Cleanup, update shared.test

dac09 · Jan 19, 2024 · 2bdb5e0 · 2bdb5e0
1 parent 3cdb37d
commit 2bdb5e0
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 24 deletions.
diff --git a/packages/auth-providers/dbAuth/api/src/__tests__/shared.test.ts b/packages/auth-providers/dbAuth/api/src/__tests__/shared.test.ts
@@ -303,9 +303,7 @@ describe('session cookie extraction', () => {
       expect(extractCookie(event)).toBeUndefined()
     })
 
-    // @TODO: Disabled Studio Auth Implementation
-    // we need to avoid using body instead of headers
-    it.skip('extracts GraphiQL cookie from the header extensions', () => {
+    it('extracts GraphiQL cookie from the body extensions', () => {
       const dbUserId = 42
 
       const cookie = encryptToCookie(JSON.stringify({ id: dbUserId }))
@@ -322,33 +320,46 @@ describe('session cookie extraction', () => {
       expect(extractCookie(event)).toEqual(cookie)
     })
 
-    // @TODO: Disabled Studio Auth Implementation
-    // we need to avoid using body instead of headers
-    it.skip('overwrites cookie with event header GraphiQL when in dev', () => {
-      const sessionCookie = encryptToCookie(
-        JSON.stringify({ id: 9999999999 }) + ';' + 'token'
+    it('extracts GraphiQL cookie from the rw-studio header (Fetch request)', () => {
+      const dbUserId = 42
+
+      const impersonatedCookie = encryptToCookie(
+        JSON.stringify({ id: dbUserId })
       )
 
-      event = {
+      const req = new Request('http://localhost:8910/_rw_mw', {
+        method: 'POST',
         headers: {
-          cookie: sessionCookie,
+          'auth-provider': 'dbAuth',
+          'rw-studio-impersonation-cookie': impersonatedCookie,
+          authorization: 'Bearer ' + dbUserId,
         },
-      }
+      })
+
+      expect(extractCookie(req)).toEqual(impersonatedCookie)
+    })
+
+    it('impersonation cookie takes precendence', () => {
+      const sessionCookie = encryptToCookie(
+        JSON.stringify({ id: 9999999999 }) + ';' + 'token'
+      )
 
       const dbUserId = 42
 
-      const cookie = encryptToCookie(JSON.stringify({ id: dbUserId }))
-      event.body = JSON.stringify({
-        extensions: {
-          headers: {
-            'auth-provider': 'dbAuth',
-            cookie,
-            authorization: 'Bearer ' + dbUserId,
-          },
+      const impersonatedCookie = encryptToCookie(
+        JSON.stringify({ id: dbUserId })
+      )
+
+      event = {
+        headers: {
+          cookie: sessionCookie, // This user doesn't exist
+          'auth-provider': 'dbAuth',
+          'rw-studio-impersonation-cookie': impersonatedCookie,
+          authorization: 'Bearer ' + dbUserId,
         },
-      })
+      }
 
-      expect(extractCookie(event)).toEqual(cookie)
+      expect(extractCookie(event)).toEqual(impersonatedCookie)
     })
   })
 })

diff --git a/packages/auth-providers/dbAuth/api/src/shared.ts b/packages/auth-providers/dbAuth/api/src/shared.ts
@@ -94,9 +94,6 @@ const legacyDecryptSession = (encryptedText: string) => {
 // Extracts the session cookie from an event, handling both
 // development environment GraphiQL headers and production environment headers.
 export const extractCookie = (event: APIGatewayProxyEvent | Request) => {
-  // @TODO Disabling Studio Auth impersonation: it uses body instead of headers
-  // this feels a bit off, but also requires the parsing to become async
-
   return eventGraphiQLHeadersCookie(event) || getEventHeader(event, 'Cookie')
 }