diff --git a/.changeset/fluffy-donkeys-hope.md b/.changeset/fluffy-donkeys-hope.md new file mode 100644 index 0000000000..c333cadbc2 --- /dev/null +++ b/.changeset/fluffy-donkeys-hope.md @@ -0,0 +1,6 @@ +--- +"@medusajs/medusa": minor +"@medusajs/medusa-js": minor +--- + +feat(medusa): Authentication overhaul diff --git a/integration-tests/api/__tests__/admin/analytics-config.js b/integration-tests/api/__tests__/admin/analytics-config.js index e140bf2314..d74c88295b 100644 --- a/integration-tests/api/__tests__/admin/analytics-config.js +++ b/integration-tests/api/__tests__/admin/analytics-config.js @@ -10,7 +10,7 @@ const adminSeeder = require("../../../helpers/admin-seeder") const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/auth.js b/integration-tests/api/__tests__/admin/auth.js index 65a4ebf62e..e1b42f6517 100644 --- a/integration-tests/api/__tests__/admin/auth.js +++ b/integration-tests/api/__tests__/admin/auth.js @@ -47,4 +47,20 @@ describe("/admin/auth", () => { updated_at: expect.any(String), }) }) + + it("creates admin JWT token correctly", async () => { + const api = useApi() + + const response = await api + .post("/admin/auth/token", { + email: "admin@medusa.js", + password: "secret_password", + }) + .catch((err) => { + console.log(err) + }) + + expect(response.status).toEqual(200) + expect(response.data.access_token).toEqual(expect.any(String)) + }) }) diff --git a/integration-tests/api/__tests__/admin/colllections.js b/integration-tests/api/__tests__/admin/colllections.js index 720e9e74b8..7532c28833 100644 --- a/integration-tests/api/__tests__/admin/colllections.js +++ b/integration-tests/api/__tests__/admin/colllections.js @@ -18,7 +18,7 @@ jest.setTimeout(30000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } @@ -57,7 +57,7 @@ describe("/admin/collections", () => { { title: "test", }, - { headers: { Authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) const response = await api.post( @@ -66,7 +66,7 @@ describe("/admin/collections", () => { title: "test collection creation", handle: "test-handle-creation", }, - { headers: { Authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) expect(response.status).toEqual(200) @@ -91,12 +91,12 @@ describe("/admin/collections", () => { { title: "test", }, - { headers: { Authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) const response = await api.delete( `/admin/collections/${creationResponse.data.collection.id}`, - { headers: { Authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) expect(response.status).toEqual(200) @@ -111,7 +111,7 @@ describe("/admin/collections", () => { const api = useApi() const response = await api.get("/admin/collections/test-collection", { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) expect(response.data).toEqual( @@ -160,7 +160,7 @@ describe("/admin/collections", () => { title: "test collection creation", handle: "test-handle-creation", }, - { headers: { Authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) expect(response.status).toEqual(200) @@ -181,7 +181,7 @@ describe("/admin/collections", () => { const api = useApi() const response = await api.get("/admin/collections", { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) expect(response.data).toEqual( @@ -261,7 +261,7 @@ describe("/admin/collections", () => { product_ids: ["test-product_filtering_1"], }, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, } ) .catch((err) => console.warn(err)) @@ -307,7 +307,7 @@ describe("/admin/collections", () => { const response = await api .delete("/admin/collections/test-collection/products/batch", { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, data: { product_ids: ["test-product"] }, }) .catch((err) => console.warn(err)) @@ -328,7 +328,7 @@ describe("/admin/collections", () => { const response = await api .get("/admin/collections?title=Test%20collection", { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) .catch((err) => console.log(err)) diff --git a/integration-tests/api/__tests__/admin/currency.js b/integration-tests/api/__tests__/admin/currency.js index 107e955213..b8634ec93e 100644 --- a/integration-tests/api/__tests__/admin/currency.js +++ b/integration-tests/api/__tests__/admin/currency.js @@ -8,7 +8,7 @@ const adminSeeder = require("../../../helpers/admin-seeder") const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/customer-groups.js b/integration-tests/api/__tests__/admin/customer-groups.js index 3404287880..1a136c2966 100644 --- a/integration-tests/api/__tests__/admin/customer-groups.js +++ b/integration-tests/api/__tests__/admin/customer-groups.js @@ -20,7 +20,7 @@ jest.setTimeout(30000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/customer.js b/integration-tests/api/__tests__/admin/customer.js index 2e4bdb5601..94208001d8 100644 --- a/integration-tests/api/__tests__/admin/customer.js +++ b/integration-tests/api/__tests__/admin/customer.js @@ -43,7 +43,7 @@ describe("/admin/customers", () => { const response = await api .get("/admin/customers", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -76,7 +76,7 @@ describe("/admin/customers", () => { const response = await api .get("/admin/customers?has_account=true", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -97,7 +97,7 @@ describe("/admin/customers", () => { const response = await api .get("/admin/customers?groups[]=test-group-5", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -127,7 +127,7 @@ describe("/admin/customers", () => { const response = await api .get("/admin/customers?q=est2@", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -152,7 +152,7 @@ describe("/admin/customers", () => { const response = await api .get("/admin/customers?q=test1@email.com&expand=shipping_addresses", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -202,7 +202,7 @@ describe("/admin/customers", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -246,7 +246,7 @@ describe("/admin/customers", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -278,7 +278,7 @@ describe("/admin/customers", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -301,7 +301,7 @@ describe("/admin/customers", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -329,7 +329,7 @@ describe("/admin/customers", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -350,7 +350,7 @@ describe("/admin/customers", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -389,7 +389,7 @@ describe("/admin/customers", () => { const response = await api .get("/admin/customers/test-customer-1", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -417,7 +417,7 @@ describe("/admin/customers", () => { const response = await api .get("/admin/customers/test-customer-1?expand=billing_address,groups", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { diff --git a/integration-tests/api/__tests__/admin/discount.js b/integration-tests/api/__tests__/admin/discount.js index 9a6b33298c..c7d40bbf2a 100644 --- a/integration-tests/api/__tests__/admin/discount.js +++ b/integration-tests/api/__tests__/admin/discount.js @@ -20,7 +20,7 @@ jest.setTimeout(30000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } @@ -666,7 +666,7 @@ describe("/admin/discounts", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -770,7 +770,7 @@ describe("/admin/discounts", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -1381,7 +1381,7 @@ describe("/admin/discounts", () => { const resultingDiscount = await api.get( "/admin/discounts/test-discount", - { headers: { Authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) expect(resultingDiscount.status).toEqual(200) diff --git a/integration-tests/api/__tests__/admin/draft-order/draft-order.js b/integration-tests/api/__tests__/admin/draft-order/draft-order.js index 55808a95c5..e6bc6439a2 100644 --- a/integration-tests/api/__tests__/admin/draft-order/draft-order.js +++ b/integration-tests/api/__tests__/admin/draft-order/draft-order.js @@ -12,7 +12,7 @@ jest.setTimeout(30000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/draft-order/ff-tax-inclusive-draft-order.js b/integration-tests/api/__tests__/admin/draft-order/ff-tax-inclusive-draft-order.js index 35b980fe83..d1392ad618 100644 --- a/integration-tests/api/__tests__/admin/draft-order/ff-tax-inclusive-draft-order.js +++ b/integration-tests/api/__tests__/admin/draft-order/ff-tax-inclusive-draft-order.js @@ -16,7 +16,7 @@ jest.setTimeout(30000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/gift-cards.js b/integration-tests/api/__tests__/admin/gift-cards.js index f6ccda4107..07568de27f 100644 --- a/integration-tests/api/__tests__/admin/gift-cards.js +++ b/integration-tests/api/__tests__/admin/gift-cards.js @@ -63,7 +63,7 @@ describe("/admin/gift-cards", () => { const response = await api .get("/admin/gift-cards", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -91,7 +91,7 @@ describe("/admin/gift-cards", () => { const response = await api .get("/admin/gift-cards?q=gc", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -116,7 +116,7 @@ describe("/admin/gift-cards", () => { const response = await api .get("/admin/gift-cards?q=bla", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -165,7 +165,7 @@ describe("/admin/gift-cards", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -192,7 +192,7 @@ describe("/admin/gift-cards", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) diff --git a/integration-tests/api/__tests__/admin/invite.js b/integration-tests/api/__tests__/admin/invite.js index e5d25c9b8f..170cc0432f 100644 --- a/integration-tests/api/__tests__/admin/invite.js +++ b/integration-tests/api/__tests__/admin/invite.js @@ -42,7 +42,7 @@ describe("/admin/invites", () => { const response = await api .get("/admin/invites", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -92,7 +92,7 @@ describe("/admin/invites", () => { password: "test123453", }, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, } ) .catch((err) => console.log(err)) @@ -116,14 +116,14 @@ describe("/admin/invites", () => { const createReponse = await api .post("/admin/invites", payload, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) .catch((err) => console.log(err)) const response = await api .get("/admin/invites", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -151,14 +151,14 @@ describe("/admin/invites", () => { const createReponse = await api .post("/admin/invites", payload, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) .catch((err) => console.log(err)) const response = await api .get("/admin/invites", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -189,7 +189,7 @@ describe("/admin/invites", () => { `/admin/invites/${id}/resend`, {}, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, } ) .catch((err) => console.log(err)) @@ -201,7 +201,7 @@ describe("/admin/invites", () => { const api = useApi() const inviteResponse = await api.get("/admin/invites", { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) const { token, ...rest } = inviteResponse.data.invites[0] @@ -219,7 +219,7 @@ describe("/admin/invites", () => { .catch((err) => console.log(err)) const userResponse = await api.get("/admin/users", { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) const newUser = userResponse.data.users.find( @@ -234,7 +234,7 @@ describe("/admin/invites", () => { const api = useApi() const inviteResponse = await api.get("/admin/invites", { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) const { token, ...rest } = inviteResponse.data.invites.find( @@ -254,7 +254,7 @@ describe("/admin/invites", () => { const updateResponse = await api .post("/admin/invites", updatePayload, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) .catch((err) => console.log(err)) @@ -263,7 +263,7 @@ describe("/admin/invites", () => { const