Merged
Conversation
* ops: updated release pipeline to run only on version changes, and created ci workflow * 1.0.8
- Add Git Flow branching strategy (develop/master) - Document npm version command before push - Add prepublishOnly hook recommendation - Update workflow with proper branch management - Clear warnings about PR targeting Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com>
* parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged
* parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * 1.0.12
* parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * added error handling to forgot password, reset password and signin/up page * 1.0.13
…t logout bounce-back
There was a problem hiding this comment.
Pull request overview
This PR expands the auth kit’s runtime behavior around refresh/login error handling while adding a Vitest + React Testing Library test setup and a new set of unit/component tests to prevent regressions.
Changes:
- Add
extractHttpErrorMessageand use it across auth flows; surface refresh-token failures to the sign-in UI. - Extend auth configuration and signup flow (custom signup URL, custom fields, configurable signup endpoint/payload transform).
- Introduce Vitest (jsdom) configuration + centralized
tests/structure, and add tests for key utilities/components/providers.
Reviewed changes
Copilot reviewed 25 out of 26 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
vitest.config.ts |
Switch Vitest to jsdom, add global setup file, and restrict test glob to tests/**. |
tests/setup.ts |
Add RTL cleanup and jest-dom matchers for all tests. |
tests/utils/jwtHelpers.test.ts |
Add unit coverage for JWT decoding field mapping/defaults. |
tests/utils/colorHelpers.test.ts |
Add unit coverage for Tailwind color class normalization. |
tests/utils/attachAuthInterceptor.test.ts |
Add tests for auth interceptor refresh/retry and logout-on-failure behavior. |
tests/providers/AuthProvider.test.tsx |
Add routing-focused tests for AuthProvider login/protected redirects. |
tests/hooks/useAbility.test.tsx |
Add tests for role/module/permission helper hooks. |
tests/context/RbacContext.test.tsx |
Add tests for RBAC grant logic integration with ability hooks. |
tests/context/AuthStateContext.test.tsx |
Add tests ensuring useAuthState throws outside provider and works inside. |
tests/context/AuthConfigContext.test.tsx |
Add tests ensuring useAuthConfig throws outside provider and works inside. |
tests/components/SessionExpiredModal.test.tsx |
Add portal/body-style side-effect tests for the session-expired modal. |
tests/components/RequirePermissions.test.tsx |
Add tests for permission/role gating and redirect behavior. |
tests/components/InputField.test.tsx |
Add basic interaction test for the InputField component. |
tests/components/InlineError.test.tsx |
Add tests for InlineError visibility, auto-dismiss, and manual dismiss. |
src/utils/errorHelpers.ts |
Introduce a shared HTTP/Axios error-to-message extraction helper. |
src/utils/attachAuthInterceptor.ts |
Persist refresh failure details for display on the login page. |
src/providers/AuthProvider.tsx |
Adjust bootstrap effect dependencies and reorder imports. |
src/pages/auth/SignInPage.tsx |
Display persisted refresh failure messages; use shared HTTP error extraction; support configurable sign-up URL. |
src/pages/auth/SignUpPage.tsx |
Add support for configurable signup endpoint/payload and rendering custom signup fields. |
src/pages/auth/ResetPasswordPage.tsx |
Use shared HTTP error extraction for reset-password failures. |
src/pages/auth/ForgotPasswordPage.tsx |
Change forgot-password failure handling to show backend-derived error messages. |
src/models/AuthConfig.ts |
Add config options for custom sign-up URL, custom fields, endpoint override, and payload transform. |
src/components/ProfilePage.tsx |
Update profile model usage to split fullname and username, and patch those fields. |
package.json |
Add test/coverage scripts and prepublish test gate; bump version and add test deps. |
README.md |
Document how to run tests and the tests/ folder layout. |
Comment on lines
+64
to
+70
| // Surface detailed error message for UI to display on login page | ||
