torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): implement Android refresh token handling and session management
Some checks failed
Code Analysis and Production Deploy / analyze (push) Failing after 5m7s
Details
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Details
Code Analysis and Production Deploy / deploy-test (push) Has been skipped
Details

Browse Source 
- Added support for generating Android access tokens and managing refresh sessions in the auth endpoints.
- Implemented new tests for login, logout, and refresh functionalities specific to Android clients.
- Enhanced password reset logging with normalization and masking of email addresses.
- Created a new diagnostics endpoint for password reset attempts, including filtering and summarizing logs.
- Introduced a new utility for managing password reset logs with retention policies.
- Added tests for password reset log utilities to ensure proper functionality and privacy compliance.
- Updated WebAuthn configuration tests to validate origin handling for production and allowed origins.
This commit is contained in:
Torsten Schulz (local)
2026-05-27 19:34:32 +02:00
parent 755442fb70
commit 58fd7fa5c6
32 changed files with 1477 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
tests/webauthn-config.spec.ts Normal file
View File

@@ -0,0 +1,54 @@
import { afterEach, describe, expect, it, vi } from 'vitest'
import { getWebAuthnConfig } from '../server/utils/webauthn-config.js'
const envNames = [
'NUXT_PUBLIC_BASE_URL',
'WEBAUTHN_RP_ID',
'WEBAUTHN_ORIGIN',
'WEBAUTHN_ALLOWED_ORIGINS'
]
const originalEnv = Object.fromEntries(envNames.map(name => [name, process.env[name]]))
afterEach(() => {
for (const name of envNames) {
const originalValue = originalEnv[name]
if (originalValue === undefined) {
delete process.env[name]
} else {
process.env[name] = originalValue
}
}
vi.restoreAllMocks()
})
describe('WebAuthn origin configuration', () => {
it('accepts both production hosts when the public URL is the apex domain', () => {
vi.spyOn(console, 'log').mockImplementation(() => {})
process.env.NUXT_PUBLIC_BASE_URL = 'https://harheimertc.de'
process.env.WEBAUTHN_RP_ID = 'harheimertc.de'
delete process.env.WEBAUTHN_ORIGIN
delete process.env.WEBAUTHN_ALLOWED_ORIGINS
const config = getWebAuthnConfig()
expect(config.origin).toBe('https://harheimertc.de')
expect(config.origins).toEqual([
'https://harheimertc.de',
'https://www.harheimertc.de'
])
})
it('adds explicitly allowed origins without widening test installations implicitly', () => {
vi.spyOn(console, 'log').mockImplementation(() => {})
process.env.WEBAUTHN_ORIGIN = 'https://harheimertc.tsschulz.de'
process.env.WEBAUTHN_ALLOWED_ORIGINS = ' https://alias.tsschulz.de/ , https://alias.tsschulz.de '
const config = getWebAuthnConfig()
expect(config.origins).toEqual([
'https://harheimertc.tsschulz.de',
'https://alias.tsschulz.de'
])
})
})