createResponse = await api.post("/admin/invites/accept", payload) const userResponse = await api.get("/admin/users", { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) const newUser = userResponse.data.users.find( @@ -302,7 +302,7 @@ describe("/admin/invites", () => { const api = useApi() const inviteResponse = await api.get("/admin/invites", { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) const { token } = inviteResponse.data.invites[0] @@ -353,7 +353,7 @@ describe("/admin/invites", () => { const invitesBeforeDeleteRequest = await api.get("/admin/invites", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) @@ -361,13 +361,13 @@ describe("/admin/invites", () => { const response = await api .delete(`/admin/invites/${inviteId}`, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) .catch((err) => console.log(err)) const invitesAfterDeleteRequest = await api.get("/admin/invites", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) diff --git a/integration-tests/api/__tests__/admin/note.js b/integration-tests/api/__tests__/admin/note.js index 09ef8c7414..e48705118e 100644 --- a/integration-tests/api/__tests__/admin/note.js +++ b/integration-tests/api/__tests__/admin/note.js @@ -52,7 +52,7 @@ describe("/admin/notes", () => { const response = await api.get("/admin/notes/note1", { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) @@ -91,7 +91,7 @@ describe("/admin/notes", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -136,7 +136,7 @@ describe("/admin/notes", () => { const response = await api .get("/admin/notes?resource_id=resource1", { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -169,7 +169,7 @@ describe("/admin/notes", () => { const response = await api .get("/admin/notes?limit=2", { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -204,7 +204,7 @@ describe("/admin/notes", () => { { value: "new text" }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -215,7 +215,7 @@ describe("/admin/notes", () => { const response = await api .get("/admin/notes/note1", { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -246,7 +246,7 @@ describe("/admin/notes", () => { await api .delete("/admin/notes/note1", { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -257,7 +257,7 @@ describe("/admin/notes", () => { await api .get("/admin/notes/note1", { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => (error = err)) diff --git a/integration-tests/api/__tests__/admin/order-edit/ff-tax-inclusive-pricing.js b/integration-tests/api/__tests__/admin/order-edit/ff-tax-inclusive-pricing.js index 0e87c51392..6eb72b4ab6 100644 --- a/integration-tests/api/__tests__/admin/order-edit/ff-tax-inclusive-pricing.js +++ b/integration-tests/api/__tests__/admin/order-edit/ff-tax-inclusive-pricing.js @@ -18,7 +18,7 @@ jest.setTimeout(30000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/order-edit/order-edit.js b/integration-tests/api/__tests__/admin/order-edit/order-edit.js index e7cef852b0..729dfe70c8 100644 --- a/integration-tests/api/__tests__/admin/order-edit/order-edit.js +++ b/integration-tests/api/__tests__/admin/order-edit/order-edit.js @@ -25,7 +25,7 @@ jest.setTimeout(30000) const adminHeaders = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/order/ff-tax-inclusive-pricing.js b/integration-tests/api/__tests__/admin/order/ff-tax-inclusive-pricing.js index 3ec5a593b8..8855a6e838 100644 --- a/integration-tests/api/__tests__/admin/order/ff-tax-inclusive-pricing.js +++ b/integration-tests/api/__tests__/admin/order/ff-tax-inclusive-pricing.js @@ -18,7 +18,7 @@ jest.setTimeout(30000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/order/order.js b/integration-tests/api/__tests__/admin/order/order.js index 9b98863d62..bc2a8f85f4 100644 --- a/integration-tests/api/__tests__/admin/order/order.js +++ b/integration-tests/api/__tests__/admin/order/order.js @@ -34,7 +34,7 @@ const { const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/payment-collection.js b/integration-tests/api/__tests__/admin/payment-collection.js index 3ef37eaae0..739d2a336f 100644 --- a/integration-tests/api/__tests__/admin/payment-collection.js +++ b/integration-tests/api/__tests__/admin/payment-collection.js @@ -14,7 +14,7 @@ jest.setTimeout(30000) const adminHeaders = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/payment.js b/integration-tests/api/__tests__/admin/payment.js index 39ac280094..5d88e1e6d9 100644 --- a/integration-tests/api/__tests__/admin/payment.js +++ b/integration-tests/api/__tests__/admin/payment.js @@ -17,7 +17,7 @@ jest.setTimeout(30000) const adminHeaders = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/price-list.js b/integration-tests/api/__tests__/admin/price-list.js index 5c50792b2f..3a8cb3f1a2 100644 --- a/integration-tests/api/__tests__/admin/price-list.js +++ b/integration-tests/api/__tests__/admin/price-list.js @@ -19,7 +19,7 @@ const productSeeder = require("../../../helpers/product-seeder") const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/product-category.ts b/integration-tests/api/__tests__/admin/product-category.ts index b140e7fd05..0ab98ceac4 100644 --- a/integration-tests/api/__tests__/admin/product-category.ts +++ b/integration-tests/api/__tests__/admin/product-category.ts @@ -15,7 +15,7 @@ jest.setTimeout(30000) const adminHeaders = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/product-tag.js b/integration-tests/api/__tests__/admin/product-tag.js index 06796975c5..667caeae75 100644 --- a/integration-tests/api/__tests__/admin/product-tag.js +++ b/integration-tests/api/__tests__/admin/product-tag.js @@ -19,7 +19,7 @@ jest.setTimeout(50000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/product-type.js b/integration-tests/api/__tests__/admin/product-type.js index f1bf11e0a4..f7ed438b05 100644 --- a/integration-tests/api/__tests__/admin/product-type.js +++ b/integration-tests/api/__tests__/admin/product-type.js @@ -20,7 +20,7 @@ jest.setTimeout(50000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/product.js b/integration-tests/api/__tests__/admin/product.js index cb2f88b953..910e0749c6 100644 --- a/integration-tests/api/__tests__/admin/product.js +++ b/integration-tests/api/__tests__/admin/product.js @@ -28,7 +28,7 @@ jest.setTimeout(50000) const adminHeaders = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/products/ff-product-categories.js b/integration-tests/api/__tests__/admin/products/ff-product-categories.js index 7fc6aef453..aae37ac71c 100644 --- a/integration-tests/api/__tests__/admin/products/ff-product-categories.js +++ b/integration-tests/api/__tests__/admin/products/ff-product-categories.js @@ -16,7 +16,7 @@ const testProduct1Id = "test-product1" const testProductFilteringId1 = "test-product_filtering_1" const adminHeaders = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/publishable-api-key.js b/integration-tests/api/__tests__/admin/publishable-api-key.js index 2dbe536ea7..513e553f2f 100644 --- a/integration-tests/api/__tests__/admin/publishable-api-key.js +++ b/integration-tests/api/__tests__/admin/publishable-api-key.js @@ -18,7 +18,7 @@ jest.setTimeout(50000) const adminHeaders = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } @@ -599,7 +599,7 @@ describe("Publishable API keys", () => { const response = await api.get(`/store/products`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, }) @@ -630,7 +630,7 @@ describe("Publishable API keys", () => { const response = await api.get(`/store/products`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, }) @@ -666,7 +666,7 @@ describe("Publishable API keys", () => { `/store/products?sales_channel_id[0]=${salesChannel2.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, } @@ -698,7 +698,7 @@ describe("Publishable API keys", () => { const response = await api.get(`/store/products`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", // "x-publishable-api-key": pubKeyId, }, }) @@ -718,7 +718,7 @@ describe("Publishable API keys", () => { const response = await api.get(`/store/products`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, }) @@ -755,7 +755,7 @@ describe("Publishable API keys", () => { `/store/products?sales_channel_id[]=${salesChannel2.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, } @@ -819,7 +819,7 @@ describe("Publishable API keys", () => { const response = await api.get(`/store/products/${product1.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, }) @@ -845,7 +845,7 @@ describe("Publishable API keys", () => { const response = await api .get(`/store/products/${product2.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, }) @@ -862,7 +862,7 @@ describe("Publishable API keys", () => { let response = await api .get(`/store/products/${product1.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, }) @@ -875,7 +875,7 @@ describe("Publishable API keys", () => { response = await api .get(`/store/products/${product2.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, }) @@ -952,7 +952,7 @@ describe("Publishable API keys", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, } @@ -1011,7 +1011,7 @@ describe("Publishable API keys", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, } @@ -1064,7 +1064,7 @@ describe("Publishable API keys", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", "x-publishable-api-key": pubKeyId, }, } diff --git a/integration-tests/api/__tests__/admin/region.js b/integration-tests/api/__tests__/admin/region.js index 972a6cbfff..965eab08da 100644 --- a/integration-tests/api/__tests__/admin/region.js +++ b/integration-tests/api/__tests__/admin/region.js @@ -11,7 +11,7 @@ const { simpleRegionFactory } = require("../../../factories") const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } @@ -61,7 +61,7 @@ describe("/admin/regions", () => { const response = await api .delete(`/admin/regions/test-region`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -87,7 +87,7 @@ describe("/admin/regions", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -159,7 +159,7 @@ describe("/admin/regions", () => { const response = await api .get(`/admin/regions`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -188,7 +188,7 @@ describe("/admin/regions", () => { const response = await api.get(`/admin/regions?limit=2`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) @@ -203,7 +203,7 @@ describe("/admin/regions", () => { const response = await api .get(`/admin/regions?updated_at[gt]=10-10-2005`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -257,7 +257,7 @@ describe("/admin/regions", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -265,7 +265,7 @@ describe("/admin/regions", () => { const response = await api .delete(`/admin/regions/test-region`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -296,7 +296,7 @@ describe("/admin/regions", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) diff --git a/integration-tests/api/__tests__/admin/return-reason.js b/integration-tests/api/__tests__/admin/return-reason.js index 061f291170..29ebf0b7d8 100644 --- a/integration-tests/api/__tests__/admin/return-reason.js +++ b/integration-tests/api/__tests__/admin/return-reason.js @@ -47,7 +47,7 @@ describe("/admin/return-reasons", () => { const response = await api .post("/admin/return-reasons", payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -80,7 +80,7 @@ describe("/admin/return-reasons", () => { const response = await api .post("/admin/return-reasons", payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -107,7 +107,7 @@ describe("/admin/return-reasons", () => { const nested_response = await api .post("/admin/return-reasons", nested_payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -141,7 +141,7 @@ describe("/admin/return-reasons", () => { const response = await api .post("/admin/return-reasons", payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -168,7 +168,7 @@ describe("/admin/return-reasons", () => { const nested_response = await api .post("/admin/return-reasons", nested_payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -185,7 +185,7 @@ describe("/admin/return-reasons", () => { const dbl_nested_response = await api .post("/admin/return-reasons", dbl_nested_payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -209,7 +209,7 @@ describe("/admin/return-reasons", () => { const response = await api .post("/admin/return-reasons", payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -229,7 +229,7 @@ describe("/admin/return-reasons", () => { const deleteResponse = await api .delete(`/admin/return-reasons/${response.data.return_reason.