Replaces URL-embedded JWT tokens with a single-use, 60-second handoff code that the SPA exchanges via server-to-server POST. The URL now contains only `?handoff=<code>` — no tokens are placed in the browser history, proxy access logs, or Referer header. Backend: new SsoHandoff store (DashMap, 60s TTL, atomic DashMap::remove for single-use), POST /api/v1/auth/sso/handoff endpoint, 7 new tests. Frontend: SsoCallbackPage rewritten to use useSearchParams + POST exchange, with history.replaceState to clear the handoff code from the address bar. Switched from window.location.search to useSearchParams() for test compatibility. New Vitest infrastructure (vitest, @testing-library/react, jsdom) and 6 new tests. CI fix in ccba9e3: cargo fmt --all and added searchParams to useEffect dep array to satisfy CI's Rust Format and Frontend Lint checks. Refs: closes #4
This commit is contained in:
Draco-Lunaris-Echo
committed by
GitHub
GitHub
parent
3bdae4bcc5
commit
f58d7a6f17
18
frontend/vitest.config.ts
Normal file
18
frontend/vitest.config.ts
Normal file
@ -0,0 +1,18 @@
|
||||
import { defineConfig } from 'vitest/config'
|
||||
import react from '@vitejs/plugin-react'
|
||||
|
||||
/// Vitest configuration for the Patch Manager UI.
|
||||
///
|
||||
/// - Uses jsdom for a browser-like environment (needed for MUI + React
|
||||
/// Testing Library).
|
||||
/// - The `react()` plugin is required for JSX in test files.
|
||||
/// - `globals: true` lets tests use `describe`, `it`, `expect` without
|
||||
/// imports (matches the existing frontend conventions).
|
||||
export default defineConfig({
|
||||
plugins: [react()],
|
||||
test: {
|
||||
environment: 'jsdom',
|
||||
globals: true,
|
||||
setupFiles: ['./src/test/setup.ts'],
|
||||
},
|
||||
})
|
||||
Reference in New Issue
Block a user