Skip to content

Commit 2bdb5e0

Browse files
dac09dac09
committed
Cleanup, update shared.test
1 parent 3cdb37d commit 2bdb5e0

2 files changed

Lines changed: 32 additions & 24 deletions

File tree

packages/auth-providers/dbAuth/api/src/__tests__/shared.test.ts

Lines changed: 32 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -303,9 +303,7 @@ describe('session cookie extraction', () => {
303303
expect(extractCookie(event)).toBeUndefined()
304304
})
305305

306-
// @TODO: Disabled Studio Auth Implementation
307-
// we need to avoid using body instead of headers
308-
it.skip('extracts GraphiQL cookie from the header extensions', () => {
306+
it('extracts GraphiQL cookie from the body extensions', () => {
309307
const dbUserId = 42
310308

311309
const cookie = encryptToCookie(JSON.stringify({ id: dbUserId }))
@@ -322,33 +320,46 @@ describe('session cookie extraction', () => {
322320
expect(extractCookie(event)).toEqual(cookie)
323321
})
324322

325-
// @TODO: Disabled Studio Auth Implementation
326-
// we need to avoid using body instead of headers
327-
it.skip('overwrites cookie with event header GraphiQL when in dev', () => {
328-
const sessionCookie = encryptToCookie(
329-
JSON.stringify({ id: 9999999999 }) + ';' + 'token'
323+
it('extracts GraphiQL cookie from the rw-studio header (Fetch request)', () => {
324+
const dbUserId = 42
325+
326+
const impersonatedCookie = encryptToCookie(
327+
JSON.stringify({ id: dbUserId })
330328
)
331329

332-
event = {
330+
const req = new Request('http://localhost:8910/_rw_mw', {
331+
method: 'POST',
333332
headers: {
334-
cookie: sessionCookie,
333+
'auth-provider': 'dbAuth',
334+
'rw-studio-impersonation-cookie': impersonatedCookie,
335+
authorization: 'Bearer ' + dbUserId,
335336
},
336-
}
337+
})
338+
339+
expect(extractCookie(req)).toEqual(impersonatedCookie)
340+
})
341+
342+
it('impersonation cookie takes precendence', () => {
343+
const sessionCookie = encryptToCookie(
344+
JSON.stringify({ id: 9999999999 }) + ';' + 'token'
345+
)
337346

338347
const dbUserId = 42
339348

340-
const cookie = encryptToCookie(JSON.stringify({ id: dbUserId }))
341-
event.body = JSON.stringify({
342-
extensions: {
343-
headers: {
344-
'auth-provider': 'dbAuth',
345-
cookie,
346-
authorization: 'Bearer ' + dbUserId,
347-
},
349+
const impersonatedCookie = encryptToCookie(
350+
JSON.stringify({ id: dbUserId })
351+
)
352+
353+
event = {
354+
headers: {
355+
cookie: sessionCookie, // This user doesn't exist
356+
'auth-provider': 'dbAuth',
357+
'rw-studio-impersonation-cookie': impersonatedCookie,
358+
authorization: 'Bearer ' + dbUserId,
348359
},
349-
})
360+
}
350361

351-
expect(extractCookie(event)).toEqual(cookie)
362+
expect(extractCookie(event)).toEqual(impersonatedCookie)
352363
})
353364
})
354365
})

packages/auth-providers/dbAuth/api/src/shared.ts

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -94,9 +94,6 @@ const legacyDecryptSession = (encryptedText: string) => {
9494
// Extracts the session cookie from an event, handling both
9595
// development environment GraphiQL headers and production environment headers.
9696
export const extractCookie = (event: APIGatewayProxyEvent | Request) => {
97-
// @TODO Disabling Studio Auth impersonation: it uses body instead of headers
98-
// this feels a bit off, but also requires the parsing to become async
99-
10097
return eventGraphiQLHeadersCookie(event) || getEventHeader(event, 'Cookie')
10198
}
10299

0 commit comments

Comments
 (0)