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -259,7 +259,7 @@ describe("/admin/return-reasons", () => { const response = await api .post("/admin/return-reasons", payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -285,7 +285,7 @@ describe("/admin/return-reasons", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -314,7 +314,7 @@ describe("/admin/return-reasons", () => { const response = await api .post("/admin/return-reasons", payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -331,7 +331,7 @@ describe("/admin/return-reasons", () => { const resp = await api .post("/admin/return-reasons", nested_payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -341,7 +341,7 @@ describe("/admin/return-reasons", () => { const nested_response = await api .get("/admin/return-reasons", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -381,7 +381,7 @@ describe("/admin/return-reasons", () => { await api .post("/admin/return-reasons", payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -391,7 +391,7 @@ describe("/admin/return-reasons", () => { const response = await api .get("/admin/return-reasons", { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -439,7 +439,7 @@ describe("/admin/return-reasons", () => { const response = await api .post("/admin/return-reasons", payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -460,7 +460,7 @@ describe("/admin/return-reasons", () => { `/admin/return-reasons/${response.data.return_reason.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -476,7 +476,7 @@ describe("/admin/return-reasons", () => { const getResult = await api .get(`/admin/return-reasons/${response.data.return_reason.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -499,7 +499,7 @@ describe("/admin/return-reasons", () => { const response = await api .post("/admin/return-reasons", payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -526,7 +526,7 @@ describe("/admin/return-reasons", () => { const response_child = await api .post("/admin/return-reasons", payload_child, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -547,7 +547,7 @@ describe("/admin/return-reasons", () => { const deleteResult = await api .delete(`/admin/return-reasons/${response.data.return_reason.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -565,7 +565,7 @@ describe("/admin/return-reasons", () => { await api .get(`/admin/return-reasons/${response.data.return_reason.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -576,7 +576,7 @@ describe("/admin/return-reasons", () => { await api .get(`/admin/return-reasons/${response_child.data.return_reason.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { diff --git a/integration-tests/api/__tests__/admin/returns.js b/integration-tests/api/__tests__/admin/returns.js index eb7852e668..1b72f444e3 100644 --- a/integration-tests/api/__tests__/admin/returns.js +++ b/integration-tests/api/__tests__/admin/returns.js @@ -15,7 +15,7 @@ jest.setTimeout(30000) const authHeader = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } @@ -181,7 +181,7 @@ describe("/admin/returns", () => { {}, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) diff --git a/integration-tests/api/__tests__/admin/sales-channels.js b/integration-tests/api/__tests__/admin/sales-channels.js index 197c47a014..9340c65f9d 100644 --- a/integration-tests/api/__tests__/admin/sales-channels.js +++ b/integration-tests/api/__tests__/admin/sales-channels.js @@ -19,7 +19,7 @@ const startServerWithEnvironment = const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } @@ -214,7 +214,7 @@ describe("sales channels", () => { payload, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -856,7 +856,7 @@ describe("sales channels", () => { `/admin/orders?sales_channel_id[]=${order.sales_channel_id}`, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -904,7 +904,7 @@ describe("sales channels", () => { const response = await api .get(`/admin/products?sales_channel_id[]=${salesChannel.id}`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -964,7 +964,7 @@ describe("sales channels", () => { const response = await api .post("/admin/products", payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -1005,7 +1005,7 @@ describe("sales channels", () => { const response = await api .post("/admin/products", payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -1054,7 +1054,7 @@ describe("sales channels", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -1077,7 +1077,7 @@ describe("sales channels", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -1103,7 +1103,7 @@ describe("sales channels", () => { {}, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -1131,7 +1131,7 @@ describe("sales channels", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -1158,7 +1158,7 @@ describe("sales channels", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) diff --git a/integration-tests/api/__tests__/admin/shipping-options.js b/integration-tests/api/__tests__/admin/shipping-options.js index a29bf58821..ed94fd54da 100644 --- a/integration-tests/api/__tests__/admin/shipping-options.js +++ b/integration-tests/api/__tests__/admin/shipping-options.js @@ -15,7 +15,7 @@ const { const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } @@ -68,7 +68,7 @@ describe("/admin/shipping-options", () => { const res = await api.post(`/admin/shipping-options/test-out`, payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) @@ -115,7 +115,7 @@ describe("/admin/shipping-options", () => { const res = await api .post(`/admin/shipping-options/test-out`, payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -150,7 +150,7 @@ describe("/admin/shipping-options", () => { const res = await api .post(`/admin/shipping-options/test-option-req`, payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -176,7 +176,7 @@ describe("/admin/shipping-options", () => { const res = await api .post(`/admin/shipping-options/test-option-req`, payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -207,7 +207,7 @@ describe("/admin/shipping-options", () => { const res = await api .post(`/admin/shipping-options/test-option-req`, payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -240,7 +240,7 @@ describe("/admin/shipping-options", () => { const res = await api .post(`/admin/shipping-options/test-option-req`, payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) .catch((err) => { @@ -269,7 +269,7 @@ describe("/admin/shipping-options", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -312,7 +312,7 @@ describe("/admin/shipping-options", () => { const res = await api.post(`/admin/shipping-options`, payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) @@ -324,7 +324,7 @@ describe("/admin/shipping-options", () => { const api = useApi() const res = await api.post(`/admin/shipping-options`, payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) @@ -348,7 +348,7 @@ describe("/admin/shipping-options", () => { try { await api.post(`/admin/shipping-options`, payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) } catch (error) { @@ -374,7 +374,7 @@ describe("/admin/shipping-options", () => { try { await api.post(`/admin/shipping-options`, payload, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) } catch (error) { @@ -399,7 +399,7 @@ describe("/admin/shipping-options", () => { const api = useApi() const res = await api.get(`/admin/shipping-options`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) @@ -410,7 +410,7 @@ describe("/admin/shipping-options", () => { const api = useApi() const res = await api.get(`/admin/shipping-options?admin_only=true`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) @@ -429,7 +429,7 @@ describe("/admin/shipping-options", () => { const api = useApi() const res = await api.get(`/admin/shipping-options?is_return=true`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) @@ -450,7 +450,7 @@ describe("/admin/shipping-options", () => { `/admin/shipping-options?is_return=false&admin_only=true`, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) diff --git a/integration-tests/api/__tests__/admin/shipping-profile.js b/integration-tests/api/__tests__/admin/shipping-profile.js index 3f2fe4423a..8c4ab955de 100644 --- a/integration-tests/api/__tests__/admin/shipping-profile.js +++ b/integration-tests/api/__tests__/admin/shipping-profile.js @@ -12,7 +12,7 @@ const adminSeeder = require("../../../helpers/admin-seeder") const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/store.js b/integration-tests/api/__tests__/admin/store.js index 628b1ba417..558496c87d 100644 --- a/integration-tests/api/__tests__/admin/store.js +++ b/integration-tests/api/__tests__/admin/store.js @@ -40,7 +40,7 @@ describe("/admin/store", () => { const api = useApi() const response = await api.get("/admin/store", { - headers: { Authorization: "Bearer test_token " }, + headers: { "x-medusa-access-token": "test_token " }, }) expect(response.status).toEqual(200) @@ -99,7 +99,7 @@ describe("/admin/store", () => { default_currency_code: "eur", }, { - headers: { Authorization: "Bearer test_token " }, + headers: { "x-medusa-access-token": "test_token " }, } ) } catch (e) { @@ -121,7 +121,7 @@ describe("/admin/store", () => { currencies: ["usd"], }, { - headers: { Authorization: "Bearer test_token " }, + headers: { "x-medusa-access-token": "test_token " }, } ) } catch (e) { @@ -144,7 +144,7 @@ describe("/admin/store", () => { default_currency_code: "dkk", }, { - headers: { Authorization: "Bearer test_token " }, + headers: { "x-medusa-access-token": "test_token " }, } ) .catch((err) => console.log(err)) @@ -180,7 +180,7 @@ describe("/admin/store", () => { currencies: ["jpy", "usd"], }, { - headers: { Authorization: "Bearer test_token " }, + headers: { "x-medusa-access-token": "test_token " }, } ) @@ -214,7 +214,7 @@ describe("/admin/store", () => { currencies: ["jpy", "usd"], }, { - headers: { Authorization: "Bearer test_token " }, + headers: { "x-medusa-access-token": "test_token " }, } ) diff --git a/integration-tests/api/__tests__/admin/swaps.js b/integration-tests/api/__tests__/admin/swaps.js index 4dc87b4ebd..6948d5c2a0 100644 --- a/integration-tests/api/__tests__/admin/swaps.js +++ b/integration-tests/api/__tests__/admin/swaps.js @@ -26,7 +26,7 @@ jest.setTimeout(30000) const adminHeaders = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/admin/user.js b/integration-tests/api/__tests__/admin/user.js index 319735bea5..32c10332da 100644 --- a/integration-tests/api/__tests__/admin/user.js +++ b/integration-tests/api/__tests__/admin/user.js @@ -17,7 +17,7 @@ jest.setTimeout(30000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } @@ -331,7 +331,7 @@ describe("/admin/users", () => { const usersBeforeDelete = usersBeforeDeleteResponse.data.users const response = await api.delete(`/admin/users/${userId}`, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) const usersAfterDeleteResponse = await api.get( diff --git