-
Notifications
You must be signed in to change notification settings - Fork 8.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
60a930c
commit cfa7d7b
Showing
1 changed file
with
80 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -671,6 +671,46 @@ describe("GoogleCalendarService credential handling", () => { | |
| }, | ||
| } as const; | ||
|
|
||
| const createMockJWTInstance = ({ | ||
| email = "[email protected]", | ||
| authorizeError, | ||
| }: { | ||
| email?: string; | ||
| authorizeError?: { response?: { data?: { error?: string } } } | Error; | ||
| }) => { | ||
| const mockJWTInstance = { | ||
| type: "jwt", | ||
| config: { | ||
| email: delegatedCredential.serviceAccountKey.client_email, | ||
| key: delegatedCredential.serviceAccountKey.private_key, | ||
| scopes: ["https://www.googleapis.com/auth/calendar"], | ||
| subject: email, | ||
| }, | ||
| authorize: vi.fn().mockRejectedValue(authorizeError ?? new Error("Default error")), | ||
| createScoped: vi.fn(), | ||
| getRequestMetadataAsync: vi.fn(), | ||
| fetchIdToken: vi.fn(), | ||
| hasUserScopes: vi.fn(), | ||
| getAccessToken: vi.fn(), | ||
| getRefreshToken: vi.fn(), | ||
| getTokenInfo: vi.fn(), | ||
| refreshAccessToken: vi.fn(), | ||
| revokeCredentials: vi.fn(), | ||
| revokeToken: vi.fn(), | ||
| verifyIdToken: vi.fn(), | ||
| on: vi.fn(), | ||
| setCredentials: vi.fn(), | ||
| getCredentials: vi.fn(), | ||
| hasAnyScopes: vi.fn(), | ||
| authorizeAsync: vi.fn(), | ||
| refreshTokenNoCache: vi.fn(), | ||
| createGToken: vi.fn(), | ||
| }; | ||
|
|
||
| vi.mocked(JWT).mockImplementation(() => mockJWTInstance as unknown as JWT); | ||
| return mockJWTInstance; | ||
| }; | ||
|
|
||
| test("uses JWT auth with impersonation when DWD credential is provided", async () => { | ||
| const credentialWithDWD = await createCredentialInDb({ | ||
| user: { email: "[email protected]" }, | ||
|
|
@@ -728,42 +768,15 @@ describe("GoogleCalendarService credential handling", () => { | |
| delegatedTo: delegatedCredential, | ||
| }); | ||
|
|
||
| const mockJWTInstance = { | ||
| type: "jwt", | ||
| config: { | ||
| email: delegatedCredential.serviceAccountKey.client_email, | ||
| key: delegatedCredential.serviceAccountKey.private_key, | ||
| scopes: ["https://www.googleapis.com/auth/calendar"], | ||
| subject: "[email protected]", | ||
| }, | ||
| authorize: vi.fn().mockRejectedValue({ | ||
| createMockJWTInstance({ | ||
| authorizeError: { | ||
| response: { | ||
| data: { | ||
| error: "unauthorized_client", | ||
| }, | ||
| }, | ||
| }), | ||
| createScoped: vi.fn(), | ||
| getRequestMetadataAsync: vi.fn(), | ||
| fetchIdToken: vi.fn(), | ||
| hasUserScopes: vi.fn(), | ||
| getAccessToken: vi.fn(), | ||
| getRefreshToken: vi.fn(), | ||
| getTokenInfo: vi.fn(), | ||
| refreshAccessToken: vi.fn(), | ||
| revokeCredentials: vi.fn(), | ||
| revokeToken: vi.fn(), | ||
| verifyIdToken: vi.fn(), | ||
| on: vi.fn(), | ||
| setCredentials: vi.fn(), | ||
| getCredentials: vi.fn(), | ||
| hasAnyScopes: vi.fn(), | ||
| authorizeAsync: vi.fn(), | ||
| refreshTokenNoCache: vi.fn(), | ||
| createGToken: vi.fn(), | ||
| }; | ||
|
|
||
| vi.mocked(JWT).mockImplementation(() => mockJWTInstance as unknown as JWT); | ||
| }, | ||
| }); | ||
|
|
||
| const calendarService = new CalendarService(credentialWithDWD); | ||
|
|
||
|
|
@@ -772,6 +785,42 @@ describe("GoogleCalendarService credential handling", () => { | |
| ); | ||
| }); | ||
|
|
||
| test("handles invalid_grant error (user not in workspace) appropriately", async () => { | ||
| const credentialWithDWD = await createCredentialInDb({ | ||
| user: { email: "[email protected]" }, | ||
| delegatedTo: delegatedCredential, | ||
| }); | ||
|
|
||
| createMockJWTInstance({ | ||
| authorizeError: { | ||
| response: { | ||
| data: { | ||
| error: "invalid_grant", | ||
| }, | ||
| }, | ||
| }, | ||
| }); | ||
|
|
||
| const calendarService = new CalendarService(credentialWithDWD); | ||
|
|
||
| await expect(calendarService.listCalendars()).rejects.toThrow("User might not exist in Google Workspace"); | ||
| }); | ||
|
|
||
| test("handles general DWD authorization errors appropriately", async () => { | ||
| const credentialWithDWD = await createCredentialInDb({ | ||
| user: { email: "[email protected]" }, | ||
| delegatedTo: delegatedCredential, | ||
| }); | ||
|
|
||
| createMockJWTInstance({ | ||
| authorizeError: new Error("Some unexpected error"), | ||
| }); | ||
|
|
||
| const calendarService = new CalendarService(credentialWithDWD); | ||
|
|
||
| await expect(calendarService.listCalendars()).rejects.toThrow("Error authorizing domain wide delegation"); | ||
| }); | ||
|
|
||
| test("handles missing user email for DWD appropriately", async () => { | ||
| const credentialWithDWD = await createCredentialInDb({ | ||
| user: { email: null }, | ||
|
|
||