feat(medusa): Authentication overhaul (#4064)

* implemented bearer auth * changed naming strat * changed session auth to not use jwt * typo * changed auth header prefix for admin api token auth * fixed supporting functions to work with new session type * removed database calls for bearer auth improving performance * removed unused deps * changed auth in tests * added integration tests * Accepted suggested change Co-authored-by: Carlos R. L. Rodrigues <37986729+carlos-r-l-rodrigues@users.noreply.github.com> * Typo Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> * more typos Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> * proper formatting Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> * removed endregion Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> * removed startregion Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> * fixed admin JWT integration test * added more fixes to integration tests * Update OAS * Create fluffy-donkeys-hope.md * created API reference for new auth * implemented getToken in medusa-js * Apply suggestions from code review Co-authored-by: Shahed Nasser <shahednasser@gmail.com> * Apply suggestions from code review Co-authored-by: Shahed Nasser <shahednasser@gmail.com> * deleted files which should be autogenerated * Update fluffy-donkeys-hope.md * JSDoc update Co-authored-by: Oli Juhl <59018053+olivermrbl@users.noreply.github.com> * added missing route exports * implemented runtime domain safety in jwt token manager * fixed jwt manager * lint get-token files * Update fluffy-donkeys-hope.md * Revert "deleted files which should be autogenerated" This reverts commit cd5e86623b822e6a6ac37322b952143ccc493df9. * Revert "Apply suggestions from code review" This reverts commit f02f07ce58fd9fcc2dfc80cadbb9df2665108d65. * Revert "created API reference for new auth" This reverts commit c9eafbb36453f5cf8047c79e94f470cb2d023c7d. * renamed header for sending api access tokens * medusa-js - changed apiKey header --------- Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com> Co-authored-by: Carlos R. L. Rodrigues <37986729+carlos-r-l-rodrigues@users.noreply.github.com> Co-authored-by: olivermrbl <oliver@mrbltech.com> Co-authored-by: Shahed Nasser <shahednasser@gmail.com>
2023-09-25 19:57:44 +02:00
parent 07e65f5aba
commit 2caff2efc7
98 changed files with 864 additions and 351 deletions
--- a/integration-tests/plugins/tests/inventory/cart/cart.js
+++ b/integration-tests/plugins/tests/inventory/cart/cart.js
@@ -13,7 +13,7 @@ const { simpleSalesChannelFactory } = require("../../../../factories")

 jest.setTimeout(30000)

-const adminHeaders = { headers: { Authorization: "Bearer test_token" } }
+const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } }

 describe("/store/carts", () => {
  let express
--- a/integration-tests/plugins/tests/inventory/inventory-items/index.js
+++ b/integration-tests/plugins/tests/inventory/inventory-items/index.js
@@ -14,7 +14,7 @@ const {
  simpleProductFactory,
  simpleOrderFactory,
 } = require("../../../../factories")
-const adminHeaders = { headers: { Authorization: "Bearer test_token" } }
+const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } }

 describe("Inventory Items endpoints", () => {
  let appContainer
@@ -682,7 +682,7 @@ describe("Inventory Items endpoints", () => {
          ],
          prices: [{ currency_code: "usd", amount: 100 }],
        },
-        { headers: { Authorization: "Bearer test_token" } }
+        { headers: { "x-medusa-access-token": "test_token" } }
      )

      const secondVariantId = response.data.product.variants.find(
@@ -720,7 +720,7 @@ describe("Inventory Items endpoints", () => {
      ).toHaveLength(2)

      await api.delete(`/admin/inventory-items/${invItem2.id}`, {
-        headers: { Authorization: "Bearer test_token" },
+        headers: { "x-medusa-access-token": "test_token" },
      })

      expect(
--- a/integration-tests/plugins/tests/inventory/order/draft-order.js
+++ b/integration-tests/plugins/tests/inventory/order/draft-order.js
@@ -21,7 +21,7 @@ const {

 jest.setTimeout(30000)

-const adminHeaders = { headers: { Authorization: "Bearer test_token" } }
+const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } }

 describe("/store/carts", () => {
  let express
--- a/integration-tests/plugins/tests/inventory/order/order.js
+++ b/integration-tests/plugins/tests/inventory/order/order.js
@@ -20,7 +20,7 @@ const {

 jest.setTimeout(150000)

