4593 BUG - Auth setup script issues (redwoodjs#4825)

Co-authored-by: Tobbe Lundberg <[email protected]>
Co-authored-by: David Price <[email protected]>

Author: 3 people

packages/cli/src/commands/setup/auth/__tests__/__snapshots__/addAuthConfigToApp.test.js.snap

@@ -1,5 +1,111 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
+exports[`Should add auth config when app is missing RedwoodApolloProvider Matches Auth0 Snapshot 1`] = `
+"import { AuthProvider } from '@redwoodjs/auth'
+import { Auth0Client } from '@auth0/auth0-spa-js'
+import { FatalErrorBoundary, RedwoodProvider } from '@redwoodjs/web'
+
+import FatalErrorPage from 'src/pages/FatalErrorPage'
+import Routes from 'src/Routes'
+
+import './index.css'
+
+const queryClient = {}
+
+const auth0 = new Auth0Client({
+  domain: process.env.AUTH0_DOMAIN,
+  client_id: process.env.AUTH0_CLIENT_ID,
+  redirect_uri: process.env.AUTH0_REDIRECT_URI,
+
+  // ** NOTE ** Storing tokens in browser local storage provides persistence across page refreshes and browser tabs.
+  // However, if an attacker can achieve running JavaScript in the SPA using a cross-site scripting (XSS) attack,
+  // they can retrieve the tokens stored in local storage.
+  // https://auth0.com/docs/libraries/auth0-spa-js#change-storage-options
+  cacheLocation: 'localstorage',
+  audience: process.env.AUTH0_AUDIENCE,
+
+  // @MARK: useRefreshTokens is required for automatically extending sessions
+  // beyond that set in the initial JWT expiration.
+  //
+  // @MARK: https://auth0.com/docs/tokens/refresh-tokens
+  // useRefreshTokens: true,
+})
+
+const App = () => (
+  <FatalErrorBoundary page={FatalErrorPage}>
+    <RedwoodProvider titleTemplate=\\"%PageTitle | %AppTitle\\">
+      <AuthProvider client={auth0} type=\\"auth0\\">
+        <QueryClientProvider client={queryClient}>
+          <RedwoodReactQueryProvider>
+            <Routes />
+          </RedwoodReactQueryProvider>
+        </QueryClientProvider>
+      </AuthProvider>
+    </RedwoodProvider>
+  </FatalErrorBoundary>
+)
+
+export default App
+"
+`;
+
+exports[`Should add auth config when using explicit return Matches Auth0 Snapshot 1`] = `
+"import { AuthProvider } from '@redwoodjs/auth'
+import { Auth0Client } from '@auth0/auth0-spa-js'
+import { useEffect } from 'react'
+import { FatalErrorBoundary, RedwoodProvider } from '@redwoodjs/web'
+import { RedwoodApolloProvider } from '@redwoodjs/web/apollo'
+
+import FatalErrorPage from 'src/pages/FatalErrorPage'
+import Routes from 'src/Routes'
+
+import './index.css'
+
+const auth0 = new Auth0Client({
+  domain: process.env.AUTH0_DOMAIN,
+  client_id: process.env.AUTH0_CLIENT_ID,
+  redirect_uri: process.env.AUTH0_REDIRECT_URI,
+
+  // ** NOTE ** Storing tokens in browser local storage provides persistence across page refreshes and browser tabs.
+  // However, if an attacker can achieve running JavaScript in the SPA using a cross-site scripting (XSS) attack,
+  // they can retrieve the tokens stored in local storage.
