Skip to content

Fix forbidden access to the logged endpoints after successful auth/restore. #260

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix forbidden access to the logged endpoints after successful auth/restore. #260

wants to merge 1 commit into from

Conversation

@KLarpen
Copy link
Contributor

@KLarpen KLarpen commented Dec 15, 2023
edited
Loading

Closes: #238

  • tests and linter show no problems (npm t)
  • tests are added/updated for bug fixes and new features
  • code is properly formatted (npm run fmt)

@KLarpen
Fix session auth/restore logic
940bc5f 
Problem: forbidden access to the logged endpoints after successful `auth/restore`.

Closes: metarhia#238
@KLarpen
Copy link
Contributor Author

KLarpen commented Dec 18, 2023

Please review @tshemsedinov . The fix ready to be applied. Additionally I had tried to write test for checking the right session restoration behavior but didn't commit it. Because the test passes successfully even without fix code applied due to test environment didn't reach the problematic part of it. So there is no sense in committing the test that can't catch an issue this PR references.

The test itself is possibly good candidate to review my approaches at the next call. Anyway this PR ready to land without this additional test.

Not commited test case application/domain/tests/session.test.js

({
  name: 'Auth session test',

  async run(t) {
    const url = 'ws://127.0.0.1:8001/api';
    const metacom = metarhia.metacom.Metacom.create(url);
    await metacom.load('auth', 'example');

    const initial = await metacom.api.auth.signin({
      login: 'marcus',
      password: 'marcus',
    });
    const { token } = initial;

    await t.test('Start logged session', async () => {
      node.assert.strictEqual(initial.status, 'logged');
      node.assert.strictEqual(typeof token, 'string');
    });

    await t.test(`Call logged endpoint`, async () => {
      const res = await metacom.api.example.wait({ delay: 1 });
      node.assert.strictEqual(res, 'done');
    });

    const reloadedClient = metarhia.metacom.Metacom.create(url);
    await reloadedClient.load('auth', 'example');

    await t.test('Restore the session from token', async () => {
      const restored = await reloadedClient.api.auth.restore({ token });
      node.assert.strictEqual(restored.status, 'logged');
    });

    await t.test(`Recall logged endpoint`, async () => {
      const res = await reloadedClient.api.example.wait({ delay: 1 });
      node.assert.strictEqual(res, 'done');
    });
  },
});

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tshemsedinov tshemsedinov tshemsedinov approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Potentially error

2 participants

@KLarpen @tshemsedinov