-const adminHeaders = { headers: { Authorization: "Bearer test_token" } }
+const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } }

 describe("/store/carts", () => {
  let express
--- a/integration-tests/plugins/tests/inventory/products/create-variant.js
+++ b/integration-tests/plugins/tests/inventory/products/create-variant.js
@@ -83,7 +83,7 @@ describe("Create Variant", () => {
          ],
          prices: [{ currency_code: "usd", amount: 2300 }],
        },
-        { headers: { Authorization: "Bearer test_token" } }
+        { headers: { "x-medusa-access-token": "test_token" } }
      )

      expect(response.status).toEqual(200)
@@ -160,7 +160,7 @@ describe("Create Variant", () => {
            ],
            prices: [{ currency_code: "usd", amount: 2300 }],
          },
-          { headers: { Authorization: "Bearer test_token" } }
+          { headers: { "x-medusa-access-token": "test_token" } }
        )
        .catch((e) => e)

--- a/integration-tests/plugins/tests/inventory/products/delete-variant.js
+++ b/integration-tests/plugins/tests/inventory/products/delete-variant.js
@@ -70,7 +70,7 @@ describe("Delete Variant", () => {
          ],
          prices: [{ currency_code: "usd", amount: 2300 }],
        },
-        { headers: { Authorization: "Bearer test_token" } }
+        { headers: { "x-medusa-access-token": "test_token" } }
      )

      const variantId = response.data.product.variants.find(
@@ -98,7 +98,7 @@ describe("Delete Variant", () => {
      ).toHaveLength(2)

      await api.delete(`/admin/products/test-product/variants/${variantId}`, {
-        headers: { Authorization: "Bearer test_token" },
+        headers: { "x-medusa-access-token": "test_token" },
      })

      await expect(variantService.retrieve(variantId)).rejects.toThrow(
--- a/integration-tests/plugins/tests/inventory/products/get-product.js
+++ b/integration-tests/plugins/tests/inventory/products/get-product.js
@@ -12,7 +12,7 @@ jest.setTimeout(30000)

 const { simpleProductFactory } = require("../../../../factories")

-const adminHeaders = { headers: { Authorization: "Bearer test_token" } }
+const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } }

 describe("Get products", () => {
  let appContainer
--- a/integration-tests/plugins/tests/inventory/products/get-variant.js
+++ b/integration-tests/plugins/tests/inventory/products/get-variant.js
@@ -15,7 +15,7 @@ const {
  simpleSalesChannelFactory,
 } = require("../../../../factories")

-const adminHeaders = { headers: { Authorization: "Bearer test_token" } }
+const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } }

 describe("Get variant", () => {
  let appContainer
--- a/integration-tests/plugins/tests/inventory/products/list-products.js
+++ b/integration-tests/plugins/tests/inventory/products/list-products.js
@@ -13,7 +13,7 @@ jest.setTimeout(30000)
 const { simpleProductFactory } = require("../../../../factories")
 const { simpleSalesChannelFactory } = require("../../../../factories")

-const adminHeaders = { headers: { Authorization: "Bearer test_token" } }
+const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } }

 describe("Create Variant", () => {
  let appContainer
--- a/integration-tests/plugins/tests/inventory/products/list-variants.js
+++ b/integration-tests/plugins/tests/inventory/products/list-variants.js
@@ -12,7 +12,7 @@ jest.setTimeout(30000)

 const { simpleProductFactory } = require("../../../../factories")
 const { simpleSalesChannelFactory } = require("../../../../factories")
-const adminHeaders = { headers: { Authorization: "Bearer test_token" } }
+const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } }

 describe("List Variants", () => {
  let appContainer
--- a/integration-tests/plugins/tests/inventory/reservation-items/index.js
+++ b/integration-tests/plugins/tests/inventory/reservation-items/index.js
@@ -16,7 +16,7 @@ const {
  simpleRegionFactory,
 } = require("../../../../factories")
 const { simpleSalesChannelFactory } = require("../../../../factories")
-const adminHeaders = { headers: { Authorization: "Bearer test_token" } }
+const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } }

 describe("Inventory Items endpoints", () => {
  let appContainer
--- a/integration-tests/plugins/tests/medusa-plugin-sendgrid/index.js
+++ b/integration-tests/plugins/tests/medusa-plugin-sendgrid/index.js
@@ -58,7 +58,7 @@ describe("medusa-plugin-sendgrid", () => {
    const response = await api.post(
      `/admin/orders/${order.id}/cancel`,
      {},
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )
    expect(response.status).toEqual(200)

