fix: do not cache Authorization header (and add tests)

maxkostow · soedirgo · commit 79b5033728a4 · 2022-03-30T11:25:05.000+02:00
diff --git a/jest.config.js b/jest.config.js
@@ -1,6 +1,7 @@
 module.exports = {
   preset: 'ts-jest',
   testEnvironment: 'node',
+  clearMocks: true,
   collectCoverage: false,
   coverageDirectory: './test/coverage',
   coverageReporters: ['json', 'html', 'lcov'],
diff --git a/src/SupabaseClient.ts b/src/SupabaseClient.ts
@@ -265,7 +265,7 @@ export default class SupabaseClient {
   }
 
   private _getAuthHeaders(): GenericObject {
-    const headers: GenericObject = this.headers
+    const headers: GenericObject = { ...this.headers }
     const authBearer = this.auth.session()?.access_token ?? this.supabaseKey
     headers['apikey'] = this.supabaseKey
     headers['Authorization'] = headers['Authorization'] || `Bearer ${authBearer}`
diff --git a/test/client.test.ts b/test/client.test.ts
@@ -16,17 +16,40 @@ test('it should throw an error if no valid params are provided', async () => {
   expect(() => createClient(URL, '')).toThrowError('supabaseKey is required.')
 })
 
-describe('Custom Headers', () => {
-  const customHeader = { 'X-Test-Header': 'value' }
+test('it should not cache Authorization header', async () => {
+  const checkHeadersSpy = jest.spyOn(SupabaseClient.prototype as any, '_getAuthHeaders')
+
+  supabase.auth.setAuth('token1')
+  supabase.rpc('') // Calling public method `rpc` calls private method _getAuthHeaders which result we want to test
+  supabase.auth.setAuth('token2')
+  supabase.rpc('') // Calling public method `rpc` calls private method _getAuthHeaders which result we want to test
+
+  expect(checkHeadersSpy.mock.results[0].value).toHaveProperty('Authorization', 'Bearer token1')
+  expect(checkHeadersSpy.mock.results[1].value).toHaveProperty('Authorization', 'Bearer token2')
+})
 
+describe('Custom Headers', () => {
   test('should have custom header set', () => {
+    const customHeader = { 'X-Test-Header': 'value' }
+
     const checkHeadersSpy = jest.spyOn(SupabaseClient.prototype as any, '_getAuthHeaders')
     createClient(URL, KEY, { headers: customHeader }).rpc('') // Calling public method `rpc` calls private method _getAuthHeaders which result we want to test
     const getHeaders = checkHeadersSpy.mock.results[0].value
 
     expect(checkHeadersSpy).toBeCalled()
     expect(getHeaders).toHaveProperty('X-Test-Header', 'value')
   })
+
+  test('should allow custom Authorization header', () => {
+    const customHeader = { Authorization: 'Bearer custom_token' }
+    supabase.auth.setAuth('override_me')
+    const checkHeadersSpy = jest.spyOn(SupabaseClient.prototype as any, '_getAuthHeaders')
+    createClient(URL, KEY, { headers: customHeader }).rpc('') // Calling public method `rpc` calls private method _getAuthHeaders which result we want to test
+    const getHeaders = checkHeadersSpy.mock.results[0].value
+
+    expect(checkHeadersSpy).toBeCalled()
+    expect(getHeaders).toHaveProperty('Authorization', 'Bearer custom_token')
+  })
 })
 
 // Socket should close when there are no open connections

Original file line number	Diff line number	Diff line change
`@@ -265,7 +265,7 @@ export default class SupabaseClient {`
`265`	`265`	`}`
`266`	`266`
`267`	`267`	`private _getAuthHeaders(): GenericObject {`
`268`		`- const headers: GenericObject = this.headers`
	`268`	`+ const headers: GenericObject = { ...this.headers }`
`269`	`269`	`const authBearer = this.auth.session()?.access_token ?? this.supabaseKey`
`270`	`270`	`headers['apikey'] = this.supabaseKey`
`271`	`271`	headers['Authorization'] = headers['Authorization'] \|\| `Bearer ${authBearer}`