test: add get management token integration tests

Author: shikaan

.env.tpl

@@ -0,0 +1,12 @@
+# App Definition for the test Application
+APP_DEFINITION_ID=
+# App Installation for the test Application
+APP_INSTALLATION_ID=
+# Space where the Application is Installed
+SPACE_ID=
+# Environment where the Application is Installed
+ENVIRONMENT_ID=
+# Organization where the Application Definition belongs
+ORGANIZATION_ID=
+# A personal access token to register the keypair before the tests
+PERSONAL_ACCESS_TOKEN=

.gitignore

@@ -1,2 +1,4 @@
 node_modules
-.idea
+.idea
+keys
+.env

.typedocrc.json

@@ -6,7 +6,8 @@
   "exclude": [
     "**/*.spec.ts",
     "**/*/index.ts",
-    "src/utils/**/*"
+    "src/utils/**/*",
+    "test/**/*"
   ],
   "out": "docs",
   "stripInternal": true,

README.md

@@ -15,14 +15,22 @@ and include it in your code like
 
 ```js
 const {getManagementToken} = require('contentful-node-apps-toolkit');
+const {appInstallationId, spaceId, privateKey} = require('./some-constants');
 
-getManagementToken(PRIVATE_KEY)
-    .then(token => {
+getManagementToken(privateKey, {appInstallationId, spaceId})
+    .then((token) => {
       console.log('Here is your app token')
       console.log(token)
     })
 ```
 
 ## API Docs
 
-API documentation is available [here](https://contentful.github.io/node-apps-toolkit/)
+API documentation is available [here](https://contentful.github.io/node-apps-toolkit/)
+
+## Testing
+
+> **:warning: Please Note**
+> 
+> In order to run integration tests all the environment variables present in 
+[`.env.tpl`](./.env.tpl) must be provided.

docs/index.html

@@ -71,16 +71,25 @@ <h2>Getting started</h2>
 				<pre><code>npm install --save contentful-<span class="hljs-keyword">node</span><span class="hljs-title">-apps-toolkit</span></code></pre>
 				<p>and include it in your code like</p>
 				<pre><code class="language-js"><span class="hljs-keyword">const</span> {getManagementToken} = <span class="hljs-built_in">require</span>(<span class="hljs-string">&#x27;contentful-node-apps-toolkit&#x27;</span>);
+<span class="hljs-keyword">const</span> {appInstallationId, spaceId, privateKey} = <span class="hljs-built_in">require</span>(<span class="hljs-string">&#x27;./some-constants&#x27;</span>);
 
-getManagementToken(PRIVATE_KEY)
-    .then(<span class="hljs-function"><span class="hljs-params">token</span> =&gt;</span> {
+getManagementToken(privateKey, {appInstallationId, spaceId})
+    .then(<span class="hljs-function">(<span class="hljs-params">token</span>) =&gt;</span> {
       <span class="hljs-built_in">console</span>.log(<span class="hljs-string">&#x27;Here is your app token&#x27;</span>)
       <span class="hljs-built_in">console</span>.log(token)
     })</code></pre>
 				<a href="#api-docs" id="api-docs" style="color: inherit; text-decoration: none;">
 					<h2>API Docs</h2>
 				</a>
 				<p>API documentation is available <a href="https://contentful.github.io/node-apps-toolkit/">here</a></p>
+				<a href="#testing" id="testing" style="color: inherit; text-decoration: none;">
+					<h2>Testing</h2>
+				</a>
+				<blockquote>
+					<p><strong>:warning: Please Note</strong></p>
+					<p>In order to run integration tests all the environment variables present in
+					<a href="./.env.tpl"><code>.env.tpl</code></a> must be provided.</p>
+				</blockquote>
 			</div>
 		</div>
 		<div class="col-4 col-menu menu-sticky-wrap menu-highlight">

docs/modules/_get_management_token_.html

@@ -87,7 +87,7 @@ <h3><span class="tsd-flag ts-flagConst">Const</span> get<wbr>Management<wbr>Toke
 						<li class="tsd-description">
 							<aside class="tsd-sources">
 								<ul>
-									<li>Defined in <a href="https://github.com/contentful/node-apps-toolkit/blob/998610d/src/keys/get-management-token.ts#L87">get-management-token.ts:87</a></li>
+									<li>Defined in <a href="https://github.com/contentful/node-apps-toolkit/blob/3b59fd3/src/keys/get-management-token.ts#L93">get-management-token.ts:93</a></li>
 								</ul>
 							</aside>
 							<div class="tsd-comment tsd-typography">