@@ -146,7 +146,7 @@ describe("medusa-plugin-sendgrid", () => {
    const { data: fulfillmentData } = await api.post(
      `/admin/orders/${order.id}/fulfillment`,
      { items: [{ item_id: "test-item", quantity: 2 }] },
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )

    const fulfillment = fulfillmentData.order.fulfillments[0]
@@ -154,7 +154,7 @@ describe("medusa-plugin-sendgrid", () => {
    const response = await api.post(
      `/admin/orders/${order.id}/shipment`,
      { fulfillment_id: fulfillment.id },
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )

    expect(response.status).toEqual(200)
@@ -344,7 +344,7 @@ describe("medusa-plugin-sendgrid", () => {
        additional_items: [{ variant_id: "variant-2", quantity: 1 }],
        return_items: [{ item_id: "test-item", quantity: 1 }],
      },
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )

    expect(response.status).toEqual(200)
@@ -359,7 +359,7 @@ describe("medusa-plugin-sendgrid", () => {
          quantity: i.quantity,
        })),
      },
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )

    const sendgridService = appContainer.resolve("sendgridService")
@@ -386,7 +386,7 @@ describe("medusa-plugin-sendgrid", () => {
      },
      {
        headers: {
-          authorization: "Bearer test_token",
+          "x-medusa-access-token": "test_token",
        },
      }
    )
@@ -403,7 +403,7 @@ describe("medusa-plugin-sendgrid", () => {
          quantity: i.quantity,
        })),
      },
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )

    const sendgridService = appContainer.resolve("sendgridService")
@@ -440,7 +440,7 @@ describe("medusa-plugin-sendgrid", () => {
          { reason: "missing_item", item_id: "test-item", quantity: 1 },
        ],
      },
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )

    expect(response.status).toEqual(200)
@@ -450,14 +450,14 @@ describe("medusa-plugin-sendgrid", () => {
    const { data: fulfillmentData } = await api.post(
      `/admin/orders/${order.id}/claims/${claimId}/fulfillments`,
      {},
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )

    const fulfillmentId = fulfillmentData.order.claims[0].fulfillments[0].id
    await api.post(
      `/admin/orders/${order.id}/claims/${claimId}/shipments`,
      { fulfillment_id: fulfillmentId },
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )

    const sendgridService = appContainer.resolve("sendgridService")
@@ -545,7 +545,7 @@ describe("medusa-plugin-sendgrid", () => {
        additional_items: [{ variant_id: "variant-2", quantity: 1 }],
        return_items: [{ item_id: "test-item", quantity: 1 }],
      },
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )

    expect(response.status).toEqual(200)
@@ -573,14 +573,14 @@ describe("medusa-plugin-sendgrid", () => {
    const { data: fulfillmentData } = await api.post(
      `/admin/orders/${order.id}/swaps/${swapId}/fulfillments`,
      {},
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )

    const fulfillmentId = fulfillmentData.order.swaps[0].fulfillments[0].id
    await api.post(
      `/admin/orders/${order.id}/swaps/${swapId}/shipments`,
      { fulfillment_id: fulfillmentId },
-      { headers: { authorization: "Bearer test_token" } }
+      { headers: { "x-medusa-access-token": "test_token" } }
    )

    const sendgridService = appContainer.resolve("sendgridService")
@@ -729,7 +729,7 @@ describe("medusa-plugin-sendgrid", () => {
      },
      {
        headers: {
-          authorization: "Bearer test_token",
+          "x-medusa-access-token": "test_token",
        },
      }
    )
@@ -759,7 +759,7 @@ describe("medusa-plugin-sendgrid", () => {
      },
      {
        headers: {
-          authorization: "Bearer test_token",
+          "x-medusa-access-token": "test_token",
        },
      }
    )
--- a/integration-tests/plugins/tests/product/admin/index.ts
+++ b/integration-tests/plugins/tests/product/admin/index.ts
@@ -15,7 +15,7 @@ jest.setTimeout(5000000)

 const adminHeaders = {
  headers: {
-    Authorization: "Bearer test_token",
+    "x-medusa-access-token": "test_token",
  },
 }

