Fix oauth2 mock

examples/passport-login/src/__tests__/acceptance/passport-login.acceptance.ts

@@ -38,23 +38,23 @@ describe('example-passport-login acceptance test', () => {
    * This test uses the mock social app from the @loopback/authentication-passport package,
    * as oauth2 profile endpoint.
    */
-  before(MockTestOauth2SocialApp.startMock);
+  before(() => MockTestOauth2SocialApp.startMock());
   after(MockTestOauth2SocialApp.stopMock);
   before(async function setupApplication(this: Mocha.Context) {
     this.timeout(6000);
     server = await startApplication(oauth2Providers);
-    client = supertest('http://127.0.0.1:3000');
+    client = supertest(server.webApp);
   });
 
   before(async function clearTestData() {
-    await supertest('')
-      .delete('http://localhost:3000/api/clear')
+    await client
+      .delete('/api/clear')
       .auth('admin', 'password', {type: 'basic'});
   });
 
   after(async function clearTestData() {
-    await supertest('')
-      .delete('http://localhost:3000/api/clear')
+    await client
+      .delete('/api/clear')
       .auth('admin', 'password', {type: 'basic'});
   });
 
@@ -140,24 +140,22 @@ describe('example-passport-login acceptance test', () => {
 
       it('check if user was registered', async () => {
         const filter = 'filter={"where":{"email": "test@example.com"}}';
-        const response = await supertest('')
-          .get('http://localhost:3000/api/users')
-          .query(filter);
+        const response = await client.get('/api/users').query(filter);
         const users = response.body as User[];
         expect(users.length).to.eql(1);
         expect(users[0].email).to.eql('test@example.com');
       });
 
       it('able to invoke api endpoints with basic auth', async () => {
-        await supertest('')
-          .get('http://localhost:3000/api/profiles')
+        await client
+          .get('/api/profiles')
           .auth('test@example.com', 'password', {type: 'basic'})
           .expect(204);
       });
 
       it('basic auth fails for incorrect password', async () => {
-        await supertest('')
-          .get('http://localhost:3000/api/profiles')
+        await client
+          .get('/api/profiles')
           .auth('test@example.com', 'incorrect-password', {type: 'basic'})
           .expect(401);
       });
@@ -212,8 +210,8 @@ describe('example-passport-login acceptance test', () => {
         };
         // On successful login, the authorizing app redirects to the callback url
         // HTTP status code 302 is returned to the browser
-        const response = await supertest('')
-          .post('http://localhost:9000/login_submit')
+        const response = await supertest('http://localhost:9000')
+          .post('/login_submit')
           .send(qs.stringify(params))
           .expect(302);
         callbackToLbApp = response.get('Location');
@@ -267,8 +265,8 @@ describe('example-passport-login acceptance test', () => {
       });
 
       it('check if profile is linked to existing user', async () => {
-        const response = await supertest('')
-          .get('http://localhost:3000/api/profiles')
+        const response = await client
+          .get('/api/profiles')
           .auth('test@example.com', 'password', {type: 'basic'});
         const profiles = response.body as UserIdentity[];
         expect(profiles?.length).to.eql(1);
@@ -336,8 +334,8 @@ describe('example-passport-login acceptance test', () => {
           };
           // On successful login, the authorizing app redirects to the callback url
           // HTTP status code 302 is returned to the browser
-          const response = await supertest('')
-            .post('http://localhost:9000/login_submit')
+          const response = await supertest('http://localhost:9000')
+            .post('/login_submit')
             .send(qs.stringify(params))
             .expect(302);
           callbackToLbApp = response.get('Location');
@@ -392,9 +390,7 @@ describe('example-passport-login acceptance test', () => {
 
         it('check if a new user was registered', async () => {
           const filter = 'filter={"where":{"email": "usr1@lb.com"}}';
-          const response = await supertest('')
-            .get('http://localhost:3000/api/users')
-            .query(filter);
+          const response = await client.get('/api/users').query(filter);
           const users = response.body as User[];
           expect(users.length).to.eql(1);
           expect(users[0].email).to.eql('usr1@lb.com');

examples/passport-login/src/server.ts

@@ -68,7 +68,7 @@ export class ExpressServer {
     this.server = this.webApp.listen(port, host);
     await once(this.server, 'listening');
     const add = <AddressInfo>this.server.address();
-    this.url = `https://${add.address}:${add.port}`;
+    this.url = `http://${add.address}:${add.port}`;
   }
 
