test(kratos-client-wrapper): create E2E test suite

Author: getlarge

packages/base-client-wrapper/src/lib/ory-base.service.ts

@@ -22,7 +22,7 @@ export class OryBaseService implements OnModuleInit {
           const shouldRetry =
             typeof config.retryCondition === 'function'
               ? config.retryCondition(error)
-              : true;
+              : false;
           if (config?.retries && shouldRetry) {
             const retryDelay =
               typeof config.retryDelay === 'function'

packages/keto-client-wrapper/test/docker-compose.yaml

@@ -8,6 +8,16 @@ services:
       - '44670:4467' # admin
     command: serve -c /home/ory/keto.yaml
     restart: on-failure
+    healthcheck:
+      test:
+        [
+          'CMD-SHELL',
+          'wget -nv --spider -t1 http://localhost:4466/health/ready || exit 1',
+        ]
+      interval: 3s
+      timeout: 3s
+      retries: 3
+      start_period: 2s
     volumes:
       - type: bind
         source: ./keto.yaml

packages/kratos-client-wrapper/src/lib/ory-authentication.guard.ts

@@ -2,6 +2,7 @@ import {
   CanActivate,
   ExecutionContext,
   Injectable,
+  Logger,
   mixin,
 } from '@nestjs/common';
 import { OryFrontendService } from './ory-frontend';
@@ -34,6 +35,8 @@ export const OryAuthenticationGuard = (
 ) => {
   @Injectable()
   class AuthenticationGuard implements CanActivate {
+    readonly logger = new Logger(AuthenticationGuard.name);
+
     constructor(readonly oryService: OryFrontendService) {}
 
     async canActivate(context: ExecutionContext): Promise<boolean> {
@@ -47,19 +50,13 @@ export const OryAuthenticationGuard = (
         ...options,
       };
 
-      const cookie = cookieResolver(context);
-      const xSessionToken = sessionTokenResolver(context);
-      console.warn({
-        cookie,
-        xSessionToken,
-      });
       try {
+        const cookie = cookieResolver(context);
+        const xSessionToken = sessionTokenResolver(context);
         const { data: session } = await this.oryService.toSession({
           cookie,
           xSessionToken,
         });
-        console.warn('session', session, isValidSession(session));
-
         if (!isValidSession(session)) {
           return false;
         }
@@ -68,7 +65,7 @@ export const OryAuthenticationGuard = (
         }
         return true;
       } catch (error) {
-        console.error(error);
+        this.logger.error(error);
         return false;
       }
     }

packages/kratos-client-wrapper/test/app.controller.mock.ts

@@ -0,0 +1,31 @@
+import { Controller, Get, UseGuards } from '@nestjs/common';
+
+import { ExampleService } from './app.service.mock';
+import { OryAuthenticationGuard } from '../src/lib/ory-authentication.guard';
+
+@Controller('Example')
+export class ExampleController {
+  constructor(private readonly exampleService: ExampleService) {}
+
+  @UseGuards(
+    OryAuthenticationGuard({
+      postValidationHook: (ctx, session) => {
+        const req = ctx.switchToHttp().getRequest();
+        req.session = session;
+        req.user = session.identity;
+      },
+      isValidSession(session): boolean {
+        return !!session.active;
+      },
+      sessionTokenResolver: (ctx) =>
+        ctx
+          .switchToHttp()
+          .getRequest()
+          ?.headers?.authorization?.replace('Bearer ', ''),
+    })
+  )
+  @Get()
+  getExample() {
+    return this.exampleService.getExample();
+  }
+}

packages/kratos-client-wrapper/test/app.service.mock.ts

@@ -0,0 +1,10 @@
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class ExampleService {
+  getExample() {
+    return {
+      message: 'OK',
+    };
+  }
+}

