-
-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'develop' into feat/invites-v2
- Loading branch information
Showing
51 changed files
with
744 additions
and
428 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| --- | ||
| "@medusajs/medusa": patch | ||
| "@medusajs/api-key": patch | ||
| "@medusajs/core-flows": patch | ||
| "@medusajs/link-modules": patch | ||
| --- | ||
|
|
||
| feat: API key sales channel link |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --- | ||
| "medusa-test-utils": patch | ||
| --- | ||
|
|
||
| fix(): medusa test runner |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,273 @@ | ||
| import { ApiKeyType } from "@medusajs/utils" | ||
| import { medusaIntegrationTestRunner } from "medusa-test-utils" | ||
| import { createAdminUser } from "../../../helpers/create-admin-user" | ||
|
|
||
| jest.setTimeout(50000) | ||
|
|
||
| const env = { MEDUSA_FF_MEDUSA_V2: true } | ||
| const adminHeaders = { | ||
| headers: { "x-medusa-access-token": "test_token" }, | ||
| } | ||
|
|
||
| medusaIntegrationTestRunner({ | ||
| env, | ||
| testSuite: ({ dbConnection, getContainer, api }) => { | ||
| describe("API Keys - Admin", () => { | ||
| let container | ||
|
|
||
| beforeAll(async () => { | ||
| container = getContainer() | ||
| }) | ||
|
|
||
| beforeEach(async () => { | ||
| await createAdminUser(dbConnection, adminHeaders, container) | ||
| }) | ||
|
|
||
| it("should correctly implement the entire lifecycle of an api key", async () => { | ||
| const created = await api.post( | ||
| `/admin/api-keys`, | ||
| { | ||
| title: "Test Secret Key", | ||
| type: ApiKeyType.SECRET, | ||
| }, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| expect(created.status).toEqual(200) | ||
| expect(created.data.api_key).toEqual( | ||
| expect.objectContaining({ | ||
| id: created.data.api_key.id, | ||
| title: "Test Secret Key", | ||
| created_by: "admin_user", | ||
| }) | ||
| ) | ||
| // On create we get the token in raw form so we can store it. | ||
| expect(created.data.api_key.token).toContain("sk_") | ||
|
|
||
| const updated = await api.post( | ||
| `/admin/api-keys/${created.data.api_key.id}`, | ||
| { | ||
| title: "Updated Secret Key", | ||
| }, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| expect(updated.status).toEqual(200) | ||
| expect(updated.data.api_key).toEqual( | ||
| expect.objectContaining({ | ||
| id: created.data.api_key.id, | ||
| title: "Updated Secret Key", | ||
| }) | ||
| ) | ||
|
|
||
| const revoked = await api.post( | ||
| `/admin/api-keys/${created.data.api_key.id}/revoke`, | ||
| {}, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| expect(revoked.status).toEqual(200) | ||
| expect(revoked.data.api_key).toEqual( | ||
| expect.objectContaining({ | ||
| id: created.data.api_key.id, | ||
| revoked_by: "admin_user", | ||
| }) | ||
| ) | ||
| expect(revoked.data.api_key.revoked_at).toBeTruthy() | ||
|
|
||
| const deleted = await api.delete( | ||
| `/admin/api-keys/${created.data.api_key.id}`, | ||
| adminHeaders | ||
| ) | ||
| const listedApiKeys = await api.get(`/admin/api-keys`, adminHeaders) | ||
|
|
||
| expect(deleted.status).toEqual(200) | ||
| expect(listedApiKeys.data.api_keys).toHaveLength(0) | ||
| }) | ||
|
|
||
| it("can use a secret api key for authentication", async () => { | ||
| const created = await api.post( | ||
| `/admin/api-keys`, | ||
| { | ||
| title: "Test Secret Key", | ||
| type: ApiKeyType.SECRET, | ||
| }, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| const createdRegion = await api.post( | ||
| `/admin/regions`, | ||
| { | ||
| name: "Test Region", | ||
| currency_code: "usd", | ||
| countries: ["us", "ca"], | ||
| }, | ||
| { | ||
| auth: { | ||
| username: created.data.api_key.token, | ||
| }, | ||
| } | ||
| ) | ||
|
|
||
| expect(createdRegion.status).toEqual(200) | ||
| expect(createdRegion.data.region.name).toEqual("Test Region") | ||
| }) | ||
|
|
||
| it("falls back to other mode of authentication when an api key is not valid", async () => { | ||
| const created = await api.post( | ||