   /**

examples/passport-login/web-application/express-app.js

@@ -31,7 +31,7 @@ app.set('views', path.join(__dirname, 'views'));
 app.set('view engine', 'jade');
 
 // to support json payload in body
-app.use('parse', bodyParser.json());
+app.use(bodyParser.json());
 // to support html form bodies
 app.use(bodyParser.text({type: 'text/html'}));
 // create application/x-www-form-urlencoded parser

extensions/authentication-passport/src/__tests__/acceptance/authentication-with-passport-strategy-oauth2-adapter.acceptance.ts

@@ -3,33 +3,37 @@
 // This file is licensed under the MIT License.
 // License text available at https://opensource.org/licenses/MIT
 
-import {UserProfileFactory, authenticate} from '@loopback/authentication';
-import {
-  Strategy as Oauth2Strategy,
-  StrategyOptions,
-  VerifyFunction,
-  VerifyCallback,
-} from 'passport-oauth2';
-import {MyUser, userRepository} from '@loopback/mock-oauth2-provider';
+import {authenticate, UserProfileFactory} from '@loopback/authentication';
+import {inject} from '@loopback/core';
 import {
-  simpleRestApplication,
-  configureApplication,
-} from './fixtures/simple-rest-app';
-import {securityId, UserProfile, SecurityBindings} from '@loopback/security';
-import {StrategyAdapter} from '../../strategy-adapter';
+  MockTestOauth2SocialApp,
+  MyUser,
+  userRepository,
+} from '@loopback/mock-oauth2-provider';
 import {get} from '@loopback/openapi-v3';
+import {Response, RestApplication, RestBindings} from '@loopback/rest';
+import {SecurityBindings, securityId, UserProfile} from '@loopback/security';
 import {
   Client,
   createClientForHandler,
   expect,
   supertest,
 } from '@loopback/testlab';
-import {RestApplication, RestBindings, Response} from '@loopback/rest';
-import {MockTestOauth2SocialApp} from '@loopback/mock-oauth2-provider';
-import * as url from 'url';
-import {inject} from '@loopback/core';
 import axios from 'axios';
+import {AddressInfo} from 'net';
+import {
+  Strategy as Oauth2Strategy,
+  StrategyOptions,
+  VerifyCallback,
+  VerifyFunction,
+} from 'passport-oauth2';
 import qs from 'qs';
+import * as url from 'url';
+import {StrategyAdapter} from '../../strategy-adapter';
+import {
+  configureApplication,
+  simpleRestApplication,
+} from './fixtures/simple-rest-app';
 
 /**
  * This test consists of three main components -> the supertest client, the LoopBack app (simple-rest-app.ts)
@@ -156,8 +160,13 @@ describe('Oauth2 authorization flow', () => {
   let app: RestApplication;
   let oauth2Strategy: StrategyAdapter<MyUser>;
   let client: Client;
+  let oauth2Client: Client;
 
-  before(MockTestOauth2SocialApp.startMock);
+  before(() => {
+    const server = MockTestOauth2SocialApp.startMock();
+    const port = (server.address() as AddressInfo).port;
+    oauth2Client = supertest(`http://localhost:${port}`);
+  });
   after(MockTestOauth2SocialApp.stopMock);
 
   before(givenLoopBackApp);
@@ -205,8 +214,8 @@ describe('Oauth2 authorization flow', () => {
         };
         // On successful login, the authorizing app redirects to the callback url
         // HTTP status code 302 is returned to the browser
-        const response = await supertest('')
-          .post('http://localhost:9000/login_submit')
+        const response = await oauth2Client
+          .post('/login_submit')
           .send(qs.stringify(params))
           .expect(302);
         callbackToLbApp = response.get('Location');

