chore(repo): Add machine auth tests for Express and Fastify#8210
chore(repo): Add machine auth tests for Express and Fastify#8210wobsoriano wants to merge 4 commits intomainfrom
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
@clerk/agent-toolkit
@clerk/astro
@clerk/backend
@clerk/chrome-extension
@clerk/clerk-js
@clerk/dev-cli
@clerk/expo
@clerk/expo-passkeys
@clerk/express
@clerk/fastify
@clerk/hono
@clerk/localizations
@clerk/nextjs
@clerk/nuxt
@clerk/react
@clerk/react-router
@clerk/shared
@clerk/tanstack-react-start
@clerk/testing
@clerk/ui
@clerk/upgrade
@clerk/vue
commit: |
📝 WalkthroughWalkthroughThis pull request adds two new Playwright integration test suites: one for Express middleware authentication ( 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@integration/tests/express/machine.test.ts`:
- Around line 99-110: The tests iterate over token types but use hard-coded
placeholder strings (e.g., 'mt_test_mismatch', 'oat_test_mismatch'), so they
only exercise invalid-token behavior instead of verifying that acceptsToken
rejects a valid token of the wrong kind; update the table loop in the tests
named `rejects ${tokenType} token on API key route (token type mismatch)` to
supply real, valid tokens of the other types (generate a real M2M token, OAuth
token, and API key token using your existing test helpers such as
createM2MToken/createOAuthToken/createApiKeyToken or the project’s token fixture
functions) and assert 401 for /api/me; apply the same fix to the other two
mismatch tables referenced in the comment (lines ~230-240 and ~339-350) so each
mismatch case uses a valid token of the wrong type rather than a placeholder
string.
In `@integration/tests/fastify/machine.test.ts`:
- Around line 129-140: The tests currently send hard-coded invalid strings
instead of real valid tokens of other kinds; update the token table so each
entry supplies an actual, valid token of the mismatched kind (e.g., for
tokenType 'M2M' and 'OAuth' create real M2M and OAuth tokens) using your
existing test fixtures/factories (e.g., the helper that issues API key/M2M/OAuth
tokens) and keep the test body that calls GET '/api/me' with Authorization:
`Bearer ${token}`; ensure you generate/obtain these tokens via the project
helpers (the token factory used elsewhere in tests) so the assertions exercise
token-type rejection (the test title, tokenType variable, Authorization header
and the GET '/api/me' request remain unchanged).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: ASSERTIVE
Plan: Pro
Run ID: 0f968315-4d6e-45e6-8649-95ac6ca0e755
📒 Files selected for processing (2)
integration/tests/express/machine.test.tsintegration/tests/fastify/machine.test.ts
| for (const [tokenType, token] of [ | ||
| ['M2M', 'mt_test_mismatch'], | ||
| ['OAuth', 'oat_test_mismatch'], | ||
| ] as const) { | ||
| test(`rejects ${tokenType} token on API key route (token type mismatch)`, async ({ request }) => { | ||
| const url = new URL('/api/me', app.serverUrl); | ||
| const res = await request.get(url.toString(), { | ||
| headers: { Authorization: `Bearer ${token}` }, | ||
| }); | ||
| expect(res.status()).toBe(401); | ||
| }); | ||
| } |
There was a problem hiding this comment.
Use real cross-type tokens in these mismatch assertions.
These cases only send hard-coded placeholder strings, so they re-test the existing invalid-token path instead of proving that acceptsToken rejects a valid token of the wrong kind. If type enforcement regressed but verification still rejected unknown strings, this suite would stay green. Please use real API key, M2M, and OAuth tokens across these tables.
Also applies to: 230-240, 339-350
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@integration/tests/express/machine.test.ts` around lines 99 - 110, The tests
iterate over token types but use hard-coded placeholder strings (e.g.,
'mt_test_mismatch', 'oat_test_mismatch'), so they only exercise invalid-token
behavior instead of verifying that acceptsToken rejects a valid token of the
wrong kind; update the table loop in the tests named `rejects ${tokenType} token
on API key route (token type mismatch)` to supply real, valid tokens of the
other types (generate a real M2M token, OAuth token, and API key token using
your existing test helpers such as
createM2MToken/createOAuthToken/createApiKeyToken or the project’s token fixture
functions) and assert 401 for /api/me; apply the same fix to the other two
mismatch tables referenced in the comment (lines ~230-240 and ~339-350) so each
mismatch case uses a valid token of the wrong type rather than a placeholder
string.
| for (const [tokenType, token] of [ | ||
| ['M2M', 'mt_test_mismatch'], | ||
| ['OAuth', 'oat_test_mismatch'], | ||
| ] as const) { | ||
| test(`rejects ${tokenType} token on API key route (token type mismatch)`, async ({ request }) => { | ||
| const url = new URL('/api/me', app.serverUrl); | ||
| const res = await request.get(url.toString(), { | ||
| headers: { Authorization: `Bearer ${token}` }, | ||
| }); | ||
| expect(res.status()).toBe(401); | ||
| }); | ||
| } |
There was a problem hiding this comment.
Use real cross-type tokens in these mismatch assertions.
These cases only send hard-coded placeholder strings, so they re-test the existing invalid-token path instead of proving that acceptsToken rejects a valid token of the wrong kind. If type enforcement regressed but verification still rejected unknown strings, this suite would stay green. Please use real API key, M2M, and OAuth tokens across these tables.
Also applies to: 290-300, 429-440
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@integration/tests/fastify/machine.test.ts` around lines 129 - 140, The tests
currently send hard-coded invalid strings instead of real valid tokens of other
kinds; update the token table so each entry supplies an actual, valid token of
the mismatched kind (e.g., for tokenType 'M2M' and 'OAuth' create real M2M and
OAuth tokens) using your existing test fixtures/factories (e.g., the helper that
issues API key/M2M/OAuth tokens) and keep the test body that calls GET '/api/me'
with Authorization: `Bearer ${token}`; ensure you generate/obtain these tokens
via the project helpers (the token factory used elsewhere in tests) so the
assertions exercise token-type rejection (the test title, tokenType variable,
Authorization header and the GET '/api/me' request remain unchanged).
1 participant
Description
Continuation of #8124
Checklist
pnpm testruns as expected.pnpm buildruns as expected.Type of change
Summary by CodeRabbit