From 1544035a11480285cd12411e98baae6885184b63 Mon Sep 17 00:00:00 2001
From: Alex Anderson <191496+alxndrsn@users.noreply.github.com>
Date: Wed, 12 Feb 2025 08:25:03 +0300
Subject: [PATCH] oidc/login: add integration test (#1399)

---
 test/integration/api/oidc.js | 46 ++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 test/integration/api/oidc.js

diff --git a/test/integration/api/oidc.js b/test/integration/api/oidc.js
new file mode 100644
index 000000000..b443e2a93
--- /dev/null
+++ b/test/integration/api/oidc.js
@@ -0,0 +1,46 @@
+const { testService } = require('../setup');
+
+describe('api: /oidc/...', () => {
+  if (process.env.TEST_AUTH === 'oidc') {
+    describe('GET /oidc/login', () => {
+      it('should redirect to IdP if no parameters are provided', testService(service =>
+        service.get('/v1/oidc/login')
+          .expect(307)
+          .then(({ text, headers }) => {
+            const expectedUrlPrefix = 'http://localhost:9898/auth?';
+            text.should.startWith('Temporary Redirect. Redirecting to ' + expectedUrlPrefix);
+            headers.location.should.startWith(expectedUrlPrefix);
+
+            const url = new URL(headers.location);
+            url.searchParams.sort();
+
+            [ ...url.searchParams.keys() ].should.eql([
+              'client_id',
+              'code_challenge',
+              'code_challenge_method',
+              'redirect_uri',
+              'resource',
+              'response_type',
+              'scope',
+              'state',
+            ]);
+
+            url.searchParams.get('client_id').should.eql('odk-central-backend-dev');
+            url.searchParams.get('code_challenge_method').should.eql('S256');
+            url.searchParams.get('redirect_uri').should.eql('http://localhost:8989/v1/oidc/callback');
+            url.searchParams.get('resource').should.eql('http://localhost:8989/v1');
+            url.searchParams.get('response_type').should.eql('code');
+            url.searchParams.get('scope').should.eql('openid email');
+
+            url.searchParams.get('code_challenge').should.match(/^[a-zA-Z0-9-_]{43}$/);
+            url.searchParams.get('state'         ).should.match(/^[a-zA-Z0-9-_]{43}:$/); // eslint-disable-line space-in-parens,no-multi-spaces
+          })));
+    });
+  } else { // OIDC not enabled
+    describe('GET /oidc/login', () => {
+      it('should not exist', testService(service =>
+        service.get('/v1/oidc/login')
+          .expect(404)));
+    });
+  }
+});