chore: getJWTToken -> getSessionToken (#12371)

* getJWTToken -> getSessionToken Ensure expiry is included in payload * Refactor test harness to avoid direct usage of getSessionToken
2026-06-13 11:25:03 +03:00 · 2026-05-17 16:58:52 -04:00
parent 4774fa4fd0
commit 77cee2806c
51 changed files with 1164 additions and 2224 deletions
@@ -13,7 +13,7 @@ describe("#figma.callback", () => {
    const res = await server.get(
      `/api/figma.callback?state=${encodeURIComponent(
        state
-      )}&code=123&token=${user.getJwtToken()}`,
+      )}&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    const body = await res.json();
@@ -27,7 +27,7 @@ describe("#figma.callback", () => {
    const res = await server.get(
      `/api/figma.callback?state=${encodeURIComponent(
        state
-      )}&code=123&token=${user.getJwtToken()}`,
+      )}&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    expect(res.status).toEqual(400);
@@ -36,7 +36,7 @@ describe("#figma.callback", () => {
  it("should fail when state is not valid JSON", async () => {
    const user = await buildUser();
    const res = await server.get(
-      `/api/figma.callback?state=bad&code=123&token=${user.getJwtToken()}`,
+      `/api/figma.callback?state=bad&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    expect(res.status).toEqual(400);
@@ -14,7 +14,7 @@ describe("#github.callback", () => {
    const res = await server.get(
      `/api/github.callback?state=${encodeURIComponent(
        state
-      )}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getJwtToken()}`,
+      )}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    const body = await res.json();
@@ -28,7 +28,7 @@ describe("#github.callback", () => {
    const res = await server.get(
      `/api/github.callback?state=${encodeURIComponent(
        state
-      )}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getJwtToken()}`,
+      )}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    expect(res.status).toEqual(400);
@@ -37,7 +37,7 @@ describe("#github.callback", () => {
  it("should fail when state is not valid JSON", async () => {
    const user = await buildUser();
    const res = await server.get(
-      `/api/github.callback?state=bad&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getJwtToken()}`,
+      `/api/github.callback?state=bad&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    expect(res.status).toEqual(400);
@@ -13,7 +13,7 @@ describe("#gitlab.callback", () => {
    const res = await server.get(
      `/api/gitlab.callback?state=${encodeURIComponent(
        state
-      )}&code=123&token=${user.getJwtToken()}`,
+      )}&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    const body = await res.json();
@@ -27,7 +27,7 @@ describe("#gitlab.callback", () => {
    const res = await server.get(
      `/api/gitlab.callback?state=${encodeURIComponent(
        state
-      )}&code=123&token=${user.getJwtToken()}`,
+      )}&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    expect(res.status).toEqual(400);
@@ -36,7 +36,7 @@ describe("#gitlab.callback", () => {
  it("should fail when state is not valid JSON", async () => {
    const user = await buildUser();
    const res = await server.get(
-      `/api/gitlab.callback?state=bad&code=123&token=${user.getJwtToken()}`,
+      `/api/gitlab.callback?state=bad&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    expect(res.status).toEqual(400);
@@ -13,7 +13,7 @@ describe("#linear.callback", () => {
    const res = await server.get(
      `/api/linear.callback?state=${encodeURIComponent(
        state
-      )}&code=123&token=${user.getJwtToken()}`,
+      )}&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    const body = await res.json();
@@ -27,7 +27,7 @@ describe("#linear.callback", () => {
    const res = await server.get(
      `/api/linear.callback?state=${encodeURIComponent(
        state
-      )}&code=123&token=${user.getJwtToken()}`,
+      )}&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    expect(res.status).toEqual(400);
@@ -36,7 +36,7 @@ describe("#linear.callback", () => {
  it("should fail when state is not valid JSON", async () => {
    const user = await buildUser();
    const res = await server.get(
-      `/api/linear.callback?state=bad&code=123&token=${user.getJwtToken()}`,
+      `/api/linear.callback?state=bad&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    expect(res.status).toEqual(400);
@@ -13,7 +13,7 @@ describe("#notion.callback", () => {
    const res = await server.get(
      `/api/notion.callback?state=${encodeURIComponent(
        state
-      )}&code=123&token=${user.getJwtToken()}`,
+      )}&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    const body = await res.json();
@@ -27,7 +27,7 @@ describe("#notion.callback", () => {
    const res = await server.get(
      `/api/notion.callback?state=${encodeURIComponent(
        state
-      )}&code=123&token=${user.getJwtToken()}`,
+      )}&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    expect(res.status).toEqual(400);
@@ -36,7 +36,7 @@ describe("#notion.callback", () => {
  it("should fail when state is not valid JSON", async () => {
    const user = await buildUser();
    const res = await server.get(
-      `/api/notion.callback?state=bad&code=123&token=${user.getJwtToken()}`,
+      `/api/notion.callback?state=bad&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    expect(res.status).toEqual(400);
@@ -11,7 +11,7 @@ describe("#slack.post", () => {
    const res = await server.get(
      `/auth/slack.post?state=${JSON.stringify(
        {}
-      )}&code=123&token=${user.getJwtToken()}`
+      )}&code=123&token=${user.getSessionToken()}`
    );
    expect(res.status).toEqual(400);
  });
@@ -19,7 +19,7 @@ describe("#slack.post", () => {
  it("should fail with status 400 bad request if query param state is not JSON", async () => {
    const user = await buildUser();
    const res = await server.get(
-      `/auth/slack.post?state=bad&code=123&token=${user.getJwtToken()}`
+      `/auth/slack.post?state=bad&code=123&token=${user.getSessionToken()}`
    );
    expect(res.status).toEqual(400);
  });
@@ -43,7 +43,7 @@ describe("#slack.post", () => {
    const res = await server.get(
      `/auth/slack.post?state=${encodeURIComponent(
        state
-      )}&code=123&token=${user.getJwtToken()}`,
+      )}&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    const body = await res.json();
@@ -60,7 +60,7 @@ describe("#slack.post", () => {
    const res = await server.get(
      `/auth/slack.post?state=${encodeURIComponent(
        state
-      )}&code=123&token=${user.getJwtToken()}`,
+      )}&code=123&token=${user.getSessionToken()}`,
      { redirect: "manual" }
    );
    expect(res.status).toEqual(400);
@@ -25,9 +25,8 @@ vi.setConfig({ testTimeout: 10000 });
 describe("#files.create", () => {
  it("should fail with status 400 bad request if key is invalid", async () => {
    const user = await buildUser();
-    const res = await server.post("/api/files.create", {
+    const res = await server.post("/api/files.create", user, {
      body: {
-        token: user.getJwtToken(),
        key: "public/foo/bar/baz.png",
      },
    });
@@ -52,7 +51,7 @@ describe("#files.create", () => {
    const form = new FormData();
    form.append("key", attachment.key);
    form.append("file", content, fileName);
-    form.append("token", user.getJwtToken());
+    form.append("token", user.getSessionToken());

