Merge branch 'feat/auth-checks-smoke-test' of github.com:dac09/redwoo…

…d into feat/auth-checks-smoke-test * 'feat/auth-checks-smoke-test' of github.com:dac09/redwood: (21 commits) Remove supertokens-node from packages/api dependencies (redwoodjs#4715) fix(auth): hasRole handles when currentUser.roles is a string (redwoodjs#4678) Update dependency systeminformation to v5.11.7 (redwoodjs#4716) Update dependency webpack-manifest-plugin to v5 (redwoodjs#4693) Update graphqlcodegenerator monorepo (redwoodjs#4714) Update dependency @clerk/types to v1.28.3 (redwoodjs#4708) Update dependency @testing-library/react to v12.1.4 (redwoodjs#4709) Update dependency pino to v7.8.1 (redwoodjs#4703) Update dependency fastify to v3.27.4 (redwoodjs#4702) Update dependency @clerk/clerk-sdk-node to v2.9.8 (redwoodjs#4707) Update dependency @types/react to v17.0.40 (redwoodjs#4711) Update dependency @clerk/clerk-js to v2.17.3 (redwoodjs#4706) Fix react/prop-types lint warnings (redwoodjs#4674) Allow the number 0 for numericality validation values (redwoodjs#4700) update yarn.lock v0.49.1 update yarn.lock remove storybook type check (redwoodjs#4699) add bin proxy for rw-log-formatter to core (redwoodjs#4695) remove storybook type check (redwoodjs#4699) ...
dac09 · Mar 11, 2022 · 1d30f45 · 1d30f45
2 parents c517852 + 7f0c0e2
commit 1d30f45
Show file tree

Hide file tree

Showing 45 changed files with 554 additions and 479 deletions.
diff --git a/__fixtures__/test-project/api/db/migrations/20220309090011_create_product/migration.sql b/__fixtures__/test-project/api/db/migrations/20220309090011_create_product/migration.sql
@@ -0,0 +1,17 @@
+-- CreateTable
+CREATE TABLE "UserExample" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "email" TEXT NOT NULL,
+    "name" TEXT
+);
+
+-- CreateTable
+CREATE TABLE "Post" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "title" TEXT NOT NULL,
+    "body" TEXT NOT NULL,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "UserExample_email_key" ON "UserExample"("email");
diff --git a/__fixtures__/test-project/api/db/migrations/20220309090020_create_contact/migration.sql b/__fixtures__/test-project/api/db/migrations/20220309090020_create_contact/migration.sql
@@ -0,0 +1,8 @@
+-- CreateTable
+CREATE TABLE "Contact" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "name" TEXT NOT NULL,
+    "email" TEXT NOT NULL,
+    "message" TEXT NOT NULL,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
diff --git a/__fixtures__/test-project/api/db/migrations/20220309090044_db_auth/migration.sql b/__fixtures__/test-project/api/db/migrations/20220309090044_db_auth/migration.sql
@@ -0,0 +1,13 @@
+-- CreateTable
+CREATE TABLE "User" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "email" TEXT NOT NULL,
+    "hashedPassword" TEXT NOT NULL,
+    "salt" TEXT NOT NULL,
+    "resetToken" TEXT,
+    "resetTokenExpiresAt" DATETIME,
+    "roles" TEXT
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "User_email_key" ON "User"("email");
diff --git a/__fixtures__/test-project/api/package.json b/__fixtures__/test-project/api/package.json
@@ -3,7 +3,7 @@
   "version": "0.0.0",
   "private": true,
   "dependencies": {
-    "@redwoodjs/api": "0.49.0",
-    "@redwoodjs/graphql-server": "0.49.0"
+    "@redwoodjs/api": "0.49.1",
+    "@redwoodjs/graphql-server": "0.49.1"
   }
 }
diff --git a/__fixtures__/test-project/api/src/lib/auth.ts b/__fixtures__/test-project/api/src/lib/auth.ts
@@ -53,24 +53,34 @@ export const hasRole = ({ roles }: { roles: AllowedRoles }): boolean => {
     return false
   }
 
-  if (roles) {
-    if (Array.isArray(roles)) {
-      if (Array.isArray(context.currentUser.roles)) {
-        return context.currentUser.roles?.some((r) => roles.includes(r))
-      } else {
-        roles.some((r) => context.currentUser.roles?.includes(r))
-      }
-    }
+  const currentUserRoles = context.currentUser?.roles as string | string[]
 
