chore: increase coverage (#1358)

* chore: test decorators

* chore: passport files

* fix: integration

* chore: base strategy tests

* chore: authenticator

* chore: authentication route

* chore: decorators

* chore: decorators

* chore: authentication route constructor

* chore: session strategy

* chore: audit

* chore: passport

* chore: session strategy

* chore: prefer use json

* chore: add coverage checker

* Update package.json

* Update package.json

* Apply suggestions from code review

Co-authored-by: Manuel Spigolon <[email protected]>
Signed-off-by: Matteo Pietro Dazzi <[email protected]>

---------

Signed-off-by: Matteo Pietro Dazzi <[email protected]>
Co-authored-by: Manuel Spigolon <[email protected]>

Author: ilteoood

package-lock.json

@@ -12,7 +12,7 @@
     "lint:fix": "eslint --fix",
     "prepublishOnly": "npm run build",
     "test": "npm run build:test && npm run test:unit",
-    "test:unit": "borp --coverage"
+    "test:unit": "borp --coverage --lines 100"
   },
   "repository": {
     "type": "git",
@@ -50,6 +50,9 @@
     "@tsconfig/node20": "^20.1.6",
     "@types/node": "^24.0.8",
     "@types/passport": "^1.0.17",
+    "@types/passport-facebook": "^3.0.4",
+    "@types/passport-github2": "^1.2.9",
+    "@types/passport-google-oauth": "^1.0.45",
     "@types/set-cookie-parser": "^2.4.10",
     "borp": "^0.21.0",
     "eslint": "^9.17.0",

