npm - @tstdl/base - Versions diffs - 0.93.162 → 0.93.163 - Mend

@tstdl/base 0.93.162 → 0.93.163

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/api/server/gateway.d.ts +1 -0
package/api/server/gateway.js +11 -4
package/authentication/tests/authentication.api-controller.test.js +24 -0
package/package.json +1 -1

package/api/server/gateway.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+/** biome-ignore-all lint/nursery/noExcessiveClassesPerFile: <explanation> */
 import 'urlpattern-polyfill';
 import type { HttpServerRequestContext } from '../../http/server/http-server.js';
 import { HttpServerResponse, type HttpServerRequest } from '../../http/server/index.js';

package/api/server/gateway.js CHANGED Viewed

@@ -1,3 +1,4 @@
+/** biome-ignore-all lint/nursery/noExcessiveClassesPerFile: <explanation> */
 var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
     if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -14,9 +15,7 @@ import 'urlpattern-polyfill';
 import { Auditor } from '../../audit/auditor.js';
 import { ActorType } from '../../audit/types.js';
 import { NIL_UUID } from '../../constants.js';
-import { BadRequestError } from '../../errors/bad-request.error.js';
-import { NotFoundError } from '../../errors/not-found.error.js';
-import { NotImplementedError } from '../../errors/not-implemented.error.js';
+import { BadRequestError, InvalidTokenError, NotFoundError, NotImplementedError } from '../../errors/index.js';
 import { HttpServerResponse } from '../../http/server/index.js';
 import { inject, injectArgument, resolveArgumentType, Singleton } from '../../injector/index.js';
 import { Logger } from '../../logger/index.js';
@@ -213,7 +212,15 @@ let ApiGateway = ApiGateway_1 = class ApiGateway {
                 return await requestTokenProvider.getToken(requestContext);
             },
             getAuditor: async () => {
-                const token = await requestContext.tryGetToken();
+                let token = null;
+                try {
+                    token = await requestContext.tryGetToken();
+                }
+                catch (error) {
+                    if (!(error instanceof InvalidTokenError)) {
+                        throw error;
+                    }
+                }
                 return auditor.fork(context.api.resource)
                     .withCorrelation()
                     .with({

package/authentication/tests/authentication.api-controller.test.js CHANGED Viewed

@@ -55,6 +55,30 @@ describe('AuthenticationApiController Integration', () => {
             expect(service.subjectId()).toBe(user.id);
         });
     });
+    test('login should work even if an expired token is present in the Authorization header', async () => {
+        await runInInjectionContext(injector, async () => {
+            const user = await subjectService.createUser({ tenantId, email: 'expired-token-login@example.com', firstName: 'E', lastName: 'L' });
+            await serverService.setCredentials(user, 'Strong-Password-2026!');
+            // Create an expired token
+            const now = Math.floor(Date.now() / 1000);
+            const expiredTokenResult = await serverService.createToken({
+                subject: user,
+                sessionId: crypto.randomUUID(),
+                impersonator: undefined,
+                additionalTokenPayload: {},
+                refreshTokenExpiration: now - 3600,
+                expiration: now - 3600, // Expired 1 hour ago
+                issuedAt: now - 7200,
+                timestamp: (now - 7200) * 1000,
+            });
+            // Inject the expired token into the client service
+            service.updateRawTokens(expiredTokenResult.token);
+            // Now try to login
+            await service.login({ tenantId, subject: user.id }, 'Strong-Password-2026!');
+            expect(service.isLoggedIn()).toBe(true);
+            expect(service.subjectId()).toBe(user.id);
+        });
+    });
     test('checkSecret should work via API client', async () => {
         const result = await service.checkSecret('abc');
         expect(result.strength).toBeLessThan(2);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tstdl/base",
-  "version": "0.93.162",
+  "version": "0.93.163",
   "author": "Patrick Hein",
   "publishConfig": {
     "access": "public"