fix: do not cache Authorization header (and add tests)

supabase · Mar 30, 2022 · 79b5033 · 79b5033
1 parent e88e521
commit 79b5033
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 3 deletions.
diff --git a/jest.config.js b/jest.config.js
@@ -1,6 +1,7 @@
 module.exports = {
   preset: 'ts-jest',
   testEnvironment: 'node',
+  clearMocks: true,
   collectCoverage: false,
   coverageDirectory: './test/coverage',
   coverageReporters: ['json', 'html', 'lcov'],

diff --git a/src/SupabaseClient.ts b/src/SupabaseClient.ts
@@ -265,7 +265,7 @@ export default class SupabaseClient {
   }
 
   private _getAuthHeaders(): GenericObject {
-    const headers: GenericObject = this.headers
+    const headers: GenericObject = { ...this.headers }
     const authBearer = this.auth.session()?.access_token ?? this.supabaseKey
     headers['apikey'] = this.supabaseKey
     headers['Authorization'] = headers['Authorization'] || `Bearer ${authBearer}`

diff --git a/test/client.test.ts b/test/client.test.ts
@@ -16,17 +16,40 @@ test('it should throw an error if no valid params are provided', async () => {
   expect(() => createClient(URL, '')).toThrowError('supabaseKey is required.')
 })
 
-describe('Custom Headers', () => {
-  const customHeader = { 'X-Test-Header': 'value' }
+test('it should not cache Authorization header', async () => {
+  const checkHeadersSpy = jest.spyOn(SupabaseClient.prototype as any, '_getAuthHeaders')
+
+  supabase.auth.setAuth('token1')
+  supabase.rpc('') // Calling public method `rpc` calls private method _getAuthHeaders which result we want to test
+  supabase.auth.setAuth('token2')
+  supabase.rpc('') // Calling public method `rpc` calls private method _getAuthHeaders which result we want to test
+
+  expect(checkHeadersSpy.mock.results[0].value).toHaveProperty('Authorization', 'Bearer token1')
+  expect(checkHeadersSpy.mock.results[1].value).toHaveProperty('Authorization', 'Bearer token2')
+})
 
+describe('Custom Headers', () => {
   test('should have custom header set', () => {
+    const customHeader = { 'X-Test-Header': 'value' }
+
     const checkHeadersSpy = jest.spyOn(SupabaseClient.prototype as any, '_getAuthHeaders')
     createClient(URL, KEY, { headers: customHeader }).rpc('') // Calling public method `rpc` calls private method _getAuthHeaders which result we want to test
     const getHeaders = checkHeadersSpy.mock.results[0].value
 
     expect(checkHeadersSpy).toBeCalled()
     expect(getHeaders).toHaveProperty('X-Test-Header', 'value')
   })
+
+  test('should allow custom Authorization header', () => {
+    const customHeader = { Authorization: 'Bearer custom_token' }
+    supabase.auth.setAuth('override_me')
+    const checkHeadersSpy = jest.spyOn(SupabaseClient.prototype as any, '_getAuthHeaders')
+    createClient(URL, KEY, { headers: customHeader }).rpc('') // Calling public method `rpc` calls private method _getAuthHeaders which result we want to test
+    const getHeaders = checkHeadersSpy.mock.results[0].value
+
+    expect(checkHeadersSpy).toBeCalled()
+    expect(getHeaders).toHaveProperty('Authorization', 'Bearer custom_token')
+  })
 })
 
 // Socket should close when there are no open connections