package-lock.json

@@ -6,7 +6,10 @@
   "scripts": {
     "lint": "eslint --ext .ts ./src",
     "lint:fix": "npm run lint -- --fix",
-    "test": "mocha -r ts-node/register ./src/**/*.spec.ts",
+    "pretest": "echo ' 🔑 Creating valid keypair for testing' && sh test/make-private-keys.sh &> /dev/null",
+    "test:unit": "mocha -r dotenv/config -r ts-node/register ./src/**/*.spec.ts",
+    "test:integration": "mocha -r dotenv/config -r ts-node/register ./test/**/*.test.ts",
+    "test": "npm run test:unit && npm run test:integration",
     "build": "npm run build:lib && npm run build:docs",
     "build:lib": "rm -rf lib && tsc",
     "build:docs": "typedoc --options .typedocrc.json src",
@@ -28,7 +31,9 @@
     "@types/sinon": "^9.0.7",
     "@typescript-eslint/eslint-plugin": "^4.3.0",
     "@typescript-eslint/parser": "^4.3.0",
+    "base64url": "^3.0.1",
     "debug": "^4.2.0",
+    "dotenv": "^8.2.0",
     "eslint": "^7.10.0",
     "eslint-plugin-prettier": "^3.1.4",
     "husky": "^4.3.0",

package.json

@@ -8,11 +8,15 @@ import { createGetManagementToken, getManagementToken } from './get-management-t
 import { HttpClient, HttpError, Response } from '../utils'
 import { Logger } from '../utils'
 
-const PRIVATE_KEY = fs.readFileSync(path.join(__dirname, '__fixtures__', 'key.pem'), 'utf-8')
+const PRIVATE_KEY = fs.readFileSync(path.join(__dirname, '..', '..', 'keys', 'key.pem'), 'utf-8')
 const APP_ID = 'app_id'
 const SPACE_ID = 'space_id'
 const ENVIRONMENT_ID = 'env_id'
-const DEFAULT_OPTIONS = { appId: APP_ID, spaceId: SPACE_ID, environmentId: ENVIRONMENT_ID }
+const DEFAULT_OPTIONS = {
+  appInstallationId: APP_ID,
+  spaceId: SPACE_ID,
+  environmentId: ENVIRONMENT_ID
+}
 const noop = () => {}
 
 describe('getManagementToken', () => {
@@ -35,6 +39,27 @@ describe('getManagementToken', () => {
     )
   })
 
+  describe('when using a keyId', () => {
+    it('fetches a token', async () => {
+      const mockToken = 'token'
+      const logger = (noop as unknown) as Logger
+      const post = sinon.stub()
+      post.resolves({ statusCode: 201, body: JSON.stringify({ token: mockToken }) })
+      const httpClient = ({ post } as unknown) as HttpClient
+      const getManagementToken = createGetManagementToken(logger, httpClient)
+
+      const result = await getManagementToken(PRIVATE_KEY, { ...DEFAULT_OPTIONS, keyId: 'keyId' })
+
+      assert.deepStrictEqual(result, mockToken)
+      assert(
+        post.calledWith(
+          `spaces/${SPACE_ID}/environments/${ENVIRONMENT_ID}/app_installations/${APP_ID}/access_tokens`,
+          sinon.match({ headers: { Authorization: sinon.match.string } })
+        )
+      )
+    })
+  })
+
   describe('when private key is incorrect', () => {
     it('throws if missing', async () => {
       await assert.rejects(async () => {

src/keys/__fixtures__/key.der.pub

@@ -1,4 +1,4 @@
-import { sign } from 'jsonwebtoken'
+import { sign, SignOptions } from 'jsonwebtoken'
 
 import {
   createLogger,
@@ -9,18 +9,26 @@ import {
 } from '../utils'
 
 interface GetManagementTokenOptions {
-  appId: string
+  appInstallationId: string
   spaceId: string
-  environmentId?: string
+  environmentId: string
+  keyId?: string
 }
 