+  // https://auth0.com/docs/libraries/auth0-spa-js#change-storage-options
+  cacheLocation: 'localstorage',
+  audience: process.env.AUTH0_AUDIENCE,
+
+  // @MARK: useRefreshTokens is required for automatically extending sessions
+  // beyond that set in the initial JWT expiration.
+  //
+  // @MARK: https://auth0.com/docs/tokens/refresh-tokens
+  // useRefreshTokens: true,
+})
+
+const App = (props) => {
+  const { cache } = props
+
+  useEffect(() => {
+    console.log('Running my custom useEffect hook on each render.')
+  })
+
+  return (
+    <FatalErrorBoundary page={FatalErrorPage}>
+      <RedwoodProvider titleTemplate=\\"%PageTitle | %AppTitle\\">
+        <AuthProvider client={auth0} type=\\"auth0\\">
+          <RedwoodApolloProvider>
+            <AnotherProvider>
+              <Routes />
+            </AnotherProvider>
+          </RedwoodApolloProvider>
+        </AuthProvider>
+      </RedwoodProvider>
+    </FatalErrorBoundary>
+  )
+}
+
+export default App
+"
+`;
+
 exports[`Should add config lines to App.{js,tsx} Matches Auth0 Snapshot 1`] = `
 "import { AuthProvider } from '@redwoodjs/auth'
 import { Auth0Client } from '@auth0/auth0-spa-js'
@@ -357,3 +463,49 @@ const App = () => (
 export default App
 "
 `;
+
+exports[`Should add config lines when RedwoodApolloProvider has props Matches Auth0 Snapshot 1`] = `
+"import { AuthProvider } from '@redwoodjs/auth'
+import { Auth0Client } from '@auth0/auth0-spa-js'
+import { FatalErrorBoundary, RedwoodProvider } from '@redwoodjs/web'
+import { RedwoodApolloProvider } from '@redwoodjs/web/apollo'
+
+import FatalErrorPage from 'src/pages/FatalErrorPage'
+import Routes from 'src/Routes'
+
+import './index.css'
+
+const auth0 = new Auth0Client({
+  domain: process.env.AUTH0_DOMAIN,
+  client_id: process.env.AUTH0_CLIENT_ID,
+  redirect_uri: process.env.AUTH0_REDIRECT_URI,
+
+  // ** NOTE ** Storing tokens in browser local storage provides persistence across page refreshes and browser tabs.
+  // However, if an attacker can achieve running JavaScript in the SPA using a cross-site scripting (XSS) attack,
+  // they can retrieve the tokens stored in local storage.
+  // https://auth0.com/docs/libraries/auth0-spa-js#change-storage-options
+  cacheLocation: 'localstorage',
+  audience: process.env.AUTH0_AUDIENCE,
+
+  // @MARK: useRefreshTokens is required for automatically extending sessions
+  // beyond that set in the initial JWT expiration.
+  //
+  // @MARK: https://auth0.com/docs/tokens/refresh-tokens
+  // useRefreshTokens: true,
+})
+
+const App = () => (
+  <FatalErrorBoundary page={FatalErrorPage}>
+    <RedwoodProvider titleTemplate=\\"%PageTitle | %AppTitle\\">
+      <AuthProvider client={auth0} type=\\"auth0\\">
+        <RedwoodApolloProvider graphQLClientConfig={{ cache }}>
+          <Routes />
+        </RedwoodApolloProvider>
+      </AuthProvider>
+    </RedwoodProvider>
+  </FatalErrorBoundary>
+)
+
+export default App
+"
+`;

