 'secret');
+
+      const claims = getIdTokenClaims(token);
+
+      expect(claims.displayName).toBeUndefined();
+    });
+  });
+});

frontend/src/utils/amplify-utils.ts

@@ -5,8 +5,8 @@
 import { cookies } from 'next/headers';
 import { createServerRunner } from '@aws-amplify/adapter-nextjs';
 import { fetchAuthSession } from 'aws-amplify/auth/server';
-import { FetchAuthSessionOptions, JWT } from 'aws-amplify/auth';
-import { jwtDecode } from 'jwt-decode';
+import { FetchAuthSessionOptions } from 'aws-amplify/auth';
+import { decodeJwt, getClaim } from './token-utils';
 
 const config = require('@/amplify_outputs.json');
 
@@ -20,8 +20,6 @@ export async function getSessionServer(
   accessToken?: string;
   idToken?: string;
   clientId?: string;
-  clientName?: string;
-  displayName?: string;
 }> {
   const session = await runWithAmplifyServerContext({
     nextServerContext: { cookies },
@@ -34,25 +32,14 @@ export async function getSessionServer(
   const clientId = accessToken && getClientId(accessToken);
 
   const idToken = session?.tokens?.idToken?.toString();
-  const idClaims = idToken ? getIdTokenClaims(idToken) : undefined;
 
   return {
     accessToken,
     idToken,
     clientId,
-    clientName: idClaims?.clientName,
-    displayName: idClaims?.displayName,
   };
 }
 
-export const getSessionId = async () => {
-  return getAccessTokenParam('origin_jti');
-};
-
-export const getClientId = (accessToken: string) => {
-  return getClaim(decodeJwt(accessToken), 'nhs-notify:client-id');
-};
-
 const getAccessTokenParam = async (key: string) => {
   const authSession = await getSessionServer();
   const accessToken = authSession.accessToken;
@@ -62,43 +49,10 @@ const getAccessTokenParam = async (key: string) => {
   return getClaim(decodeJwt(accessToken), key);
 };
 
-const decodeJwt = (token: string): JWT['payload'] =>
-  jwtDecode<JWT['payload']>(token);
-
-const getClaim = (claims: JWT['payload'], key: string): string | undefined => {
-  const value = claims[key];
-  return value != null ? String(value) : undefined;
+export const getSessionId = async () => {
+  return getAccessTokenParam('origin_jti');
 };
 
-const getIdTokenClaims = (
-  idToken: string
-): {
-  clientName?: string;
-  displayName?: string;
-} => {
-  const claims = decodeJwt(idToken);
-
-  const clientName = getClaim(claims, 'nhs-notify:client-name');
-
-  let displayName;
-
-  const preferredUsername =
-    getClaim(claims, 'preferred_username') || getClaim(claims, 'display_name');
-
-  if (preferredUsername) displayName = preferredUsername;
-  else {
-    const givenName = getClaim(claims, 'given_name');
-    const familyName = getClaim(claims, 'family_name');
-
-    if (givenName && familyName) displayName = `${givenName} ${familyName}`;
-    else {
-      const email = getClaim(claims, 'email');
-      if (email) displayName = email;
-    }
-  }
-
-  return {
-    clientName,
-    displayName,
-  };
+export const getClientId = (accessToken: string) => {
+  return getClaim(decodeJwt(accessToken), 'nhs-notify:client-id');
 };

frontend/src/utils/token-utils.ts

@@ -0,0 +1,43 @@
+import { jwtDecode } from "jwt-decode";
+import { JWT } from "aws-amplify/auth";
+
+export const decodeJwt = (token: string): JWT['payload'] =>
+  jwtDecode<JWT['payload']>(token);
+
+export const getClaim = (claims: JWT['payload'], key: string): string | undefined => {
+  const value = claims[key];
+  return value != null ? String(value) : undefined;
+};
+
+export const getIdTokenClaims = (
+  idToken: string
+): {
+  clientName?: string;
+  displayName?: string;
+} => {
+  const claims = decodeJwt(idToken);
+
+  const clientName = getClaim(claims, 'nhs-notify:client-name');
+
+  let displayName;
+
+  const preferredUsername =
+    getClaim(claims, 'preferred_username') || getClaim(claims, 'display_name');
+
+  if (preferredUsername) displayName = preferredUsername;
+  else {
+    const givenName = getClaim(claims, 'given_name');
+    const familyName = getClaim(claims, 'family_name');
+
+    if (givenName && familyName) displayName = `${givenName} ${familyName}`;
+    else {
+      const email = getClaim(claims, 'email');
+      if (email) displayName = email;
+    }
+  }
+
+  return {
+    clientName,
+    displayName,
+  };
+};