    const res = await server.post(`/api/files.create`, {
      headers: form.getHeaders(),
@@ -89,7 +88,7 @@ describe("#files.create", () => {
    const form = new FormData();
    form.append("key", attachment.key);
    form.append("file", content, fileName);
-    form.append("token", user.getJwtToken());
+    form.append("token", user.getSessionToken());

    const res = await server.post(`/api/files.create`, {
      headers: form.getHeaders(),
@@ -118,7 +117,7 @@ describe("#files.create", () => {
    const form = new FormData();
    form.append("key", attachment.key);
    form.append("file", content, fileName);
-    form.append("token", user.getJwtToken());
+    form.append("token", user.getSessionToken());

    const res = await server.post(`/api/files.create`, {
      headers: form.getHeaders(),
@@ -150,7 +149,7 @@ describe("#files.create", () => {
    const form = new FormData();
    form.append("key", attachment.key);
    form.append("file", content, fileName);
-    form.append("token", user.getJwtToken());
+    form.append("token", user.getSessionToken());

    const res = await server.post(`/api/files.create`, {
      headers: form.getHeaders(),
@@ -181,7 +180,7 @@ describe("#files.create", () => {
    const form = new FormData();
    form.append("key", attachment.key);
    form.append("file", content, fileName);
-    form.append("token", user.getJwtToken());
+    form.append("token", user.getSessionToken());

    const res = await server.post(`/api/files.create`, {
      headers: form.getHeaders(),
@@ -262,7 +261,7 @@ describe("#files.get", () => {
    const form = new FormData();
    form.append("key", attachment.key);
    form.append("file", content, fileName);
-    form.append("token", user.getJwtToken());
+    form.append("token", user.getSessionToken());

    await server.post(`/api/files.create`, {
      headers: form.getHeaders(),
@@ -298,7 +297,7 @@ describe("#files.get", () => {
    const form = new FormData();
    form.append("key", attachment.key);
    form.append("file", content, fileName);
-    form.append("token", user.getJwtToken());
+    form.append("token", user.getSessionToken());

    await server.post(`/api/files.create`, {
      headers: form.getHeaders(),
@@ -432,7 +431,7 @@ describe("#files.get", () => {
    // Non-owner user should be able to access public-read attachment
    const res = await server.get(`/api/files.get?key=${key}`, {
      headers: {
-        Authorization: `Bearer ${otherUser.getJwtToken()}`,
+        Authorization: `Bearer ${otherUser.getSessionToken()}`,
      },
    });
    expect(res.status).toEqual(200);
@@ -467,7 +466,7 @@ describe("#files.get", () => {
    // Non-owner user should NOT be able to access private attachment
    const res = await server.get(`/api/files.get?key=${key}`, {
      headers: {
-        Authorization: `Bearer ${otherUser.getJwtToken()}`,
+        Authorization: `Bearer ${otherUser.getSessionToken()}`,
      },
    });
    expect(res.status).toEqual(403);
@@ -21,9 +21,7 @@ describe("#webhookSubscriptions.list", () => {
  it("should fail with status 403 forbidden for non-admin user", async () => {
    const user = await buildUser();