-    if (typeof roles === 'string') {
-      return context.currentUser.roles?.includes(roles)
+  if (typeof roles === 'string') {
+    if (typeof currentUserRoles === 'string') {
+      // roleToCheck is a string, currentUser.roles is a string
+      return currentUserRoles === roles
+    } else if (Array.isArray(currentUserRoles)) {
+      // roleToCheck is a string, currentUser.roles is an array
+      return currentUserRoles?.some((allowedRole) => roles === allowedRole)
     }
+  }
 
-    // roles not found
-    return false
+  if (Array.isArray(roles)) {
+    if (Array.isArray(currentUserRoles)) {
+      // roleToCheck is an array, currentUser.roles is an array
+      return currentUserRoles?.some((allowedRole) =>
+        roles.includes(allowedRole)
+      )
+    } else if (typeof context.currentUser.roles === 'string') {
+      // roleToCheck is an array, currentUser.roles is a string
+      return roles.some(
+        (allowedRole) => context.currentUser?.roles === allowedRole
+      )
+    }
   }
 
-  return true
+  // roles not found
+  return false
 }
 
 /**
@@ -92,7 +102,7 @@ export const requireAuth = ({ roles }: { roles: AllowedRoles }) => {
     throw new AuthenticationError("You don't have permission to do that.")
   }
 
-  if (!hasRole({ roles })) {
+  if (roles && !hasRole({ roles })) {
     throw new ForbiddenError("You don't have access to do that.")
   }
 }
diff --git a/__fixtures__/test-project/package.json b/__fixtures__/test-project/package.json
@@ -8,11 +8,11 @@
     ]
   },
   "devDependencies": {
-    "@redwoodjs/core": "0.49.0",
-    "autoprefixer": "^10.4.2",
-    "postcss": "^8.4.8",
-    "postcss-loader": "^6.2.1",
-    "tailwindcss": "^3.0.23"
+    "@redwoodjs/core": "0.49.1",
+    "autoprefixer": "10.4.2",
+    "postcss": "8.4.8",
+    "postcss-loader": "6.2.1",
+    "tailwindcss": "3.0.23"
   },
   "eslintConfig": {
     "extends": "@redwoodjs/eslint-config",

diff --git a/__fixtures__/test-project/web/package.json b/__fixtures__/test-project/web/package.json
@@ -13,10 +13,10 @@
     ]
   },
   "dependencies": {
-    "@redwoodjs/auth": "0.49.0",
-    "@redwoodjs/forms": "0.49.0",
-    "@redwoodjs/router": "0.49.0",
-    "@redwoodjs/web": "0.49.0",
+    "@redwoodjs/auth": "0.49.1",
+    "@redwoodjs/forms": "0.49.1",
+    "@redwoodjs/router": "0.49.1",
+    "@redwoodjs/web": "0.49.1",
     "prop-types": "15.8.1",
     "react": "17.0.2",
     "react-dom": "17.0.2"

diff --git a/lerna.json b/lerna.json
@@ -1,5 +1,5 @@
 {
-  "version": "0.49.0",
+  "version": "0.49.1",
   "npmClient": "yarn",
   "useWorkspaces": true,
   "command": {

diff --git a/package.json b/package.json
@@ -29,7 +29,7 @@
     "test:release-script": "NODE_OPTIONS=--experimental-vm-modules ./node_modules/.bin/jest --config ./tasks/release/jest.config.mjs"
   },
   "resolutions": {
-    "@types/react": "17.0.39",
+    "@types/react": "17.0.40",
     "prop-types": "15.8.1",
     "react": "17.0.2",
     "react-dom": "17.0.2",
@@ -54,7 +54,7 @@
     "@babel/runtime-corejs3": "7.16.7",
     "@playwright/test": "1.19.2",
     "@testing-library/jest-dom": "5.16.2",
-    "@testing-library/react": "12.1.3",
+    "@testing-library/react": "12.1.4",
     "@testing-library/user-event": "13.5.0",
     "@types/fs-extra": "9.0.13",
     "@types/jest": "27.4.1",

