stack/apps/web/src/lib/sso-providers.test.ts

import { afterEach, describe, expect, it, vi } from 'vitest';
import { getEnabledSsoProviders, getSsoProvider } from './sso-providers';

describe('sso-providers', () => {
  afterEach(() => {
    vi.unstubAllEnvs();
  });

  it('returns the enabled providers in login button order', () => {
    vi.stubEnv('NEXT_PUBLIC_WORKOS_ENABLED', 'true');
    vi.stubEnv('NEXT_PUBLIC_KEYCLOAK_ENABLED', 'true');

    expect(getEnabledSsoProviders()).toEqual([
      {
        id: 'workos',
        buttonLabel: 'Continue with WorkOS',
        description: 'Enterprise SSO via WorkOS',
        enabled: true,
        href: '/auth/provider/workos',
      },
      {
        id: 'keycloak',
        buttonLabel: 'Continue with Keycloak',
        description: 'Enterprise SSO via Keycloak',
        enabled: true,
        href: '/auth/provider/keycloak',
      },
    ]);
  });

  it('marks disabled providers without exposing them in the enabled list', () => {
    vi.stubEnv('NEXT_PUBLIC_WORKOS_ENABLED', 'true');
    vi.stubEnv('NEXT_PUBLIC_KEYCLOAK_ENABLED', 'false');

    expect(getEnabledSsoProviders().map((provider) => provider.id)).toEqual(['workos']);
    expect(getSsoProvider('keycloak')).toEqual({
      id: 'keycloak',
      buttonLabel: 'Continue with Keycloak',
      description: 'Enterprise SSO via Keycloak',
      enabled: false,
      href: '/auth/provider/keycloak',
    });
  });

  it('returns null for unknown providers', () => {
    expect(getSsoProvider('authentik')).toBeNull();
  });
});