From 1efe4e9e3361b4e34cb2dd446ebfbbd92e74f23f Mon Sep 17 00:00:00 2001
From: Oli Juhl <59018053+olivermrbl@users.noreply.github.com>
Date: Fri, 22 Nov 2024 09:32:48 +0100
Subject: [PATCH] fix: Update js-sdk with token (#10211)

---
 .../admin/dashboard/src/hooks/api/auth.tsx    |  3 +-
 .../routes/reset-password/reset-password.tsx  |  3 +-
 packages/core/js-sdk/src/auth/index.ts        | 72 ++++++++++---------
 3 files changed, 41 insertions(+), 37 deletions(-)

diff --git a/packages/admin/dashboard/src/hooks/api/auth.tsx b/packages/admin/dashboard/src/hooks/api/auth.tsx
index 5803df26ac..6d053e87d0 100644
--- a/packages/admin/dashboard/src/hooks/api/auth.tsx
+++ b/packages/admin/dashboard/src/hooks/api/auth.tsx
@@ -58,11 +58,12 @@ export const useLogout = (options?: UseMutationOptions<void, FetchError>) => {
 }
 
 export const useUpdateProviderForEmailPass = (
+  token: string,
   options?: UseMutationOptions<void, FetchError, { password: string }>
 ) => {
   return useMutation({
     mutationFn: (payload) =>
-      sdk.auth.updateProvider("user", "emailpass", payload),
+      sdk.auth.updateProvider("user", "emailpass", payload, token),
     onSuccess: async (data, variables, context) => {
       options?.onSuccess?.(data, variables, context)
     },
diff --git a/packages/admin/dashboard/src/routes/reset-password/reset-password.tsx b/packages/admin/dashboard/src/routes/reset-password/reset-password.tsx
index 773cfd7e59..15045a867c 100644
--- a/packages/admin/dashboard/src/routes/reset-password/reset-password.tsx
+++ b/packages/admin/dashboard/src/routes/reset-password/reset-password.tsx
@@ -114,7 +114,7 @@ const ChooseNewPassword = ({ token }: { token: string }) => {
     },
   })
 
-  const { mutateAsync, isPending } = useUpdateProviderForEmailPass()
+  const { mutateAsync, isPending } = useUpdateProviderForEmailPass(token)
 
   const handleSubmit = form.handleSubmit(async ({ password }) => {
     if (!invite) {
@@ -123,7 +123,6 @@ const ChooseNewPassword = ({ token }: { token: string }) => {
 
