Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update supabase_test_helpers--0.0.5.sql #22

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update supabase_test_helpers--0.0.5.sql #22

wants to merge 1 commit into from

Conversation

riderx
Copy link

@riderx riderx commented May 15, 2024

Add missing JWT info for MFA

@sleepdotexe
Copy link

I was having the same issue, but ended up just adding the functions into my own project directly since it looks like this project isn't being maintained. If it is, it would be great if this PR could be merged.

One suggestion: In my project, I actually updated tests.authenticate_as to take in the AAL level as a parameter, which means I can decide when I authenticate if I want the session to be AAL1 or AAL2 (which is helpful for testing when there are restrictive RLS policies).

Something like this:

-- CREATE OR REPLACE FUNCTION tests.authenticate_as (identifier text)
++ CREATE OR REPLACE FUNCTION tests.authenticate_as (identifier text, aal text)
    RETURNS void
    AS $$
        DECLARE
            user_data json;
            original_auth_data text;
        BEGIN
            -- store the request.jwt.claims in a variable in case we need it
            original_auth_data := current_setting('request.jwt.claims', true);
            user_data := tests.get_supabase_user(identifier);

            if user_data is null OR user_data ->> 'id' IS NULL then
                RAISE EXCEPTION 'User with identifier % not found', identifier;
            end if;

++          IF aal NOT IN ('aal1', 'aal2') THEN
++              RAISE EXCEPTION 'Invalid value for aal: %', aal;
++          END IF;

            perform set_config('role', 'authenticated', true);
            perform set_config('request.jwt.claims', json_build_object(
                'sub', user_data ->> 'id', 
                'email', user_data ->> 'email', 
                'phone', user_data ->> 'phone', 
                'user_metadata', user_data -> 'raw_user_meta_data', 
                'app_metadata', user_data -> 'raw_app_meta_data',
--              'aal','aal1',
++              'aal', aal,
                'amr', json_build_array(json_build_object('method', 'password', 'timestamp', extract(epoch from now())::integer))
            )::text, true);

        EXCEPTION
            -- revert back to original auth data
            WHEN OTHERS THEN
                set local role authenticated;
                set local "request.jwt.claims" to original_auth_data;
                RAISE;
        END
    $$ LANGUAGE plpgsql;

And then in tests:

SELECT tests.authenticate_as('test_owner', 'aal2');

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@riderx @sleepdotexe