From 89548025c988daf13f844ec0c36bf3446f4362fd Mon Sep 17 00:00:00 2001 From: Rami Elwan Date: Mon, 24 Jun 2024 09:09:23 +0200 Subject: [PATCH] fix: handle case when getting auth info for expired token users --- .../datastore/__tests__/subscription.test.ts | 28 +++++++++++++++++++ .../src/sync/processors/subscription.ts | 2 +- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/packages/datastore/__tests__/subscription.test.ts b/packages/datastore/__tests__/subscription.test.ts index aa1e649b878..e6de41bcc0a 100644 --- a/packages/datastore/__tests__/subscription.test.ts +++ b/packages/datastore/__tests__/subscription.test.ts @@ -126,6 +126,34 @@ describe('sync engine subscription module', () => { ), ).toEqual(authInfo); }); + test('owner authorization with no token(expired)', () => { + const authRules = [ + { + provider: 'userPools', + ownerField: 'owner', + allow: 'owner', + identityClaim: 'cognito:username', + operations: ['create', 'update', 'delete'], + }, + ]; + const model = generateModelWithAuth(authRules); + + const authInfo = { + authMode: 'userPool', + isOwner: false, + }; + + expect( + // @ts-ignore + SubscriptionProcessor.prototype.getAuthorizationInfo( + model, + USER_CREDENTIALS.auth, + 'userPool', + undefined, + 'userPool', + ), + ).toEqual(authInfo); + }); test('owner authorization with public subscription', () => { const authRules = [ { diff --git a/packages/datastore/src/sync/processors/subscription.ts b/packages/datastore/src/sync/processors/subscription.ts index ac3760255d0..c508c8d5885 100644 --- a/packages/datastore/src/sync/processors/subscription.ts +++ b/packages/datastore/src/sync/processors/subscription.ts @@ -205,7 +205,7 @@ class SubscriptionProcessor { : []; oidcOwnerAuthRules.forEach(ownerAuthRule => { - const ownerValue = oidcTokenPayload[ownerAuthRule.identityClaim]; + const ownerValue = oidcTokenPayload?.[ownerAuthRule.identityClaim]; const singleOwner = model.fields[ownerAuthRule.ownerField]?.isArray !== true; const isOwnerArgRequired =