From 3b467238a52595fe6ebb9a587ec7331e45bae1c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gast=C3=B3n=20Fournier?= Date: Thu, 28 Aug 2025 04:57:03 -0700 Subject: [PATCH] fix: backend tokens mapped to client tokens (#10561) Edge does not support backend token type, so until then, we need to keep returning backend token type as if they're client token types. --- src/lib/db/api-token-store.ts | 6 +++++- src/test/e2e/api/admin/api-token.auth.e2e.test.ts | 15 +++++++-------- src/test/e2e/api/admin/api-token.e2e.test.ts | 4 ++-- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/lib/db/api-token-store.ts b/src/lib/db/api-token-store.ts index f747119e15..344a271d8b 100644 --- a/src/lib/db/api-token-store.ts +++ b/src/lib/db/api-token-store.ts @@ -42,7 +42,11 @@ const tokenRowReducer = (acc, tokenRow) => { acc[tokenRow.secret] = { secret: token.secret, tokenName: token.token_name ? token.token_name : token.username, - type: token.type.toLowerCase(), + // backend token type needs to be supported in Edge before being able to return them in the API + type: (token.type === ApiTokenType.BACKEND + ? ApiTokenType.CLIENT + : token.type + ).toLowerCase(), project: ALL, projects: [ALL], environment: token.environment ? token.environment : ALL, diff --git a/src/test/e2e/api/admin/api-token.auth.e2e.test.ts b/src/test/e2e/api/admin/api-token.auth.e2e.test.ts index 16b6829e5c..31bc0f10ee 100644 --- a/src/test/e2e/api/admin/api-token.auth.e2e.test.ts +++ b/src/test/e2e/api/admin/api-token.auth.e2e.test.ts @@ -121,7 +121,7 @@ test('editor users should only get client, backend or frontend tokens', async () expect(res.body.tokens.length).toBe(3); expect(res.body.tokens[0].type).toBe(ApiTokenType.CLIENT); expect(res.body.tokens[1].type).toBe(ApiTokenType.FRONTEND); - expect(res.body.tokens[2].type).toBe(ApiTokenType.BACKEND); + expect(res.body.tokens[2].type).toBe(ApiTokenType.CLIENT); }); }); @@ -229,7 +229,7 @@ describe('Fine grained API token permissions', () => { .expect((res) => { expect(res.body.tokens).toHaveLength(2); expect(res.body.tokens[0].type).toBe(ApiTokenType.CLIENT); - expect(res.body.tokens[1].type).toBe(ApiTokenType.BACKEND); + expect(res.body.tokens[1].type).toBe(ApiTokenType.CLIENT); }); }); test('Admin users should be able to see all tokens', async () => { @@ -241,16 +241,15 @@ describe('Fine grained API token permissions', () => { expect(status).toBe(200); expect(body.tokens).toHaveLength(4); [ - ApiTokenType.ADMIN, - ApiTokenType.CLIENT, - ApiTokenType.BACKEND, - ApiTokenType.FRONTEND, - ].forEach((tokenType) => { + { tokenType: ApiTokenType.ADMIN, expectedCount: 1 }, + { tokenType: ApiTokenType.CLIENT, expectedCount: 2 }, + { tokenType: ApiTokenType.FRONTEND, expectedCount: 1 }, + ].forEach(({ tokenType, expectedCount }) => { expect( body.tokens.filter( (t: { type: string }) => t.type === tokenType, ), - ).toHaveLength(1); + ).toHaveLength(expectedCount); }); }); test('Editor users should be able to see all tokens except ADMIN tokens', async () => { diff --git a/src/test/e2e/api/admin/api-token.e2e.test.ts b/src/test/e2e/api/admin/api-token.e2e.test.ts index 6dc4de08b0..a736b2ed8c 100644 --- a/src/test/e2e/api/admin/api-token.e2e.test.ts +++ b/src/test/e2e/api/admin/api-token.e2e.test.ts @@ -119,7 +119,7 @@ test.each(['client', 'backend'])( .expect(200) .expect((res) => { expect(res.body.tokens.length).toBe(10); - expect(res.body.tokens[2].type).toBe(type); + expect(res.body.tokens[2].type).toBe(ApiTokenType.CLIENT); }); await app.request .get('/api/admin/api-tokens/default-client') @@ -127,7 +127,7 @@ test.each(['client', 'backend'])( .expect(200) .expect((res) => { expect(res.body.tokens.length).toBe(10); - expect(res.body.tokens[2].type).toBe(type); + expect(res.body.tokens[2].type).toBe(ApiTokenType.CLIENT); }); }, );