shrink tests

Author: ochafik

src/server/auth/handlers/token.test.ts

@@ -264,12 +264,14 @@ describe('Token Handler', () => {
     });
 
     it('returns tokens for valid code exchange', async () => {
+      const mockExchangeCode = jest.spyOn(mockProvider, 'exchangeAuthorizationCode');
       const response = await supertest(app)
         .post('/token')
         .type('form')
         .send({
           client_id: 'valid-client',
           client_secret: 'valid-secret',
+          resource: 'https://api.example.com/resource',
           grant_type: 'authorization_code',
           code: 'valid_code',
           code_verifier: 'valid_verifier'
@@ -280,24 +282,6 @@ describe('Token Handler', () => {
       expect(response.body.token_type).toBe('bearer');
       expect(response.body.expires_in).toBe(3600);
       expect(response.body.refresh_token).toBe('mock_refresh_token');
-    });
-
-    it('accepts and passes resource parameter to provider', async () => {
-      const mockExchangeCode = jest.spyOn(mockProvider, 'exchangeAuthorizationCode');
-      
-      const response = await supertest(app)
-        .post('/token')
-        .type('form')
-        .send({
-          client_id: 'valid-client',
-          client_secret: 'valid-secret',
-          grant_type: 'authorization_code',
-          code: 'valid_code',
-          code_verifier: 'valid_verifier',
-          resource: 'https://api.example.com/resource'
-        });
-
-      expect(response.status).toBe(200);
       expect(mockExchangeCode).toHaveBeenCalledWith(
         validClient,
         'valid_code',
@@ -465,12 +449,14 @@ describe('Token Handler', () => {
     });
 
     it('returns new tokens for valid refresh token', async () => {
+      const mockExchangeRefresh = jest.spyOn(mockProvider, 'exchangeRefreshToken');
       const response = await supertest(app)
         .post('/token')
         .type('form')
         .send({
           client_id: 'valid-client',
           client_secret: 'valid-secret',
+          resource: 'https://api.example.com/resource',
           grant_type: 'refresh_token',
           refresh_token: 'valid_refresh_token'
         });
@@ -480,39 +466,6 @@ describe('Token Handler', () => {
       expect(response.body.token_type).toBe('bearer');
       expect(response.body.expires_in).toBe(3600);
       expect(response.body.refresh_token).toBe('new_mock_refresh_token');
-    });
-
-    it('respects requested scopes on refresh', async () => {
-      const response = await supertest(app)
-        .post('/token')
-        .type('form')
-        .send({
-          client_id: 'valid-client',
-          client_secret: 'valid-secret',
-          grant_type: 'refresh_token',
-          refresh_token: 'valid_refresh_token',
-          scope: 'profile email'
-        });
-
-      expect(response.status).toBe(200);
-      expect(response.body.scope).toBe('profile email');
-    });
-
-    it('accepts and passes resource parameter to provider on refresh', async () => {
-      const mockExchangeRefresh = jest.spyOn(mockProvider, 'exchangeRefreshToken');
-      
-      const response = await supertest(app)
-        .post('/token')
-        .type('form')
-        .send({
-          client_id: 'valid-client',
-          client_secret: 'valid-secret',
-          grant_type: 'refresh_token',
-          refresh_token: 'valid_refresh_token',
-          resource: 'https://api.example.com/resource'
-        });
-
-      expect(response.status).toBe(200);
       expect(mockExchangeRefresh).toHaveBeenCalledWith(
         validClient,
         'valid_refresh_token',
@@ -521,48 +474,7 @@ describe('Token Handler', () => {
       );
     });
 
-    it('rejects invalid resource parameter (non-URL) on refresh', async () => {
-      const response = await supertest(app)
-        .post('/token')
-        .type('form')
-        .send({
-          client_id: 'valid-client',
-          client_secret: 'valid-secret',
-          grant_type: 'refresh_token',
-          refresh_token: 'valid_refresh_token',
-          resource: 'not-a-url'
-        });
-
-      expect(response.status).toBe(400);
-      expect(response.body.error).toBe('invalid_request');
-      expect(response.body.error_description).toContain('resource');
-    });
-
-    it('handles refresh token exchange without resource parameter', async () => {
-      const mockExchangeRefresh = jest.spyOn(mockProvider, 'exchangeRefreshToken');
-      
-      const response = await supertest(app)
-        .post('/token')
-        .type('form')
-        .send({
-          client_id: 'valid-client',
-          client_secret: 'valid-secret',
-          grant_type: 'refresh_token',
-          refresh_token: 'valid_refresh_token'
-        });
-
-      expect(response.status).toBe(200);
-      expect(mockExchangeRefresh).toHaveBeenCalledWith(
-        validClient,
-        'valid_refresh_token',
-        undefined, // scopes
-        undefined  // resource parameter
-      );
-    });
-
-    it('passes resource with scopes on refresh', async () => {
-      const mockExchangeRefresh = jest.spyOn(mockProvider, 'exchangeRefreshToken');
-      
+    it('respects requested scopes on refresh', async () => {
       const response = await supertest(app)
         .post('/token')
         .type('form')
@@ -571,17 +483,11 @@ describe('Token Handler', () => {
           client_secret: 'valid-secret',
           grant_type: 'refresh_token',
           refresh_token: 'valid_refresh_token',
-          scope: 'profile email',
-          resource: 'https://api.example.com/resource'
+          scope: 'profile email'
         });
 
