feature/SAUTHC-14 | Replace deprecated crypto usage #13
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #13 +/- ##
==========================================
+ Coverage 48.78% 50.48% +1.70%
==========================================
Files 2 2
Lines 205 208 +3
Branches 53 49 -4
==========================================
+ Hits 100 105 +5
Misses 103 103
+ Partials 2 0 -2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…t 19 compatibility - Updated TypeScript compiler options: - "target": "ES2020" - "module": "ESNext" - "outDir": "./dist" - Enabled esModuleInterop, strict mode, and proper module resolution - Ensures proper ESM output for Vite and React 19 projects - Keeps type declarations in "dist" folder
amrography
requested review from
Abdallah-Abdelkhalek,
HassanElZarkawy and
SirNarsh
and removed request for
Abdallah-Abdelkhalek and
HassanElZarkawy
SirNarsh
requested review from
Copilot
and removed request for
Abdallah-Abdelkhalek
There was a problem hiding this comment.
Pull Request Overview
This PR replaces deprecated Node.js crypto usage with browser-compatible alternatives to support client-side authentication. The changes migrate from crypto and jsonwebtoken packages to jose, jwt-decode, and js-sha256, while also modernizing the TypeScript configuration.
Key Changes:
- Replaced Node.js
cryptomodule withjs-sha256for hashing and custom random string generation - Migrated from
jsonwebtokentojoseandjwt-decodefor JWT operations - Updated TypeScript target to ES2020 and module system to ESNext
Reviewed Changes
Copilot reviewed 2 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| package.json | Removed deprecated crypto and jsonwebtoken dependencies; added jose, js-sha256, and jwt-decode as replacements; updated TypeScript to v5.9.3 |
| tsconfig.json | Modernized compiler options with ES2020 target, ESNext modules, and additional strict mode settings for better type safety |
| src/AuthManager.ts | Implemented browser-compatible crypto alternatives: custom random string generator for PKCE, js-sha256 for hashing, and split JWT operations between jose (verify) and jwt-decode (decode); updated return types to allow null values |
| package-lock.json | Dependency tree updates reflecting the package changes with removal of jsonwebtoken-related dependencies and addition of new crypto libraries |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…mize build process
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 7 out of 10 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| expect(localStorage.setItem).toHaveBeenCalledWith('codeChallenge', expect.anything()); | ||
| }); | ||
|
|
||
| const loginCallback = vi.fn() |
There was a problem hiding this comment.
Missing semicolon after vi.fn(). This is inconsistent with other similar lines in the file (e.g., lines 33, 44, 106) and standard JavaScript/TypeScript conventions.
| const loginCallback = vi.fn() | |
| const loginCallback = vi.fn(); |
|
|
||
| describe('AuthManager Tests isolated ', () => { | ||
| it("doesn't refresh access token when its not expired", async () => { | ||
| const stateChange = vi.fn() |
There was a problem hiding this comment.
Missing semicolon after vi.fn(). This is inconsistent with other similar lines in the file and standard JavaScript/TypeScript conventions.
| const stateChange = vi.fn() | |
| const stateChange = vi.fn(); |
| it('throws an error when no refresh token is found', async () => { | ||
| localStorage.removeItem('refresh_token'); | ||
|
|
||
| const loginCallback = vi.fn() |
There was a problem hiding this comment.
Missing semicolon after vi.fn(). This is inconsistent with other similar lines in the file and standard JavaScript/TypeScript conventions.
| const loginCallback = vi.fn() | |
| const loginCallback = vi.fn(); |
|
|
||
|
|
||
|
|
||
| const loginCallback = vi.fn() |
There was a problem hiding this comment.
Missing semicolon after vi.fn(). This is inconsistent with other similar lines in the file and standard JavaScript/TypeScript conventions.
| it('logs out and clears local storage', async () => { | ||
| mock.onPost('http://auth-server.com/auth/logout').reply(200); | ||
|
|
||
| const loginCallback = vi.fn() |
There was a problem hiding this comment.
Missing semicolon after vi.fn(). This is inconsistent with other similar lines in the file and standard JavaScript/TypeScript conventions.
| const loginCallback = vi.fn() | |
| const loginCallback = vi.fn(); |
|
|
||
| const manager = AuthManager.initialize('http://auth-server.com/', 'example-realm', 'http://myapp.com/callback', stateChange); | ||
| const currentCallCount = (localStorage.getItem as Mock) | ||
| .mock?.calls?.length; |
There was a problem hiding this comment.
The optional chaining on .mock?.calls?.length could return undefined, but currentCallCount is used in arithmetic at line 125. This will result in NaN if the mock hasn't been called yet. Consider using a fallback value: const currentCallCount = (localStorage.getItem as Mock).mock?.calls?.length ?? 0;
| .mock?.calls?.length; | |
| .mock?.calls?.length ?? 0; |
| let nodeCrypto: typeof import("crypto") | undefined; | ||
|
|
||
| if (typeof window === "undefined") { | ||
| nodeCrypto = await import("crypto"); |
There was a problem hiding this comment.
[nitpick] Top-level await is used here, which requires the module system to support it. While this works with modern ESM, consider wrapping this in a try-catch block to handle potential import failures gracefully, especially since this is a critical initialization step.
No description provided.