packages/kratos-client-wrapper/test/docker-compose.yaml

@@ -0,0 +1,44 @@
+version: '2.7'
+
+networks:
+  ory:
+    driver: bridge
+
+services:
+  kratos:
+    image: oryd/kratos:v1.0.0
+    ports:
+      - '44330:4433' # public
+      - '44340:4434' # admin
+    networks:
+      - ory
+    restart: unless-stopped
+    command: serve -c /etc/config/kratos/kratos.yaml --dev --watch-courier
+    healthcheck:
+      test:
+        [
+          'CMD-SHELL',
+          'wget -nv --spider -t1 http://localhost:4433/health/ready || exit 1',
+        ]
+      interval: 2s
+      timeout: 3s
+      retries: 3
+      start_period: 1s
+    volumes:
+      - type: bind
+        source: ./kratos.yaml
+        target: /etc/config/kratos/kratos.yaml
+      - type: bind
+        source: ./identity.schema.json
+        target: /etc/config/kratos/identity.schema.json
+    # for docker on linux
+    # extra_hosts:
+    #   - "host.docker.internal:host-gateway"
+
+  mailslurper:
+    image: oryd/mailslurper:latest-smtps
+    ports:
+      - '4436:4436'
+      - '4437:4437'
+    networks:
+      - ory

packages/kratos-client-wrapper/test/identity.schema.json

@@ -0,0 +1,28 @@
+{
+  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Person",
+  "type": "object",
+  "properties": {
+    "traits": {
+      "type": "object",
+      "properties": {
+        "email": {
+          "type": "string",
+          "format": "email",
+          "title": "E-Mail",
+          "minLength": 4,
+          "ory.sh/kratos": {
+            "credentials": {
+              "password": {
+                "identifier": true
+              }
+            }
+          }
+        }
+      },
+      "required": ["email"],
+      "additionalProperties": false
+    }
+  }
+}

