-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix/validate access token user not found #8484
Fix/validate access token user not found #8484
Conversation
…ER_NOT_FOUND` when a user is not found
…ror type - since jest only checks for the message, and no other attributes/methods of the class thrown, see jestjs/jest#13232 (comment) - we actually had a false positive test on the error code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR Summary
This PR modifies the JWT authentication error handling to properly handle and communicate user not found scenarios, addressing the blank page issue on demo.twenty.com after database resets.
- Changed error code from
INVALID_INPUT
toUSER_NOT_FOUND
injwt.auth.strategy.ts
for better frontend error handling - Added explicit error code verification in
jwt.auth.strategy.spec.ts
to catch false positives in error testing - Modified test case to properly verify both error message and code using try/catch block
- Ensures frontend receives correct error code to trigger login page redirect instead of showing blank screen
2 file(s) reviewed, 1 comment(s)
Edit PR Review Bot Settings | Greptile
await expect(strategy.validate(payload as JwtPayload)).rejects.toThrow( | ||
new AuthException('User not found', AuthExceptionCode.INVALID_INPUT), | ||
new AuthException('User not found', expect.any(String)), | ||
); | ||
try { | ||
await strategy.validate(payload as JwtPayload); | ||
} catch (e) { | ||
expect(e.code).toBe(AuthExceptionCode.USER_NOT_FOUND); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
style: Redundant error testing - the second test using try/catch is unnecessary since Jest's rejects.toThrow()
can check both message and code using a matcher object
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well... that seems to be wrong, following this comment jestjs/jest#13232 (comment)
However there might be a more elegant way using another matcher inside the .toThrow
, but I don't quite have the syntax.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's good enough like this imo! Thanks a lot!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Super clean - well documented, thanks a lot!
Description
Closes #7244
See details about implementation: #7244 (comment) and #7244 (comment)
Changes
USER_NOT_FOUND
error instead ofINVALID_INPUT
errorAuthExceptionCode
, as it wasn't properly tested; it was actually a false positive. This is becausetoThrow
from jest only checks themessage
, and not any other method / attributes from theError
. It's a know behaviour and not considered a bug, see [Bug]: Properties of Error subclasses other thanmessage
are ignored when usingtoEqual
. jestjs/jest#13232 (comment)