gitadmin/freeCodeCamp
1
0
Fork 0
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git synced 2026-05-28 18:26:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: stop adding jwt to headers (#46367)

Browse Source 
The client never uses the header, so there's no need for the api to set
it.
This commit is contained in:
Oliver Eyton-Williams
2022-06-16 16:42:32 +02:00
committed by GitHub
parent 2d5d37e472
commit 71b1d25d54
4 changed files with 3 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api-server/src/server/middlewares/request-authorization.js
+2 -7
View File
@@ -5,8 +5,7 @@ import { jwtSecret as _jwtSecret } from '../../../../config/secrets';
import { wrapHandledError } from '../utils/create-handled-error';
import {
getAccessTokenFromRequest,
errorTypes,
authHeaderNS
errorTypes
} from '../utils/getSetAccessToken';
import { getRedirectParams } from '../utils/redirection';
import { getUserById as _getUserById } from '../utils/user-stats';
@@ -57,10 +56,7 @@ export default function getRequestAuthorisation({
const { origin } = getRedirectParams(req);
const { path } = req;
if (!isAllowedPath(path)) {
const { accessToken, error, jwt } = getAccessTokenFromRequest(
req,
jwtSecret
);
const { accessToken, error } = getAccessTokenFromRequest(req, jwtSecret);
if (!accessToken && error === errorTypes.noTokenFound) {
throw wrapHandledError(
new Error('Access token is required for this request'),
@@ -88,7 +84,6 @@ export default function getRequestAuthorisation({
status: 403
});
}
res.set(authHeaderNS, jwt);
if (isEmpty(req.user)) {
const { userId } = accessToken;
return getUserById(userId)
api-server/src/server/middlewares/request-authorization.test.js
-98
View File
@@ -168,104 +168,6 @@ describe('request-authorization', () => {
expect(req.user).toEqual(users['456def']);
});
it('adds the jwt to the headers', async () => {
const validJWT = jwt.sign({ accessToken }, validJWTSecret);
const req = mockReq({
path: '/some-path/that-needs/auth',
// eslint-disable-next-line camelcase
cookie: { jwt_access_token: validJWT }
});
const res = mockRes();
const next = jest.fn();
await requestAuthorization(req, res, next);
expect(res.set).toHaveBeenCalledWith('X-fcc-access-token', validJWT);
});
it('calls next if request does not require authorization', async () => {
// currently /unsubscribe does not require authorization
const req = mockReq({ path: '/unsubscribe/another/route' });
const res = mockRes();
const next = jest.fn();
await requestAuthorization(req, res, next);
expect(next).toHaveBeenCalled();
});
});
describe('Auth header', () => {
it('throws when no access token is present', () => {
expect.assertions(2);
const req = mockReq({ path: '/some-path/that-needs/auth' });
const res = mockRes();
const next = jest.fn();
expect(() => requestAuthorization(req, res, next)).toThrowError(
'Access token is required for this request'
);
expect(next).not.toHaveBeenCalled();
});
it('throws when the access token is invalid', () => {
expect.assertions(2);
const invalidJWT = jwt.sign({ accessToken }, invalidJWTSecret);
const req = mockReq({
path: '/some-path/that-needs/auth',
headers: { 'X-fcc-access-token': invalidJWT }
});
const res = mockRes();
const next = jest.fn();
expect(() => requestAuthorization(req, res, next)).toThrowError(
'Access token is invalid'
);
expect(next).not.toHaveBeenCalled();
});
it('throws when the access token has expired', () => {
expect.assertions(2);
const invalidJWT = jwt.sign(
{ accessToken: { ...accessToken, created: theBeginningOfTime } },
validJWTSecret
);
const req = mockReq({
path: '/some-path/that-needs/auth',
headers: { 'X-fcc-access-token': invalidJWT }
});
const res = mockRes();
const next = jest.fn();
expect(() => requestAuthorization(req, res, next)).toThrowError(
'Access token is no longer valid'
);
expect(next).not.toHaveBeenCalled();
});
it('adds the user to the request object', async () => {
expect.assertions(3);