a/integration-tests/api/__tests__/admin/variant.js b/integration-tests/api/__tests__/admin/variant.js index aba64158f4..7f4966e7f9 100644 --- a/integration-tests/api/__tests__/admin/variant.js +++ b/integration-tests/api/__tests__/admin/variant.js @@ -11,7 +11,7 @@ const productSeeder = require("../../../helpers/product-seeder") const adminHeaders = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/batch-jobs/api.js b/integration-tests/api/__tests__/batch-jobs/api.js index 9bb561c87b..85db1cd546 100644 --- a/integration-tests/api/__tests__/batch-jobs/api.js +++ b/integration-tests/api/__tests__/batch-jobs/api.js @@ -13,7 +13,7 @@ jest.setTimeout(50000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/batch-jobs/order/export.js b/integration-tests/api/__tests__/batch-jobs/order/export.js index fcf92e91d3..50c1d77996 100644 --- a/integration-tests/api/__tests__/batch-jobs/order/export.js +++ b/integration-tests/api/__tests__/batch-jobs/order/export.js @@ -12,7 +12,7 @@ const orderSeeder = require("../../../../helpers/order-seeder") const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/batch-jobs/price-list/import.js b/integration-tests/api/__tests__/batch-jobs/price-list/import.js index a32344a83a..244ad31dcd 100644 --- a/integration-tests/api/__tests__/batch-jobs/price-list/import.js +++ b/integration-tests/api/__tests__/batch-jobs/price-list/import.js @@ -14,7 +14,7 @@ const { const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/batch-jobs/product/export.js b/integration-tests/api/__tests__/batch-jobs/product/export.js index 5f04a8aeab..3a41d18f1a 100644 --- a/integration-tests/api/__tests__/batch-jobs/product/export.js +++ b/integration-tests/api/__tests__/batch-jobs/product/export.js @@ -13,7 +13,7 @@ const productSeeder = require("../../../../helpers/product-seeder") const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/batch-jobs/product/ff-product-category.js b/integration-tests/api/__tests__/batch-jobs/product/ff-product-category.js index 1174f67467..be8091c8fb 100644 --- a/integration-tests/api/__tests__/batch-jobs/product/ff-product-category.js +++ b/integration-tests/api/__tests__/batch-jobs/product/ff-product-category.js @@ -39,7 +39,7 @@ function copyTemplateFile() { const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/batch-jobs/product/ff-sales-channel.js b/integration-tests/api/__tests__/batch-jobs/product/ff-sales-channel.js index 95b46a16b5..c8ece36836 100644 --- a/integration-tests/api/__tests__/batch-jobs/product/ff-sales-channel.js +++ b/integration-tests/api/__tests__/batch-jobs/product/ff-sales-channel.js @@ -39,7 +39,7 @@ function copyTemplateFile() { const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/batch-jobs/product/import.js b/integration-tests/api/__tests__/batch-jobs/product/import.js index e5bfb8f0c5..73e624a674 100644 --- a/integration-tests/api/__tests__/batch-jobs/product/import.js +++ b/integration-tests/api/__tests__/batch-jobs/product/import.js @@ -15,7 +15,7 @@ const { const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/claims/index.js b/integration-tests/api/__tests__/claims/index.js index 63413b7183..eb2176f010 100644 --- a/integration-tests/api/__tests__/claims/index.js +++ b/integration-tests/api/__tests__/claims/index.js @@ -59,7 +59,7 @@ describe("Claims", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -100,7 +100,7 @@ describe("Claims", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -144,7 +144,7 @@ describe("Claims", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -183,7 +183,7 @@ describe("Claims", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -219,7 +219,7 @@ describe("Claims", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -284,7 +284,7 @@ describe("Claims", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -294,7 +294,7 @@ describe("Claims", () => { {}, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -333,7 +333,7 @@ describe("Claims", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) diff --git a/integration-tests/api/__tests__/price-selection/tax-inclusive-prices.js b/integration-tests/api/__tests__/price-selection/tax-inclusive-prices.js index 2cb356acfa..6608863100 100644 --- a/integration-tests/api/__tests__/price-selection/tax-inclusive-prices.js +++ b/integration-tests/api/__tests__/price-selection/tax-inclusive-prices.js @@ -693,7 +693,7 @@ describe("tax inclusive prices", () => { const res = await api.get(`/admin/shipping-options`, { headers: { - Authorization: `Bearer test_token`, + "x-medusa-access-token": "test_token", }, }) diff --git a/integration-tests/api/__tests__/returns/ff-tax-inclusive-pricing.js b/integration-tests/api/__tests__/returns/ff-tax-inclusive-pricing.js index 977dc56e7a..1b1a962ae0 100644 --- a/integration-tests/api/__tests__/returns/ff-tax-inclusive-pricing.js +++ b/integration-tests/api/__tests__/returns/ff-tax-inclusive-pricing.js @@ -117,7 +117,7 @@ describe("[MEDUSA_FF_TAX_INCLUSIVE_PRICING] /store/carts", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -163,7 +163,7 @@ describe("[MEDUSA_FF_TAX_INCLUSIVE_PRICING] /store/carts", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -208,7 +208,7 @@ describe("[MEDUSA_FF_TAX_INCLUSIVE_PRICING] /store/carts", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -253,7 +253,7 @@ describe("[MEDUSA_FF_TAX_INCLUSIVE_PRICING] /store/carts", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) diff --git a/integration-tests/api/__tests__/returns/index.js b/integration-tests/api/__tests__/returns/index.js index 96fe09db82..c1edadee42 100644 --- a/integration-tests/api/__tests__/returns/index.js +++ b/integration-tests/api/__tests__/returns/index.js @@ -20,7 +20,7 @@ jest.setTimeout(30000) const adminHeaders = { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/store/auth.js b/integration-tests/api/__tests__/store/auth.js index 24021abc2d..c450af90db 100644 --- a/integration-tests/api/__tests__/store/auth.js +++ b/integration-tests/api/__tests__/store/auth.js @@ -130,5 +130,26 @@ describe("/store/auth", () => { expect(err.response.status).toEqual(401) } }) + + it("creates customer JWT token correctly", async () => { + const api = useApi() + + const authResponse = await api.post("/store/auth/token", { + email: "oli@test.dk", + password: "test", + }) + + const token = authResponse.data.access_token; + + expect(token).toEqual(expect.any(String)) + + const me = await api.get("/store/auth", { + headers: { + Authorization: `Bearer ${token}`, + }, + }) + + expect(me.status).toEqual(200) + }) }) }) diff --git a/integration-tests/api/__tests__/store/products.js b/integration-tests/api/__tests__/store/products.js index ac4dcbc362..be669bc344 100644 --- a/integration-tests/api/__tests__/store/products.js +++ b/integration-tests/api/__tests__/store/products.js @@ -972,7 +972,7 @@ describe("/store/products", () => { }, { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) diff --git a/integration-tests/api/__tests__/store/sales-channels.js b/integration-tests/api/__tests__/store/sales-channels.js index 0c41677b18..3c4b8cae68 100644 --- a/integration-tests/api/__tests__/store/sales-channels.js +++ b/integration-tests/api/__tests__/store/sales-channels.js @@ -16,7 +16,7 @@ const startServerWithEnvironment = const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/api/__tests__/swaps/index.js b/integration-tests/api/__tests__/swaps/index.js index 581a0030f8..0367950ab5 100644 --- a/integration-tests/api/__tests__/swaps/index.js +++ b/integration-tests/api/__tests__/swaps/index.js @@ -63,7 +63,7 @@ describe("Swaps", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -122,7 +122,7 @@ describe("Swaps", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -182,7 +182,7 @@ describe("Swaps", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -193,7 +193,7 @@ describe("Swaps", () => { `/admin/swaps/${response.data.order.swaps[0].id}`, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -281,7 +281,7 @@ describe("Swaps", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) diff --git a/integration-tests/api/__tests__/taxes/admin-tax-rates.js b/integration-tests/api/__tests__/taxes/admin-tax-rates.js index 3a8f693c16..b2a57bdb4b 100644 --- a/integration-tests/api/__tests__/taxes/admin-tax-rates.js +++ b/integration-tests/api/__tests__/taxes/admin-tax-rates.js @@ -48,7 +48,7 @@ describe("/admin/tax-rates", () => { const response = await api.get("/admin/tax-rates", { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) @@ -66,7 +66,7 @@ describe("/admin/tax-rates", () => { `/admin/tax-rates?fields[]=rate&fields[]=product_count&fields[]=id&expand[]=products&rate[gt]=80`, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -85,7 +85,7 @@ describe("/admin/tax-rates", () => { `/admin/tax-rates?region_id[]=${regions[0].id}®ion_id[]=${regions[1].id}`, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -106,7 +106,7 @@ describe("/admin/tax-rates", () => { const response = await api.get(`/admin/tax-rates/${tax_rates[0].id}`, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) @@ -129,7 +129,7 @@ describe("/admin/tax-rates", () => { `/admin/tax-rates/${tax_rates[0].id}?fields[]=id&fields[]=region_id`, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -159,7 +159,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -191,7 +191,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -231,7 +231,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -260,7 +260,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -294,7 +294,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -330,7 +330,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -361,7 +361,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -391,7 +391,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -425,7 +425,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -460,7 +460,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -499,7 +499,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -530,7 +530,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -566,7 +566,7 @@ describe("/admin/tax-rates", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -595,7 +595,7 @@ describe("/admin/tax-rates", () => { const api = useApi() const response = await api.delete(`/admin/tax-rates/${rate.id}`, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, }) diff --git a/integration-tests/api/__tests__/taxes/shipping-options.js b/integration-tests/api/__tests__/taxes/shipping-options.js index 057b1daa70..db8d12edc1 100644 --- a/integration-tests/api/__tests__/taxes/shipping-options.js +++ b/integration-tests/api/__tests__/taxes/shipping-options.js @@ -60,7 +60,7 @@ describe("Shipping Options Totals Calculations", () => { const res = await api.get(`/admin/shipping-options`, { headers: { - Authorization: `Bearer test_token`, + "x-medusa-access-token": "test_token", }, }) diff --git a/integration-tests/api/__tests__/totals/orders.js b/integration-tests/api/__tests__/totals/orders.js index 4a9b3811f3..4f0c4dad89 100644 --- a/integration-tests/api/__tests__/totals/orders.js +++ b/integration-tests/api/__tests__/totals/orders.js @@ -16,7 +16,7 @@ jest.setTimeout(30000) const adminReqConfig = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/helpers/call-helpers.js b/integration-tests/helpers/call-helpers.js index 61270f6d05..ba21244051 100644 --- a/integration-tests/helpers/call-helpers.js +++ b/integration-tests/helpers/call-helpers.js @@ -2,7 +2,7 @@ const { useApi } = require("../environment-helpers/use-api") const header = { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/plugins/__tests__/inventory/cart/cart.js b/integration-tests/plugins/__tests__/inventory/cart/cart.js index d9b88c7767..7d4115c092 100644 --- a/integration-tests/plugins/__tests__/inventory/cart/cart.js +++ b/integration-tests/plugins/__tests__/inventory/cart/cart.js @@ -13,7 +13,7 @@ const { simpleSalesChannelFactory } = require("../../../../factories") jest.setTimeout(30000) -const adminHeaders = { headers: { Authorization: "Bearer test_token" } } +const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } } describe("/store/carts", () => { let express diff --git a/integration-tests/plugins/__tests__/inventory/inventory-items/index.js b/integration-tests/plugins/__tests__/inventory/inventory-items/index.js index 4b0d536116..7a022ca431 100644 --- a/integration-tests/plugins/__tests__/inventory/inventory-items/index.js +++ b/integration-tests/plugins/__tests__/inventory/inventory-items/index.js @@ -14,7 +14,7 @@ const { simpleProductFactory, simpleOrderFactory, } = require("../../../../factories") -const adminHeaders = { headers: { Authorization: "Bearer test_token" } } +const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } } describe("Inventory Items endpoints", () => { let appContainer @@ -682,7 +682,7 @@ describe("Inventory Items endpoints", () => { ], prices: [{ currency_code: "usd", amount: 100 }], }, - { headers: { Authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) const secondVariantId = response.data.product.variants.find( @@ -720,7 +720,7 @@ describe("Inventory Items endpoints", () => { ).toHaveLength(2) await api.delete(`/admin/inventory-items/${invItem2.id}`, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) expect( diff --git a/integration-tests/plugins/__tests__/inventory/order/draft-order.js b/integration-tests/plugins/__tests__/inventory/order/draft-order.js index 335ecff77c..591490f26c 100644 --- a/integration-tests/plugins/__tests__/inventory/order/draft-order.js +++ b/integration-tests/plugins/__tests__/inventory/order/draft-order.js @@ -21,7 +21,7 @@ const { jest.setTimeout(30000) -const adminHeaders = { headers: { Authorization: "Bearer test_token" } } +const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } } describe("/store/carts", () => { let express diff --git a/integration-tests/plugins/__tests__/inventory/order/order.js b/integration-tests/plugins/__tests__/inventory/order/order.js index 5fe31d1a27..26bba7ae17 100644 --- a/integration-tests/plugins/__tests__/inventory/order/order.js +++ b/integration-tests/plugins/__tests__/inventory/order/order.js @@ -20,7 +20,7 @@ const { jest.setTimeout(150000) -const adminHeaders = { headers: { Authorization: "Bearer test_token" } } +const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } } describe("/store/carts", () => { let express diff --git a/integration-tests/plugins/__tests__/inventory/products/create-variant.js b/integration-tests/plugins/__tests__/inventory/products/create-variant.js index 6defce0243..e36dcb3d63 100644 --- a/integration-tests/plugins/__tests__/inventory/products/create-variant.js +++ b/integration-tests/plugins/__tests__/inventory/products/create-variant.js @@ -83,7 +83,7 @@ describe("Create Variant", () => { ], prices: [{ currency_code: "usd", amount: 2300 }], }, - { headers: { Authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) expect(response.status).toEqual(200) @@ -160,7 +160,7 @@ describe("Create Variant", () => { ], prices: [{ currency_code: "usd", amount: 2300 }], }, - { headers: { Authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) .catch((e) => e) diff --git a/integration-tests/plugins/__tests__/inventory/products/delete-variant.js b/integration-tests/plugins/__tests__/inventory/products/delete-variant.js index 52517c0bd9..1760968889 100644 --- a/integration-tests/plugins/__tests__/inventory/products/delete-variant.js +++ b/integration-tests/plugins/__tests__/inventory/products/delete-variant.js @@ -70,7 +70,7 @@ describe("Delete Variant", () => { ], prices: [{ currency_code: "usd", amount: 2300 }], }, - { headers: { Authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) const variantId = response.data.product.variants.find( @@ -98,7 +98,7 @@ describe("Delete Variant", () => { ).toHaveLength(2) await api.delete(`/admin/products/test-product/variants/${variantId}`, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) await expect(variantService.retrieve(variantId)).rejects.toThrow( diff --git a/integration-tests/plugins/__tests__/inventory/products/get-product.js b/integration-tests/plugins/__tests__/inventory/products/get-product.js index abb06e24a8..1519b6c6b0 100644 --- a/integration-tests/plugins/__tests__/inventory/products/get-product.js +++ b/integration-tests/plugins/__tests__/inventory/products/get-product.js @@ -12,7 +12,7 @@ jest.setTimeout(30000) const { simpleProductFactory } = require("../../../../factories") -const adminHeaders = { headers: { Authorization: "Bearer test_token" } } +const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } } describe("Get products", () => { let appContainer diff --git a/integration-tests/plugins/__tests__/inventory/products/get-variant.js b/integration-tests/plugins/__tests__/inventory/products/get-variant.js index 0d03043453..c387a25b50 100644 --- a/integration-tests/plugins/__tests__/inventory/products/get-variant.js +++ b/integration-tests/plugins/__tests__/inventory/products/get-variant.js @@ -15,7 +15,7 @@ const { simpleSalesChannelFactory, } = require("../../../../factories") -const adminHeaders = { headers: { Authorization: "Bearer test_token" } } +const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } } describe("Get variant", () => { let appContainer diff --git a/integration-tests/plugins/__tests__/inventory/products/list-products.js b/integration-tests/plugins/__tests__/inventory/products/list-products.js index f45493d6ff..7a0a037ec0 100644 --- a/integration-tests/plugins/__tests__/inventory/products/list-products.js +++ b/integration-tests/plugins/__tests__/inventory/products/list-products.js @@ -13,7 +13,7 @@ jest.setTimeout(30000) const { simpleProductFactory } = require("../../../../factories") const { simpleSalesChannelFactory } = require("../../../../factories") -const adminHeaders = { headers: { Authorization: "Bearer test_token" } } +const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } } describe("Create Variant", () => { let appContainer diff --git a/integration-tests/plugins/__tests__/inventory/products/list-variants.js b/integration-tests/plugins/__tests__/inventory/products/list-variants.js index e26f16b1ba..5d557ac789 100644 --- a/integration-tests/plugins/__tests__/inventory/products/list-variants.js +++ b/integration-tests/plugins/__tests__/inventory/products/list-variants.js @@ -12,7 +12,7 @@ jest.setTimeout(30000) const { simpleProductFactory } = require("../../../../factories") const { simpleSalesChannelFactory } = require("../../../../factories") -const adminHeaders = { headers: { Authorization: "Bearer test_token" } } +const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } } describe("List Variants", () => { let appContainer diff --git a/integration-tests/plugins/__tests__/inventory/reservation-items/index.js b/integration-tests/plugins/__tests__/inventory/reservation-items/index.js index 26226d9454..cc99de4880 100644 --- a/integration-tests/plugins/__tests__/inventory/reservation-items/index.js +++ b/integration-tests/plugins/__tests__/inventory/reservation-items/index.js @@ -16,7 +16,7 @@ const { simpleRegionFactory, } = require("../../../../factories") const { simpleSalesChannelFactory } = require("../../../../factories") -const adminHeaders = { headers: { Authorization: "Bearer test_token" } } +const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } } describe("Inventory Items endpoints", () => { let appContainer diff --git a/integration-tests/plugins/__tests__/medusa-plugin-sendgrid/index.js b/integration-tests/plugins/__tests__/medusa-plugin-sendgrid/index.js index 5feddd8e4d..f04eeb5f3d 100644 --- a/integration-tests/plugins/__tests__/medusa-plugin-sendgrid/index.js +++ b/integration-tests/plugins/__tests__/medusa-plugin-sendgrid/index.js @@ -58,7 +58,7 @@ describe("medusa-plugin-sendgrid", () => { const response = await api.post( `/admin/orders/${order.id}/cancel`, {}, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) expect(response.status).toEqual(200) @@ -146,7 +146,7 @@ describe("medusa-plugin-sendgrid", () => { const { data: fulfillmentData } = await api.post( `/admin/orders/${order.id}/fulfillment`, { items: [{ item_id: "test-item", quantity: 2 }] }, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) const fulfillment = fulfillmentData.order.fulfillments[0] @@ -154,7 +154,7 @@ describe("medusa-plugin-sendgrid", () => { const response = await api.post( `/admin/orders/${order.id}/shipment`, { fulfillment_id: fulfillment.id }, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) expect(response.status).toEqual(200) @@ -344,7 +344,7 @@ describe("medusa-plugin-sendgrid", () => { additional_items: [{ variant_id: "variant-2", quantity: 1 }], return_items: [{ item_id: "test-item", quantity: 1 }], }, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) expect(response.status).toEqual(200) @@ -359,7 +359,7 @@ describe("medusa-plugin-sendgrid", () => { quantity: i.quantity, })), }, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) const sendgridService = appContainer.resolve("sendgridService") @@ -386,7 +386,7 @@ describe("medusa-plugin-sendgrid", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -403,7 +403,7 @@ describe("medusa-plugin-sendgrid", () => { quantity: i.quantity, })), }, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) const sendgridService = appContainer.resolve("sendgridService") @@ -440,7 +440,7 @@ describe("medusa-plugin-sendgrid", () => { { reason: "missing_item", item_id: "test-item", quantity: 1 }, ], }, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) expect(response.status).toEqual(200) @@ -450,14 +450,14 @@ describe("medusa-plugin-sendgrid", () => { const { data: fulfillmentData } = await api.post( `/admin/orders/${order.id}/claims/${claimId}/fulfillments`, {}, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) const fulfillmentId = fulfillmentData.order.claims[0].fulfillments[0].id await api.post( `/admin/orders/${order.id}/claims/${claimId}/shipments`, { fulfillment_id: fulfillmentId }, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) const sendgridService = appContainer.resolve("sendgridService") @@ -545,7 +545,7 @@ describe("medusa-plugin-sendgrid", () => { additional_items: [{ variant_id: "variant-2", quantity: 1 }], return_items: [{ item_id: "test-item", quantity: 1 }], }, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) expect(response.status).toEqual(200) @@ -573,14 +573,14 @@ describe("medusa-plugin-sendgrid", () => { const { data: fulfillmentData } = await api.post( `/admin/orders/${order.id}/swaps/${swapId}/fulfillments`, {}, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) const fulfillmentId = fulfillmentData.order.swaps[0].fulfillments[0].id await api.post( `/admin/orders/${order.id}/swaps/${swapId}/shipments`, { fulfillment_id: fulfillmentId }, - { headers: { authorization: "Bearer test_token" } } + { headers: { "x-medusa-access-token": "test_token" } } ) const sendgridService = appContainer.resolve("sendgridService") @@ -729,7 +729,7 @@ describe("medusa-plugin-sendgrid", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) @@ -759,7 +759,7 @@ describe("medusa-plugin-sendgrid", () => { }, { headers: { - authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } ) diff --git a/integration-tests/plugins/__tests__/product/admin/index.ts b/integration-tests/plugins/__tests__/product/admin/index.ts index 86d61547aa..c4b54805c0 100644 --- a/integration-tests/plugins/__tests__/product/admin/index.ts +++ b/integration-tests/plugins/__tests__/product/admin/index.ts @@ -15,7 +15,7 @@ jest.setTimeout(5000000) const adminHeaders = { headers: { - Authorization: "Bearer test_token", + "x-medusa-access-token": "test_token", }, } diff --git a/integration-tests/plugins/__tests__/stock-location/delete-sales-channels.js b/integration-tests/plugins/__tests__/stock-location/delete-sales-channels.js index 78b3651b8f..30b67f70ca 100644 --- a/integration-tests/plugins/__tests__/stock-location/delete-sales-channels.js +++ b/integration-tests/plugins/__tests__/stock-location/delete-sales-channels.js @@ -72,7 +72,7 @@ describe("Sales channels", () => { ).toHaveLength(2) await api.delete(`/admin/sales-channels/${sc.id}`, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) await expect(salesChannelService.retrieve(sc.id)).rejects.toThrowError() diff --git a/integration-tests/plugins/__tests__/stock-location/delete-stock-location.js b/integration-tests/plugins/__tests__/stock-location/delete-stock-location.js index ba1ea58cb3..2902f73b6d 100644 --- a/integration-tests/plugins/__tests__/stock-location/delete-stock-location.js +++ b/integration-tests/plugins/__tests__/stock-location/delete-stock-location.js @@ -78,7 +78,7 @@ describe("Sales channels", () => { ).toHaveLength(1) await api.delete(`/admin/stock-locations/${loc.id}`, { - headers: { Authorization: "Bearer test_token" }, + headers: { "x-medusa-access-token": "test_token" }, }) expect( diff --git a/integration-tests/plugins/__tests__/stock-location/sales-channels.js b/integration-tests/plugins/__tests__/stock-location/sales-channels.js index 039e82cc8f..0b6b861643 100644 --- a/integration-tests/plugins/__tests__/stock-location/sales-channels.js +++ b/integration-tests/plugins/__tests__/stock-location/sales-channels.js @@ -8,7 +8,7 @@ const adminSeeder = require("../../../helpers/admin-seeder") jest.setTimeout(30000) -const adminHeaders = { headers: { Authorization: "Bearer test_token" } } +const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } } describe("Sales channels", () => { let appContainer diff --git a/integration-tests/plugins/helpers/call-helpers.js b/integration-tests/plugins/helpers/call-helpers.js new file mode 100644 index 0000000000..18f2ac1eb4 --- /dev/null +++ b/integration-tests/plugins/helpers/call-helpers.js @@ -0,0 +1,100 @@ +const { useApi } = require("../../helpers/use-api") + +const header = { + headers: { + "x-medusa-access-token": "test_token", + }, +} + +const resolveCall = async (path, payload, header) => { + const api = useApi() + let res + try { + const resp = await api.post(path, payload, header) + res = resp.status + } catch (expectedException) { + try { + res = expectedException.response.status + } catch (_) { + console.error(expectedException) + } + } + return res +} + +const determineFail = (actual, expected, path) => { + if (expected !== actual) { + console.log(`failed at path : ${path}`) + } + expect(actual).toEqual(expected) +} + +/** + * Allows you to wrap a Call function so that you may reuse some input values. + * @param {Function} fun - the function to call with partial information + * @param {Object} input - the constant input which we want to supply now + * @returns + */ +module.exports.partial = function (fun, input = {}) { + return async (remaining) => await fun({ ...remaining, ...input }) +} + +/** + * Allows you to assert a specific code result from a POST call. + * @param {Object} input - the information needed to make the call + * (path & payload) and the expected code (code) + */ +module.exports.expectPostCallToReturn = async function ( + input = { + code, + path, + payload: {}, + } +) { + const res = await resolveCall(input.path, input.payload, header) + determineFail(res, input.code, input.path) +} + +/** + * Allows you to assert a specific code result from multiple POST + * calls. + * @param {Object} input - the collection of objects to execute + * calls from (col), a function which yields the path (pathf), + * and another one which provides the payload (payloadf), as + * well as the code (code) which we want to assert. + */ +module.exports.expectAllPostCallsToReturn = async function ( + input = { + code, + col, + pathf, + payloadf, + } +) { + for (const i of input.col) { + const res = await resolveCall( + input.pathf(i), + input.payloadf ? input.payloadf(i) : {}, + header + ) + determineFail(res, input.code, input.pathf(i)) + } +} + +/** + * Allows you to retrieve a specific object the response + * from get call, + * and simultaneously assert that the call was successful. + * @param {Object} param0 - contains the path which to + * call (path), and the object within the response.data (get) + * we want to retrieve. + * @returns {Object} found within response.data corresponding + * to the get parameter provided. + */ +module.exports.callGet = async function ({ path, get }) { + const api = useApi() + const res = await api.get(path, header) + + determineFail(res.status, 200, path) + return res?.data[get] +} diff --git a/packages/generated/client-types/src/lib/models/AdminBearerAuthRes.ts b/packages/generated/client-types/src/lib/models/AdminBearerAuthRes.ts new file mode 100644 index 0000000000..4536008501 --- /dev/null +++ b/packages/generated/client-types/src/lib/models/AdminBearerAuthRes.ts @@ -0,0 +1,11 @@ +/* istanbul ignore file */ +/* tslint:disable */ +/* eslint-disable */ +import { SetRelation, Merge } from "../core/ModelUtils" + +export interface AdminBearerAuthRes { + /** + * Access token for subsequent authorization. + */ + accessToken?: string +} diff --git a/packages/generated/client-types/src/lib/models/StoreBearerAuthRes.ts b/packages/generated/client-types/src/lib/models/StoreBearerAuthRes.ts new file mode 100644 index 0000000000..64364f6152 --- /dev/null +++ b/packages/generated/client-types/src/lib/models/StoreBearerAuthRes.ts @@ -0,0 +1,11 @@ +/* istanbul ignore file */ +/* tslint:disable */ +/* eslint-disable */ +import { SetRelation, Merge } from "../core/ModelUtils" + +export interface StoreBearerAuthRes { + /** + * Access token for subsequent authorization. + */ + accessToken?: string +} diff --git a/packages/generated/client-types/src/lib/models/index.ts b/packages/generated/client-types/src/lib/models/index.ts index f555c6dc0d..30cdf65210 100644 --- a/packages/generated/client-types/src/lib/models/index.ts +++ b/packages/generated/client-types/src/lib/models/index.ts @@ -9,6 +9,7 @@ export type { AdminAppsRes } from "./AdminAppsRes" export type { AdminAuthRes } from "./AdminAuthRes" export type { AdminBatchJobListRes } from "./AdminBatchJobListRes" export type { AdminBatchJobRes } from "./AdminBatchJobRes" +export type { AdminBearerAuthRes } from "./AdminBearerAuthRes" export type { AdminCollectionsDeleteRes } from "./AdminCollectionsDeleteRes" export type { AdminCollectionsListRes } from "./AdminCollectionsListRes" export type { AdminCollectionsRes } from "./AdminCollectionsRes" @@ -396,6 +397,7 @@ export type { StockLocationDTO } from "./StockLocationDTO" export type { StockLocationExpandedDTO } from "./StockLocationExpandedDTO" export type { Store } from "./Store" export type { StoreAuthRes } from "./StoreAuthRes" +export type { StoreBearerAuthRes } from "./StoreBearerAuthRes" export type { StoreCartShippingOptionsListRes } from "./StoreCartShippingOptionsListRes" export type { StoreCartsRes } from "./StoreCartsRes" export type { StoreCollectionsListRes } from "./StoreCollectionsListRes" diff --git a/packages/medusa-js/src/jwt-token-manager.ts b/packages/medusa-js/src/jwt-token-manager.ts new file mode 100644 index 0000000000..83ed0fa943 --- /dev/null +++ b/packages/medusa-js/src/jwt-token-manager.ts @@ -0,0 +1,38 @@ +/** + * `JwtTokenManager` holds JWT tokens in state. + */ +class JwtTokenManager { + private adminJwt: string | null = null; + private storeJwt: string | null = null; + + /** + * Set a store or admin jwt token to be sent with each request. + */ + public registerJwt(token: string, domain: "admin" | "store") { + if (domain === "admin") { + this.adminJwt = token; + } else if (domain === "store") { + this.storeJwt = token; + } else { + throw new Error(`'domain' must be wither 'admin' or 'store' received ${domain}`) + } + } + + /** + * Retrieve the store or admin jwt token + */ + public getJwt(domain: "admin" | "store") { + if (domain === "admin") { + return this.adminJwt; + } else if (domain === "store") { + return this.storeJwt; + } else { + throw new Error(`'domain' must be wither 'admin' or 'store' received ${domain}`) + } + } +} + +/** + * Export singleton instance. + */ +export default new JwtTokenManager() diff --git a/packages/medusa-js/src/request.ts b/packages/medusa-js/src/request.ts index 6c2252bd4c..9f168c7b37 100644 --- a/packages/medusa-js/src/request.ts +++ b/packages/medusa-js/src/request.ts @@ -3,6 +3,7 @@ import * as rax from "retry-axios" import { v4 as uuidv4 } from "uuid" import KeyManager from "./key-manager" +import JwtTokenManager from "./jwt-token-manager" const unAuthenticatedAdminEndpoints = { "/admin/auth": "POST", @@ -125,7 +126,16 @@ class Client { if (this.config.apiKey && this.requiresAuthentication(path, method)) { defaultHeaders = { ...defaultHeaders, - Authorization: `Bearer ${this.config.apiKey}`, + "x-medusa-access-token": this.config.apiKey, + } + } + + const domain: "admin" | "store" = path.includes("admin") ? "admin" : "store" + + if (JwtTokenManager.getJwt(domain)) { + defaultHeaders = { + ...defaultHeaders, + Authorization: `Bearer ${JwtTokenManager.getJwt(domain)}`, } } diff --git a/packages/medusa-js/src/resources/admin/auth.ts b/packages/medusa-js/src/resources/admin/auth.ts index 692bc99703..48e1818453 100644 --- a/packages/medusa-js/src/resources/admin/auth.ts +++ b/packages/medusa-js/src/resources/admin/auth.ts @@ -1,5 +1,6 @@ -import { AdminAuthRes, AdminPostAuthReq } from "@medusajs/medusa" +import { AdminAuthRes, AdminPostAuthReq, AdminBearerAuthRes } from "@medusajs/medusa" import { ResponsePromise } from "../../typings" +import JwtTokenManager from "../../jwt-token-manager" import BaseResource from "../base" class AdminAuthResource extends BaseResource { @@ -41,6 +42,25 @@ class AdminAuthResource extends BaseResource { const path = `/admin/auth` return this.client.request("POST", path, payload, {}, customHeaders) } + + /** + * @description Retrieves a new JWT access token + * @param {AdminPostAuthReq} payload + * @param customHeaders + * @return {ResponsePromise} + */ + getToken( + payload: AdminPostAuthReq, + customHeaders: Record = {} + ): ResponsePromise { + const path = `/admin/auth/token` + return this.client.request("POST", path, payload, {}, customHeaders) + .then((res) => { + JwtTokenManager.registerJwt(res.access_token, "admin"); + + return res + }); + } } export default AdminAuthResource diff --git a/packages/medusa-js/src/resources/auth.ts b/packages/medusa-js/src/resources/auth.ts index ad3a1d0cee..a1a9076a18 100644 --- a/packages/medusa-js/src/resources/auth.ts +++ b/packages/medusa-js/src/resources/auth.ts @@ -2,8 +2,10 @@ import { StoreGetAuthEmailRes, StorePostAuthReq, StoreAuthRes, + StoreBearerAuthRes, } from "@medusajs/medusa" import { ResponsePromise } from "../typings" +import JwtTokenManager from "../jwt-token-manager" import BaseResource from "./base" class AuthResource extends BaseResource { @@ -48,6 +50,25 @@ class AuthResource extends BaseResource { const path = `/store/auth/${email}` return this.client.request("GET", path, undefined, {}, customHeaders) } + + /** + * @description Retrieves a new JWT access token + * @param {AdminPostAuthReq} payload + * @param customHeaders + * @return {ResponsePromise} + */ + getToken( + payload: StorePostAuthReq, + customHeaders: Record = {} + ): ResponsePromise { + const path = `/store/auth/token` + return this.client.request("POST", path, payload, {}, customHeaders) + .then((res) => { + JwtTokenManager.registerJwt(res.data.access_token, "store"); + + return res + }); + } } export default AuthResource diff --git a/packages/medusa/package.json b/packages/medusa/package.json index 991b0408f5..855495ba1a 100644 --- a/packages/medusa/package.json +++ b/packages/medusa/package.json @@ -83,7 +83,7 @@ "node-schedule": "^2.1.1", "papaparse": "5.3.2", "passport": "^0.6.0", - "passport-http-bearer": "^1.0.1", + "passport-custom": "^1.1.1", "passport-jwt": "^4.0.1", "passport-local": "^1.0.0", "pg": "^8.11.2", diff --git a/packages/medusa/src/api/middlewares/authenticate-customer.ts b/packages/medusa/src/api/middlewares/authenticate-customer.ts index 766db36c7a..57e044ed9b 100644 --- a/packages/medusa/src/api/middlewares/authenticate-customer.ts +++ b/packages/medusa/src/api/middlewares/authenticate-customer.ts @@ -7,7 +7,7 @@ import passport from "passport" export default (): RequestHandler => { return (req: Request, res: Response, next: NextFunction): void => { passport.authenticate( - ["store-jwt", "bearer"], + ["store-session", "store-bearer"], { session: false }, (err, user) => { if (err) { diff --git a/packages/medusa/src/api/middlewares/authenticate.ts b/packages/medusa/src/api/middlewares/authenticate.ts index 6d96429828..f279f4ea3e 100644 --- a/packages/medusa/src/api/middlewares/authenticate.ts +++ b/packages/medusa/src/api/middlewares/authenticate.ts @@ -3,7 +3,7 @@ import passport from "passport" export default (): RequestHandler => { return (req: Request, res: Response, next: NextFunction): void => { - passport.authenticate(["admin-jwt", "bearer"], { session: false })( + passport.authenticate(["admin-session", "admin-bearer", "admin-api-token"], { session: false })( req, res, next diff --git a/packages/medusa/src/api/middlewares/require-customer-authentication.ts b/packages/medusa/src/api/middlewares/require-customer-authentication.ts index 6ad2af1a9b..ceeeb940d9 100644 --- a/packages/medusa/src/api/middlewares/require-customer-authentication.ts +++ b/packages/medusa/src/api/middlewares/require-customer-authentication.ts @@ -7,7 +7,7 @@ export default (): RequestHandler => { return next() } - passport.authenticate(["store-jwt", "bearer"], { session: false })( + passport.authenticate(["store-session", "store-bearer"], { session: false })( req, res, next diff --git a/packages/medusa/src/api/routes/admin/auth/create-session.ts b/packages/medusa/src/api/routes/admin/auth/create-session.ts index 7ddff7ab9b..3d13e4d9e1 100644 --- a/packages/medusa/src/api/routes/admin/auth/create-session.ts +++ b/packages/medusa/src/api/routes/admin/auth/create-session.ts @@ -66,15 +66,6 @@ import { validator } from "../../../../utils/validator" * $ref: "#/components/responses/500_error" */ export default async (req, res) => { - const { - projectConfig: { jwt_secret }, - } = req.scope.resolve("configModule") - if (!jwt_secret) { - throw new MedusaError( - MedusaError.Types.NOT_FOUND, - "Please configure jwt_secret in your environment" - ) - } const validated = await validator(AdminPostAuthReq, req.body) const authService: AuthService = req.scope.resolve("authService") @@ -86,10 +77,8 @@ export default async (req, res) => { }) if (result.success && result.user) { - // Add JWT to cookie - req.session.jwt = jwt.sign({ userId: result.user.id }, jwt_secret, { - expiresIn: "24h", - }) + // Set user id on session, this is stored on the server. + req.session.user_id = result.user.id const cleanRes = _.omit(result.user, ["password_hash"]) diff --git a/packages/medusa/src/api/routes/admin/auth/delete-session.ts b/packages/medusa/src/api/routes/admin/auth/delete-session.ts index 3b53ec8446..8145ab9cb2 100644 --- a/packages/medusa/src/api/routes/admin/auth/delete-session.ts +++ b/packages/medusa/src/api/routes/admin/auth/delete-session.ts @@ -42,6 +42,11 @@ * $ref: "#/components/responses/500_error" */ export default async (req, res) => { - req.session.destroy() - res.status(200).end() + if (req.session.customer_id) { // if we are also logged in as a customer, persist that session + delete req.session.user_id + } else { // otherwise, destroy the session + req.session.destroy() + } + + res.sendStatus(200) } diff --git a/packages/medusa/src/api/routes/admin/auth/get-session.ts b/packages/medusa/src/api/routes/admin/auth/get-session.ts index 7fa1eb8332..12deabde40 100644 --- a/packages/medusa/src/api/routes/admin/auth/get-session.ts +++ b/packages/medusa/src/api/routes/admin/auth/get-session.ts @@ -52,8 +52,10 @@ import _ from "lodash" */ export default async (req, res) => { try { + const userId = req.user.id || req.user.userId + const userService: UserService = req.scope.resolve("userService") - const user = await userService.retrieve(req.user.userId) + const user = await userService.retrieve(userId) const cleanRes = _.omit(user, ["password_hash"]) res.status(200).json({ user: cleanRes }) diff --git a/packages/medusa/src/api/routes/admin/auth/get-token.ts b/packages/medusa/src/api/routes/admin/auth/get-token.ts new file mode 100644 index 0000000000..19e3bce56c --- /dev/null +++ b/packages/medusa/src/api/routes/admin/auth/get-token.ts @@ -0,0 +1,102 @@ +import jwt from "jsonwebtoken" +import { MedusaError } from "medusa-core-utils" +import { EntityManager } from "typeorm" +import AuthService from "../../../../services/auth" +import { validator } from "../../../../utils/validator" +import { AdminPostAuthReq } from "./create-session" + +/** + * @oas [post] /admin/token + * operationId: "PostToken" + * summary: "User Login (JWT)" + * x-authenticated: false + * description: "After a successful login, a JWT token is returned for subsequent authorization." + * parameters: + * - (body) email=* {string} The User's email. + * - (body) password=* {string} The User's password. + * requestBody: + * content: + * application/json: + * schema: + * $ref: "#/components/schemas/AdminPostAuthReq" + * x-codegen: + * method: getToken + * x-codeSamples: + * - lang: JavaScript + * label: JS Client + * source: | + * import Medusa from "@medusajs/medusa-js" + * const medusa = new Medusa({ baseUrl: MEDUSA_BACKEND_URL, maxRetries: 3 }) + * medusa.admin.auth.getToken({ + * email: 'user@example.com', + * password: 'supersecret' + * }) + * .then(({ accessToken }) => { + * console.log(accessToekn); + * }); + * - lang: Shell + * label: cURL + * source: | + * curl --location --request POST 'https://medusa-url.com/admin/auth/token' \ + * --header 'Content-Type: application/json' \ + * --data-raw '{ + * "email": "user@example.com", + * "password": "supersecret" + * }' + * tags: + * - Auth + * responses: + * "200": + * description: OK + * content: + * application/json: + * schema: + * $ref: "#/components/schemas/AdminBearerAuthRes" + * "400": + * $ref: "#/components/responses/400_error" + * "401": + * $ref: "#/components/responses/incorrect_credentials" + * "404": + * $ref: "#/components/responses/not_found_error" + * "409": + * $ref: "#/components/responses/invalid_state_error" + * "422": + * $ref: "#/components/responses/invalid_request_error" + * "500": + * $ref: "#/components/responses/500_error" + */ +export default async (req, res) => { + const { + projectConfig: { jwt_secret }, + } = req.scope.resolve("configModule") + if (!jwt_secret) { + throw new MedusaError( + MedusaError.Types.NOT_FOUND, + "Please configure jwt_secret in your environment" + ) + } + const validated = await validator(AdminPostAuthReq, req.body) + + const authService: AuthService = req.scope.resolve("authService") + const manager: EntityManager = req.scope.resolve("manager") + const result = await manager.transaction(async (transactionManager) => { + return await authService + .withTransaction(transactionManager) + .authenticate(validated.email, validated.password) + }) + + if (result.success && result.user) { + // Create jwt token to send back + const token = jwt.sign( + { user_id: result.user.id, domain: "admin" }, + jwt_secret, + { + expiresIn: "24h", + } + ) + + res.json({ access_token: token }) + } else { + res.sendStatus(401) + } +} diff --git a/packages/medusa/src/api/routes/admin/auth/index.ts b/packages/medusa/src/api/routes/admin/auth/index.ts index 839743e15e..34ac7ac94b 100644 --- a/packages/medusa/src/api/routes/admin/auth/index.ts +++ b/packages/medusa/src/api/routes/admin/auth/index.ts @@ -12,6 +12,7 @@ export default (app) => { middlewares.authenticate(), middlewares.wrap(require("./get-session").default) ) + route.post("/", middlewares.wrap(require("./create-session").default)) route.delete( @@ -20,6 +21,8 @@ export default (app) => { middlewares.wrap(require("./delete-session").default) ) + route.post("/token", middlewares.wrap(require("./get-token").default)) + return app } @@ -37,6 +40,19 @@ export type AdminAuthRes = { user: Omit } +/** + * @schema AdminBearerAuthRes + * type: object + * properties: + * accessToken: + * description: Access token for subsequent authorization. + * type: string + */ +export type AdminBearerAuthRes = { + access_token: string +} + export * from "./create-session" export * from "./delete-session" export * from "./get-session" +export * from "./get-token" diff --git a/packages/medusa/src/api/routes/admin/invites/__tests__/resend-invite.js b/packages/medusa/src/api/routes/admin/invites/__tests__/resend-invite.js index 2a0f61ee59..56814277b2 100644 --- a/packages/medusa/src/api/routes/admin/invites/__tests__/resend-invite.js +++ b/packages/medusa/src/api/routes/admin/invites/__tests__/resend-invite.js @@ -9,7 +9,7 @@ describe("POST /invites/:invite_id/resend", () => { subject = await request("POST", `/admin/invites/invite_test/resend`, { adminSession: { jwt: { - id: "test_user", + userId: "test_user", }, }, }) diff --git a/packages/medusa/src/api/routes/store/auth/create-session.ts b/packages/medusa/src/api/routes/store/auth/create-session.ts index 376cad0f68..4df5e13ff6 100644 --- a/packages/medusa/src/api/routes/store/auth/create-session.ts +++ b/packages/medusa/src/api/routes/store/auth/create-session.ts @@ -79,17 +79,8 @@ export default async (req, res) => { return } - // Add JWT to cookie - const { - projectConfig: { jwt_secret }, - } = req.scope.resolve("configModule") - req.session.jwt_store = jwt.sign( - { customer_id: result.customer?.id }, - jwt_secret!, - { - expiresIn: "30d", - } - ) + // Set customer id on session, this is stored on the server. + req.session.customer_id = result.customer?.id const customerService: CustomerService = req.scope.resolve("customerService") const customer = await customerService.retrieve(result.customer?.id || "", { diff --git a/packages/medusa/src/api/routes/store/auth/delete-session.ts b/packages/medusa/src/api/routes/store/auth/delete-session.ts index f980e144c1..a1fb016318 100644 --- a/packages/medusa/src/api/routes/store/auth/delete-session.ts +++ b/packages/medusa/src/api/routes/store/auth/delete-session.ts @@ -33,6 +33,11 @@ * $ref: "#/components/responses/500_error" */ export default async (req, res) => { - req.session.jwt_store = {} - res.json({}) + if(req.session.user_id) { // if we are also logged in as a user, persist that session + delete req.session.customer_id + } else { // otherwise, destroy the session + req.session.destroy() + } + + res.sendStatus(200) } diff --git a/packages/medusa/src/api/routes/store/auth/get-token.ts b/packages/medusa/src/api/routes/store/auth/get-token.ts new file mode 100644 index 0000000000..77213545e4 --- /dev/null +++ b/packages/medusa/src/api/routes/store/auth/get-token.ts @@ -0,0 +1,102 @@ +import jwt from "jsonwebtoken" +import { MedusaError } from "medusa-core-utils" +import { EntityManager } from "typeorm" +import