fixes session service logic

src/services/sessionService.ts

@@ -3,17 +3,16 @@
 import { JWTPayload, jwtVerify, createRemoteJWKSet, errors } from 'jose';
 import { Assert } from '../helpers/index.js';
 import ValidationError, { ValidationErrorNames } from '../errors/validationError.js';
-import { User, UserStatus } from '../generated/api.js';
 
 export interface SessionInterface {
-  getAndValidateCurrentUser(shortSession: string): Promise<User>;
+  getAndValidateCurrentUser(shortSession: string): Promise<{ userId: string; fullName: string }>;
 }
 
 interface MyJWTPayload extends JWTPayload {
-  userID: string;
-  fullName?: string;
-  status: UserStatus;
-  explicitWebauthnID?: string;
+  name: string;
+  iss: string;
+  sub: string;
+  email: string;
 }
 
 const MIN_SHORT_SESSION_LENGTH = 10;
@@ -39,7 +38,7 @@ class Session implements SessionInterface {
     });
   }
 
-  public async getAndValidateCurrentUser(shortSession: string): Promise<User> {
+  public async getAndValidateCurrentUser(shortSession: string): Promise<{ userId: string; fullName: string }> {
     Assert.notEmptyString(shortSession, 'shortSession not given');
 
     if (shortSession.length < MIN_SHORT_SESSION_LENGTH) {
@@ -49,13 +48,13 @@ class Session implements SessionInterface {
     try {
       const { payload } = await jwtVerify(shortSession, this.jwkSet, { issuer: this.issuer });
 
-      const { userID, fullName, status, explicitWebauthnID } = payload as MyJWTPayload;
+      const { iss, name, sub } = payload as MyJWTPayload;
 
-      if (!payload.iss || payload.iss !== this.issuer) {
+      if (!iss || iss !== this.issuer) {
         throw new ValidationError(ValidationErrorNames.InvalidIssuer);
       }
 
-      return { userID, fullName, status, explicitWebauthnID };
+      return { userId: sub, fullName: name };
     } catch (error) {
       if (error instanceof errors.JWTClaimValidationFailed) {
         throw new ValidationError(ValidationErrorNames.JWTClaimValidationFailed);

tests/unit/session.test.ts

@@ -1,7 +1,6 @@
 import { createRemoteJWKSet, jwtVerify, errors } from 'jose';
 import { Session } from '../../src/services';
 import ValidationError, { ValidationErrorNames } from '../../src/errors/validationError';
-import { UserStatus } from '../../src/generated';
 import { httpStatusCodes } from '../../src/errors';
 
 // Mock jose functions
@@ -20,7 +19,6 @@ jest.mock('jose', () => {
 describe('Session Service Unit Tests', () => {
   const TEST_USER_ID = '12345';
   const TEST_FULL_NAME = 'Test Name';
-  const TEST_STATUS = UserStatus.Active;
   const TEST_ISSUER = 'https://auth.example.com';
   const JWKS_URI = 'https://example_uri.com';
   const PROJECT_ID = 'project-id';
@@ -55,9 +53,8 @@ describe('Session Service Unit Tests', () => {
     (jwtVerify as jest.Mock).mockResolvedValue({
       payload: {
         iss: 'https://invalid-issuer.com',
-        userID: TEST_USER_ID,
-        fullName: TEST_FULL_NAME,
-        status: TEST_STATUS,
+        sub: TEST_USER_ID,
+        name: TEST_FULL_NAME,
       },
     });
 
@@ -70,9 +67,8 @@ describe('Session Service Unit Tests', () => {
   test('should throw ValidationError if issuer is undefined', async () => {
     (jwtVerify as jest.Mock).mockResolvedValue({
       payload: {
-        userID: TEST_USER_ID,
-        fullName: TEST_FULL_NAME,
-        status: TEST_STATUS,
+        sub: TEST_USER_ID,
+        name: TEST_FULL_NAME,
       },
     });
 
@@ -113,18 +109,15 @@ describe('Session Service Unit Tests', () => {
     (jwtVerify as jest.Mock).mockResolvedValue({
       payload: {
         iss: TEST_ISSUER,
-        userID: TEST_USER_ID,
-        fullName: TEST_FULL_NAME,
-        status: TEST_STATUS,
+        sub: TEST_USER_ID,
+        name: TEST_FULL_NAME,
       },
     });
 
     const user = await sessionService.getAndValidateCurrentUser(SHORT_SESSION);
     expect(user).toEqual({
-      userID: TEST_USER_ID,
+      userId: TEST_USER_ID,
       fullName: TEST_FULL_NAME,
-      status: TEST_STATUS,
-      explicitWebauthnID: undefined, // optional field
     });
   });
 });