-    const res = await server.post("/api/webhookSubscriptions.list", {
-      body: { token: user.getJwtToken() },
-    });
+    const res = await server.post("/api/webhookSubscriptions.list", user);
    const body = await res.json();

    expect(res.status).toEqual(403);
@@ -43,9 +41,7 @@ describe("#webhookSubscriptions.list", () => {
        )
    );

-    const res = await server.post("/api/webhookSubscriptions.list", {
-      body: { token: user.getJwtToken() },
-    });
+    const res = await server.post("/api/webhookSubscriptions.list", user);
    const body = await res.json();

    expect(res.status).toEqual(200);
@@ -70,8 +66,8 @@ describe("#webhookSubscriptions.list", () => {
      name: "Development Hook",
    });

-    const res = await server.post("/api/webhookSubscriptions.list", {
-      body: { token: user.getJwtToken(), query: "webhook" },
+    const res = await server.post("/api/webhookSubscriptions.list", user, {
+      body: { query: "webhook" },
    });
    const body = await res.json();

@@ -97,8 +93,8 @@ describe("#webhookSubscriptions.list", () => {
      name: "Staging Webhook",
    });

-    const res = await server.post("/api/webhookSubscriptions.list", {
-      body: { token: user.getJwtToken(), query: "PRODUCTION" },
+    const res = await server.post("/api/webhookSubscriptions.list", user, {
+      body: { query: "PRODUCTION" },
    });
    const body = await res.json();

@@ -115,8 +111,8 @@ describe("#webhookSubscriptions.list", () => {
      name: "Production Webhook",
    });

-    const res = await server.post("/api/webhookSubscriptions.list", {
-      body: { token: user.getJwtToken(), query: "nonexistent" },
+    const res = await server.post("/api/webhookSubscriptions.list", user, {
+      body: { query: "nonexistent" },
    });
    const body = await res.json();

@@ -139,9 +135,7 @@ describe("#webhookSubscriptions.create", () => {
  it("should fail with status 403 forbidden for non-admin user", async () => {
    const user = await buildUser();

-    const res = await server.post("/api/webhookSubscriptions.create", {
-      body: { token: user.getJwtToken() },
-    });
+    const res = await server.post("/api/webhookSubscriptions.create", user);
    const body = await res.json();

    expect(res.status).toEqual(403);
@@ -155,9 +149,8 @@ describe("#webhookSubscriptions.create", () => {
    const events = ["comments"];
    const secret = "Test secret";

-    const res = await server.post("/api/webhookSubscriptions.create", {
+    const res = await server.post("/api/webhookSubscriptions.create", user, {
      body: {
-        token: user.getJwtToken(),
        name,
        url,
        events,
@@ -190,9 +183,7 @@ describe("#webhookSubscriptions.update", () => {
  it("should fail with status 403 forbidden for non-admin user", async () => {
    const user = await buildUser();

-    const res = await server.post("/api/webhookSubscriptions.update", {
-      body: { token: user.getJwtToken() },
-    });
+    const res = await server.post("/api/webhookSubscriptions.update", user);
    const body = await res.json();

    expect(res.status).toEqual(403);
@@ -213,9 +204,8 @@ describe("#webhookSubscriptions.update", () => {
      teamId: user.teamId,
    });

-    const res = await server.post("/api/webhookSubscriptions.update", {
+    const res = await server.post("/api/webhookSubscriptions.update", user, {
      body: {
-        token: user.getJwtToken(),
        id: existingWebhook.id,
        name,
        url,
@@ -247,9 +237,8 @@ describe("#webhookSubscriptions.update", () => {
      enabled: false,
    });

-    const res = await server.post("/api/webhookSubscriptions.update", {
+    const res = await server.post("/api/webhookSubscriptions.update", user, {
      body: {
-        token: user.getJwtToken(),
        id: disabledWebhook.id,
        name,
        url,
@@ -281,9 +270,7 @@ describe("#webhookSubscriptions.delete", () => {
  it("should fail with status 403 forbidden for non-admin user", async () => {
    const user = await buildUser();

-    const res = await server.post("/api/webhookSubscriptions.delete", {
-      body: { token: user.getJwtToken() },
-    });
+    const res = await server.post("/api/webhookSubscriptions.delete", user);
    const body = await res.json();

    expect(res.status).toEqual(403);
@@ -300,8 +287,8 @@ describe("#webhookSubscriptions.delete", () => {
      teamId: user.teamId,
    });

-    const res = await server.post("/api/webhookSubscriptions.delete", {
-      body: { token: user.getJwtToken(), id: createdWebhook.id },
+    const res = await server.post("/api/webhookSubscriptions.delete", user, {
+      body: { id: createdWebhook.id },
    });
    const body = await res.json();