packages/cli/src/commands/setup/auth/__tests__/addAuthConfigToApp.test.js

@@ -1,3 +1,6 @@
+// Have to use `var` here to avoid "Temporal Dead Zone" issues
+var mockWebAppPath = ''
+
 import fs from 'fs'
 
 import '../../../../lib/mockTelemetry'
@@ -7,14 +10,15 @@ import { addConfigToApp } from '../auth'
 jest.mock('../../../../lib', () => {
   const path = require('path')
   const __dirname = path.resolve()
+
   return {
     getPaths: () => ({
       api: { functions: '', src: '', lib: '' },
       web: {
         src: path.join(__dirname, '../create-redwood-app/template/web/src'),
         app: path.join(
           __dirname,
-          '../create-redwood-app/template/web/src/App.tsx'
+          mockWebAppPath || '../create-redwood-app/template/web/src/App.tsx'
         ),
       },
     }),
@@ -28,6 +32,7 @@ const writeFileSyncSpy = jest.fn((_, content) => {
 })
 
 beforeEach(() => {
+  mockWebAppPath = ''
   jest.restoreAllMocks()
   jest.spyOn(fs, 'writeFileSync').mockImplementation(writeFileSyncSpy)
 })
@@ -80,3 +85,33 @@ describe('Should add config lines to App.{js,tsx}', () => {
     await addConfigToApp(nhostData.config, false)
   })
 })
+
+describe('Should add config lines when RedwoodApolloProvider has props', () => {
+  it('Matches Auth0 Snapshot', async () => {
+    mockWebAppPath =
+      'src/commands/setup/auth/__tests__/fixtures/AppWithCustomRedwoodApolloProvider.js'
+
+    const auth0Data = await import(`../providers/auth0`)
+    await addConfigToApp(auth0Data.config, false)
+  })
+})
+
+describe('Should add auth config when using explicit return', () => {
+  it('Matches Auth0 Snapshot', async () => {
+    mockWebAppPath =
+      'src/commands/setup/auth/__tests__/fixtures/AppWithExplicitReturn.js'
+
+    const auth0Data = await import(`../providers/auth0`)
+    await addConfigToApp(auth0Data.config, false)
+  })
+})
+
+describe('Should add auth config when app is missing RedwoodApolloProvider', () => {
+  it('Matches Auth0 Snapshot', async () => {
+    mockWebAppPath =
+      'src/commands/setup/auth/__tests__/fixtures/AppWithoutRedwoodApolloProvider.js'
+
+    const auth0Data = await import(`../providers/auth0`)
+    await addConfigToApp(auth0Data.config, false)
+  })
+})

packages/cli/src/commands/setup/auth/__tests__/fixtures/AppWithCustomRedwoodApolloProvider.js

@@ -0,0 +1,19 @@
+import { FatalErrorBoundary, RedwoodProvider } from '@redwoodjs/web'
+import { RedwoodApolloProvider } from '@redwoodjs/web/apollo'
+
+import FatalErrorPage from 'src/pages/FatalErrorPage'
+import Routes from 'src/Routes'
+
+import './index.css'
+
+const App = () => (
+  <FatalErrorBoundary page={FatalErrorPage}>
+    <RedwoodProvider titleTemplate="%PageTitle | %AppTitle">
+      <RedwoodApolloProvider graphQLClientConfig={{ cache }}>
+        <Routes />
+      </RedwoodApolloProvider>
+    </RedwoodProvider>
+  </FatalErrorBoundary>
+)
+
+export default App

packages/cli/src/commands/setup/auth/__tests__/fixtures/AppWithExplicitReturn.js

@@ -0,0 +1,30 @@
+import { useEffect } from 'react'
+import { FatalErrorBoundary, RedwoodProvider } from '@redwoodjs/web'
+import { RedwoodApolloProvider } from '@redwoodjs/web/apollo'
+
+import FatalErrorPage from 'src/pages/FatalErrorPage'
+import Routes from 'src/Routes'
+
+import './index.css'
+
+const App = (props) => {
+  const { cache } = props
+
+  useEffect(() => {
+    console.log('Running my custom useEffect hook on each render.')
+  })
+
+  return (
+    <FatalErrorBoundary page={FatalErrorPage}>
+      <RedwoodProvider titleTemplate="%PageTitle | %AppTitle">
+        <RedwoodApolloProvider>
+          <AnotherProvider>
+            <Routes />
+          </AnotherProvider>
+        </RedwoodApolloProvider>
+      </RedwoodProvider>
+    </FatalErrorBoundary>
+  )
+}
+
+export default App

packages/cli/src/commands/setup/auth/__tests__/fixtures/AppWithoutRedwoodApolloProvider.js

@@ -0,0 +1,22 @@
+import { FatalErrorBoundary, RedwoodProvider } from '@redwoodjs/web'
+
+import FatalErrorPage from 'src/pages/FatalErrorPage'
+import Routes from 'src/Routes'
+
+import './index.css'
+
+const queryClient = {}
+
+const App = () => (
+  <FatalErrorBoundary page={FatalErrorPage}>
+    <RedwoodProvider titleTemplate="%PageTitle | %AppTitle">
+      <QueryClientProvider client={queryClient}>
+        <RedwoodReactQueryProvider>
+          <Routes />
+        </RedwoodReactQueryProvider>
+      </QueryClientProvider>
+    </RedwoodProvider>
+  </FatalErrorBoundary>
+)
+
+export default App