forked from cardosofelipe/fast-next-template
Replace crypto tests with comprehensive unit tests for authStore, storage, and configuration modules
- Removed outdated `crypto` tests; added dedicated and structured tests for `authStore`, `storage`, and `app.config`. - Enhanced test coverage for user and token validation, secure persistence, state management, and configuration parsing. - Consolidated encryption and storage error handling with thorough validation to ensure SSR-safety and resilience. - Improved runtime validations for tokens and configuration with stricter type checks and fallback mechanisms.
This commit is contained in:
Felipe Cardoso
@@ -1,109 +0,0 @@
|
||||
/**
|
||||
* Tests for crypto utilities
|
||||
*/
|
||||
|
||||
import { encryptData, decryptData, clearEncryptionKey } from '../crypto';
|
||||
|
||||
describe('Crypto Utilities', () => {
|
||||
beforeEach(() => {
|
||||
// Clear encryption key before each test
|
||||
clearEncryptionKey();
|
||||
sessionStorage.clear();
|
||||
});
|
||||
|
||||
describe('encryptData', () => {
|
||||
it('should encrypt string data', async () => {
|
||||
const plaintext = 'test data';
|
||||
const encrypted = await encryptData(plaintext);
|
||||
|
||||
expect(encrypted).toBeDefined();
|
||||
expect(typeof encrypted).toBe('string');
|
||||
expect(encrypted).not.toBe(plaintext);
|
||||
});
|
||||
|
||||
it('should produce different ciphertext for same plaintext', async () => {
|
||||
const plaintext = 'test data';
|
||||
const encrypted1 = await encryptData(plaintext);
|
||||
const encrypted2 = await encryptData(plaintext);
|
||||
|
||||
// Due to random IV, ciphertexts should be different
|
||||
expect(encrypted1).not.toBe(encrypted2);
|
||||
});
|
||||
|
||||
it('should handle empty strings', async () => {
|
||||
const encrypted = await encryptData('');
|
||||
expect(encrypted).toBeDefined();
|
||||
});
|
||||
|
||||
it('should handle special characters', async () => {
|
||||
const special = '!@#$%^&*()_+-=[]{}|;:",.<>?/~`';
|
||||
const encrypted = await encryptData(special);
|
||||
const decrypted = await decryptData(encrypted);
|
||||
|
||||
expect(decrypted).toBe(special);
|
||||
});
|
||||
});
|
||||
|
||||
describe('decryptData', () => {
|
||||
it('should decrypt data encrypted by encryptData', async () => {
|
||||
const plaintext = 'test data';
|
||||
const encrypted = await encryptData(plaintext);
|
||||
const decrypted = await decryptData(encrypted);
|
||||
|
||||
expect(decrypted).toBe(plaintext);
|
||||
});
|
||||
|
||||
it('should throw error for invalid encrypted data', async () => {
|
||||
await expect(decryptData('invalid')).rejects.toThrow();
|
||||
});
|
||||
|
||||
it('should throw error for tampered data', async () => {
|
||||
const plaintext = 'test data';
|
||||
const encrypted = await encryptData(plaintext);
|
||||
|
||||
// Tamper with encrypted data
|
||||
const tampered = encrypted.slice(0, -4) + 'XXXX';
|
||||
|
||||
await expect(decryptData(tampered)).rejects.toThrow();
|
||||
});
|
||||
});
|
||||
|
||||
describe('clearEncryptionKey', () => {
|
||||
it('should clear encryption key from session', async () => {
|
||||
// Encrypt some data (creates key)
|
||||
await encryptData('test');
|
||||
|
||||
// Clear key
|
||||
clearEncryptionKey();
|
||||
|
||||
// Session storage should be empty
|
||||
expect(sessionStorage.getItem('auth_encryption_key')).toBeNull();
|
||||
});
|
||||
|
||||
it('should invalidate previously encrypted data after key cleared', async () => {
|
||||
const plaintext = 'test data';
|
||||
const encrypted = await encryptData(plaintext);
|
||||
|
||||
// Clear key
|
||||
clearEncryptionKey();
|
||||
|
||||
// Try to decrypt - should fail because key is regenerated
|
||||
await expect(decryptData(encrypted)).rejects.toThrow();
|
||||
});
|
||||
});
|
||||
|
||||
describe('Key persistence', () => {
|
||||
it('should reuse same key within session', async () => {
|
||||
const plaintext = 'test data';
|
||||
|
||||
const encrypted1 = await encryptData(plaintext);
|
||||
const decrypted1 = await decryptData(encrypted1);
|
||||
|
||||
const encrypted2 = await encryptData(plaintext);
|
||||
const decrypted2 = await decryptData(encrypted2);
|
||||
|
||||
expect(decrypted1).toBe(plaintext);
|
||||
expect(decrypted2).toBe(plaintext);
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -134,14 +134,17 @@ export async function getTokens(): Promise<TokenStorage | null> {
|
||||
}
|
||||
|
||||
const decrypted = await decryptData(encrypted);
|
||||
const tokens = JSON.parse(decrypted) as TokenStorage;
|
||||
const parsed = JSON.parse(decrypted);
|
||||
|
||||
// Validate structure
|
||||
if (!tokens || typeof tokens !== 'object') {
|
||||
// Validate structure - must have required fields
|
||||
if (!parsed || typeof parsed !== 'object' ||
|
||||
!('accessToken' in parsed) || !('refreshToken' in parsed) ||
|
||||
(parsed.accessToken !== null && typeof parsed.accessToken !== 'string') ||
|
||||
(parsed.refreshToken !== null && typeof parsed.refreshToken !== 'string')) {
|
||||
throw new Error('Invalid token structure');
|
||||
}
|
||||
|
||||
return tokens;
|
||||
return parsed as TokenStorage;
|
||||
} catch (error) {
|
||||
console.error('Failed to retrieve tokens:', error);
|
||||
// If decryption fails, clear invalid data
|
||||
|
||||
Reference in New Issue
Block a user