| try { | ||
| const msg = extractHttpErrorMessage(refreshErr); | ||
| if (msg) { | ||
| sessionStorage.setItem('authErrorMessage', msg); | ||
| } | ||
| } catch { /* ignore storage errors */ } |
Comment on lines
34
to
+38
| } catch (err) { | ||
| // Do not enumerate users; still show success message | ||
| setSent(true); | ||
| console.error("Forgot password request failed", err); | ||
| // Show backend error details.message via InlineError | ||
| const msg = extractHttpErrorMessage(err); | ||
| setError(msg); | ||
| setSent(false); |
Comment on lines
+4
to
+7
| import { afterEach } from 'vitest'; | ||
|
|
||
| // Ensure cleanup between tests to avoid DOM leakage across renders | ||
| afterEach(cleanup); |
| { | ||
| "name": "@ciscode/ui-authentication-kit", | ||
| "version": "1.0.11", | ||
| "version": "1.0.13", |
Comment on lines
+326
to
+334
| <InputField | ||
| key={field.name} | ||
| label={field.label} | ||
| type={field.type as any} | ||
| placeholder={field.placeholder || ''} | ||
| color={borderClass} | ||
| value={customValues[field.name]} | ||
| onChange={(val) => setCustomValues({ ...customValues, [field.name]: val })} | ||
| /> |
Comment on lines
+45
to
+56
| const resp = await api.get('/api/auth/me'); | ||
| if (cancelled) return; | ||
|
|
||
| setUser(data); | ||
| setName(data?.name ?? ''); | ||
| setEmail(data?.email ?? ''); | ||
| const u = resp?.data?.data; | ||
| setEmail(u?.email ?? ''); | ||
| const f = u?.fullname?.fname ?? ''; | ||
| const l = u?.fullname?.lname ?? ''; | ||
| const un = u?.username ?? ''; | ||
| setFname(f); | ||
| setLname(l); | ||
| setUsername(un); | ||
| setOrig({ fname: f, lname: l, username: un }); |
Comment on lines
+16
to
+18
| function isAxiosError(err: unknown): err is AxiosError { | ||
| return !!(err as any)?.isAxiosError; | ||
| } |
Comment on lines
+45
to
+48
| const msg = sessionStorage.getItem('authErrorMessage'); | ||
| if (msg) { | ||
| setError(msg); | ||
| sessionStorage.removeItem('authErrorMessage'); |
Contributor
|
@copilot resolve the merge conflicts in this pull request |
Copilot stopped work on behalf of
Zaiidmo due to an error
April 17, 2026 10:45
Contributor
|
@copilot Try again |
Copilot stopped work on behalf of
Zaiidmo due to an error
April 17, 2026 10:45
|
There was a problem hiding this comment.
Pull request overview
This PR focuses on stabilizing authentication UX during bootstrap/refresh flows by improving error propagation to the login UI, expanding auth configurability, and adding a Vitest/RTL test suite to cover key auth utilities/components.
Changes:
- Added
extractHttpErrorMessage()and wired it into auth flows (sign-in/up/reset/forgot + refresh failure handling). - Introduced configurable signup behavior (custom fields, endpoint override, payload transform) and improved permission/RBAC checks (including
useCanAny). - Set up Vitest with jsdom + RTL and added a broad set of unit/component tests under
tests/.
Reviewed changes
Copilot reviewed 32 out of 33 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
vitest.config.ts |
Switches Vitest to jsdom, adds global setup, and standardizes test discovery. |
tests/setup.ts |
Adds RTL cleanup + jest-dom matchers for component tests. |
tests/utils/jwtHelpers.test.ts |
Adds unit coverage for JWT decoding defaults and field mapping. |
tests/utils/colorHelpers.test.ts |
Adds unit coverage for toTailwindColorClasses. |
tests/utils/attachAuthInterceptor.test.ts |
Adds tests for refresh/retry behavior and logout-on-refresh-failure handling. |
tests/providers/AuthProvider.test.tsx |
Adds routing tests for authenticated vs unauthenticated navigation. |
tests/hooks/useAbility.test.tsx |
Adds tests for role/module/permission hooks including missing-user behavior. |
tests/context/RbacContext.test.tsx |
Adds tests for RBAC grant evaluation behavior. |
tests/context/AuthStateContext.test.tsx |
Adds tests verifying provider-guard errors and normal consumption behavior. |
tests/context/AuthConfigContext.test.tsx |
Adds tests verifying provider-guard errors and normal consumption behavior. |
tests/components/SessionExpiredModal.test.tsx |
