From cde96cf5262468f44eab336154f21bce32bb314b Mon Sep 17 00:00:00 2001 From: Nicolas Rouanne Date: Wed, 13 Nov 2024 18:50:30 +0100 Subject: [PATCH] Fix/validate access token user not found (#8484) # Description Closes #7244 See details about implementation: https://github.com/twentyhq/twenty/issues/7244#issuecomment-2473845859 and https://github.com/twentyhq/twenty/issues/7244#issuecomment-2473905514 # Changes - return a `USER_NOT_FOUND` error instead of `INVALID_INPUT` error - tweak unit tests to correctly test `AuthExceptionCode`, as it wasn't properly tested; it was actually a _false positive_. This is because [`toThrow`](https://jestjs.io/docs/expect#tothrowerror) from jest only checks the `message`, and not any other method / attributes from the `Error`. It's a know behaviour and not considered a bug, see https://github.com/jestjs/jest/issues/13232#issuecomment-1252392845 --- .../core-modules/auth/strategies/jwt.auth.strategy.spec.ts | 7 ++++++- .../core-modules/auth/strategies/jwt.auth.strategy.ts | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.spec.ts b/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.spec.ts index e924cd167..168e1c574 100644 --- a/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.spec.ts +++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.spec.ts @@ -151,8 +151,13 @@ describe('JwtAuthStrategy', () => { ); await expect(strategy.validate(payload as JwtPayload)).rejects.toThrow( - new AuthException('User not found', AuthExceptionCode.INVALID_INPUT), + new AuthException('User not found', expect.any(String)), ); + try { + await strategy.validate(payload as JwtPayload); + } catch (e) { + expect(e.code).toBe(AuthExceptionCode.USER_NOT_FOUND); + } }); it('should be truthy if type is ACCESS, no jti, and user exist', async () => { diff --git a/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts b/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts index 0ed9fa965..ae6c99061 100644 --- a/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts +++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts @@ -113,7 +113,7 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') { if (!user) { throw new AuthException( 'User not found', - AuthExceptionCode.INVALID_INPUT, + AuthExceptionCode.USER_NOT_FOUND, ); }