Example
Example copied to clipboard
metarhia
Fix forbidden access to the logged endpoints after successful auth/restore.
Closes: https://github.com/metarhia/Example/issues/238
- [x] tests and linter show no problems (
npm t) - [ ] tests are added/updated for bug fixes and new features
- [x] code is properly formatted (
npm run fmt)
Please review @tshemsedinov . The fix ready to be applied. Additionally I had tried to write test for checking the right session restoration behavior but didn't commit it. Because the test passes successfully even without fix code applied due to test environment didn't reach the problematic part of it. So there is no sense in committing the test that can't catch an issue this PR references.
The test itself is possibly good candidate to review my approaches at the next call. Anyway this PR ready to land without this additional test.
Not commited test case application/domain/tests/session.test.js
({
name: 'Auth session test',
async run(t) {
const url = 'ws://127.0.0.1:8001/api';
const metacom = metarhia.metacom.Metacom.create(url);
await metacom.load('auth', 'example');
const initial = await metacom.api.auth.signin({
login: 'marcus',
password: 'marcus',
});
const { token } = initial;
await t.test('Start logged session', async () => {
node.assert.strictEqual(initial.status, 'logged');
node.assert.strictEqual(typeof token, 'string');
});
await t.test(`Call logged endpoint`, async () => {
const res = await metacom.api.example.wait({ delay: 1 });
node.assert.strictEqual(res, 'done');
});
const reloadedClient = metarhia.metacom.Metacom.create(url);
await reloadedClient.load('auth', 'example');
await t.test('Restore the session from token', async () => {
const restored = await reloadedClient.api.auth.restore({ token });
node.assert.strictEqual(restored.status, 'logged');
});
await t.test(`Recall logged endpoint`, async () => {
const res = await reloadedClient.api.example.wait({ delay: 1 });
node.assert.strictEqual(res, 'done');
});
},
});