package.json

@@ -0,0 +1,235 @@
+import assert from 'node:assert'
+import { describe, test } from 'node:test'
+import { getConfiguredTestServer, TestStrategy } from './helpers'
+
+describe('AuthenticationRoute edge cases', () => {
+  test('should use failWithError option to throw error on authentication failure', async () => {
+    const { server, fastifyPassport } = getConfiguredTestServer()
+
+    server.post(
+      '/login',
+      { preValidation: fastifyPassport.authenticate('test', { failWithError: true }) },
+      async () => assert.fail('should not reach here')
+    )
+
+    const response = await server.inject({
+      method: 'POST',
+      payload: { login: 'wrong', password: 'wrong' },
+      url: '/login'
+    })
+
+    assert.strictEqual(response.statusCode, 401)
+  })
+
+  test('should set WWW-Authenticate header on 401 when challenge is provided', async () => {
+    class ChallengeStrategy extends TestStrategy {
+      authenticate () {
+        this.fail('Bearer realm="Users"', 401)
+      }
+    }
+
+    const { server, fastifyPassport } = getConfiguredTestServer('challenge', new ChallengeStrategy('challenge'))
+
+    server.post(
+      '/login',
+      { preValidation: fastifyPassport.authenticate('challenge') },
+      async () => assert.fail('should not reach here')
+    )
+
+    const response = await server.inject({
+      method: 'POST',
+      url: '/login'
+    })
+
+    assert.strictEqual(response.statusCode, 401)
+    assert.ok(response.headers['www-authenticate'])
+    // WWW-Authenticate can be an array or string
+    const authHeader = response.headers['www-authenticate']
+    const authValue = Array.isArray(authHeader) ? authHeader[0] : authHeader
+    assert.strictEqual(authValue, 'Bearer realm="Users"')
+  })
+
+  test('should handle multiple challenges in WWW-Authenticate header', async () => {
+    class FirstChallengeStrategy extends TestStrategy {
+      authenticate () {
+        this.fail('Basic realm="Users"')
+      }
+    }
+
+    class SecondChallengeStrategy extends TestStrategy {
+      authenticate () {
+        this.fail('Bearer realm="API"')
+      }
+    }
+
+    const { server, fastifyPassport } = getConfiguredTestServer()
+    fastifyPassport.use('first', new FirstChallengeStrategy('first'))
+    fastifyPassport.use('second', new SecondChallengeStrategy('second'))
+
+    server.post(
+      '/login',
+      { preValidation: fastifyPassport.authenticate(['first', 'second']) },
+      async () => 'should not reach here'
+    )
+
+    const response = await server.inject({
+      method: 'POST',
+      url: '/login'
+    })
+
+    assert.strictEqual(response.statusCode, 401)
+    assert.ok(response.headers['www-authenticate'])
+  })
+
+  test('should handle strategy error with callback', async () => {
+    class ErrorStrategy extends TestStrategy {
+      authenticate () {
+        this.error(new Error('Strategy error'))
+      }
+    }
+
+    const { server, fastifyPassport } = getConfiguredTestServer('error', new ErrorStrategy('error'))
+
+    server.post('/login', async (request: any, reply) => {
+      const handler = fastifyPassport.authenticate(
+        'error',
+        async (req: any, rep: any, err: any, user: any) => {
+          if (err) {
+            return rep.status(500).send({ error: err.message })
+          }
+          rep.send({ user })
+        }
+      )
+      return handler.call(server, request, reply)
+    })
+
+    const response = await server.inject({
+      method: 'POST',
+      url: '/login'
+    })
+
+    assert.strictEqual(response.statusCode, 500)
+    assert.strictEqual(response.json().error, 'Strategy error')
+  })
+
+  test('should throw error for unknown strategy', async () => {
+    const { server, fastifyPassport } = getConfiguredTestServer()
+
+    server.post(
+      '/login',
+      { preValidation: fastifyPassport.authenticate('nonexistent') },
+      async () => assert.fail('should not reach here')
+    )
+
+    const response = await server.inject({
+      method: 'POST',
+      url: '/login'
+    })
+
+    assert.strictEqual(response.statusCode, 500)
+  })
+
+  test('should handle strategy instance with constructor name fallback', async () => {
+    class CustomNameStrategy extends TestStrategy {
+      constructor () {
+        super('custom')
+      }
+    }
+
+    const strategy = new CustomNameStrategy()
+    const { server, fastifyPassport } = getConfiguredTestServer()
+    fastifyPassport.use(strategy)
+
+    server.post(
+      '/login',
+      { preValidation: fastifyPassport.authenticate(strategy) },
+      async (request: any) => (request.user as any).name
+    )
+
+    const response = await server.inject({
+      method: 'POST',
+      payload: { login: 'test', password: 'test' },
+      url: '/login'
+    })
+
+    assert.strictEqual(response.statusCode, 200)
+  })
+
+  test('should handle failure with custom status code', async () => {
+    class CustomStatusStrategy extends TestStrategy {
+      authenticate () {
+        this.fail('Custom error', 403)
+      }
+    }
+
+    const { server, fastifyPassport } = getConfiguredTestServer('custom', new CustomStatusStrategy('custom'))
+
+    server.post(
+      '/login',
+      { preValidation: fastifyPassport.authenticate('custom') },
+      async () => 'should not reach here'
+    )
+
+    const response = await server.inject({
+      method: 'POST',
+      url: '/login'
+    })
+
+    assert.strictEqual(response.statusCode, 403)
+  })
+
+  test('should handle object challenge in failure', async () => {
+    class ObjectChallengeStrategy extends TestStrategy {
+      authenticate () {
+        this.fail({ type: 'error', message: 'Invalid credentials' }, 401)
+      }
+    }
+
+    const { server, fastifyPassport } = getConfiguredTestServer('object', new ObjectChallengeStrategy('object'))
+
+    server.post(
+      '/login',
+      { preValidation: fastifyPassport.authenticate('object') },
+      async () => assert.fail('should not reach here')
+    )
+
+    const response = await server.inject({
+      method: 'POST',
+      url: '/login'
+    })
+
+    assert.strictEqual(response.statusCode, 401)
+  })
+
+  test('should use constructor.name when strategy instance name property is empty', async () => {
+    class CustomNamedStrategy extends TestStrategy {
+      constructor () {
+        super('test')
+        Object.defineProperty(this, 'name', {
+          value: '',
+          writable: false,
+          configurable: true
+        })
+      }
+    }
+
+    const strategy = new CustomNamedStrategy()
+    const { server, fastifyPassport } = getConfiguredTestServer()
+
+    fastifyPassport.use('CustomNamedStrategy', strategy)
+
+    server.post(
+      '/login',
+      { preValidation: fastifyPassport.authenticate(strategy) },
+      async (request: any) => (request.user as any).name
+    )
+
+    const response = await server.inject({
+      method: 'POST',
+      payload: { login: 'test', password: 'test' },
+      url: '/login'
+    })
+
+    assert.strictEqual(response.statusCode, 200)
+  })
+})