| `/admin/api-keys`, | ||
| { | ||
| title: "Test Secret Key", | ||
| type: ApiKeyType.SECRET, | ||
| }, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| await api.post( | ||
| `/admin/api-keys/${created.data.api_key.id}/revoke`, | ||
| {}, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| const err = await api | ||
| .post( | ||
| `/admin/regions`, | ||
| { | ||
| name: "Test Region", | ||
| currency_code: "usd", | ||
| countries: ["us", "ca"], | ||
| }, | ||
| { | ||
| auth: { | ||
| username: created.data.api_key.token, | ||
| }, | ||
| } | ||
| ) | ||
| .catch((e) => e.message) | ||
|
|
||
| const createdRegion = await api.post( | ||
| `/admin/regions`, | ||
| { | ||
| name: "Test Region", | ||
| currency_code: "usd", | ||
| countries: ["us", "ca"], | ||
| }, | ||
| { | ||
| auth: { | ||
| username: created.data.api_key.token, | ||
| }, | ||
| ...adminHeaders, | ||
| } | ||
| ) | ||
|
|
||
| expect(err).toEqual("Request failed with status code 401") | ||
| expect(createdRegion.status).toEqual(200) | ||
| expect(createdRegion.data.region.name).toEqual("Test Region") | ||
| }) | ||
|
|
||
| it("should associate sales channels with a publishable API key", async () => { | ||
| const salesChannelRes = await api.post( | ||
| `/admin/sales-channels`, | ||
| { | ||
| name: "Test Sales Channel", | ||
| }, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| const { sales_channel } = salesChannelRes.data | ||
|
|
||
| const apiKeyRes = await api.post( | ||
| `/admin/api-keys`, | ||
| { | ||
| title: "Test publishable KEY", | ||
| type: ApiKeyType.PUBLISHABLE, | ||
| }, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| const { api_key } = apiKeyRes.data | ||
|
|
||
| const keyWithChannelsRes = await api.post( | ||
| `/admin/api-keys/${api_key.id}/sales-channels/batch/add`, | ||
| { | ||
| sales_channel_ids: [sales_channel.id], | ||
| }, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| const { api_key: keyWithChannels } = keyWithChannelsRes.data | ||
|
|
||
| expect(keyWithChannelsRes.status).toEqual(200) | ||
| expect(keyWithChannels.title).toEqual("Test publishable KEY") | ||
| expect(keyWithChannels.sales_channels).toEqual([ | ||
| expect.objectContaining({ | ||
| id: sales_channel.id, | ||
| name: "Test Sales Channel", | ||
| }), | ||
| ]) | ||
| }) | ||
|
|
||
| it("should throw if API key is not a publishable key", async () => { | ||
| const salesChannelRes = await api.post( | ||
| `/admin/sales-channels`, | ||
| { | ||
| name: "Test Sales Channel", | ||
| }, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| const { sales_channel } = salesChannelRes.data | ||
|
|
||
| const apiKeyRes = await api.post( | ||
| `/admin/api-keys`, | ||
| { | ||
| title: "Test secret KEY", | ||
| type: ApiKeyType.SECRET, | ||
| }, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| const errorRes = await api | ||
| .post( | ||
| `/admin/api-keys/${apiKeyRes.data.api_key.id}/sales-channels/batch/add`, | ||
| { | ||
| sales_channel_ids: [sales_channel.id], | ||
| }, | ||
| adminHeaders | ||
| ) | ||
| .catch((err) => err) | ||
|
|
||
| expect(errorRes.response.status).toEqual(400) | ||
| expect(errorRes.response.data.message).toEqual( | ||
| "Sales channels can only be associated with publishable API keys" | ||
| ) | ||
| }) | ||
|
|
||
| it("should throw if sales channel does not exist", async () => { | ||
| const apiKeyRes = await api.post( | ||
| `/admin/api-keys`, | ||
| { | ||
| title: "Test publishable KEY", | ||
| type: ApiKeyType.PUBLISHABLE, | ||
| }, | ||
| adminHeaders | ||
| ) | ||
|
|
||
| const errorRes = await api | ||
| .post( | ||
| `/admin/api-keys/${apiKeyRes.data.api_key.id}/sales-channels/batch/add`, | ||
| { | ||
| sales_channel_ids: ["phony"], | ||
| }, | ||
| adminHeaders | ||
| ) | ||
| .catch((err) => err) | ||
|
|
||
| expect(errorRes.response.status).toEqual(400) | ||
| expect(errorRes.response.data.message).toEqual( | ||
| "Sales channels with IDs phony do not exist" | ||
| ) | ||
| }) | ||
| }) | ||
| }, | ||
| }) |
Oops, something went wrong.