feat(passport): v3

.husky/pre-commit

@@ -1,7 +1,7 @@
 #!/usr/bin/env sh
 . "$(dirname -- "$0")/_/husky.sh"
 
-# prevent heap limit allocation errors
-export NODE_OPTIONS="--max-old-space-size=4096"
+# prevent heap limit allocation errors - increased to 8GB
+export NODE_OPTIONS="--max-old-space-size=8192"
 
 pnpm lint-staged

package.json

@@ -13,6 +13,7 @@
     "@swc-node/register": "^1.10.9",
     "@swc/cli": "^0.4.0",
     "@swc/core": "^1.3.36",
+    "@jest/test-sequencer": "^29.7.0",
     "@types/chai": "^4.3.16",
     "@typescript-eslint/eslint-plugin": "^5.57.1",
     "@typescript-eslint/parser": "^5.57.1",

packages/auth/.eslintrc.cjs

@@ -0,0 +1,18 @@
+module.exports = {
+  extends: ['../../.eslintrc'],
+  parserOptions: {
+    project: './tsconfig.eslint.json',
+    tsconfigRootDir: __dirname,
+  },
+  rules: {
+    // Disable all import plugin rules due to stack overflow with auth package structure
+    'import/order': 'off',
+    'import/no-unresolved': 'off',
+    'import/named': 'off',
+    'import/default': 'off',
+    'import/namespace': 'off',
+    'import/no-cycle': 'off',
+    'import/no-named-as-default': 'off',
+    'import/no-named-as-default-member': 'off',
+  },
+};

packages/auth/jest.config.ts

@@ -0,0 +1,27 @@
+import type { Config } from 'jest';
+import { execSync } from 'child_process';
+import { name } from './package.json';
+
+const rootDirs = execSync(`pnpm --filter ${name}... exec pwd`)
+  .toString()
+  .split('\n')
+  .filter(Boolean)
+  .map((dir) => `${dir}/dist`);
+
+const config: Config = {
+  clearMocks: true,
+  roots: ['<rootDir>/src', ...rootDirs],
+  coverageProvider: 'v8',
+  moduleDirectories: ['node_modules', 'src'],
+  moduleNameMapper: { '^@imtbl/(.*)$': '<rootDir>/../../node_modules/@imtbl/$1/src' },
+  testEnvironment: 'jsdom',
+  transform: {
+    '^.+\\.(t|j)sx?$': '@swc/jest',
+  },
+  transformIgnorePatterns: [],
+  restoreMocks: true,
+  setupFiles: ['<rootDir>/jest.setup.js'],
+};
+
+export default config;
+

packages/auth/jest.setup.js

@@ -0,0 +1,4 @@
+import { TextEncoder } from 'util';
+
+global.TextEncoder = TextEncoder;
+

packages/auth/package.json

@@ -0,0 +1,64 @@
+{
+  "name": "@imtbl/auth",
+  "version": "0.0.0",
+  "description": "Authentication SDK for Immutable",
+  "author": "Immutable",
+  "bugs": "https://github.com/immutable/ts-immutable-sdk/issues",
+  "homepage": "https://github.com/immutable/ts-immutable-sdk#readme",
+  "license": "Apache-2.0",
+  "main": "dist/node/index.cjs",
+  "module": "dist/node/index.js",
+  "browser": "dist/browser/index.js",
+  "types": "./dist/types/index.d.ts",
+  "exports": {
+    "development": {
+      "types": "./src/index.ts",
+      "browser": "./dist/browser/index.js",
+      "require": "./dist/node/index.cjs",
+      "default": "./dist/node/index.js"
+    },
+    "default": {
+      "types": "./dist/types/index.d.ts",
+      "browser": "./dist/browser/index.js",
+      "require": "./dist/node/index.cjs",
+      "default": "./dist/node/index.js"
+    }
+  },
+  "scripts": {
+    "build": "pnpm transpile && pnpm typegen",
+    "transpile": "tsup src/index.ts --config ../../tsup.config.js",
+    "typegen": "tsc --customConditions default --emitDeclarationOnly --outDir dist/types",
+    "pack:root": "pnpm pack --pack-destination $(dirname $(pnpm root -w))",
+    "lint": "eslint ./src --ext .ts,.jsx,.tsx --max-warnings=0",
+    "typecheck": "tsc --customConditions default --noEmit --jsx preserve",
+    "test": "jest"
+  },
+  "dependencies": {
+    "@imtbl/config": "workspace:*",
+    "@imtbl/metrics": "workspace:*",
+    "axios": "^1.6.5",
+    "jwt-decode": "^3.1.2",
+    "localforage": "^1.10.0",
+    "oidc-client-ts": "3.4.1",
+    "uuid": "^9.0.1"
+  },
+  "devDependencies": {
+    "@imtbl/toolkit": "workspace:*",
+    "@swc/core": "^1.3.36",
+    "@swc/jest": "^0.2.37",
+    "@types/jest": "^29.5.12",
+    "@types/node": "^18.14.2",
+    "@jest/test-sequencer": "^29.7.0",
+    "jest": "^29.4.3",
+    "jest-environment-jsdom": "^29.4.3",
+    "ts-node": "^10.9.1",
+    "tsup": "^8.3.0",
+    "typescript": "^5.6.2"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": "immutable/ts-immutable-sdk.git",
+  "type": "module"
+}
+

