feat(FakeAuthentication): use headers for fake auth instead of url pa…

…rameters CP-677
kiva · Dec 5, 2023 · af630cc · af630cc
1 parent aecdf03
commit af630cc
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 25 deletions.
diff --git a/src/api/Auth0Link.js b/src/api/Auth0Link.js
@@ -1,11 +1,13 @@
 import { setContext } from '@apollo/client/link/context';
-import _set from 'lodash/set';
 
 // Add the user info to the context and add the access token to the authorization header
 function getAuthContext(context, user, token) {
-	_set(context, 'user', user);
+	context.user = user;
 	if (token) {
-		_set(context, 'headers.authorization', `Bearer ${token}`);
+		context.headers = {
+			...context.headers,
+			authorization: `Bearer ${token}`
+		};
 	}
 	return context;
 }
@@ -15,8 +17,23 @@ export default ({ kvAuth0 }) => {
 		// If auth0 is not enabled, don't add anything to the context
 		if (!kvAuth0.enabled) return getAuthContext(previousContext);
 
-		// If using fake authentication, don't add anything to the context
-		if (kvAuth0.getFakeAuthCookieValue()) return getAuthContext(previousContext);
+		// If using fake authentication, just add fake auth headers to the context
+		try {
+			const fakeAuthInfo = kvAuth0.getFakeAuthCookieValue();
+			if (fakeAuthInfo && kvAuth0.fakeAuthAllowed()) {
+				return {
+					...previousContext,
+					headers: {
+						...previousContext.headers,
+						'x-fa-user-id': fakeAuthInfo.userId,
+						'x-fa-scopes': fakeAuthInfo.scopes.join(' '),
+						'x-fa-app-id': kvAuth0.clientID || 'org.kiva.www',
+					}
+				};
+			}
+		} catch (e) {
+			console.error(e);
+		}
 
 		// If we already have user info, and we don't need to check login, just add that to the context
 		if (kvAuth0.getKivaId() && !kvAuth0.getSyncCookieValue()) {

diff --git a/src/api/HttpLink.js b/src/api/HttpLink.js
@@ -1,9 +1,7 @@
-import * as Sentry from '@sentry/vue';
 import { BatchHttpLink } from '@apollo/client/link/batch-http';
 import { HttpLink } from '@apollo/client/link/http';
 
 export default ({
-	kvAuth0,
 	uri = '',
 	fetch,
 	apolloBatching,
@@ -21,23 +19,6 @@ export default ({
 		}
 	};
 
-	// Add Fake Authentication info to the server URI if it is provided and allowed.
-	try {
-		const fakeAuthInfo = kvAuth0.getFakeAuthCookieValue();
-		if (kvAuth0.fakeAuthAllowed() && fakeAuthInfo) {
-			// add params to uri
-			const fakeUri = new URL(uri);
-			fakeUri.searchParams.set('user_id', fakeAuthInfo.userId);
-			fakeUri.searchParams.set('scopes', fakeAuthInfo.scopes.join(' '));
-			fakeUri.searchParams.set('app_id', kvAuth0.clientID || 'org.kiva.www');
-
-			options.uri = fakeUri.href;
-		}
-	} catch (e) {
-		console.error(e);
-		Sentry.captureException(e);
-	}
-
 	// Use the regular HttpLink if batching is disabled.
 	if (!apolloBatching) {
 		return new HttpLink(options);

diff --git a/src/api/apollo.js b/src/api/apollo.js
@@ -45,7 +45,6 @@ export default function createApolloClient({
 			BasketLinkCreator({ cookieStore }),
 			ContentfulPreviewLink({ cookieStore }),
 			HttpLinkCreator({
-				kvAuth0,
 				uri,
 				fetch,
 				apolloBatching: appConfig?.apolloBatching ?? true,