Fixed: sending credentials in requests only when it is required

IQSS · May 9, 2023 · 18243bc · 18243bc
1 parent e6872c1
commit 18243bc
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/src/core/infra/repositories/ApiRepository.ts b/src/core/infra/repositories/ApiRepository.ts
@@ -10,9 +10,9 @@ import { WriteError } from '../../domain/repositories/WriteError';
   For 2.0.0, we must also support API key auth to be backwards compatible and support use cases other than SPA MVP.
 */
 export abstract class ApiRepository {
-  public async doGet(apiEndpoint: string): Promise<AxiosResponse> {
+  public async doGet(apiEndpoint: string, withCredentials: boolean = false): Promise<AxiosResponse> {
     return await axios
-      .get(this.buildRequestUrl(apiEndpoint), { withCredentials: true })
+      .get(this.buildRequestUrl(apiEndpoint), { withCredentials: withCredentials })
       .then((response) => response)
       .catch((error) => {
         throw new ReadError(

diff --git a/src/users/infra/repositories/UsersRepository.ts b/src/users/infra/repositories/UsersRepository.ts
@@ -5,7 +5,7 @@ import { AxiosResponse } from 'axios';
 
 export class UsersRepository extends ApiRepository implements IUsersRepository {
   public async getCurrentAuthenticatedUser(): Promise<AuthenticatedUser> {
-    return this.doGet('/users/:me')
+    return this.doGet('/users/:me', true)
       .then((response) => this.getAuthenticatedUserFromResponse(response))
       .catch((error) => {
         throw error;

diff --git a/test/unit/info/DataverseInfoRepository.test.ts b/test/unit/info/DataverseInfoRepository.test.ts
@@ -32,7 +32,7 @@ describe('getDataverseVersion', () => {
 
     const actual = await sut.getDataverseVersion();
 
-    assert.calledWithExactly(axiosGetStub, `${testApiUrl}/info/version`, { withCredentials: true });
+    assert.calledWithExactly(axiosGetStub, `${testApiUrl}/info/version`, { withCredentials: false });
     assert.match(actual.number, testVersionNumber);
     assert.match(actual.build, testVersionBuild);
   });
@@ -49,7 +49,7 @@ describe('getDataverseVersion', () => {
     let error: ReadError = undefined;
     await sut.getDataverseVersion().catch((e) => (error = e));
 
-    assert.calledWithExactly(axiosGetStub, `${testApiUrl}/info/version`, { withCredentials: true });
+    assert.calledWithExactly(axiosGetStub, `${testApiUrl}/info/version`, { withCredentials: false });
     expect(error).to.be.instanceOf(Error);
   });
 });