diff --git a/packages/api-server/package.json b/packages/api-server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@redwoodjs/api-server",
-  "version": "0.49.0",
+  "version": "0.49.1",
   "description": "Redwood's HTTP server for Serverless Functions",
   "repository": {
     "type": "git",
@@ -33,7 +33,7 @@
     "chalk": "4.1.2",
     "chokidar": "3.5.3",
     "fast-json-parse": "1.0.3",
-    "fastify": "3.27.3",
+    "fastify": "3.27.4",
     "fastify-http-proxy": "6.2.2",
     "fastify-raw-body": "3.2.0",
     "fastify-static": "4.5.0",

diff --git a/packages/api/package.json b/packages/api/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@redwoodjs/api",
-  "version": "0.49.0",
+  "version": "0.49.1",
   "repository": {
     "type": "git",
     "url": "https://github.com/redwoodjs/redwood.git",
@@ -38,25 +38,24 @@
     "md5": "2.3.0",
     "node-fetch": "2.6.7",
     "pascalcase": "1.0.0",
-    "pino": "7.8.0",
+    "pino": "7.8.1",
     "uuid": "8.3.2"
   },
   "devDependencies": {
     "@babel/cli": "7.16.7",
     "@babel/core": "7.16.7",
-    "@redwoodjs/auth": "0.49.0",
+    "@redwoodjs/auth": "0.49.1",
     "@types/crypto-js": "4.1.1",
     "@types/jsonwebtoken": "8.5.8",
     "@types/md5": "2.3.2",
     "@types/split2": "3.2.1",
     "aws-lambda": "1.0.7",
     "jest": "27.5.1",
     "split2": "4.1.0",
-    "supertokens-node": "8.6.0",
     "typescript": "4.6.2"
   },
   "peerDependencies": {
-    "@clerk/clerk-sdk-node": "2.9.6",
+    "@clerk/clerk-sdk-node": "2.9.8",
     "@magic-sdk/admin": "1.3.4",
     "firebase-admin": "10.0.2"
   },

diff --git a/packages/api/src/validations/__tests__/validations.test.js b/packages/api/src/validations/__tests__/validations.test.js
@@ -456,6 +456,9 @@ describe('validate numericality', () => {
     expect(() =>
       validate(2.2, 'number', { numericality: { lessThan: 2.1 } })
     ).toThrow(ValidationErrors.LessThanNumericalityValidationError)
+    expect(() =>
+      validate(2, 'number', { numericality: { lessThan: 0 } })
+    ).toThrow(ValidationErrors.LessThanNumericalityValidationError)
 
     expect(() =>
       validate(2, 'number', { numericality: { lessThan: 3 } })
@@ -470,7 +473,7 @@ describe('validate numericality', () => {
     } catch (e) {
       expect(e.message).toEqual('number must be less than 1')
     }
-    expect.assertions(7)
+    expect.assertions(8)
   })
 
   it('checks if value is less than or equal to required number', () => {
@@ -486,6 +489,9 @@ describe('validate numericality', () => {
     expect(() =>
       validate(2.2, 'number', { numericality: { lessThanOrEqual: 2 } })
     ).toThrow(ValidationErrors.LessThanOrEqualNumericalityValidationError)
+    expect(() =>
+      validate(2, 'number', { numericality: { lessThanOrEqual: 0 } })
+    ).toThrow(ValidationErrors.LessThanOrEqualNumericalityValidationError)
 
     expect(() =>
       validate(2.2, 'number', { numericality: { lessThanOrEqual: 2.3 } })
@@ -500,7 +506,7 @@ describe('validate numericality', () => {
     } catch (e) {
       expect(e.message).toEqual('number must be less than or equal to 2')
     }
-    expect.assertions(7)
+    expect.assertions(8)
   })
 
   it('checks if value is greater than required number', () => {
@@ -519,6 +525,9 @@ describe('validate numericality', () => {
     expect(() =>
       validate(3.0, 'number', { numericality: { greaterThan: 3 } })
     ).toThrow(ValidationErrors.GreaterThanNumericalityValidationError)
+    expect(() =>
+      validate(-1, 'number', { numericality: { greaterThan: 0 } })
+    ).toThrow(ValidationErrors.GreaterThanNumericalityValidationError)
 
     expect(() =>
       validate(3, 'number', { numericality: { greaterThan: 2 } })
@@ -533,7 +542,7 @@ describe('validate numericality', () => {
     } catch (e) {
       expect(e.message).toEqual('number must be greater than 3')
     }
-    expect.assertions(8)
+    expect.assertions(9)
   })
 