packages/auth/src/Auth.test.ts

@@ -0,0 +1,186 @@
+import { Auth } from './Auth';
+import { AuthEvents, User } from './types';
+import { withMetricsAsync } from './utils/metrics';
+import jwt_decode from 'jwt-decode';
+
+const trackFlowMock = jest.fn();
+const trackErrorMock = jest.fn();
+const identifyMock = jest.fn();
+const trackMock = jest.fn();
+const getDetailMock = jest.fn();
+
+jest.mock('@imtbl/metrics', () => ({
+  Detail: { RUNTIME_ID: 'runtime-id' },
+  trackFlow: (...args: any[]) => trackFlowMock(...args),
+  trackError: (...args: any[]) => trackErrorMock(...args),
+  identify: (...args: any[]) => identifyMock(...args),
+  track: (...args: any[]) => trackMock(...args),
+  getDetail: (...args: any[]) => getDetailMock(...args),
+}));
+
+jest.mock('jwt-decode', () => jest.fn());
+
+beforeEach(() => {
+  trackFlowMock.mockReset();
+  trackErrorMock.mockReset();
+  identifyMock.mockReset();
+  trackMock.mockReset();
+  getDetailMock.mockReset();
+  (jwt_decode as jest.Mock).mockReset();
+});
+
+describe('withMetricsAsync', () => {
+  it('resolves with function result and tracks flow', async () => {
+    const flow = {
+      addEvent: jest.fn(),
+      details: { flowId: 'flow-id' },
+    };
+    trackFlowMock.mockReturnValue(flow);
+
+    const result = await withMetricsAsync(async () => 'done', 'login');
+
+    expect(result).toEqual('done');
+    expect(trackFlowMock).toHaveBeenCalledWith('passport', 'login', true);
+    expect(flow.addEvent).toHaveBeenCalledWith('End');
+  });
+
+  it('tracks error when function throws', async () => {
+    const flow = {
+      addEvent: jest.fn(),
+      details: { flowId: 'flow-id' },
+    };
+    trackFlowMock.mockReturnValue(flow);
+    const error = new Error('boom');
+
+    await expect(withMetricsAsync(async () => {
+      throw error;
+    }, 'login')).rejects.toThrow(error);
+
+    expect(trackErrorMock).toHaveBeenCalledWith('passport', 'login', error, { flowId: 'flow-id' });
+    expect(flow.addEvent).toHaveBeenCalledWith('End');
+  });
+
+  it('does not fail when non-error is thrown', async () => {
+    const flow = {
+      addEvent: jest.fn(),
+      details: { flowId: 'flow-id' },
+    };
+    trackFlowMock.mockReturnValue(flow);
+
+    const nonError = { message: 'failure' };
+    await expect(withMetricsAsync(async () => {
+      throw nonError as unknown as Error;
+    }, 'login')).rejects.toBe(nonError);
+
+    expect(flow.addEvent).toHaveBeenCalledWith('errored');
+  });
+});
+
+describe('Auth', () => {
+  describe('getUserOrLogin', () => {
+    const createMockUser = (): User => ({
+      accessToken: 'access',
+      idToken: 'id',
+      refreshToken: 'refresh',
+      expired: false,
+      profile: {
+        sub: 'user-123',
+        email: 'test@example.com',
+        nickname: 'tester',
+      },
+    });
+
+    it('emits LOGGED_IN event and identifies user when login is required', async () => {
+      const auth = Object.create(Auth.prototype) as Auth;
+      const loginWithPopup = jest.fn().mockResolvedValue(createMockUser());
+
+      (auth as any).eventEmitter = { emit: jest.fn() };
