Skip to content

Add integration tests for AuthContext token-event and storage-event synchronization #309

Description

@Jagadeeshftw

📌 Description

src/shared/contexts/AuthContext.tsx listens to both the custom patchwork-auth-token event and the cross-tab storage event to keep auth state in sync, re-running checkAuth on token set and clearing state on token removal. The existing AuthContext.test.tsx should be extended (or a focused integration test added) to cover: clearing state when a storage event removes patchwork_jwt, refreshing user on a patchwork-auth-token set event, and ignoring storage events for unrelated keys.

💡 Why it matters: Cross-tab logout and same-tab token changes are security-relevant; an event-handling regression could leave a logged-out tab appearing authenticated.

🧩 Requirements and context

  • Test that dispatching storage with key: 'patchwork_jwt' and newValue: null clears user/role/id.
  • Test that a patchwork-auth-token set event triggers getCurrentUser re-fetch.
  • Test that storage events for other keys are ignored.
  • Mock getCurrentUser and storage; assert state transitions.
  • Ensure listeners are cleaned up on unmount.

Non-functional requirements

  • Must be secure, tested, and documented.
  • Should be efficient and easy to review.

🛠️ Suggested execution

1. Fork the repo and create a branch

git checkout -b test/auth-context-sync

2. Implement changes

  • Write/modify the relevant source: none unless a bug is found
  • Write comprehensive tests: src/shared/contexts/AuthContext.test.tsx
  • Add documentation: inline test descriptions
  • Include TSDoc doc comments where touched
  • Validate security assumptions: cross-tab logout reliably clears state

3. Test and commit

  • Run tests:
npm test -- AuthContext
  • Cover edge cases: unrelated key, set then clear, unmount cleanup
  • Include test output and security notes in the PR description.

Example commit message

test(auth): cover token/storage event synchronization

✅ Acceptance criteria

  • storage-clear path clears state
  • token-set event re-fetches user
  • unrelated key ignored
  • listeners removed on unmount

🔒 Security notes

Verify a removed token in any tab cannot leave another tab in an authenticated state.

📋 Guidelines

  • Minimum 95% test coverage
  • Clear documentation
  • Timeframe: 96 hours

Metadata

Metadata

Assignees

Labels

GrantFox OSSGrantFox open-source programMaybe RewardedGrantFox: potentially rewarded contributionOfficial CampaignGrantFox official campaign issuefrontendFrontend / UI worksecuritySecurity hardening / audittestingTests and coverage

Type

Fields

No fields configured for Task.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions