Merge pull request #20222 from mozilla/fix-ai-slop

polish(auth): Fix ai-slop

Author: dschom

packages/fxa-auth-server/test/remote/oauth_api.in.spec.ts

@@ -1,4 +1,3 @@
-export {};
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@@ -237,7 +236,10 @@ describe('#integration - /v1', function () {
             expect(redirect.query.scope).toBe('1');
             // unknown query params are forwarded
             expect(redirect.query.a).toBe('b');
-            const target = url.parse(config.get('oauthServer.contentUrl'), true);
+            const target = url.parse(
+              config.get('oauthServer.contentUrl'),
+              true
+            );
             expect(redirect.pathname).toBe('/authorization');
             expect(redirect.host).toBe(target.host);
           });
@@ -594,9 +596,7 @@ describe('#integration - /v1', function () {
             expect(res.statusCode).toBe(200);
             assertSecurityHeaders(res);
             expect(res.result.state).toBe('aa');
-            expect(
-              url.parse(res.result.redirect, true).query.state
-            ).toBe('aa');
+            expect(url.parse(res.result.redirect, true).query.state).toBe('aa');
           });
       });
     });
@@ -835,7 +835,9 @@ describe('#integration - /v1', function () {
               expect(res.result.token_type).toBe('bearer');
               expect(res.result.scope).toBeTruthy();
               expect(res.result.expires_in <= defaultExpiresIn).toBeTruthy();
-              expect(res.result.expires_in > defaultExpiresIn - 10).toBeTruthy();
+              expect(
+                res.result.expires_in > defaultExpiresIn - 10
+              ).toBeTruthy();
               expect(res.result.auth_at).toBeTruthy();
             });
         });
@@ -1369,7 +1371,8 @@ describe('#integration - /v1', function () {
 
         describe('when used by a public client (PKCE)', function () {
           const code_verifier = 'WFX-9dPwcpPIXt8c5Pbx09_Z61zPm1Fjwv89lVrukOh';
-          const code_verifier_bad = 'QnuuNM5gfnJmWwIjiOKk2SKn8A89tph3-8BjNUUtooJ';
+          const code_verifier_bad =
+            'QnuuNM5gfnJmWwIjiOKk2SKn8A89tph3-8BjNUUtooJ';
           const code_challenge = 'xWVKKAQVD9XSXT4Z4Oh8dLJ5pqrr0gQes2QwZOVJyAk';
           const secret2 = unique.secret();
           const client2 = {
@@ -2062,7 +2065,9 @@ describe('#integration - /v1', function () {
 
             expect(res.statusCode).toBe(200);
             assertSecurityHeaders(res);
-            expect(res.result.scope).toBe('email https://identity.mozilla.com/apps/notes');
+            expect(res.result.scope).toBe(
+              'email https://identity.mozilla.com/apps/notes'
+            );
           });
         });
       });
@@ -2294,7 +2299,9 @@ describe('#integration - /v1', function () {
           expect(res.statusCode).toBe(200);
           expect(res.result.access_token).toBeTruthy();
           // Should contain all requested scopes (including invalid ones)
-          expect(res.result.scope).toBe('profile email invalid:scope another:invalid');
+          expect(res.result.scope).toBe(
+            'profile email invalid:scope another:invalid'
+          );
         });
       });
     });
@@ -3148,9 +3155,7 @@ describe('#integration - /v1', function () {
 
     // Skipped: requires config/oldKey.json which is not generated by default
     it.skip('should include the oldKey if present', function () {
-      expect(
-        config.get('oauthServer.openid.oldKey')
-      ).toBeTruthy();
+      expect(config.get('oauthServer.openid.oldKey')).toBeTruthy();
       return Server.api
         .get({
           url: '/jwks',
@@ -3322,11 +3327,7 @@ describe('#integration - /v1', function () {
         const clients = res.result;
         expect(clients.length).toBe(3);
         expect(clients[0].client_id).toBe(client2Id.toString('hex'));
-        expect(clients[0].scope).toEqual([
-          'aaaSortMeFirst',
-          'other',
-          'scope',
-        ]);
+        expect(clients[0].scope).toEqual(['aaaSortMeFirst', 'other', 'scope']);
         expect(clients[0].refresh_token_id).toBeTruthy();
         expect(clients[1].client_id).toBe(client2Id.toString('hex'));
         expect(clients[1].scope).toEqual(['profile']);

packages/fxa-auth-server/test/remote/oauth_db.in.spec.ts

@@ -1,5 +1,3 @@
-export {};
-
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@@ -49,10 +47,7 @@ describe('db', () => {
       };
     }
 
-    it(
-      '2-byte encoding preserved',
-      makeTest(randomString(8), 'Düsseldorf')
-    );
+    it('2-byte encoding preserved', makeTest(randomString(8), 'Düsseldorf'));
     it('3-byte encoding preserved', makeTest(randomString(8), '北京'));
     it('4-byte encoding throws with mysql', async () => {
       const data = {
@@ -314,8 +309,7 @@ describe('db', () => {
 
   describe('scopes', () => {
     it('can register and fetch scopes', async () => {
-      const scopeName =
-        'https://some-scope.mozilla.org/apps/' + Math.random();
+      const scopeName = 'https://some-scope.mozilla.org/apps/' + Math.random();
       const notFoundScope = 'https://some-scope-404.mozilla.org';
       const newScope = {
         scope: scopeName,
@@ -523,9 +517,7 @@ describe('db', () => {
 
       expect(await db.getRefreshToken(refreshTokenIdHash)).toBeFalsy();
 
-      const tokenIdHash = hex(
-        encrypt.hash(accessToken.token.toString('hex'))
-      );
+      const tokenIdHash = hex(encrypt.hash(accessToken.token.toString('hex')));
       expect(await db.getAccessToken(tokenIdHash)).toBeFalsy();
     });
   });
@@ -574,9 +566,7 @@ describe('db', () => {
       }
       const token = await db.getUniqueRefreshTokensByUid(hex(userId));
       expect(token.length).toBe(1);
-      expect(token[0].lastUsedAt.getTime()).toBe(
-        lastUsedAtValues[2].getTime()
-      );
+      expect(token[0].lastUsedAt.getTime()).toBe(lastUsedAtValues[2].getTime());
     });
   });
 });

packages/fxa-auth-server/test/remote/oauth_key_management.in.spec.ts

@@ -1,5 +1,3 @@
-export {};
-
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@@ -46,81 +44,73 @@ describe('the signing-key management scripts', () => {
     rimraf.sync(workDir);
   });
 