test/authentication-route.test.ts

@@ -0,0 +1,139 @@
+import assert from 'node:assert'
+import { describe, test } from 'node:test'
+import Authenticator from '../src/Authenticator'
+import { getConfiguredTestServer } from './helpers'
+
+describe('Authenticator edge cases', () => {
+  test('should throw error when no serializer succeeds', async () => {
+    const fastifyPassport = new Authenticator()
+
+    fastifyPassport.registerUserSerializer(async () => {
+      throw 'pass' // eslint-disable-line no-throw-literal
+    })
+    fastifyPassport.registerUserSerializer(async () => {
+      throw 'pass' // eslint-disable-line no-throw-literal
+    })
+
+    const { server } = getConfiguredTestServer()
+
+    try {
+      await fastifyPassport.serializeUser({ name: 'test' }, server.inject as any)
+      assert.fail('Should have thrown an error')
+    } catch (error: any) {
+      assert.ok(error.message.includes('Failed to serialize user into session'))
+      assert.ok(error.message.includes('Tried 2 serializers'))
+    }
+  })
+
+  test('should use options.assignProperty instead of default user property in authorize', async () => {
+    const { server, fastifyPassport } = getConfiguredTestServer()
+
+    server.post(
+      '/authorize',
+      { preValidation: fastifyPassport.authorize('test', { assignProperty: 'account' }) },
+      async (request: any, reply) => {
+        reply.send({ account: request.account })
+      }
+    )
+
+    const response = await server.inject({
+      method: 'POST',
+      payload: { login: 'test', password: 'test' },
+      url: '/authorize'
+    })
+
+    assert.strictEqual(response.statusCode, 200)
+    const body = response.json()
+    assert.ok(body.account)
+    assert.strictEqual(body.account.name, 'test')
+  })
+
+  test('should handle authorize with callback function as second parameter', async () => {
+    const { server, fastifyPassport } = getConfiguredTestServer()
+
+    server.post('/authorize', async (request: any, reply) => {
+      const handler = fastifyPassport.authorize(
+        'test',
+        async (req: any, rep: any, err: any, user: any) => {
+          if (err) {
+            return rep.status(500).send({ error: err.message })
+          }
+          rep.send({ authorizedUser: user })
+        }
+      )
+      return handler.call(server, request, reply)
+    })
+
+    const response = await server.inject({
+      method: 'POST',
+      payload: { login: 'test', password: 'test' },
+      url: '/authorize'
+    })
+
+    assert.strictEqual(response.statusCode, 200)
+    const body = response.json()
+    assert.ok(body.authorizedUser)
+  })
+
+  test('should use default authInfo transformer when no transformers are registered', async () => {
+    const fastifyPassport = new Authenticator()
+    const { server } = getConfiguredTestServer()
+
+    const info = { message: 'test info' }
+    const result = await fastifyPassport.transformAuthInfo(info, server.inject as any)
+
+    assert.deepStrictEqual(result, info)
+  })
+
+  test('should transform authInfo with registered transformer', async () => {
+    const fastifyPassport = new Authenticator()
+
+    fastifyPassport.registerAuthInfoTransformer(async (info) => {
+      return { ...info, transformed: true }
+    })
+
+    const { server } = getConfiguredTestServer()
+    const info = { message: 'test info' }
+    const result = await fastifyPassport.transformAuthInfo(info, server.inject as any)
+
+    assert.strictEqual(result.message, 'test info')
+    assert.strictEqual(result.transformed, true)
+  })
+
+  test('should skip infoTransformers that throw "pass"', async () => {
+    const fastifyPassport = new Authenticator()
+
+    fastifyPassport.registerAuthInfoTransformer(async () => {
+      throw 'pass' // eslint-disable-line no-throw-literal
+    })
+
+    fastifyPassport.registerAuthInfoTransformer(async (info) => {
+      return { ...info, transformed: true }
+    })
+
+    const { server } = getConfiguredTestServer()
+    const info = { message: 'test info' }
+    const result = await fastifyPassport.transformAuthInfo(info, server.inject as any)
+
+    assert.strictEqual(result.message, 'test info')
+    assert.strictEqual(result.transformed, true)
+  })
+
+  test('should throw error from transformer if not "pass"', async () => {
+    const fastifyPassport = new Authenticator()
+
+    fastifyPassport.registerAuthInfoTransformer(async () => {
+      throw new Error('Transformer error')
+    })
+
+    const { server } = getConfiguredTestServer()
+    const info = { message: 'test info' }
+
+    try {
+      await fastifyPassport.transformAuthInfo(info, server.inject as any)
+      assert.fail('Should have thrown an error')
+    } catch (error: any) {
+      assert.strictEqual(error.message, 'Transformer error')
+    }
+  })
+})