New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable session middleware by default (fixes U&P provider authentication) #11825
Conversation
Codecov Report
@@ Coverage Diff @@
## master #11825 +/- ##
==========================================
+ Coverage 47.68% 47.75% +0.07%
==========================================
Files 212 210 -2
Lines 8223 8139 -84
Branches 1863 1835 -28
==========================================
- Hits 3921 3887 -34
+ Misses 3547 3503 -44
+ Partials 755 749 -6
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
packages/plugins/users-permissions/server/routes/content-api/auth.js
Outdated
Show resolved
Hide resolved
packages/plugins/users-permissions/server/routes/content-api/auth.js
Outdated
Show resolved
Hide resolved
packages/plugins/users-permissions/server/routes/content-api/auth.js
Outdated
Show resolved
Hide resolved
packages/plugins/users-permissions/server/routes/content-api/auth.js
Outdated
Show resolved
Hide resolved
packages/plugins/users-permissions/server/routes/content-api/auth.js
Outdated
Show resolved
Hide resolved
packages/plugins/users-permissions/server/routes/content-api/auth.js
Outdated
Show resolved
Hide resolved
packages/plugins/users-permissions/server/routes/content-api/auth.js
Outdated
Show resolved
Hide resolved
packages/plugins/users-permissions/server/routes/content-api/auth.js
Outdated
Show resolved
Hide resolved
packages/plugins/users-permissions/server/routes/content-api/auth.js
Outdated
Show resolved
Hide resolved
168a33f
to
e0a9228
Compare
Will test it after the monday meeting @petersg83 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand why we need all the env_path manipulations for the tests. If we use the generator we should just have a valid .env in the testApp 🤔
Also I would keep the .env.example as when the dev will push their app they won't get a .env we should generate one with the missing env vars
|
1427fb7
to
1dc74b0
Compare
@@ -1,4 +1,7 @@ | |||
module.exports = ({ env }) => ({ | |||
host: env('HOST', '0.0.0.0'), | |||
port: env.int('PORT', 1337), | |||
app: { | |||
keys: env.array('APP_SECRETS'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't we call that APP_KEYS ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes let's do that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. It's a lot cleaner than previously
This pull request has been mentioned on Strapi Community Forum. There might be relevant details there: https://forum.strapi.io/t/user-authentication-with-next-js-and-strapi/6289/19 |
It enables session middleware by default (which fixes U&P provider authentication)
It removes the possibility to authenticate requests using access_token url query param
It fixes a wording where the displayed provider name was wrong
Based on a previous PR created by @rgoupil #11777
also fix #7405 (thank you @borm for showing a fix)