-  it(
-    'work as intended',
-    () => {
-      // Initially, the directory is empty.
-      expect(fs.readdirSync(workDir)).toEqual([]);
-
-      // We can't run any of the other management scripts until we generate initial set of keys.
-      expect(() => runScript('prepare-new-signing-key.js')).toThrow(
-        /oauthServer\.openid\.key is missing/
-      );
-      expect(() => runScript('activate-new-signing-key.js')).toThrow(
-        /oauthServer\.openid\.key is missing/
-      );
-      expect(() => runScript('retire-old-signing-key.js')).toThrow(
-        /oauthServer\.openid\.key is missing/
-      );
-
-      // Need to initialize some keys
-      runScript('oauth_gen_keys.js');
-      expect(fs.readdirSync(workDir).length).toBe(2);
-      expect(fs.existsSync(keyFile)).toBe(true);
-      expect(fs.existsSync(newKeyFile)).toBe(false);
-      expect(fs.existsSync(oldKeyFile)).toBe(true);
-
-      const kid = JSON.parse(fs.readFileSync(keyFile, 'utf-8')).kid;
-      expect(kid).toBeTruthy();
-
-      // That generated a fake old key, which we can retire.
-      runScript('retire-old-signing-key.js');
-      expect(fs.readdirSync(workDir).length).toBe(1);
-      expect(fs.existsSync(keyFile)).toBe(true);
-      expect(fs.existsSync(newKeyFile)).toBe(false);
-      expect(fs.existsSync(oldKeyFile)).toBe(false);
-
-      // But it didn't generate a new key, so we can't activate it.
-      expect(() => runScript('activate-new-signing-key.js')).toThrow(
-        /missing new signing key/
-      );
-
-      // Generate new signing key.
-      runScript('prepare-new-signing-key.js');
-      expect(fs.readdirSync(workDir).length).toBe(2);
-      expect(fs.existsSync(keyFile)).toBe(true);
-      expect(fs.existsSync(newKeyFile)).toBe(true);
-      expect(fs.existsSync(oldKeyFile)).toBe(false);
-
-      const newKid = JSON.parse(fs.readFileSync(newKeyFile, 'utf-8')).kid;
-      expect(newKid).toBeTruthy();
-      expect(newKid).not.toBe(kid);
-
-      // Now we can activate it.
-      runScript('activate-new-signing-key.js');
-      expect(fs.readdirSync(workDir).length).toBe(2);
-      expect(fs.existsSync(keyFile)).toBe(true);
-      expect(fs.existsSync(newKeyFile)).toBe(false);
-      expect(fs.existsSync(oldKeyFile)).toBe(true);
-
-      const activatedKid = JSON.parse(
-        fs.readFileSync(keyFile, 'utf-8')
-      ).kid;
-      expect(activatedKid).toBe(newKid);
-
-      // Which should have moved the previous key to old-key.
-      const retiringKid = JSON.parse(
-        fs.readFileSync(oldKeyFile, 'utf-8')
-      ).kid;
-      expect(retiringKid).toBe(kid);
-
-      // From where we can retire it completely.
-      runScript('retire-old-signing-key.js');
-      expect(fs.readdirSync(workDir).length).toBe(1);
-      expect(fs.existsSync(keyFile)).toBe(true);
-      expect(fs.existsSync(newKeyFile)).toBe(false);
-      expect(fs.existsSync(oldKeyFile)).toBe(false);
-    },
-    60000
-  );
+  it('work as intended', () => {
+    // Initially, the directory is empty.
+    expect(fs.readdirSync(workDir)).toEqual([]);
+
+    // We can't run any of the other management scripts until we generate initial set of keys.
+    expect(() => runScript('prepare-new-signing-key.js')).toThrow(
+      /oauthServer\.openid\.key is missing/
+    );
+    expect(() => runScript('activate-new-signing-key.js')).toThrow(
+      /oauthServer\.openid\.key is missing/
+    );
+    expect(() => runScript('retire-old-signing-key.js')).toThrow(
+      /oauthServer\.openid\.key is missing/
+    );
+
+    // Need to initialize some keys
+    runScript('oauth_gen_keys.js');
+    expect(fs.readdirSync(workDir).length).toBe(2);
+    expect(fs.existsSync(keyFile)).toBe(true);
+    expect(fs.existsSync(newKeyFile)).toBe(false);
+    expect(fs.existsSync(oldKeyFile)).toBe(true);
+
+    const kid = JSON.parse(fs.readFileSync(keyFile, 'utf-8')).kid;
+    expect(kid).toBeTruthy();
+
+    // That generated a fake old key, which we can retire.
+    runScript('retire-old-signing-key.js');
+    expect(fs.readdirSync(workDir).length).toBe(1);
+    expect(fs.existsSync(keyFile)).toBe(true);
+    expect(fs.existsSync(newKeyFile)).toBe(false);
+    expect(fs.existsSync(oldKeyFile)).toBe(false);
+
+    // But it didn't generate a new key, so we can't activate it.
+    expect(() => runScript('activate-new-signing-key.js')).toThrow(
+      /missing new signing key/
+    );
+
+    // Generate new signing key.
+    runScript('prepare-new-signing-key.js');
+    expect(fs.readdirSync(workDir).length).toBe(2);
+    expect(fs.existsSync(keyFile)).toBe(true);
+    expect(fs.existsSync(newKeyFile)).toBe(true);
+    expect(fs.existsSync(oldKeyFile)).toBe(false);
+
+    const newKid = JSON.parse(fs.readFileSync(newKeyFile, 'utf-8')).kid;
+    expect(newKid).toBeTruthy();
+    expect(newKid).not.toBe(kid);
+
+    // Now we can activate it.
+    runScript('activate-new-signing-key.js');
+    expect(fs.readdirSync(workDir).length).toBe(2);
+    expect(fs.existsSync(keyFile)).toBe(true);
+    expect(fs.existsSync(newKeyFile)).toBe(false);
+    expect(fs.existsSync(oldKeyFile)).toBe(true);
+
+    const activatedKid = JSON.parse(fs.readFileSync(keyFile, 'utf-8')).kid;
+    expect(activatedKid).toBe(newKid);
+
+    // Which should have moved the previous key to old-key.
+    const retiringKid = JSON.parse(fs.readFileSync(oldKeyFile, 'utf-8')).kid;
+    expect(retiringKid).toBe(kid);
+
+    // From where we can retire it completely.
+    runScript('retire-old-signing-key.js');
+    expect(fs.readdirSync(workDir).length).toBe(1);
+    expect(fs.existsSync(keyFile)).toBe(true);
+    expect(fs.existsSync(newKeyFile)).toBe(false);
+    expect(fs.existsSync(oldKeyFile)).toBe(false);
+  }, 60000);
 });

