kestrelos/test/unit/authConfig.spec.js

import { describe, it, expect } from 'vitest'
import { getAuthConfig } from '../../server/utils/oidc.js'
import { withTemporaryEnv } from '../helpers/env.js'

describe('authConfig', () => {
  it('returns oidc disabled when OIDC env vars are unset', () => {
    withTemporaryEnv(
      { OIDC_ISSUER: undefined, OIDC_CLIENT_ID: undefined, OIDC_CLIENT_SECRET: undefined },
      () => {
        expect(getAuthConfig()).toEqual({ oidc: { enabled: false, label: '' } })
      },
    )
  })

  it.each([
    [{ OIDC_ISSUER: 'https://auth.example.com' }, false],
    [{ OIDC_CLIENT_ID: 'client' }, false],
    [{ OIDC_ISSUER: 'https://auth.example.com', OIDC_CLIENT_ID: 'client' }, false],
  ])('returns oidc disabled when only some vars are set: %j', (env, expected) => {
    withTemporaryEnv({ ...env, OIDC_CLIENT_SECRET: undefined }, () => {
      expect(getAuthConfig().oidc.enabled).toBe(expected)
    })
  })

  it('returns oidc enabled with default label when all vars are set', () => {
    withTemporaryEnv(
      {
        OIDC_ISSUER: 'https://auth.example.com',
        OIDC_CLIENT_ID: 'client',
        OIDC_CLIENT_SECRET: 'secret',
      },
      () => {
        expect(getAuthConfig()).toEqual({ oidc: { enabled: true, label: 'Sign in with OIDC' } })
      },
    )
  })

  it('uses OIDC_LABEL when set', () => {
    withTemporaryEnv(
      {
        OIDC_ISSUER: 'https://auth.example.com',
        OIDC_CLIENT_ID: 'client',
        OIDC_CLIENT_SECRET: 'secret',
        OIDC_LABEL: 'Sign in with Authentik',
      },
      () => {
        expect(getAuthConfig().oidc.label).toBe('Sign in with Authentik')
      },
    )
  })
})