File size: 3,715 Bytes
fc93158 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 | import { describe, expect, it, vi } from "vitest";
import { fetchWithBearerAuthScopeFallback } from "./fetch-auth.js";
const asFetch = (fn: unknown): typeof fetch => fn as typeof fetch;
describe("fetchWithBearerAuthScopeFallback", () => {
it("rejects non-https urls when https is required", async () => {
await expect(
fetchWithBearerAuthScopeFallback({
url: "http://example.com/file",
scopes: [],
requireHttps: true,
}),
).rejects.toThrow("URL must use HTTPS");
});
it("returns immediately when the first attempt succeeds", async () => {
const fetchFn = vi.fn(async () => new Response("ok", { status: 200 }));
const tokenProvider = { getAccessToken: vi.fn(async () => "unused") };
const response = await fetchWithBearerAuthScopeFallback({
url: "https://example.com/file",
scopes: ["https://graph.microsoft.com"],
fetchFn: asFetch(fetchFn),
tokenProvider,
});
expect(response.status).toBe(200);
expect(fetchFn).toHaveBeenCalledTimes(1);
expect(tokenProvider.getAccessToken).not.toHaveBeenCalled();
});
it("retries with auth scopes after a 401 response", async () => {
const fetchFn = vi
.fn()
.mockResolvedValueOnce(new Response("unauthorized", { status: 401 }))
.mockResolvedValueOnce(new Response("ok", { status: 200 }));
const tokenProvider = { getAccessToken: vi.fn(async () => "token-1") };
const response = await fetchWithBearerAuthScopeFallback({
url: "https://graph.microsoft.com/v1.0/me",
scopes: ["https://graph.microsoft.com", "https://api.botframework.com"],
fetchFn: asFetch(fetchFn),
tokenProvider,
});
expect(response.status).toBe(200);
expect(fetchFn).toHaveBeenCalledTimes(2);
expect(tokenProvider.getAccessToken).toHaveBeenCalledWith("https://graph.microsoft.com");
const secondCall = fetchFn.mock.calls[1] as [string, RequestInit | undefined];
const secondHeaders = new Headers(secondCall[1]?.headers);
expect(secondHeaders.get("authorization")).toBe("Bearer token-1");
});
it("does not attach auth when host predicate rejects url", async () => {
const fetchFn = vi.fn(async () => new Response("unauthorized", { status: 401 }));
const tokenProvider = { getAccessToken: vi.fn(async () => "token-1") };
const response = await fetchWithBearerAuthScopeFallback({
url: "https://example.com/file",
scopes: ["https://graph.microsoft.com"],
fetchFn: asFetch(fetchFn),
tokenProvider,
shouldAttachAuth: () => false,
});
expect(response.status).toBe(401);
expect(fetchFn).toHaveBeenCalledTimes(1);
expect(tokenProvider.getAccessToken).not.toHaveBeenCalled();
});
it("continues across scopes when token retrieval fails", async () => {
const fetchFn = vi
.fn()
.mockResolvedValueOnce(new Response("unauthorized", { status: 401 }))
.mockResolvedValueOnce(new Response("ok", { status: 200 }));
const tokenProvider = {
getAccessToken: vi
.fn()
.mockRejectedValueOnce(new Error("first scope failed"))
.mockResolvedValueOnce("token-2"),
};
const response = await fetchWithBearerAuthScopeFallback({
url: "https://graph.microsoft.com/v1.0/me",
scopes: ["https://first.example", "https://second.example"],
fetchFn: asFetch(fetchFn),
tokenProvider,
});
expect(response.status).toBe(200);
expect(tokenProvider.getAccessToken).toHaveBeenCalledTimes(2);
expect(tokenProvider.getAccessToken).toHaveBeenNthCalledWith(1, "https://first.example");
expect(tokenProvider.getAccessToken).toHaveBeenNthCalledWith(2, "https://second.example");
});
});
|