+      (auth as any).getUserInternal = jest.fn().mockResolvedValue(null);
+      (auth as any).loginWithPopup = loginWithPopup;
+
+      const user = await auth.getUserOrLogin();
+
+      expect(loginWithPopup).toHaveBeenCalledTimes(1);
+      expect((auth as any).eventEmitter.emit).toHaveBeenCalledWith(AuthEvents.LOGGED_IN, user);
+      expect(identifyMock).toHaveBeenCalledWith({ passportId: user.profile.sub });
+    });
+
+    it('returns cached user without triggering login', async () => {
+      const auth = Object.create(Auth.prototype) as Auth;
+      const cachedUser = createMockUser();
+
+      (auth as any).eventEmitter = { emit: jest.fn() };
+      (auth as any).getUserInternal = jest.fn().mockResolvedValue(cachedUser);
+      (auth as any).loginWithPopup = jest.fn();
+
+      const user = await auth.getUserOrLogin();
+
+      expect(user).toBe(cachedUser);
+      expect((auth as any).loginWithPopup).not.toHaveBeenCalled();
+      expect((auth as any).eventEmitter.emit).not.toHaveBeenCalled();
+      expect(identifyMock).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('buildExtraQueryParams', () => {
+    it('omits third_party_a_id when no anonymous id is provided', () => {
+      const auth = Object.create(Auth.prototype) as Auth;
+      (auth as any).userManager = { settings: { extraQueryParams: {} } };
+      getDetailMock.mockReturnValue('runtime-id-value');
+
+      const params = (auth as any).buildExtraQueryParams();
+
+      expect(params.third_party_a_id).toBeUndefined();
+      expect(params.rid).toEqual('runtime-id-value');
+    });
+  });
+
+  describe('username extraction', () => {
+    it('extracts username from id token when present', () => {
+      const mockOidcUser = {
+        id_token: 'token',
+        access_token: 'access',
+        refresh_token: 'refresh',
+        expired: false,
+        profile: { sub: 'user-123', email: 'test@example.com', nickname: 'tester' },
+      };
+
+      (jwt_decode as jest.Mock).mockReturnValue({
+        username: 'username123',
+        passport: undefined,
+      });
+
+      const result = (Auth as any).mapOidcUserToDomainModel(mockOidcUser);
+
+      expect(jwt_decode).toHaveBeenCalledWith('token');
+      expect(result.profile.username).toEqual('username123');
+    });
+
+    it('maps username when creating OIDC user from device tokens', () => {
+      const tokenResponse = {
+        id_token: 'token',
+        access_token: 'access',
+        refresh_token: 'refresh',
+        token_type: 'Bearer',
+        expires_in: 3600,
+      };
+
+      (jwt_decode as jest.Mock).mockReturnValue({
+        sub: 'user-123',
+        iss: 'issuer',
+        aud: 'audience',
+        exp: 1,
+        iat: 0,
+        email: 'test@example.com',
+        nickname: 'tester',
+        username: 'username123',
+        passport: undefined,
+      });
+
+      const oidcUser = (Auth as any).mapDeviceTokenResponseToOidcUser(tokenResponse);
+
+      expect(jwt_decode).toHaveBeenCalledWith('token');
+      expect(oidcUser.profile.username).toEqual('username123');
+    });
+  });
+});