fix(auth): fix authorization for rest api routes

packages/auth/src/index.ts

@@ -732,7 +732,7 @@ class Auth {
                             return next()
                         }
                     ])
-                    if (route.config.resource) {
+                    if (route.config.resource && ! this.config.cms) {
                         const { resource, id } = route.config
 
                         const { slugSingular, slugPlural } = resource.data
@@ -827,6 +827,10 @@ class Auth {
             tags: ['Auth']
         }
 
+        if (this.config.cms) {
+            return []
+        }
+
         return [
             route(`Login ${name}`)
                 .path(this.getApiPath('login'))

packages/common/src/fields/ID.ts

@@ -32,6 +32,12 @@ export class ID extends Field implements IDContract {
         this.exceptOnForms()
     }
 
+    public afterConfigSet() {
+        if (this.tenseiConfig?.databaseConfig.type === 'mongo') {
+            this.property.type = 'string'
+        }
+    }
+
     /**
      * Create a new instance of the field
      * requires constructor parameters

packages/common/src/utils/Validator.ts

@@ -79,7 +79,15 @@ export class Validator {
             ).join('|')
 
             if (field.relatedProperty.reference) {
-                const primaryFieldType = 'string'
+                const relatedResource = this.resourcesMap[
+                    field.relatedProperty.type!
+                ]
+
+                const primaryFieldType =
+                    relatedResource.getPrimaryField()!.property.type ===
+                    'number'
+                        ? 'number'
+                        : 'string'
 
                 if (
                     [

packages/core/Tensei.ts

@@ -1,6 +1,5 @@
 import Path from 'path'
 import { Signale } from 'signale'
-import { auth } from '@tensei/auth'
 import BodyParser from 'body-parser'
 import CookieParser from 'cookie-parser'
 import { createServer, Server } from 'http'
@@ -533,14 +532,6 @@ export class Tensei implements TenseiContract {
         } else {
             this.ctx.plugins = [
                 ...plugins,
-                auth()
-                    .cms()
-                    .user('Admin User')
-                    .role('Admin Role')
-                    .permission('Admin Permission')
-                    .apiPath('admin/auth')
-                    .rolesAndPermissions()
-                    .plugin()
             ]
         }
 

packages/tests/packages/auth/auth.spec.ts

@@ -120,6 +120,7 @@ test('Can enable email verification for auth', async () => {
         auth()
             .user('Customer')
             .verifyEmails()
+            .csrf(false)
             .setup(({ user }) => {
                 user.fields([text('Name')])
             })
@@ -217,6 +218,7 @@ test('Can request a password reset and reset password', async () => {
     } = await setup([
         auth()
             .verifyEmails()
+            .csrf(false)
             .user('Student')
             .plugin(),
         graphql().plugin(),
@@ -315,6 +317,7 @@ test('Can login and stay authenticated with cookie based applications', async ()
     } = await setup([
         auth()
             .verifyEmails()
+            .csrf(false)
             .user('Student')
             .plugin(),
         graphql().plugin()

packages/tests/packages/common/utils.spec.ts

@@ -6,7 +6,7 @@ import { setup, fakePost, fakeUser } from './setup'
 test('correctly gets validation rules for a resource', async () => {
     const {
         ctx: {
-            orm: { em },
+            orm: { em, config },
             resourcesMap
         }
     } = await setup()
@@ -17,6 +17,8 @@ test('correctly gets validation rules for a resource', async () => {
         resourcesMap
     )
 
+    const isMongo = config.get('type') === 'mongo'
+
     expect(validator.getValidationRules()).toEqual({
         title: 'required|max:64|unique:title',
         description: 'required',
@@ -28,37 +30,39 @@ test('correctly gets validation rules for a resource', async () => {
         approved: 'boolean',
         scheduled_for: 'required|date',
         tags: 'array',
-        'tags.*': 'number',
+        'tags.*': isMongo ? 'string' : 'number',
         comments: 'array',
-        'comments.*': 'number'
+        'comments.*': isMongo ? 'string' : 'number'
     })
 
     expect(commentValidator.getValidationRules()).toEqual({
         title: 'required',
         body: 'required',
-        post: 'number'
+        post: isMongo ? 'string' : 'number'
     })
 })
 
 test('Sanitizes resource fields on create', async () => {
     const {
         ctx: {
-            orm: { em },
+            orm: { em, config },
             resourcesMap
         }
     } = await setup()
+    const isMongo = config.get('type') === 'mongo'
+
     const validator = Utils.validator(resourcesMap['Comment'], em, resourcesMap)
 
     expect(validator.getValidationRules()).toEqual({
         title: 'required',
         body: 'required',
-        post: 'number'
+        post: isMongo ? 'string' : 'number'
     })
 
     const validPayload = {
         title: Faker.lorem.sentence(),
         body: Faker.lorem.sentence(),
-        post: Faker.random.number()
+        post: isMongo ? Faker.random.word() :Faker.random.number()
     }
 
     expect(await validator.validate(validPayload)).toEqual([
@@ -73,10 +77,11 @@ test('Sanitizes resource fields on create', async () => {
 test('correctly validates data and throws error with validation rules', async () => {
     const {
         ctx: {
-            orm: { em },
+            orm,
             resourcesMap
         }
     } = await setup()
+    const { em } = orm
     const validator = Utils.validator(resourcesMap['Post'], em, resourcesMap)
 
     const fakePostPayload = {
@@ -103,6 +108,33 @@ test('correctly validates data and throws error with validation rules', async ()
         something_not_supposed_to_be_here: 'something_not_supposed_to_be_here'
     }
 
+    const tags_validations = orm.config.get('type') === 'mongo' ? [
+        {
+            message: 'string validation failed on tags.0',
+            validation: 'string',
+            field: 'tags.0'
+          },
+          {
+            message: 'string validation failed on tags.1',
+            validation: 'string',
+            field: 'tags.1'
+          },
+          {
+            message: 'string validation failed on tags.2',
+            validation: 'string',
+            field: 'tags.2'
+          },
+          {
+            message: 'string validation failed on tags.3',
+            validation: 'string',
+            field: 'tags.3'
+          }
+    ] : [{
+        field: 'tags.4',
+        message: 'number validation failed on tags.4',
+        validation: 'number'
+    }]
+
     expect(await validator.validate(payload)).toEqual([
         false,
         [
@@ -141,11 +173,7 @@ test('correctly validates data and throws error with validation rules', async ()
                 message: 'The scheduled_for is required.',
                 validation: 'required'
             },
-            {
-                field: 'tags.4',
-                message: 'number validation failed on tags.4',
-                validation: 'number'
-            }
+            ...tags_validations
         ]
     ])
 
@@ -193,11 +221,7 @@ test('correctly validates data and throws error with validation rules', async ()
                 message: 'The scheduled_for is required.',
                 validation: 'required'
             },
-            {
-                field: 'tags.4',
-                message: 'number validation failed on tags.4',
-                validation: 'number'
-            }
+            ...tags_validations
         ]
     ])
 })