From e05e8395bffd7a3510b2839e2f89c67570707e4f Mon Sep 17 00:00:00 2001
From: Jared Snider <jsnider@bitwarden.com>
Date: Wed, 24 Apr 2024 21:01:20 -0400
Subject: [PATCH] PM-7392 - Get token svc tests passing; WIP more tests to come
 for new scenarios.

---
 .../src/auth/services/token.service.spec.ts   | 23 ++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/libs/common/src/auth/services/token.service.spec.ts b/libs/common/src/auth/services/token.service.spec.ts
index 5b8af2e834..ab300c45f9 100644
--- a/libs/common/src/auth/services/token.service.spec.ts
+++ b/libs/common/src/auth/services/token.service.spec.ts
@@ -10,10 +10,12 @@ import { MessagingService } from "../../platform/abstractions/messaging.service"
 import { AbstractStorageService } from "../../platform/abstractions/storage.service";
 import { StorageLocation } from "../../platform/enums";
 import { StorageOptions } from "../../platform/models/domain/storage-options";
+import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { CsprngArray } from "../../types/csprng";
 import { UserId } from "../../types/guid";
 
 import { ACCOUNT_ACTIVE_ACCOUNT_ID } from "./account.service";
-import { DecodedAccessToken, TokenService } from "./token.service";
+import { AccessTokenKey, DecodedAccessToken, TokenService } from "./token.service";
 import {
   ACCESS_TOKEN_DISK,
   ACCESS_TOKEN_MEMORY,
@@ -27,6 +29,8 @@ import {
   SECURITY_STAMP_MEMORY,
 } from "./token.state";
 
+// TODO: add specific tests for new secure storage scenarios.
+
 describe("TokenService", () => {
   let tokenService: TokenService;
   let singleUserStateProvider: FakeSingleUserStateProvider;
@@ -216,6 +220,14 @@ describe("TokenService", () => {
       });
 
       describe("Disk storage tests (secure storage supported on platform)", () => {
+        const accessTokenKey = new SymmetricCryptoKey(
+          new Uint8Array(64) as CsprngArray,
+        ) as AccessTokenKey;
+
+        const accessTokenKeyB64 = {
+          keyB64:
+            "lI7lSoejJ1HsrTkRs2Ipm0x+YcZMKpgm7WQGCNjAWmFAyGOKossXwBJvvtbxcYDZ0G0XNY8Gp7DBXZV2tWAO5w==",
+        };
         beforeEach(() => {
           const supportsSecureStorage = true;
           tokenService = createTokenService(supportsSecureStorage);
@@ -229,7 +241,7 @@ describe("TokenService", () => {
             .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
             .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
 
-          keyGenerationService.createKey.mockResolvedValue("accessTokenKey" as any);
+          keyGenerationService.createKey.mockResolvedValue(accessTokenKey);
 
           const mockEncryptedAccessToken = "encryptedAccessToken";
 
@@ -237,6 +249,11 @@ describe("TokenService", () => {
             encryptedString: mockEncryptedAccessToken,
           } as any);
 
+          // First call resolves to null to simulate no key in secure storage
+          // then resolves to the key to simulate the key being set in secure storage
+          // and retrieved successfully to ensure it was set.
+          secureStorageService.get.mockResolvedValueOnce(null).mockResolvedValue(accessTokenKeyB64);
+
           // Act
           await tokenService.setAccessToken(
             accessTokenJwt,
@@ -248,7 +265,7 @@ describe("TokenService", () => {
           // assert that the AccessTokenKey was set in secure storage
           expect(secureStorageService.save).toHaveBeenCalledWith(
             accessTokenKeySecureStorageKey,
-            "accessTokenKey",
+            accessTokenKey,
             secureStorageOptions,
           );