Enable session middleware by default (fixes U&P provider authentication)

[petersg83]

It enables session middleware by default (which fixes U&P provider authentication)
It removes the possibility to authenticate requests using access_token url query param
It fixes a wording where the displayed provider name was wrong

Based on a previous PR created by @rgoupil #11777

also fix #7405 (thank you @borm for showing a fix)

[codecov]

Codecov Report

Merging #11825 (56407e8) into master (644624d) will increase coverage by 0.07%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master   #11825      +/-   ##
==========================================
+ Coverage   47.68%   47.75%   +0.07%     
==========================================
  Files         212      210       -2     
  Lines        8223     8139      -84     
  Branches     1863     1835      -28     
==========================================
- Hits         3921     3887      -34     
+ Misses       3547     3503      -44     
+ Partials      755      749       -6     

Flag	Coverage Δ
front	?
unit	47.75% <100.00%> (+0.07%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
packages/core/admin/server/strategies/api-token.js	100.00% <ø> (+3.03%)	⬆️
packages/core/strapi/lib/services/fs.js	71.42% <100.00%> (ø)
packages/core/strapi/lib/core/registries/config.js

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 644624d...56407e8. Read the comment docs.

[derrickmehaffy]

Will test it after the monday meeting @petersg83 👍

[alexandrebodin]

I don't understand why we need all the env_path manipulations for the tests. If we use the generator we should just have a valid .env in the testApp 🤔

Also I would keep the .env.example as when the dev will push their app they won't get a .env we should generate one with the missing env vars

[petersg83]

env_path : The .env is not detected because the script run is not located next to the .env file, so we need to specify the correct path. Before that the .env file of the testApp was full of generated token (each time the app was restarted they were generated again). Do you think we can do something simpler?

[alexandrebodin]

shouldn't we call that APP_KEYS ?

[petersg83]

Yes let's do that

[alexandrebodin]

LGTM. It's a lot cleaner than previously

[strapi-bot]

This pull request has been mentioned on Strapi Community Forum. There might be relevant details there:

https://forum.strapi.io/t/user-authentication-with-next-js-and-strapi/6289/19