       expect(response.status).toBe(200);
-      expect(mockExchangeRefresh).toHaveBeenCalledWith(
-        validClient,
-        'valid_refresh_token',
-        ['profile', 'email'], // scopes
-        new URL('https://api.example.com/resource') // resource parameter
-      );
+      expect(response.body.scope).toBe('profile email');
     });
   });
 

src/server/auth/providers/proxyProvider.test.ts

@@ -88,6 +88,7 @@ describe("Proxy OAuth Server Provider", () => {
           codeChallenge: "test-challenge",
           state: "test-state",
           scopes: ["read", "write"],
+          resource: new URL('https://api.example.com/resource'),
         },
         mockResponse
       );
@@ -100,52 +101,10 @@ describe("Proxy OAuth Server Provider", () => {
       expectedUrl.searchParams.set("code_challenge_method", "S256");
       expectedUrl.searchParams.set("state", "test-state");
       expectedUrl.searchParams.set("scope", "read write");
-
-      expect(mockResponse.redirect).toHaveBeenCalledWith(expectedUrl.toString());
-    });
-
-    it('includes resource parameter in authorization redirect', async () => {
-      await provider.authorize(
-        validClient,
-        {
-          redirectUri: 'https://example.com/callback',
-          codeChallenge: 'test-challenge',
-          state: 'test-state',
-          scopes: ['read', 'write'],
-          resource: new URL('https://api.example.com/resource')
-        },
-        mockResponse
-      );
-
-      const expectedUrl = new URL('https://auth.example.com/authorize');
-      expectedUrl.searchParams.set('client_id', 'test-client');
-      expectedUrl.searchParams.set('response_type', 'code');
-      expectedUrl.searchParams.set('redirect_uri', 'https://example.com/callback');
-      expectedUrl.searchParams.set('code_challenge', 'test-challenge');
-      expectedUrl.searchParams.set('code_challenge_method', 'S256');
-      expectedUrl.searchParams.set('state', 'test-state');
-      expectedUrl.searchParams.set('scope', 'read write');
       expectedUrl.searchParams.set('resource', 'https://api.example.com/resource');
 
       expect(mockResponse.redirect).toHaveBeenCalledWith(expectedUrl.toString());
     });
-
-    it('handles authorization without resource parameter', async () => {
-      await provider.authorize(
-        validClient,
-        {
-          redirectUri: 'https://example.com/callback',
-          codeChallenge: 'test-challenge',
-          state: 'test-state',
-          scopes: ['read']
-        },
-        mockResponse
-      );
-
-      const redirectUrl = (mockResponse.redirect as jest.Mock).mock.calls[0][0];
-      const url = new URL(redirectUrl);
-      expect(url.searchParams.has('resource')).toBe(false);
-    });
   });
 
   describe("token exchange", () => {
@@ -282,35 +241,6 @@ describe("Proxy OAuth Server Provider", () => {
       );
       expect(tokens).toEqual(mockTokenResponse);
     });
-
-    it('handles refresh token exchange without resource parameter', async () => {
-      const tokens = await provider.exchangeRefreshToken(
-        validClient,
-        'test-refresh-token',
-        ['read']
-      );
-
-      const fetchCall = (global.fetch as jest.Mock).mock.calls[0];
-      const body = fetchCall[1].body as string;
-      expect(body).not.toContain('resource=');
-      expect(tokens).toEqual(mockTokenResponse);
-    });
-
-    it('includes both scope and resource parameters in refresh', async () => {
-      const tokens = await provider.exchangeRefreshToken(
-        validClient,
-        'test-refresh-token',
-        ['profile', 'email'],
-        new URL('https://api.example.com/resource')
-      );
-
-      const fetchCall = (global.fetch as jest.Mock).mock.calls[0];
-      const body = fetchCall[1].body as string;
-      expect(body).toContain('scope=profile+email');
-      expect(body).toContain('resource=' + encodeURIComponent('https://api.example.com/resource'));
-      expect(tokens).toEqual(mockTokenResponse);
-    });
-
   });
 
   describe("client registration", () => {