refactor(server): auth service (#1383)

* refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2025-10-29 17:40:28 +00:00 · 2023-01-23 23:13:42 -05:00
parent 443d08381a
commit eade36ee82
64 changed files with 1830 additions and 1901 deletions
--- a/server/libs/domain/test/crypto.repository.mock.ts
+++ b/server/libs/domain/test/crypto.repository.mock.ts
@@ -5,5 +5,7 @@ export const newCryptoRepositoryMock = (): jest.Mocked<ICryptoRepository> => {
    randomBytes: jest.fn().mockReturnValue(Buffer.from('random-bytes', 'utf8')),
    compareSync: jest.fn().mockReturnValue(true),
    hash: jest.fn().mockImplementation((input) => Promise.resolve(`${input} (hashed)`)),
+    signJwt: jest.fn().mockReturnValue('signed-jwt'),
+    verifyJwtAsync: jest.fn().mockResolvedValue({ userId: 'test', email: 'test' }),
  };
 };
--- a/server/libs/domain/test/fixtures.ts
+++ b/server/libs/domain/test/fixtures.ts
@@ -72,4 +72,96 @@ export const systemConfigStub = {
      template: '{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}',
    },
  } as SystemConfig),
+  enabled: Object.freeze({
+    passwordLogin: {
+      enabled: true,
+    },
+    oauth: {
+      enabled: true,
+      autoRegister: true,
+      buttonText: 'OAuth',
+      autoLaunch: false,
+    },
+  } as SystemConfig),
+  disabled: Object.freeze({
+    passwordLogin: {
+      enabled: false,
+    },
+    oauth: {
+      enabled: false,
+      buttonText: 'OAuth',
+      issuerUrl: 'http://issuer,',
+      autoLaunch: false,
+    },
+  } as SystemConfig),
+  noAutoRegister: {
+    oauth: {
+      enabled: true,
+      autoRegister: false,
+      autoLaunch: false,
+    },
+    passwordLogin: { enabled: true },
+  } as SystemConfig,
+  override: {
+    oauth: {
+      enabled: true,
+      autoRegister: true,
+      autoLaunch: false,
+      buttonText: 'OAuth',
+      mobileOverrideEnabled: true,
+      mobileRedirectUri: 'http://mobile-redirect',
+    },
+    passwordLogin: { enabled: true },
+  } as SystemConfig,
+};
+
+export const loginResponseStub = {
+  user1oauth: {
+    response: {
+      accessToken: 'signed-jwt',
+      userId: 'immich_id',
+      userEmail: 'immich@test.com',
+      firstName: 'immich_first_name',
+      lastName: 'immich_last_name',
+      profileImagePath: '',
+      isAdmin: false,
+      shouldChangePassword: false,
+    },
+    cookie: [
+      'immich_access_token=signed-jwt; Secure; Path=/; Max-Age=604800; SameSite=Strict;',
+      'immich_auth_type=oauth; Secure; Path=/; Max-Age=604800; SameSite=Strict;',
+    ],
+  },
+  user1password: {
+    response: {
+      accessToken: 'signed-jwt',
+      userId: 'immich_id',
+      userEmail: 'immich@test.com',
+      firstName: 'immich_first_name',
+      lastName: 'immich_last_name',
+      profileImagePath: '',
+      isAdmin: false,
+      shouldChangePassword: false,
+    },
+    cookie: [
+      'immich_access_token=signed-jwt; Secure; Path=/; Max-Age=604800; SameSite=Strict;',
+      'immich_auth_type=password; Secure; Path=/; Max-Age=604800; SameSite=Strict;',
+    ],
+  },
+  user1insecure: {
+    response: {
+      accessToken: 'signed-jwt',
+      userId: 'immich_id',
+      userEmail: 'immich@test.com',
+      firstName: 'immich_first_name',
+      lastName: 'immich_last_name',
+      profileImagePath: '',
+      isAdmin: false,
+      shouldChangePassword: false,
+    },
+    cookie: [
+      'immich_access_token=signed-jwt; HttpOnly; Path=/; Max-Age=604800; SameSite=Strict;',
+      'immich_auth_type=password; HttpOnly; Path=/; Max-Age=604800; SameSite=Strict;',
+    ],
+  },
 };