packages/kratos-client-wrapper/test/kratos-client-wrapper.spec.ts

@@ -0,0 +1,136 @@
+import { INestApplication } from '@nestjs/common';
+import { Test, TestingModule } from '@nestjs/testing';
+import type { Identity } from '@ory/client';
+import { execSync } from 'node:child_process';
+import { randomBytes } from 'node:crypto';
+import { join, resolve } from 'node:path';
+import request from 'supertest';
+
+import { OryFrontendModule, OryFrontendService } from '../src/lib/ory-frontend';
+import {
+  OryIdentitiesModule,
+  OryIdentitiesService,
+} from '../src/lib/ory-identities';
+import { ExampleController } from './app.controller.mock';
+import { ExampleService } from './app.service.mock';
+
+describe('Kratos client wrapper E2E', () => {
+  let app: INestApplication;
+  let oryFrontendService: OryFrontendService;
+  let oryIdentityService: OryIdentitiesService;
+  const dockerComposeFile = resolve(join(__dirname, 'docker-compose.yaml'));
+  const route = '/Example';
+
+  const register = async (
+    email: string,
+    password: string
+  ): Promise<Identity> => {
+    const { data: registrationFlow } =
+      await oryFrontendService.createNativeRegistrationFlow();
+
+    const { data } = await oryFrontendService.updateRegistrationFlow({
+      flow: registrationFlow.id,
+      updateRegistrationFlowBody: {
+        traits: { email },
+        password,
+        method: 'password',
+      },
+    });
+    return data.identity;
+  };
+
+  const login = async (email: string, password: string): Promise<string> => {
+    const { data: loginFlow } =
+      await oryFrontendService.createNativeLoginFlow();
+
+    const { data } = await oryFrontendService.updateLoginFlow({
+      flow: loginFlow.id,
+      updateLoginFlowBody: {
+        password,
+        identifier: email,
+        method: 'password',
+      },
+    });
+    return data.session_token as string;
+  };
+
+  const createOryUser = async (
+    email: string,
+    password: string
+  ): Promise<{ identity: Identity; sessionToken: string }> => {
+    const identity = await register(email, password);
+    const response = await oryIdentityService.getIdentity({
+      id: identity.id,
+    });
+    expect(response.data.id).toEqual(identity.id);
+    const sessionToken = await login(email, password);
+    return { identity, sessionToken };
+  };
+
+  beforeAll(() => {
+    execSync(`docker-compose -f ${dockerComposeFile} up -d --wait`, {
+      stdio: 'ignore',
+    });
+  });
+
+  afterAll(() => {
+    execSync(`docker-compose -f ${dockerComposeFile} down`, {
+      stdio: 'ignore',
+    });
+  });
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      imports: [
+        OryFrontendModule.forRoot({
+          basePath: 'http://localhost:44330',
+        }),
+        OryIdentitiesModule.forRootAsync({
+          useFactory: () => ({
+            basePath: 'http://localhost:44340',
+            accessToken: '',
+          }),
+        }),
+      ],
+      providers: [ExampleService],
+      controllers: [ExampleController],
+    }).compile();
+
+    oryFrontendService = module.get(OryFrontendService);
+    oryIdentityService = module.get(OryIdentitiesService);
+
+    app = module.createNestApplication();
+    await app.init();
+  });
+
+  afterEach(() => {
+    return app?.close();
+  });
+
+  it('should successfully authenticate user when it is registered in Ory Kratos', async () => {
+    const password = randomBytes(8).toString('hex');
+    const email = `${randomBytes(8).toString('hex')}@example.com`;
+    const { sessionToken } = await createOryUser(email, password);
+
+    const { body } = await request(app.getHttpServer())
+      .get(route)
+      .set({
+        Authorization: `Bearer ${sessionToken}`,
+      });
+
+    expect(body).toEqual({ message: 'OK' });
+  });
+
+  it('should fail to authenticate user when it is not registered in Ory Kratos', async () => {
+    const { body } = await request(app.getHttpServer())
+      .get(route)
+      .set({
+        Authorization: `Bearer ory_st_${randomBytes(8).toString('hex')}`,
+      });
+    expect(body).toEqual({
+      error: 'Forbidden',
+      message: 'Forbidden resource',
+      statusCode: 403,
+    });
+  });
+});

packages/kratos-client-wrapper/test/kratos.yaml

@@ -0,0 +1,49 @@
+courier:
+  message_retries: 5
+  delivery_strategy: smtp
+  smtp:
+    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
+dsn: memory
+identity:
+  default_schema_id: default
+  schemas:
+    - id: default
+      url: file:///etc/config/kratos/identity.schema.json
+secrets:
+  cipher:
+    - 32-LONG-SECRET-NOT-SECURE-AT-ALL
+  cookie:
+    - cookie_secret_not_good_not_secure
+selfservice:
+  default_browser_return_url: http://127.0.0.1:8080/
+  methods:
+    code:
+      enabled: true
+    link:
+      config:
+        base_url: ''
+        lifespan: 15m
+      enabled: true
+    lookup_secret:
+      enabled: true
+    password:
+      config:
+        haveibeenpwned_enabled: true
+        identifier_similarity_check_enabled: true
+        ignore_network_errors: true
+        max_breaches: 1
+        min_password_length: 8
+      enabled: true
+    profile:
+      enabled: true
+    totp:
+      config:
+        issuer: Ticketing
+      enabled: true
+serve:
+  admin:
+    base_url: http://kratos:4434/
+  public:
+    base_url: http://127.0.0.1:4433/
+
+version: v1.0.0

packages/kratos-client-wrapper/tsconfig.spec.json

@@ -9,6 +9,8 @@
     "jest.config.ts",
     "src/**/*.test.ts",
     "src/**/*.spec.ts",
-    "src/**/*.d.ts"
+    "src/**/*.d.ts",
+    "test/**/*.mock.ts",
+    "test/**/*.spec.ts"
   ]
 }