Skip to content

Commit

Permalink
fix: return client customized error, if present, on auth fail in play…
Browse files Browse the repository at this point in the history 
…ground (#8842)

fixes #CORE-1134
  • Loading branch information
@max-kammerer
max-kammerer authored Oct 22, 2024
1 parent 34dc819 commit 5cce98d
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 2 deletions.
9 changes: 7 additions & 2 deletions packages/cubejs-api-gateway/src/gateway.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2225,10 +2225,15 @@ class ApiGateway {
if (this.playgroundAuthSecret) {
const systemCheckAuthFn = this.createCheckAuthSystemFn();
return async (ctx, authorization) => {
// TODO: separate two auth workflows
try {
await mainCheckAuthFn(ctx, authorization);
} catch (error) {
await systemCheckAuthFn(ctx, authorization);
} catch (mainAuthError) {
try {
await systemCheckAuthFn(ctx, authorization);
} catch (playgroundAuthError) {
throw mainAuthError;
}
}
};
}
Expand Down
39 changes: 39 additions & 0 deletions packages/cubejs-api-gateway/test/auth.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -299,6 +299,45 @@ describe('test authorization', () => {
expectSecurityContext(handlerMock.mock.calls[0][0].context.authInfo);
});

test('custom checkAuth with CubejsHandlerError fail in playground', async () => {
const loggerMock = jest.fn(() => {
//
});

const expectSecurityContext = (securityContext) => {
expect(securityContext.uid).toEqual(5);
expect(securityContext.iat).toBeDefined();
expect(securityContext.exp).toBeDefined();
};

const handlerMock = jest.fn((req, res) => {
expectSecurityContext(req.context.securityContext);
expectSecurityContext(req.context.authInfo);

res.status(200).end();
});

const playgroundAuthSecret = 'playgroundSecret';

const token = generateAuthToken({ uid: 5, }, {});

const { app } = createApiGateway(handlerMock, loggerMock, {
playgroundAuthSecret,
checkAuth: async (req: Request, auth?: string) => {

Check warning on line 326 in packages/cubejs-api-gateway/test/auth.test.ts

View workflow job for this annotation

GitHub Actions / lint 

'req' is defined but never used. Allowed unused args must match /^_.*/u

Check warning on line 326 in packages/cubejs-api-gateway/test/auth.test.ts

View workflow job for this annotation

GitHub Actions / lint 

'auth' is defined but never used. Allowed unused args must match /^_.*/u
throw new CubejsHandlerError(409, 'Error', 'Custom error');
}
});

const res = await request(app)
.get('/test-auth-fake')
.set('Authorization', `Authorization: ${token}`)
.expect(409);

expect(res.body).toMatchObject({
error: 'Custom error'
});
});

test('custom checkAuth with deprecated authInfo', async () => {
const loggerMock = jest.fn(() => {
//
Expand Down

0 comments on commit 5cce98d

Please sign in to comment.