-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't fill context.session
if the session is invalid
#6841
Conversation
🦋 Changeset detectedLatest commit: b2a2d76 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/keystonejs/keystone-next-docs/7GZrHnc2tv4a7pmESinu3vPvRHxU |
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs a changeset
1e4a982
to
70e9d67
Compare
Previously, the
auth.*.test.ts
tests checked authentication by enforcing thatcontext.session.data
exists, not by checking thatcontext.session
exists.This thinking was somewhat proliferated throughout the examples by sometimes checking things like
context.session?.data?.isAdmin
, but, not necessarily consistently.Many examples (see auth/schema.ts, examples-staging/ecommerce) actually use
context.session?.data.isAdmin
, which, previous to this change, could break.I think the presence of a
.session
object itself is what indicates the session is valid, as provided by the session strategy.The
.session.data
should additionally be guaranteed to exist, not optional depending on whether the user still exists.This pull request enforces that the
.data
query succeeds and returns data, as a precondition to whether a.session
is valid and provided.