Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix forbidden access to the logged endpoints after successful auth/restore. #260

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

KLarpen
Copy link
Contributor

@KLarpen KLarpen commented Dec 15, 2023

Closes: #238

  • tests and linter show no problems (npm t)
  • tests are added/updated for bug fixes and new features
  • code is properly formatted (npm run fmt)

Problem: forbidden access to the logged endpoints after successful `auth/restore`.

Closes: metarhia#238
@KLarpen
Copy link
Contributor Author

KLarpen commented Dec 18, 2023

Please review @tshemsedinov . The fix ready to be applied. Additionally I had tried to write test for checking the right session restoration behavior but didn't commit it. Because the test passes successfully even without fix code applied due to test environment didn't reach the problematic part of it. So there is no sense in committing the test that can't catch an issue this PR references.

The test itself is possibly good candidate to review my approaches at the next call. Anyway this PR ready to land without this additional test.

Not commited test case application/domain/tests/session.test.js

({
  name: 'Auth session test',

  async run(t) {
    const url = 'ws://127.0.0.1:8001/api';
    const metacom = metarhia.metacom.Metacom.create(url);
    await metacom.load('auth', 'example');

    const initial = await metacom.api.auth.signin({
      login: 'marcus',
      password: 'marcus',
    });
    const { token } = initial;

    await t.test('Start logged session', async () => {
      node.assert.strictEqual(initial.status, 'logged');
      node.assert.strictEqual(typeof token, 'string');
    });

    await t.test(`Call logged endpoint`, async () => {
      const res = await metacom.api.example.wait({ delay: 1 });
      node.assert.strictEqual(res, 'done');
    });

    const reloadedClient = metarhia.metacom.Metacom.create(url);
    await reloadedClient.load('auth', 'example');

    await t.test('Restore the session from token', async () => {
      const restored = await reloadedClient.api.auth.restore({ token });
      node.assert.strictEqual(restored.status, 'logged');
    });

    await t.test(`Recall logged endpoint`, async () => {
      const res = await reloadedClient.api.example.wait({ delay: 1 });
      node.assert.strictEqual(res, 'done');
    });
  },
});

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Potentially error
2 participants