resolutionflow/frontend/src/lib/oauthState.test.ts

import { describe, it, expect } from 'vitest'
import { encodeOAuthState, decodeOAuthState } from './oauthState'

describe('oauthState', () => {
  it('round-trips ASCII payloads', () => {
    const encoded = encodeOAuthState({
      csrf: 'abc123',
      accountInviteCode: 'CODE12345',
      invitedEmail: 'user@example.com',
    })
    expect(encoded).not.toContain('+')
    expect(encoded).not.toContain('/')
    expect(encoded).not.toContain('=')
    expect(decodeOAuthState(encoded)).toEqual({
      csrf: 'abc123',
      accountInviteCode: 'CODE12345',
      invitedEmail: 'user@example.com',
    })
  })

  it('round-trips non-Latin-1 email characters without throwing', () => {
    // Pre-fix: btoa(json) throws DOMException on code points > 255.
    const payload = {
      csrf: 'abc123',
      accountInviteCode: 'CODE12345',
      invitedEmail: 'user@münchen.de',
    }
    const encoded = encodeOAuthState(payload)
    expect(decodeOAuthState(encoded)).toEqual(payload)
  })

  it('round-trips emoji and CJK characters', () => {
    const payload = {
      csrf: 'abc123',
      accountInviteCode: 'CODE12345',
      invitedEmail: '日本語+🎉@例え.jp',
    }
    expect(decodeOAuthState(encodeOAuthState(payload))).toEqual(payload)
  })

  it('returns null for legacy raw-hex CSRF state (not JSON)', () => {
    expect(decodeOAuthState('a1b2c3d4e5f60718293a4b5c6d7e8f90')).toBeNull()
  })

  it('returns null for null / empty input', () => {
    expect(decodeOAuthState(null)).toBeNull()
    expect(decodeOAuthState('')).toBeNull()
  })

  it('returns null for malformed base64', () => {
    expect(decodeOAuthState('!!!not-base64!!!')).toBeNull()
  })
})