     await mutateAsync(
       {
-        email: invite.entity_id,
         password,
       },
       {
diff --git a/packages/core/js-sdk/src/auth/index.ts b/packages/core/js-sdk/src/auth/index.ts
index c05cea7c85..a0c1383773 100644
--- a/packages/core/js-sdk/src/auth/index.ts
+++ b/packages/core/js-sdk/src/auth/index.ts
@@ -14,13 +14,13 @@ export class Auth {
   /**
    * This method is used to retrieve a registration JWT token for a user, customer, or custom actor type. It sends a request to the
    * [Retrieve Registration Token API route](https://docs.medusajs.com/api/store#auth_postactor_typeauth_provider_register).
-   * 
+   *
    * @param actor - The actor type. For example, `user` for admin user, or `customer` for customer.
    * @param method - The authentication provider to use. For example, `emailpass` or `google`.
    * @param payload - The data to pass in the request's body for authentication. When using the `emailpass` provider,
    * you pass the email and password.
    * @returns The JWT token used for registration later.
-   * 
+   *
    * @example
    * sdk.auth.register(
    *   "customer",
@@ -54,19 +54,19 @@ export class Auth {
   /**
    * This method retrieves the JWT authenticated token for an admin user, customer, or custom
    * actor type. It sends a request to the [Authenticate API Route](https://docs.medusajs.com/api/admin#auth_postactor_typeauth_provider).
-   * 
+   *
    * If the `auth.type` of the SDK is set to `session`, this method will also send a request to the
    * [Set Authentication Session API route](https://docs.medusajs.com/api/admin#auth_postsession).
-   * 
+   *
    * Subsequent requests using the SDK will automatically have the necessary authentication headers / session
    * set.
-   * 
+   *
    * @param actor - The actor type. For example, `user` for admin user, or `customer` for customer.
    * @param method - The authentication provider to use. For example, `emailpass` or `google`.
    * @param payload - The data to pass in the request's body for authentication. When using the `emailpass` provider,
    * you pass the email and password.
    * @returns The authentication JWT token
-   * 
+   *
    * @example
    * sdk.auth.login(
    *   "customer",
@@ -106,12 +106,12 @@ export class Auth {
   /**
    * This method is used to validate an Oauth callback from a third-party service, such as Google, for an admin user, customer, or custom actor types.
    * It sends a request to the [Validate Authentication Callback](https://docs.medusajs.com/api/admin#auth_postactor_typeauth_providercallback).
-   * 
+   *
    * @param actor - The actor type. For example, `user` for admin user, or `customer` for customer.
    * @param method - The authentication provider to use. For example, `google`.
    * @param query - The query parameters from the Oauth callback, which should be passed to the API route.
    * @returns The authentication JWT token
-   * 
+   *
    * @example
    * sdk.auth.callback(
    *   "customer",
@@ -122,10 +122,10 @@ export class Auth {
    * ).then((token) => {
    *   console.log(token)
    * })
-   * 
-   * 
+   *
+   *
    * @privateRemarks
-   * The callback expects all query parameters from the Oauth callback to be passed to 
+   * The callback expects all query parameters from the Oauth callback to be passed to
    * the backend, and the provider is in charge of parsing and validating them
    */
   callback = async (
@@ -148,9 +148,9 @@ export class Auth {
   /**
    * This method refreshes a JWT authentication token, which is useful after validating the Oauth callback
    * with {@link callback}. It sends a request to the [Refresh Authentication Token API route](https://docs.medusajs.com/api/admin#auth_postadminauthtokenrefresh).
-   * 
+   *
    * @returns The refreshed JWT authentication token.
-   * 
+   *
    * @example
    * sdk.auth.refresh()
    * .then((token) => {
@@ -174,7 +174,7 @@ export class Auth {
   /**
    * This method deletes the authentication session of the currently logged-in user to log them out.
    * It sends a request to the [Delete Authentication Session API route](https://docs.medusajs.com/api/admin#auth_deletesession).
-   * 
+   *
    * @example
    * sdk.auth.logout()
    * .then(() => {
@@ -194,15 +194,15 @@ export class Auth {
   /**
    * This method requests a reset password token for an admin user, customer, or custom actor type.
    * It sends a request to the [Generate Reset Password Token API route](https://docs.medusajs.com/api/admin#auth_postactor_typeauth_providerresetpassword).
-   * 
+   *
    * To reset the password later using the token delivered to the user, use the {@link updateProvider} method.
-   * 
+   *
    * Related guide: [How to allow customers to reset their passwords in a storefront](https://docs.medusajs.com/resources/storefront-development/customers/reset-password).
-   * 
+   *
    * @param actor - The actor type. For example, `user` for admin user, or `customer` for customer.
    * @param provider - The authentication provider to use. For example, `emailpass`.
    * @param body - The data required to identify the user.
-   * 
+   *
    * @example
    * sdk.auth.resetPassword(
    *   "customer",
@@ -222,7 +222,7 @@ export class Auth {
       /**
        * The user's identifier. For example, when using the `emailpass` provider,
        * this would be the user's email.
-       */ 
+       */
       identifier: string
     }
   ) => {
@@ -235,27 +235,27 @@ export class Auth {
 
   /**
    * This method is used to update user-related data authentication data.
-   * 
-   * More specifically, use this method when updating the password of an admin user, customer, or 
+   *
+   * More specifically, use this method when updating the password of an admin user, customer, or
    * custom actor type after requesting to reset their password with {@link resetPassword}.
-   * 
+   *
    * This method sends a request to [this API route](https://docs.medusajs.com/api/admin#auth_postactor_typeauth_providerupdate).
-   * 
+   *
    * Related guide: [How to allow customers to reset their passwords in a storefront](https://docs.medusajs.com/resources/storefront-development/customers/reset-password).
-   * 
+   *
    * @param actor - The actor type. For example, `user` for admin user, or `customer` for customer.
    * @param provider - The authentication provider to use. For example, `emailpass`.
-   * @param body - The data necessary to update the user's authentication data. When resetting the user's password, 
-   * send the `email` and `password` properties.
-   * 
+   * @param body - The data necessary to update the user's authentication data. When resetting the user's password,
+   * send the `password` property.
+   *
    * @example
    * sdk.auth.updateProvider(
    *   "customer",
    *   "emailpass",
    *   {
-   *     email: "customer@gmail.com",
    *     password: "supersecret"
-   *   }
+   *   },
+   *   token
    * )
    * .then(() => {
    *   // password updated
@@ -264,12 +264,16 @@ export class Auth {
   updateProvider = async (
     actor: string,
     provider: string,
-    body: Record<string, unknown>
+    body: Record<string, unknown>,
+    token: string
   ) => {
-    await this.client.fetch(`/auth/${actor}/${provider}/update`, {
-      method: "POST",
-      body,
-    })
+    await this.client.fetch(
+      `/auth/${actor}/${provider}/update?token=${token}`,
+      {
+        method: "POST",
+        body,
+      }
+    )
   }
 
   /**