packages/fxa-auth-server/test/remote/oauth_token_route.in.spec.ts

@@ -1,5 +1,3 @@
-export {};
-
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@@ -11,8 +9,7 @@ const hex = (v: any) => (Buffer.isBuffer(v) ? v.toString('hex') : v);
 
 const UID = 'eaf0';
 const CLIENT_ID = '98e6508e88680e1b';
-const CODE =
-  'df6dcfe7bf6b54a65db5742cbcdce5c0a84a5da81a0bb6bdf5fc793eef041fc6';
+const CODE = 'df6dcfe7bf6b54a65db5742cbcdce5c0a84a5da81a0bb6bdf5fc793eef041fc6';
 const REFRESH_TOKEN = CODE;
 const DISABLED_CLIENT_ID = 'd15ab1edd15ab1ed';
 const NON_DISABLED_CLIENT_ID = '98e6508e88680e1a';
@@ -100,13 +97,22 @@ beforeAll(() => {
   // Mock the modules at their resolved paths (relative to this test file).
   // token.js at lib/routes/oauth/token.js requires('../../oauth/...') which
   // resolves to lib/oauth/..., so from test/remote/ that's ../../lib/oauth/...
-  jest.doMock('../../lib/oauth/assertion', () => tokenRoutesDepMocks['../../oauth/assertion']);
+  jest.doMock(
+    '../../lib/oauth/assertion',
+    () => tokenRoutesDepMocks['../../oauth/assertion']
+  );
   jest.doMock('../../lib/oauth/client', () => ({
     ...tokenRoutesDepMocks['../../oauth/client'],
     clientAuthValidators: realClient.clientAuthValidators,
   }));
-  jest.doMock('../../lib/oauth/grant', () => tokenRoutesDepMocks['../../oauth/grant']);
-  jest.doMock('../../lib/oauth/util', () => tokenRoutesDepMocks['../../oauth/util']);
+  jest.doMock(
+    '../../lib/oauth/grant',
+    () => tokenRoutesDepMocks['../../oauth/grant']
+  );
+  jest.doMock(
+    '../../lib/oauth/util',
+    () => tokenRoutesDepMocks['../../oauth/util']
+  );
   const tokenRouteFactory = require('../../lib/routes/oauth/token');
   tokenRoutes = tokenRouteFactory(tokenRoutesArgMocks);
 });