AuthService from "../../../../services/auth" +import { validator } from "../../../../utils/validator" +import { StorePostAuthReq } from "./create-session" + +/** + * @oas [post] /store/token + * operationId: "PostToken" + * summary: "Customer Login (JWT)" + * x-authenticated: false + * description: "After a successful login, a JWT token is returned for subsequent authorization." + * parameters: + * - (body) email=* {string} The User's email. + * - (body) password=* {string} The User's password. + * requestBody: + * content: + * application/json: + * schema: + * $ref: "#/components/schemas/StorePostAuthReq" + * x-codegen: + * method: getToken + * x-codeSamples: + * - lang: JavaScript + * label: JS Client + * source: | + * import Medusa from "@medusajs/medusa-js" + * const medusa = new Medusa({ baseUrl: MEDUSA_BACKEND_URL, maxRetries: 3 }) + * medusa.store.auth.getToken({ + * email: 'user@example.com', + * password: 'supersecret' + * }) + * .then(({ accessToken }) => { + * console.log(accessToken); + * }); + * - lang: Shell + * label: cURL + * source: | + * curl --location --request POST 'https://medusa-url.com/store/auth/token' \ + * --header 'Content-Type: application/json' \ + * --data-raw '{ + * "email": "user@example.com", + * "password": "supersecret" + * }' + * tags: + * - Auth + * responses: + * "200": + * description: OK + * content: + * application/json: + * schema: + * $ref: "#/components/schemas/StoreBearerAuthRes" + * "400": + * $ref: "#/components/responses/400_error" + * "401": + * $ref: "#/components/responses/incorrect_credentials" + * "404": + * $ref: "#/components/responses/not_found_error" + * "409": + * $ref: "#/components/responses/invalid_state_error" + * "422": + * $ref: "#/components/responses/invalid_request_error" + * "500": + * $ref: "#/components/responses/500_error" + */ +export default async (req, res) => { + const { + projectConfig: { jwt_secret }, + } = req.scope.resolve("configModule") + if (!jwt_secret) { + throw new MedusaError( + MedusaError.Types.NOT_FOUND, + "Please configure jwt_secret in your environment" + ) + } + const validated = await validator(StorePostAuthReq, req.body) + + const authService: AuthService = req.scope.resolve("authService") + const manager: EntityManager = req.scope.resolve("manager") + const result = await manager.transaction(async (transactionManager) => { + return await authService + .withTransaction(transactionManager) + .authenticateCustomer(validated.email, validated.password) + }) + + if (result.success && result.customer) { + // Create jwt token to send back + const token = jwt.sign( + { customer_id: result.customer.id, domain: "store" }, + jwt_secret, + { + expiresIn: "30d", + } + ) + + res.json({ access_token: token }) + } else { + res.sendStatus(401) + } +} diff --git a/packages/medusa/src/api/routes/store/auth/index.ts b/packages/medusa/src/api/routes/store/auth/index.ts index 9e17064de7..2f1f701094 100644 --- a/packages/medusa/src/api/routes/store/auth/index.ts +++ b/packages/medusa/src/api/routes/store/auth/index.ts @@ -15,6 +15,7 @@ export default (app) => { route.get("/:email", middlewares.wrap(require("./exists").default)) route.delete("/", middlewares.wrap(require("./delete-session").default)) route.post("/", middlewares.wrap(require("./create-session").default)) + route.post("/token", middlewares.wrap(require("./get-token").default)) return app } @@ -41,6 +42,18 @@ export type StoreAuthRes = { customer: Customer } +/** + * @schema StoreBearerAuthRes + * type: object + * properties: + * accessToken: + * description: Access token for subsequent authorization. + * type: string + */ +export type StoreBearerAuthRes = { + access_token: string +} + /** * @schema StoreGetAuthEmailRes * type: object @@ -59,3 +72,4 @@ export * from "./create-session" export * from "./delete-session" export * from "./exists" export * from "./get-session" +export * from "./get-token" diff --git a/packages/medusa/src/api/routes/store/customers/create-customer.ts b/packages/medusa/src/api/routes/store/customers/create-customer.ts index e6e4d61849..52d69a5ce9 100644 --- a/packages/medusa/src/api/routes/store/customers/create-customer.ts +++ b/packages/medusa/src/api/routes/store/customers/create-customer.ts @@ -103,13 +103,7 @@ export default async (req, res) => { select: defaultStoreCustomersFields, }) - // Add JWT to cookie - const { - projectConfig: { jwt_secret }, - } = req.scope.resolve("configModule") - req.session.jwt_store = jwt.sign({ customer_id: customer.id }, jwt_secret!, { - expiresIn: "30d", - }) + req.session.customer_id = customer.id res.status(200).json({ customer }) } diff --git a/packages/medusa/src/helpers/test-request.js b/packages/medusa/src/helpers/test-request.js index 4f25180437..d83fe71518 100644 --- a/packages/medusa/src/helpers/test-request.js +++ b/packages/medusa/src/helpers/test-request.js @@ -84,7 +84,7 @@ container.register("modulesHelper", asValue(moduleHelper)) container.register("configModule", asValue(config)) container.register({ logger: asValue({ - error: () => {}, + error: () => { }, }), manager: asValue(MockManager), }) @@ -145,31 +145,20 @@ export async function request(method, url, opts = {}) { ) headers.Cookie = headers.Cookie || "" if (opts.adminSession) { - const adminSession = { ...opts.adminSession } + const token = jwt.sign( + { user_id: opts.adminSession.userId || opts.adminSession.jwt?.userId, domain: "admin" }, + config.projectConfig.jwt_secret + ) - if (adminSession.jwt) { - adminSession.jwt = jwt.sign( - adminSession.jwt, - config.projectConfig.jwt_secret, - { - expiresIn: "30m", - } - ) - } - headers.Cookie = JSON.stringify(adminSession) || "" + headers.Authorization = `Bearer ${token}` } if (opts.clientSession) { - if (opts.clientSession.jwt) { - opts.clientSession.jwt_store = jwt.sign( - opts.clientSession.jwt, - config.projectConfig.jwt_secret, - { - expiresIn: "30d", - } - ) - } + const token = jwt.sign( + { customer_id: opts.clientSession.customer_id || opts.clientSession.jwt?.customer_id, domain: "store" }, + config.projectConfig.jwt_secret + ) - headers.Cookie = JSON.stringify(opts.clientSession) || "" + headers.Authorization = `Bearer ${token}` } for (const name in headers) { diff --git a/packages/medusa/src/loaders/passport.ts b/packages/medusa/src/loaders/passport.ts index 30739d6d37..f0988ade4e 100644 --- a/packages/medusa/src/loaders/passport.ts +++ b/packages/medusa/src/loaders/passport.ts @@ -1,8 +1,8 @@ import { Express } from "express" import passport from "passport" -import { Strategy as BearerStrategy } from "passport-http-bearer" -import { Strategy as JWTStrategy } from "passport-jwt" +import { Strategy as JWTStrategy, ExtractJwt } from "passport-jwt" import { Strategy as LocalStrategy } from "passport-local" +import { Strategy as CustomStrategy } from "passport-custom" import { AuthService } from "../services" import { ConfigModule, MedusaContainer } from "../types/global" @@ -46,43 +46,105 @@ export default async ({ // calls will be authenticated based on the JWT const { jwt_secret } = configModule.projectConfig passport.use( - "admin-jwt", - new JWTStrategy( - { - jwtFromRequest: (req) => req.session.jwt, - secretOrKey: jwt_secret, - }, - async (jwtPayload, done) => { - return done(null, jwtPayload) + "admin-session", + new CustomStrategy( + async (req, done) => { + // @ts-ignore + if(req.session?.user_id) { + // @ts-ignore + return done(null, { userId: req.session.user_id }) + } + + return done(null, false) } ) ) passport.use( - "store-jwt", - new JWTStrategy( - { - jwtFromRequest: (req) => req.session.jwt_store, - secretOrKey: jwt_secret, - }, - async (jwtPayload, done) => { - return done(null, jwtPayload) + "store-session", + new CustomStrategy( + async (req, done) => { + // @ts-ignore + if(req.session?.customer_id) { + // @ts-ignore + return done(null, { customer_id: req.session.customer_id }) + } + + return done(null, false) } ) ) - // Alternatively use bearer token to authenticate to the admin api + // Alternatively use API token to authenticate to the admin api passport.use( - new BearerStrategy(async (token, done) => { - const auth = await authService.authenticateAPIToken(token) + "admin-api-token", + new CustomStrategy(async (req, done) => { + // extract the token from the header + const token = req.headers["x-medusa-access-token"]; + + // check if header exists and is string + // typescript will complain if we don't check for type + if (!token || typeof token !== "string") { + return done(null, false) + } + + const auth = await authService.authenticateAPIToken(token); if (auth.success) { done(null, auth.user) } else { - done(auth.error) + done(null, false) } }) ) + // Admin bearer JWT token authentication strategy, best suited for web SPAs or mobile apps + passport.use( + "admin-bearer", + new JWTStrategy( + { + jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(), + secretOrKey: jwt_secret, + }, + (token, done) => { + if (token.domain !== "admin") { + done(null, false) + return + } + + if (!token.user_id) { + done(null, false) + return + } + + done(null, { userId: token.user_id }) + } + ) + ) + + // Store bearer JWT token authentication strategy, best suited for web SPAs or mobile apps + passport.use( + "store-bearer", + new JWTStrategy( + { + jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(), + secretOrKey: jwt_secret, + }, + (token, done) => { + if (token.domain !== "store") { + done(null, false) + return + } + + if (!token.customer_id) { + done(null, false) + return + } + + done(null, { customer_id: token.customer_id }) + } + ) + ) + app.use(passport.initialize()) app.use(passport.session()) } diff --git a/packages/medusa/src/services/auth.ts b/packages/medusa/src/services/auth.ts index 1be477dadd..14fa4ca587 100644 --- a/packages/medusa/src/services/auth.ts +++ b/packages/medusa/src/services/auth.ts @@ -51,20 +51,6 @@ class AuthService extends TransactionBaseService { */ async authenticateAPIToken(token: string): Promise { return await this.atomicPhase_(async (transactionManager) => { - if (process.env.NODE_ENV?.startsWith("dev")) { - try { - const user: User = await this.userService_ - .withTransaction(transactionManager) - .retrieve(token) - return { - success: true, - user, - } - } catch (error) { - // ignore - } - } - try { const user: User = await this.userService_ .withTransaction(transactionManager) @@ -138,7 +124,7 @@ class AuthService extends TransactionBaseService { * @param {string} password - the password of the user * @return {{ success: (bool), customer: (object | undefined) }} * success: whether authentication succeeded - * user: the user document if authentication succeeded + * customer: the customer document if authentication succeded * error: a string with the error message */ async authenticateCustomer( diff --git a/yarn.lock b/yarn.lock index 8a5e78ebb4..20ad22ee65 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6640,7 +6640,7 @@ __metadata: node-schedule: ^2.1.1 papaparse: 5.3.2 passport: ^0.6.0 - passport-http-bearer: ^1.0.1 + passport-custom: ^1.1.1 passport-jwt: ^4.0.1 passport-local: ^1.0.0 pg: ^8.11.2 @@ -35100,12 +35100,12 @@ __metadata: languageName: node linkType: hard -"passport-http-bearer@npm:^1.0.1": - version: 1.0.1 - resolution: "passport-http-bearer@npm:1.0.1" +"passport-custom@npm:^1.1.1": + version: 1.1.1 + resolution: "passport-custom@npm:1.1.1" dependencies: passport-strategy: 1.x.x - checksum: e6de1de6a940857581c5add7c54ecb3a8573a17b0d2b78e21e888b6a4b375f85cad8d482dcb3cbf313b479e303c337e720028feb9ff9fb26d2ecef55a6b2f55a + checksum: 49b6fcd125dcd60272d4f02c27acb3b61b2659f3148bc10b31b7c439314054ce32c83a12f422215bdfa83d0463668a1f38ca6e8d68ccd32c922f73ccaa5ac9b3 languageName: node linkType: hard