// @ts-nocheck import { use, expect } from 'chai'; import * as chaiAsPromised from 'chai-as-promised'; use(chaiAsPromised); import * as sinon from 'sinon'; import { authorisationTokenRequest } from '../../../src/request/authorisation-token'; const sessionToken = 'fakeAuthorisationToken'; const clientId = 'fakeClientId'; const options = { method: 'GET', headers: { 'Cookie': `FTSession_s=${sessionToken}` }, redirect: 'manual' }; const validLocationHeaderResponse = 'https://example.com/cb#access_token=fakeAuthorisationToken&state=xyz&token_type=example&expires_in=3600'; const missingAccessTokenProperty = 'https://example.com/cb#&state=xyz&token_type=example&expires_in=3600'; const missingAccessTokenValue = 'https://example.com/cb#access_token=&state=xyz&token_type=example&expires_in=3600'; const missingHashSymbol = 'https://example.com/cbaccess_token=fakeAuthorisationToken&state=xyz&token_type=example&expires_in=3600'; const invalidSessionTokenValue = 'https://ft.com/signup/upgrade#error=invalid_grant&error_description=Invalid%20FT%20user%20session'; const noLocationUrl = ''; describe('Authorization token', () => { let url; let params; let mockFetch; let mockResponse; beforeEach(() => { const sandbox = sinon.createSandbox(); url = 'https://example.com/authorize'; params = '?client_id=fakeClientId&response_type=token'; mockResponse = { status: 302, headers: { get: () => validLocationHeaderResponse }, text: () => '', }; mockFetch = sandbox.stub().callsFake((url, options) => { return mockResponse; }); }); it('calls fetch with the correct url and options', async () => { await authorisationTokenRequest({ url, sessionToken, clientId }, mockFetch); expect(mockFetch.calledWith(`${url}${params}`, options)).to.equal(true); }); it('returns authorization token on success', async () => { const authorisationToken = await authorisationTokenRequest({ url, sessionToken, clientId }, mockFetch); expect(authorisationToken).to.eql('fakeAuthorisationToken'); }); it('throws an error no headers exist', async () => { mockResponse.headers = {}; await expect(authorisationTokenRequest({ url, sessionToken, clientId }, mockFetch)).to.be.rejected; }); it('throws an error when location header does not exist', async () => { mockResponse.headers.get = () => noLocationUrl; await expect(authorisationTokenRequest({ url, sessionToken, clientId }, mockFetch)).to.be.rejected; }); it('throws error when location header url does not contain a hash', async () => { mockResponse.headers.get = () => missingHashSymbol; await expect(authorisationTokenRequest({ sessionToken, clientId })).to.be.rejected; }); it('throws error when querystring does not have an access token', async () => { mockResponse.headers.get = () => missingAccessTokenProperty; await expect(authorisationTokenRequest({ url, sessionToken, clientId }, mockFetch)).to.be.rejected; }); it('throws error when access token value exists', async () => { mockResponse.headers.get = () => missingAccessTokenValue; await expect(authorisationTokenRequest({ url, sessionToken, clientId }, mockFetch)).to.be.rejected; }); it('throws error when url contains error params', async () => { mockResponse.headers.get = () => invalidSessionTokenValue; await expect(authorisationTokenRequest({ url, sessionToken, clientId }, mockFetch)).to.be.rejected; }); it('rejects with json response when response is returns a 404 status', async () => { mockResponse.status = 404; await expect(authorisationTokenRequest({ url, sessionToken, clientId }, mockFetch)).to.be.rejected; }); });