--- a/integration-tests/plugins/tests/stock-location/delete-sales-channels.js
+++ b/integration-tests/plugins/tests/stock-location/delete-sales-channels.js
@@ -72,7 +72,7 @@ describe("Sales channels", () => {
      ).toHaveLength(2)

      await api.delete(`/admin/sales-channels/${sc.id}`, {
-        headers: { Authorization: "Bearer test_token" },
+        headers: { "x-medusa-access-token": "test_token" },
      })

      await expect(salesChannelService.retrieve(sc.id)).rejects.toThrowError()
--- a/integration-tests/plugins/tests/stock-location/delete-stock-location.js
+++ b/integration-tests/plugins/tests/stock-location/delete-stock-location.js
@@ -78,7 +78,7 @@ describe("Sales channels", () => {
      ).toHaveLength(1)

      await api.delete(`/admin/stock-locations/${loc.id}`, {
-        headers: { Authorization: "Bearer test_token" },
+        headers: { "x-medusa-access-token": "test_token" },
      })

      expect(
--- a/integration-tests/plugins/tests/stock-location/sales-channels.js
+++ b/integration-tests/plugins/tests/stock-location/sales-channels.js
@@ -8,7 +8,7 @@ const adminSeeder = require("../../../helpers/admin-seeder")

 jest.setTimeout(30000)

-const adminHeaders = { headers: { Authorization: "Bearer test_token" } }
+const adminHeaders = { headers: { "x-medusa-access-token": "test_token" } }

 describe("Sales channels", () => {
  let appContainer
--- a/integration-tests/plugins/helpers/call-helpers.js
+++ b/integration-tests/plugins/helpers/call-helpers.js
@@ -0,0 +1,100 @@
+const { useApi } = require("../../helpers/use-api")
+
+const header = {
+  headers: {
+    "x-medusa-access-token": "test_token",
+  },
+}
+
+const resolveCall = async (path, payload, header) => {
+  const api = useApi()
+  let res
+  try {
+    const resp = await api.post(path, payload, header)
+    res = resp.status
+  } catch (expectedException) {
+    try {
+      res = expectedException.response.status
+    } catch (_) {
+      console.error(expectedException)
+    }
+  }
+  return res
+}
+
+const determineFail = (actual, expected, path) => {
+  if (expected !== actual) {
+    console.log(`failed at path : ${path}`)
+  }
+  expect(actual).toEqual(expected)
+}
+
+/**
+ * Allows you to wrap a Call function so that you may reuse some input values.
+ * @param {Function} fun - the function to call with partial information
+ * @param {Object} input - the constant input which we want to supply now
+ * @returns
+ */
+module.exports.partial = function (fun, input = {}) {
+  return async (remaining) => await fun({ ...remaining, ...input })
+}
+
+/**
+ * Allows you to assert a specific code result from a POST call.
+ * @param {Object} input - the information needed to make the call
+ * (path & payload) and the expected code (code)
+ */
+module.exports.expectPostCallToReturn = async function (
+  input = {
+    code,
+    path,
+    payload: {},
+  }
+) {
+  const res = await resolveCall(input.path, input.payload, header)
+  determineFail(res, input.code, input.path)
+}
+
+/**
+ * Allows you to assert a specific code result from multiple POST
+ * calls.
+ * @param {Object} input - the collection of objects to execute
+ * calls from (col), a function which yields the path (pathf),
+ * and another one which provides the payload (payloadf), as
+ * well as the code (code) which we want to assert.
+ */
+module.exports.expectAllPostCallsToReturn = async function (
+  input = {
+    code,
+    col,
+    pathf,
+    payloadf,
+  }
+) {
+  for (const i of input.col) {
+    const res = await resolveCall(
+      input.pathf(i),
+      input.payloadf ? input.payloadf(i) : {},
+      header
+    )
+    determineFail(res, input.code, input.pathf(i))
+  }
+}
+
+/**
+ * Allows you to retrieve a specific object the response
+ * from get call,
+ * and simultaneously assert that the call was successful.
+ * @param {Object} param0 - contains the path which to
+ * call (path), and the object within the response.data (get)
+ * we want to retrieve.
+ * @returns {Object} found within response.data corresponding
+ * to the get parameter provided.
+ */
+module.exports.callGet = async function ({ path, get }) {
+  const api = useApi()
+  const res = await api.get(path, header)
+
+  determineFail(res.status, 200, path)
+  return res?.data[get]
+}