 /**
  * Synchronously sign the given privateKey into a JSON Web Token string
  */
-const generateAppToken = (privateKey: string, appId: string, { log }: { log: Logger }): string => {
+const generateOneTimeToken = (
+  privateKey: string,
+  { appId, keyId }: { appId: string; keyId?: string },
+  { log }: { log: Logger }
+): string => {
   log('Signing a JWT token with private key')
   try {
-    const token = sign({}, privateKey, { algorithm: 'RS256', issuer: appId, expiresIn: '10m' })
+    const baseSignOptions: SignOptions = { algorithm: 'RS256', issuer: appId, expiresIn: '10m' }
+    const signOptions: SignOptions = keyId ? { ...baseSignOptions, keyid: keyId } : baseSignOptions
+
+    const token = sign({}, privateKey, signOptions)
     log('Successfully signed token')
     return token
   } catch (e) {
@@ -29,16 +37,21 @@ const generateAppToken = (privateKey: string, appId: string, { log }: { log: Log
   }
 }
 
-const getTokenFromAppToken = async (
+const getTokenFromOneTimeToken = async (
   appToken: string,
-  { appId, spaceId, environmentId }: { appId: string; spaceId: string; environmentId?: string },
+  {
+    appInstallationId,
+    spaceId,
+    environmentId
+  }: { appInstallationId: string; spaceId: string; environmentId: string },
   { log, http }: { log: Logger; http: HttpClient }
 ) => {
   const validateStatusCode = createValidateStatusCode([201])
 
+  log(`Requesting CMA Token with given App Token`)
+
   const response = await http.post(
-    `spaces/${spaceId}/environments/${environmentId ??
-      'master'}/app_installations/${appId}/access_tokens`,
+    `spaces/${spaceId}/environments/${environmentId}/app_installations/${appInstallationId}/access_tokens`,
     {
       headers: {
         Authorization: `Bearer ${appToken}`
@@ -50,7 +63,7 @@ const getTokenFromAppToken = async (
   )
 
   log(
-    `Successfully retrieved app access token for app ${appId} in space ${spaceId} and environment ${environmentId}`
+    `Successfully retrieved CMA Token for app ${appInstallationId} in space ${spaceId} and environment ${environmentId}`
   )
 
   return JSON.parse(response.body).token
@@ -66,8 +79,12 @@ export const createGetManagementToken = (log: Logger, http: HttpClient) => {
       throw new ReferenceError('Invalid privateKey: expected a string representing a private key')
     }
 
-    const appToken = generateAppToken(privateKey, opts.appId, { log })
-    return getTokenFromAppToken(appToken, opts, { log, http })
+    const appToken = generateOneTimeToken(
+      privateKey,
+      { appId: opts.appInstallationId, keyId: opts.keyId },
+      { log }
+    )
+    return getTokenFromOneTimeToken(appToken, opts, { log, http })
   }
 }
 

src/keys/__fixtures__/key.pem

@@ -11,6 +11,7 @@ export const createHttpClient = () => {
 
 export const createValidateStatusCode = (allowedStatusCodes: number[]) => (response: Response) => {
   if (!allowedStatusCodes.includes(response.statusCode)) {
+    console.log(response.body)
     throw new HTTPError(response)
   }
   return response

src/keys/get-management-token.spec.ts

@@ -0,0 +1,44 @@
+import * as fs from 'fs'
+import * as path from 'path'
+import * as assert from 'assert'
+
+//TODO use built version
+import { getManagementToken } from '../../src/keys'
+import { setPublicKey } from '../utils'
+import { createHttpClient } from '../../src/utils'
+
+describe('Keys Utilities', () => {
+  before(async () => {
+    const pubKey = fs.readFileSync(path.join(__dirname, '..', '..', 'keys', 'key.der.pub'))
+
+    await setPublicKey(pubKey)
+  })
+
+  it('fetches a valid CMA token for a valid key pair', async () => {
+    const appInstallationId = process.env.APP_INSTALLATION_ID
+    const spaceId = process.env.SPACE_ID
+    const environmentId = process.env.ENVIRONMENT_ID
+
+    if (!appInstallationId || !spaceId || !environmentId) {
+      throw new Error('Missing Environment setup')
+    }
+
+    const privateKey = fs.readFileSync(path.join(__dirname, '..', '..', 'keys', 'key.pem'), 'utf-8')
+
+    const token = await getManagementToken(privateKey, {
+      appInstallationId,
+      spaceId,
+      environmentId
+    })
+
+    await assert.doesNotReject(() => {
+      const http = createHttpClient()
+
+      return http.get(`spaces/${spaceId}/entries`, {
+        headers: {
+          Authorization: `Bearer ${token}`
+        }
+      })
+    })
+  })
+})

src/keys/get-management-token.ts

@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+
+mkdir -p keys
+
+openssl req -x509 -newkey rsa:4096 -nodes -batch -noout -keyout keys/key.pem
+openssl rsa -in keys/key.pem -pubout -outform DER -out keys/key.der.pub