fixtures/mock-oauth2-provider/package.json

@@ -2,14 +2,17 @@
   "name": "@loopback/mock-oauth2-provider",
   "version": "0.0.3",
   "description": "mocks the oauth2 authorization flow",
-  "private": true,
   "engines": {
     "node": ">=10"
   },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "scripts": {
     "build": "lb-tsc",
     "clean": "lb-clean loopback-mock-oauth2-provider*.tgz dist *.tsbuildinfo package",
-    "pretest": "npm run build",
+    "pretest": "npm run clean && npm run build",
+    "prestart": "npm run build",
+    "start": "node .",
     "test": "npm run mocha",
     "mocha": "lb-mocha \"dist/__tests__/**/*.js\"",
     "verify": "npm pack && tar xf loopback-mock-oauth2-provider*.tgz && tree package && npm run clean"
@@ -30,6 +33,9 @@
     "url": "https://github.com/strongloop/loopback-next.git",
     "directory": "fixtures/mock-oauth2-provider"
   },
+  "publishConfig": {
+    "access": "public"
+  },
   "dependencies": {
     "@types/body-parser": "^1.19.0",
     "@types/express": "^4.17.6",
@@ -46,6 +52,7 @@
   },
   "devDependencies": {
     "@loopback/build": "^5.4.1",
-    "@loopback/eslint-config": "^7.0.1"
+    "@loopback/eslint-config": "^7.0.1",
+    "@loopback/testlab": "^3.1.5"
   }
 }

fixtures/mock-oauth2-provider/src/__tests__/acceptance/mock-oauth2.acceptance.ts

@@ -0,0 +1,79 @@
+// Copyright IBM Corp. 2020. All Rights Reserved.
+// Node module: @loopback/mock-oauth2-provider
+// This file is licensed under the MIT License.
+// License text available at https://opensource.org/licenses/MIT
+
+import {supertest} from '@loopback/testlab';
+import {Server} from 'http';
+import {MockTestOauth2SocialApp} from '../..';
+
+/* eslint-disable @typescript-eslint/camelcase */
+describe('mock-oauth2-provider', () => {
+  let server: Server;
+  before(() => (server = MockTestOauth2SocialApp.startMock(0)));
+  after(MockTestOauth2SocialApp.stopMock);
+
+  it('exposes GET /login', () => {
+    return supertest(server).get('/login').expect(200);
+  });
+
+  it('exposes GET /verify', () => {
+    return supertest(server)
+      .get('/verify?access_token=123')
+      .expect(401, {error: 'invalid token'});
+  });
+
+  it('exposes GET /oauth/dialog', () => {
+    return supertest(server)
+      .get('/oauth/dialog')
+      .query({
+        redirect_uri: 'http://localhost:3000/callback',
+        client_id: '1111',
+      })
+      .expect(302)
+      .expect(
+        'location',
+        '/login?client_id=1111&redirect_uri=http://localhost:3000/callback',
+      );
+  });
+
+  it('exposes GET /oauth/dialog with scope', () => {
+    return supertest(server)
+      .get('/oauth/dialog')
+      .query({
+        redirect_uri: 'http://localhost:3000/callback',
+        client_id: '1111',
+        scope: 'email',
+      })
+      .expect(302)
+      .expect(
+        'location',
+        '/login?client_id=1111&redirect_uri=http://localhost:3000/callback&scope=email',
+      );
+  });
+
+  it('exposes GET /oauth/dialog - missing redirect_uri', () => {
+    return supertest(server)
+      .get('/oauth/dialog')
+      .expect(400, {error: 'missing redirect_uri'});
+  });
+
+  it('exposes GET /oauth/dialog - missing client_id', () => {
+    return supertest(server)
+      .get('/oauth/dialog')
+      .query({redirect_uri: 'http://localhost:3000/callback'})
+      .expect(400, {error: 'missing client_id'});
+  });
+
+  it('exposes GET /oauth/token - invalid client id', () => {
+    return supertest(server)
+      .get('/oauth/token?client_id=123')
+      .expect(401, {error: 'invalid client id'});
+  });
+
+  it('exposes GET /oauth/token', () => {
+    return supertest(server)
+      .get('/oauth/token?client_id=1111')
+      .expect(401, {error: 'invalid code'});
+  });
+});

fixtures/mock-oauth2-provider/src/index.ts

@@ -10,3 +10,8 @@ export namespace MockTestOauth2SocialApp {
   export const startMock = startApp;
   export const stopMock = stopApp;
 }
+
+if (require.main === module) {
+  const server = startApp();
+  console.log('Mock oAuth2 provider is running at %s', server.address());
+}