Fix withItemData treating sessions that don't match an item as valid (#…

…5168) * Fix withItemData treating sessions that don't match an item as valid * Try fixing the tests * Fix the test
keystonejs · Mar 22, 2021 · 343b742 · 343b742 · vercel · Mar 22, 2021
1 parent 7fb3d36
commit 343b742
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 11 deletions.
diff --git a/.changeset/witty-flowers-grow.md b/.changeset/witty-flowers-grow.md
@@ -0,0 +1,5 @@
+---
+'@keystone-next/keystone': major
+---
+
+Fixed `withItemData` returning sessions that don't match an item rather than treating them as invalid
diff --git a/packages-next/keystone/src/session/index.ts b/packages-next/keystone/src/session/index.ts
@@ -91,7 +91,7 @@ export function withItemData<T extends { listKey: string; itemId: string }>(
           !session.itemId ||
           !sudoContext.lists[session.listKey]
         ) {
-          return session;
+          return;
         }
 
         // NOTE: This is wrapped in a try-catch block because a "not found" result will currently
@@ -104,15 +104,11 @@ export function withItemData<T extends { listKey: string; itemId: string }>(
             where: { id: session.itemId },
             resolveFields: fieldSelections[session.listKey] || 'id',
           });
-          // If there is no matching item found, return the session without a `data value
-          if (!item) {
-            return session;
-          }
           return { ...session, data: item };
         } catch (e) {
           // TODO: This swallows all errors, we need a way to differentiate between "not found" and
           // actual exceptions that should be thrown
-          return session;
+          return;
         }
       },
     };

diff --git a/tests/api-tests/auth-header.test.ts b/tests/api-tests/auth-header.test.ts
@@ -1,4 +1,3 @@
-import Iron from '@hapi/iron';
 import express from 'express';
 import { text, timestamp, password } from '@keystone-next/fields';
 import { createSchema, list } from '@keystone-next/keystone/schema';
@@ -35,7 +34,7 @@ const initialData = {
 };
 
 const COOKIE_SECRET = 'qwertyuiopasdfghjlkzxcvbmnm1234567890';
-const defaultAccess = ({ context }: { context: KeystoneContext }) => !!context.session?.item;
+const defaultAccess = ({ context }: { context: KeystoneContext }) => !!context.session?.data;
 
 const auth = createAuth({ listKey: 'User', identityField: 'email', secretField: 'password' });
 
@@ -150,19 +149,18 @@ multiAdapterRunners().map(({ runner, adapterName }) =>
             for (const [listKey, items] of Object.entries(initialData)) {
               await createItems({ context, listKey, items });
             }
-            const { sessionToken, item } = await login(
+            const { sessionToken } = await login(
               app,
               initialData.User[0].data.email,
               initialData.User[0].data.password
             );
 
             expect(sessionToken).toBeTruthy();
 
-            const sealedData = await Iron.seal({ item }, COOKIE_SECRET, Iron.defaults);
             const { data, errors } = await networkedGraphqlRequest({
               app,
               headers: {
-                Cookie: `keystonejs-session=${sealedData}`,
+                Cookie: `keystonejs-session=${sessionToken}`,
               },
               query: '{ allUsers { id } }',
             });