1
import { useEnv } from '@directus/env';
2
import jwt from 'jsonwebtoken';
3
import { afterEach, beforeEach, describe, expect, test, vi } from 'vitest';
4
import getDatabase from '../database/index.js';
5
import { getAccountabilityForToken } from './get-accountability-for-token.js';
7
vi.mock('@directus/env');
9
vi.mock('../database/index', () => {
10
const self: Record<string, any> = {
11
select: vi.fn(() => self),
12
from: vi.fn(() => self),
13
leftJoin: vi.fn(() => self),
14
where: vi.fn(() => self),
18
return { default: vi.fn(() => self) };
22
vi.mocked(useEnv).mockReturnValue({
23
SECRET: 'super-secure-secret',
24
EXTENSIONS_PATH: './extensions',
32
describe('getAccountabilityForToken', async () => {
33
test('minimal token payload', async () => {
34
const token = jwt.sign({ role: '123-456-789', app_access: false, admin_access: false }, 'super-secure-secret', {
38
const result = await getAccountabilityForToken(token);
39
expect(result).toStrictEqual({ admin: false, app: false, role: '123-456-789', user: null });
42
test('full token payload', async () => {
43
const token = jwt.sign(
46
share_scope: 'share-scope',
52
'super-secure-secret',
53
{ issuer: 'directus' },
56
const result = await getAccountabilityForToken(token);
57
expect(result.admin).toBe(true);
58
expect(result.app).toBe(true);
59
expect(result.role).toBe('role-id');
60
expect(result.share).toBe('share-id');
61
expect(result.share_scope).toBe('share-scope');
62
expect(result.user).toBe('user-id');
65
test('throws token expired error', async () => {
66
const token = jwt.sign({ role: '123-456-789' }, 'super-secure-secret', { issuer: 'directus', expiresIn: -1 });
67
expect(() => getAccountabilityForToken(token)).rejects.toThrow('Token expired.');
70
test('throws token invalid error', async () => {
71
const token = jwt.sign({ role: '123-456-789' }, 'bad-secret', { issuer: 'directus' });
72
expect(() => getAccountabilityForToken(token)).rejects.toThrow('Invalid token.');
75
test('find user in database', async () => {
76
const db = getDatabase();
78
vi.spyOn(db, 'first').mockReturnValue({
85
const token = jwt.sign({ role: '123-456-789' }, 'bad-secret');
86
const result = await getAccountabilityForToken(token);
88
expect(result).toStrictEqual({
96
test('no user found', async () => {
97
const db = getDatabase();
98
vi.spyOn(db, 'first').mockReturnValue(false as any);
99
const token = jwt.sign({ role: '123-456-789' }, 'bad-secret');
100
expect(() => getAccountabilityForToken(token)).rejects.toThrow('Invalid user credentials.');