From 8cb11f69df074d0e213f63a6937cd625d93bd3d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gast=C3=B3n=20Fournier?= Date: Tue, 26 Aug 2025 09:33:21 -0700 Subject: [PATCH] fix: permissions should allow to access client token types (#10543) Internally token types are still identified as CLIENT, therefore when we filter the ones we're allowed to see, we should still consider them as CLIENT tokens not BACKEND tokens. This is internal until we can fully remove CLIENT with the next major. --- src/lib/routes/admin-api/api-token.ts | 2 +- src/test/e2e/api/admin/api-token.auth.e2e.test.ts | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/lib/routes/admin-api/api-token.ts b/src/lib/routes/admin-api/api-token.ts index c8e5f15cf5..d5210b56d4 100644 --- a/src/lib/routes/admin-api/api-token.ts +++ b/src/lib/routes/admin-api/api-token.ts @@ -83,7 +83,7 @@ const permissionToTokenType: (permission: string) => ApiTokenType | undefined = UPDATE_CLIENT_API_TOKEN, ].includes(permission) ) { - return ApiTokenType.BACKEND; + return ApiTokenType.CLIENT; } else if (ADMIN === permission) { return ApiTokenType.ADMIN; } else { diff --git a/src/test/e2e/api/admin/api-token.auth.e2e.test.ts b/src/test/e2e/api/admin/api-token.auth.e2e.test.ts index 4403d5ace2..cb423853e3 100644 --- a/src/test/e2e/api/admin/api-token.auth.e2e.test.ts +++ b/src/test/e2e/api/admin/api-token.auth.e2e.test.ts @@ -67,7 +67,7 @@ test('editor users should only get client or frontend tokens', async () => { projects: [], tokenName: 'test', secret: '*:environment.1234', - type: ApiTokenType.BACKEND, + type: ApiTokenType.CLIENT, }); await stores.apiTokenStore.insert({ @@ -92,7 +92,7 @@ test('editor users should only get client or frontend tokens', async () => { .expect(200) .expect((res) => { expect(res.body.tokens.length).toBe(2); - expect(res.body.tokens[0].type).toBe(ApiTokenType.BACKEND); + expect(res.body.tokens[0].type).toBe(ApiTokenType.CLIENT); expect(res.body.tokens[1].type).toBe(ApiTokenType.FRONTEND); }); @@ -126,7 +126,7 @@ test('viewer users should not be allowed to fetch tokens', async () => { projects: [], tokenName: 'test', secret: '*:environment.1234', - type: ApiTokenType.BACKEND, + type: ApiTokenType.CLIENT, }); await stores.apiTokenStore.insert({ @@ -462,7 +462,7 @@ describe('Fine grained API token permissions', () => { projects: [], tokenName: 'client', secret: '*:environment.client_secret_1234', - type: ApiTokenType.BACKEND, + type: ApiTokenType.CLIENT, }); await stores.apiTokenStore.insert({ @@ -485,7 +485,7 @@ describe('Fine grained API token permissions', () => { .expect(200) .expect((res) => { expect(res.body.tokens).toHaveLength(1); - expect(res.body.tokens[0].type).toBe(ApiTokenType.BACKEND); + expect(res.body.tokens[0].type).toBe(ApiTokenType.CLIENT); }); await destroy(); }); @@ -521,7 +521,7 @@ describe('Fine grained API token permissions', () => { projects: [], tokenName: 'client', secret: '*:environment.client_secret_4321', - type: ApiTokenType.BACKEND, + type: ApiTokenType.CLIENT, }); await stores.apiTokenStore.insert({ @@ -579,7 +579,7 @@ describe('Fine grained API token permissions', () => { projects: [], tokenName: 'client', secret: '*:environment.client_secret_4321', - type: ApiTokenType.BACKEND, + type: ApiTokenType.CLIENT, }); await stores.apiTokenStore.insert({ environment: '',