feat: github action to run otp provider unit tests (#447)

* feat: github action for otp provider unit tests

* fix: default value for cookie secrets

* fix: warning about extra body parser

* feat: update gh action trigger condition

Author: NithinKuruba

.github/workflows/otp-provider-tests.yml

@@ -0,0 +1,69 @@
+name: Run OTP provider tests
+
+on:
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - 'docker/otp-provider'
+      - '.github/workflows/otp-provider-tests.yml'
+
+jobs:
+  otp-provider-test:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get yarn cache directory path
+        id: yarn-cache-dir-path
+        run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
+      - name: Cache Node dependencies
+        uses: actions/cache@v4
+        id: yarn-cache
+        with:
+          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
+          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: ${{ runner.os }}-yarn-
+
+      - name: Install asdf requirements
+        run: |
+          sudo apt-get install -y libssl-dev libreadline-dev uuid-dev
+
+      - name: Install asdf
+        uses: asdf-vm/actions/setup@v3
+      - name: Cache asdf tools
+        uses: actions/cache@v4
+        with:
+          path: |
+            /home/runner/.asdf
+          key: ${{ runner.os }}-${{ hashFiles('**/.tool-versions') }}
+
+      - name: Install asdf
+        uses: asdf-vm/actions/install@v3
+
+      - name: Install app specific asdf plugins
+        run: |
+          cat .tool-versions | cut -f 1 -d ' ' | xargs -n 1 asdf plugin-add || true
+          asdf plugin-update --all
+          asdf install
+          asdf reshim
+        working-directory: ./docker/otp-provider
+
+      - name: Install dependencies
+        run: yarn install
+        working-directory: ./docker/otp-provider
+
+      - name: Setup postgres
+        env:
+          PGUSER: postgres
+        run: |
+          pg_ctl start
+          createdb runner || true
+          chmod +x ./db-setup.sh
+          ./db-setup.sh otp_test
+        working-directory: ./docker/otp-provider/.bin
+
+      - name: Run unit tests
+        run: |
+          yarn test
+        working-directory: ./docker/otp-provider

docker/otp-provider/.bin/db-setup.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+if [[ -n "$1" ]]; then
+ db="$1"
+else
+ db="otp"
+fi
+
+echo "SELECT 'CREATE DATABASE $db' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$db')\gexec" | psql -U postgres -d postgres

docker/otp-provider/src/app.ts

@@ -43,9 +43,6 @@ if (NODE_ENV === 'production') {
   app.set('trust proxy', true);
 }
 
-app.use(express.json());
-app.use(express.urlencoded({ extended: true }));
-
 app.use(express.static(staticFolder + '/public'));
 
 app.set('views', path.join(staticFolder, 'views'));

docker/otp-provider/src/config.ts

@@ -26,5 +26,5 @@ export const config = {
   OTP_ATTEMPTS_ALLOWED: process.env.OTP_ATTEMPTS_ALLOWED || '5',
   OTP_RESENDS_ALLOWED_PER_DAY: process.env.OTP_RESENDS_ALLOWED_PER_DAY || '4',
   OTP_RESEND_INTERVAL_MINUTES: process.env.OTP_RESEND_INTERVAL_MINUTES || '[1,2,5,60]',
-  COOKIE_SECRET: process.env.COOKIE_SECRET || 'default_secret',
+  COOKIE_SECRETS: process.env.COOKIE_SECRETS || 's3cr3t1,s3cr3t1,s3cr3t2',
 };

docker/otp-provider/src/modules/oidc-provider.ts

@@ -6,7 +6,7 @@ import { isOrigin, hashEmail } from '../utils/helpers';
 import { getClients } from './sequelize/queries/client';
 import type { Response } from 'express';
 
-const { JWKS } = config;
+const { JWKS, COOKIE_SECRETS } = config;
 
 const jwks = JWKS || {};
 
@@ -27,7 +27,7 @@ export const getConfig = (): Configuration => {
     jwks,
     adapter: SequelizeAdapter,
     cookies: {
-      keys: new Keygrip(process.env.COOKIE_SECRETS!?.split(','), 'sha256', 'base64'),
+      keys: new Keygrip(COOKIE_SECRETS!?.split(','), 'sha256', 'base64'),
     },
     clientAuthMethods: ['client_secret_basic', 'client_secret_post', 'none'],
     issueRefreshToken() {

docker/otp-provider/src/routes/interaction.ts

@@ -1,15 +1,17 @@
-import express, { NextFunction, Request, Response } from 'express';
+import express, { NextFunction, Request, Response, urlencoded } from 'express';
 import Provider from 'oidc-provider';
 import { authorize, generateOtp, login, userConsent, abortLogin } from '../controllers/auth-controller';
 import { setNoCache } from '../utils/helpers';
 import { errors } from 'oidc-provider';
 import logger from '../modules/winston.config';
 
+const body = urlencoded({ extended: false });
+
 export const oidcRouter = async (oidcProvider: Provider) => {
   const oidcRouter = express.Router();
   oidcRouter.get('/:uid', setNoCache, await authorize(oidcProvider));
-  oidcRouter.post('/:uid/otp', setNoCache, await generateOtp(oidcProvider));
-  oidcRouter.post('/:uid/login', setNoCache, await login(oidcProvider));
+  oidcRouter.post('/:uid/otp', setNoCache, body, await generateOtp(oidcProvider));
+  oidcRouter.post('/:uid/login', setNoCache, body, await login(oidcProvider));
   oidcRouter.post('/:uid/confirm', setNoCache, await userConsent(oidcProvider));
   oidcRouter.post('/:uid/abort', await abortLogin(oidcProvider));
   oidcRouter.use((err: Error, req: Request, res: Response, next: NextFunction) => {