const validJWT = jwt.sign({ accessToken }, validJWTSecret);
const req = mockReq({
path: '/some-path/that-needs/auth',
headers: { 'X-fcc-access-token': validJWT }
});
const res = mockRes();
const next = jest.fn();
await requestAuthorization(req, res, next);
expect(next).toHaveBeenCalled();
expect(req).toHaveProperty('user');
expect(req.user).toEqual(users['456def']);
});
it('adds the jwt to the headers', async () => {
const validJWT = jwt.sign({ accessToken }, validJWTSecret);
const req = mockReq({
path: '/some-path/that-needs/auth',
// eslint-disable-next-line camelcase
cookie: { jwt_access_token: validJWT }
});
const res = mockRes();
const next = jest.fn();
await requestAuthorization(req, res, next);
expect(res.set).toHaveBeenCalledWith('X-fcc-access-token', validJWT);
});
it('calls next if request does not require authorization', async () => {
// currently /unsubscribe does not require authorization
const req = mockReq({ path: '/unsubscribe/another/route' });
api-server/src/server/utils/getSetAccessToken.js
+1 -3
View File
@@ -3,7 +3,6 @@ import jwt from 'jsonwebtoken';
import { jwtSecret as _jwtSecret } from '../../../../config/secrets';
export const authHeaderNS = 'X-fcc-access-token';
export const jwtCookieNS = 'jwt_access_token';
export function createCookieConfig(req) {
@@ -30,7 +29,6 @@ export function setAccessTokenToResponse(
export function getAccessTokenFromRequest(req, jwtSecret = _jwtSecret) {
const maybeToken =
(req.headers && req.headers[authHeaderNS]) ||
(req.signedCookies && req.signedCookies[jwtCookieNS]) ||
(req.cookie && req.cookie[jwtCookieNS]);
if (!maybeToken) {
@@ -55,7 +53,7 @@ export function getAccessTokenFromRequest(req, jwtSecret = _jwtSecret) {
error: errorTypes.expiredToken
};
}
return { accessToken, error: '', jwt: maybeToken };
return { accessToken, error: '' };
}
export function removeCookies(req, res) {
api-server/src/server/utils/getSetAccessToken.test.js
-55
View File
@@ -62,61 +62,6 @@ describe('getSetAccessToken', () => {
created: accessToken.created.toISOString()
});
});
it('returns the signed jwt if found', () => {
const validJWT = jwt.sign({ accessToken }, validJWTSecret);
// eslint-disable-next-line camelcase
const req = mockReq({ cookie: { jwt_access_token: validJWT } });
const result = getAccessTokenFromRequest(req, validJWTSecret);
expect(result.jwt).toEqual(validJWT);
});
});
describe('Auth headers', () => {
it('returns `invalid token` error for malformed tokens', () => {
const invalidJWT = jwt.sign({ accessToken }, invalidJWTSecret);
// eslint-disable-next-line camelcase
const req = mockReq({ headers: { 'X-fcc-access-token': invalidJWT } });
const result = getAccessTokenFromRequest(req, validJWTSecret);
expect(result.error).toEqual(errorTypes.invalidToken);
});
it('returns `expired token` error for expired tokens', () => {
const invalidJWT = jwt.sign(
{ accessToken: { ...accessToken, created: theBeginningOfTime } },
validJWTSecret
);
// eslint-disable-next-line camelcase
const req = mockReq({ headers: { 'X-fcc-access-token': invalidJWT } });
const result = getAccessTokenFromRequest(req, validJWTSecret);
expect(result.error).toEqual(errorTypes.expiredToken);
});
it('returns a valid access token with no errors ', () => {
expect.assertions(2);
const validJWT = jwt.sign({ accessToken }, validJWTSecret);
// eslint-disable-next-line camelcase
const req = mockReq({ headers: { 'X-fcc-access-token': validJWT } });
const result = getAccessTokenFromRequest(req, validJWTSecret);
expect(result.error).toBeFalsy();
expect(result.accessToken).toEqual({
...accessToken,
created: accessToken.created.toISOString()
});
});
it('returns the signed jwt if found', () => {
const validJWT = jwt.sign({ accessToken }, validJWTSecret);
// eslint-disable-next-line camelcase
const req = mockReq({ headers: { 'X-fcc-access-token': validJWT } });
const result = getAccessTokenFromRequest(req, validJWTSecret);
expect(result.jwt).toEqual(validJWT);
});
});
});