open-next icon indicating copy to clipboard operation
open-next copied to clipboard
verified publisher icon sst

[Test] Add next-auth to e2e tests

Open khuezy opened this issue 1 year ago • 4 comments

Summary There have been a couple people who have had their production app leak sessions due to misconfiguration of their middleware. We should add next-auth to our E2E suite as a standard/template so users don't accidentally make this crucial mistake.

Tasks

  • [ ] Add next-auth to E2E app
  • [ ] Generate JWT for test users
  • [ ] Add test case to log in and out
  • [ ] Add test case with 2 users to verify that session is not leaked
  • [ ] Update docs with link to example and WARN users not to cache their SSR

Playwright cookies - injecting the mock JWT token to the test context:

export async function addCookies(context: any, token: Object) {
  const e = await encode({
    token,
    secret: process.env.NEXTAUTH_SECRET!,
  })

  await context.addCookies([
    {
      name: `authjs.session-token`,
      value: e,
      url: 'http://localhost:3000',
    },
  ])
}

khuezy avatar Oct 21 '24 19:10 khuezy

Which of the E2E? appRouter / appPagesRouter or pagesRouter?

sommeeeer avatar Oct 21 '24 20:10 sommeeeer

Which of the E2E? appRouter / appPagesRouter or pagesRouter?

At least the appRouter.

khuezy avatar Oct 21 '24 20:10 khuezy

@sommeeeer maybe we should hold off until next-auth 5 is more stable? I'm not sure what the situation is w/ v5.

khuezy avatar Oct 21 '24 20:10 khuezy

maybe we should hold off until next-auth 5 is more stable? I'm not sure what the situation is w/ v5.

im not sure either, they are probably waiting a bit for next15 too. this is the latest release i found for v5: https://github.com/nextauthjs/next-auth/releases/tag/next-auth%405.0.0-beta.24

we could wait a few weeks and see.

sommeeeer avatar Oct 21 '24 21:10 sommeeeer