   it('checks if value is greater than or equal to required number', () => {
@@ -543,6 +552,9 @@ describe('validate numericality', () => {
     expect(() =>
       validate(3.0, 'number', { numericality: { greaterThanOrEqual: 3.1 } })
     ).toThrow(ValidationErrors.GreaterThanOrEqualNumericalityValidationError)
+    expect(() =>
+      validate(-1, 'number', { numericality: { greaterThanOrEqual: 0 } })
+    ).toThrow(ValidationErrors.GreaterThanOrEqualNumericalityValidationError)
 
     expect(() =>
       validate(3, 'number', { numericality: { greaterThan: 2 } })
@@ -567,7 +579,7 @@ describe('validate numericality', () => {
     } catch (e) {
       expect(e.message).toEqual('number must be greater than or equal to 3')
     }
-    expect.assertions(7)
+    expect.assertions(8)
   })
 
   it('checks if value is not equal to required number', () => {
@@ -583,6 +595,9 @@ describe('validate numericality', () => {
     expect(() =>
       validate(2.9, 'number', { numericality: { equal: 3 } })
     ).toThrow(ValidationErrors.EqualNumericalityValidationError)
+    expect(() => validate(2, 'number', { numericality: { equal: 0 } })).toThrow(
+      ValidationErrors.EqualNumericalityValidationError
+    )
 
     expect(() =>
       validate(2, 'number', { numericality: { equal: 2 } })
@@ -603,7 +618,7 @@ describe('validate numericality', () => {
     } catch (e) {
       expect(e.message).toEqual('number must equal 3')
     }
-    expect.assertions(9)
+    expect.assertions(10)
   })
 
   it('checks if not equal to required number', () => {
@@ -616,6 +631,9 @@ describe('validate numericality', () => {
     expect(() =>
       validate(3.0, 'number', { numericality: { otherThan: 3 } })
     ).toThrow(ValidationErrors.OtherThanNumericalityValidationError)
+    expect(() =>
+      validate(0, 'number', { numericality: { otherThan: 0 } })
+    ).toThrow(ValidationErrors.OtherThanNumericalityValidationError)
 
     expect(() =>
       validate(2, 'number', { numericality: { otherThan: 3 } })
@@ -633,7 +651,7 @@ describe('validate numericality', () => {
     } catch (e) {
       expect(e.message).toEqual('number must not equal 3')
     }
-    expect.assertions(7)
+    expect.assertions(8)
   })
 
   it('checks for a value being even', () => {

diff --git a/packages/api/src/validations/validations.ts b/packages/api/src/validations/validations.ts
@@ -407,38 +407,41 @@ const VALIDATORS = {
       if (options.integer && !Number.isInteger(value)) {
         validationError('integerNumericality', name, options)
       }
-      if (options.lessThan && (value as number) >= options.lessThan) {
+      if (options.lessThan != null && (value as number) >= options.lessThan) {
         validationError('lessThanNumericality', name, options, {
           lessThan: options.lessThan,
         })
       }
       if (
-        options.lessThanOrEqual &&
+        options.lessThanOrEqual != null &&
         (value as number) > options.lessThanOrEqual
       ) {
         validationError('lessThanOrEqualNumericality', name, options, {
           lessThanOrEqual: options.lessThanOrEqual,
         })
       }
-      if (options.greaterThan && (value as number) <= options.greaterThan) {
+      if (
+        options.greaterThan != null &&
+        (value as number) <= options.greaterThan
+      ) {
         validationError('greaterThanNumericality', name, options, {
           greaterThan: options.greaterThan,
         })
       }
       if (
-        options.greaterThanOrEqual &&
+        options.greaterThanOrEqual != null &&
         (value as number) < options.greaterThanOrEqual
       ) {
         validationError('greaterThanOrEqualNumericality', name, options, {
           greaterThanOrEqual: options.greaterThanOrEqual,
         })
       }
-      if (options.equal && value !== options.equal) {
+      if (options.equal != null && value !== options.equal) {
         validationError('equalNumericality', name, options, {
           equal: options.equal,
         })
       }
-      if (options.otherThan && value === options.otherThan) {
+      if (options.otherThan != null && value === options.otherThan) {
         validationError('otherThanNumericality', name, options, {
           otherThan: options.otherThan,
         })