feat(medusa): Authentication overhaul (#4064)

* implemented bearer auth * changed naming strat * changed session auth to not use jwt * typo * changed auth header prefix for admin api token auth * fixed supporting functions to work with new session type * removed database calls for bearer auth improving performance * removed unused deps * changed auth in tests * added integration tests * Accepted suggested change Co-authored-by: Carlos R. L. Rodrigues <37986729+carlos-r-l-rodrigues@users.noreply.github.com> * Typo Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> * more typos Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> * proper formatting Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> * removed endregion Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> * removed startregion Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> * fixed admin JWT integration test * added more fixes to integration tests * Update OAS * Create fluffy-donkeys-hope.md * created API reference for new auth * implemented getToken in medusa-js * Apply suggestions from code review Co-authored-by: Shahed Nasser <shahednasser@gmail.com> * Apply suggestions from code review Co-authored-by: Shahed Nasser <shahednasser@gmail.com> * deleted files which should be autogenerated * Update fluffy-donkeys-hope.md * JSDoc update Co-authored-by: Oli Juhl <59018053+olivermrbl@users.noreply.github.com> * added missing route exports * implemented runtime domain safety in jwt token manager * fixed jwt manager * lint get-token files * Update fluffy-donkeys-hope.md * Revert "deleted files which should be autogenerated" This reverts commit cd5e86623b822e6a6ac37322b952143ccc493df9. * Revert "Apply suggestions from code review" This reverts commit f02f07ce58fd9fcc2dfc80cadbb9df2665108d65. * Revert "created API reference for new auth" This reverts commit c9eafbb36453f5cf8047c79e94f470cb2d023c7d. * renamed header for sending api access tokens * medusa-js - changed apiKey header --------- Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> Co-authored-by: Carlos R. L. Rodrigues <37986729+carlos-r-l-rodrigues@users.noreply.github.com> Co-authored-by: olivermrbl <oliver@mrbltech.com> Co-authored-by: Shahed Nasser <shahednasser@gmail.com>
2023-09-25 19:57:44 +02:00
parent 07e65f5aba
commit 2caff2efc7
98 changed files with 864 additions and 351 deletions
--- a/integration-tests/api/tests/admin/invite.js
+++ b/integration-tests/api/tests/admin/invite.js
@@ -42,7 +42,7 @@ describe("/admin/invites", () => {
      const response = await api
        .get("/admin/invites", {
          headers: {
-            Authorization: "Bearer test_token",
+            "x-medusa-access-token": "test_token",
          },
        })
        .catch((err) => {
@@ -92,7 +92,7 @@ describe("/admin/invites", () => {
            password: "test123453",
          },
          {
-            headers: { Authorization: "Bearer test_token" },
+            headers: { "x-medusa-access-token": "test_token" },
          }
        )
        .catch((err) => console.log(err))
@@ -116,14 +116,14 @@ describe("/admin/invites", () => {

        const createReponse = await api
          .post("/admin/invites", payload, {
-            headers: { Authorization: "Bearer test_token" },
+            headers: { "x-medusa-access-token": "test_token" },
          })
          .catch((err) => console.log(err))

        const response = await api
          .get("/admin/invites", {
            headers: {
-              Authorization: "Bearer test_token",
+              "x-medusa-access-token": "test_token",
            },
          })
          .catch((err) => {
@@ -151,14 +151,14 @@ describe("/admin/invites", () => {

        const createReponse = await api
          .post("/admin/invites", payload, {
-            headers: { Authorization: "Bearer test_token" },
+            headers: { "x-medusa-access-token": "test_token" },
          })
          .catch((err) => console.log(err))

        const response = await api
          .get("/admin/invites", {
            headers: {
-              Authorization: "Bearer test_token",
+              "x-medusa-access-token": "test_token",
            },
          })
          .catch((err) => {
@@ -189,7 +189,7 @@ describe("/admin/invites", () => {
            `/admin/invites/${id}/resend`,
            {},
            {
-              headers: { Authorization: "Bearer test_token" },
+              headers: { "x-medusa-access-token": "test_token" },
            }
          )
          .catch((err) => console.log(err))
@@ -201,7 +201,7 @@ describe("/admin/invites", () => {
        const api = useApi()

        const inviteResponse = await api.get("/admin/invites", {
-          headers: { Authorization: "Bearer test_token" },
+          headers: { "x-medusa-access-token": "test_token" },
        })

        const { token, ...rest } = inviteResponse.data.invites[0]
@@ -219,7 +219,7 @@ describe("/admin/invites", () => {
          .catch((err) => console.log(err))

        const userResponse = await api.get("/admin/users", {
-          headers: { Authorization: "Bearer test_token" },
+          headers: { "x-medusa-access-token": "test_token" },
        })

        const newUser = userResponse.data.users.find(
@@ -234,7 +234,7 @@ describe("/admin/invites", () => {
        const api = useApi()

        const inviteResponse = await api.get("/admin/invites", {
-          headers: { Authorization: "Bearer test_token" },
+          headers: { "x-medusa-access-token": "test_token" },
        })

        const { token, ...rest } = inviteResponse.data.invites.find(
@@ -254,7 +254,7 @@ describe("/admin/invites", () => {

        const updateResponse = await api
          .post("/admin/invites", updatePayload, {
-            headers: { Authorization: "Bearer test_token" },
+            headers: { "x-medusa-access-token": "test_token" },
          })
          .catch((err) => console.log(err))

@@ -263,7 +263,7 @@ describe("/admin/invites", () => {
        const createResponse = await api.post("/admin/invites/accept", payload)

        const userResponse = await api.get("/admin/users", {
-          headers: { Authorization: "Bearer test_token" },
+          headers: { "x-medusa-access-token": "test_token" },
        })

        const newUser = userResponse.data.users.find(
@@ -302,7 +302,7 @@ describe("/admin/invites", () => {
        const api = useApi()

        const inviteResponse = await api.get("/admin/invites", {
-          headers: { Authorization: "Bearer test_token" },
+          headers: { "x-medusa-access-token": "test_token" },
        })

        const { token } = inviteResponse.data.invites[0]
@@ -353,7 +353,7 @@ describe("/admin/invites", () => {

      const invitesBeforeDeleteRequest = await api.get("/admin/invites", {
        headers: {
-          Authorization: "Bearer test_token",
+          "x-medusa-access-token": "test_token",
        },
      })

@@ -361,13 +361,13 @@ describe("/admin/invites", () => {

      const response = await api
        .delete(`/admin/invites/${inviteId}`, {
-          headers: { Authorization: "Bearer test_token" },
+          headers: { "x-medusa-access-token": "test_token" },
        })
        .catch((err) => console.log(err))

      const invitesAfterDeleteRequest = await api.get("/admin/invites", {
        headers: {
-          Authorization: "Bearer test_token",
+          "x-medusa-access-token": "test_token",
        },
      })