Adds component tests for modal portal/body side effects and callbacks. |
tests/components/RequirePermissions.test.tsx |
Adds tests for bypass/allow/redirect behavior in permission gate. |
tests/components/InputField.test.tsx |
Adds component test for controlled input behavior. |
tests/components/InlineError.test.tsx |
Adds component tests for InlineError dismissal behaviors. |
src/utils/errorHelpers.ts |
Adds shared HTTP/Axios error message extraction utility. |
src/utils/colorHelpers.ts |
Refactors Tailwind prefix typing (type-level change). |
src/utils/attachAuthInterceptor.ts |
Improves typing for _retry and persists refresh failure message for UI display. |
src/providers/AuthProvider.tsx |
Adjusts imports/hooks deps and includes routing/auth bootstrap logic changes. |
src/pages/auth/VerifyEmailPage.tsx |
Removes unused class destructure to satisfy lint/usage. |
src/pages/auth/SignUpPage.tsx |
Adds configurable signup fields/endpoint/transform + improved error handling. |
src/pages/auth/SignInPage.tsx |
Reads provider-level auth error from sessionStorage and uses shared error extraction. |
src/pages/auth/ResetPasswordPage.tsx |
Uses shared error extraction for reset-password errors. |
src/pages/auth/ForgotPasswordPage.tsx |
Uses shared error extraction for forgot-password errors. |
src/models/AuthConfig.ts |
Extends public config with custom signup and navigation options. |
src/hooks/useAbility.ts |
Adds useCanAny permission helper hook. |
src/context/RbacContext.ts |
Fixes hook call ordering and updates permission evaluation to use useCanAny. |
src/components/RequirePermissions.tsx |
Fixes hook call ordering and supports any-permission checks via useCanAny. |
src/components/ProfilePage.tsx |
Updates profile field model (fname/lname/username) and request/patch shape. |
src/components/InlineError.tsx |
Refactors error dismissal tracking to satisfy react-hooks lint rules. |
eslint.config.mjs |
Adds/adjusts react-hooks rules (warn/off) for new lint behaviors. |
package.json |
Adds testing dependencies/scripts and updates package version. |
README.md |
Documents new testing setup, commands, and test folder structure. |
Comment on lines
2
to
4
| "name": "@ciscode/ui-authentication-kit", | ||
| "version": "1.0.11", | ||
| "version": "1.0.15", | ||
| "description": "", |
Comment on lines
+26
to
+28
| const show = Boolean(message) && message !== dismissedForMessage; | ||
|
|
||
| if (!show) return null; |
Comment on lines
34
to
+38
| } catch (err) { | ||
| // Do not enumerate users; still show success message | ||
| setSent(true); | ||
| console.error("Forgot password request failed", err); | ||
| // Show backend error details.message via InlineError | ||
| const msg = extractHttpErrorMessage(err); | ||
| setError(msg); | ||
| setSent(false); |
Comment on lines
46
to
49
| /* ── Google OAuth callback component (inside AuthProvider so it can touch state) ── */ | ||
| // eslint-disable-next-line @typescript-eslint/no-unused-vars | ||
| const GoogleOAuthCallback: React.FC = () => { | ||
| const location = useLocation(); |
Comment on lines
+22
to
+25
| it('passes through hex colors and uses fallbacks when needed', () => { | ||
| const res = toTailwindColorClasses({ bg: '#FF9900', text: '' }, { text: 'text-gray-800' }); | ||
| expect(res.bgClass).toBe('#FF9900'); | ||
| expect(res.textClass).toBe('text-gray-800'); |
Comment on lines
108
to
113
| if (providerId === "microsoft") { | ||
| const callbackPath = "/api/oauth/microsoft/callback"; | ||
| const callbackUrl = `${window.location.origin}${callbackPath}`; | ||
|
|
||
| const url = new URL(`${baseUrl}/api/auth/microsoft`); | ||
| url.searchParams.set("redirect", callbackUrl); |
Comment on lines
82
to
+86
| fullname: { fname, lname }, | ||
| username, | ||
| email, | ||
| password, | ||
| }); | ||
| ...customValues |
Comment on lines
124
to
128
| // Where to go AFTER successful OAuth login. | ||
| const state = location.state as { from?: { pathname?: string } | string } | null; | ||
| const from = | ||
| (location.state as any)?.from?.pathname || | ||
| (location.state as any)?.from || | ||
| "/"; | ||
| (typeof state?.from === 'object' ? state?.from?.pathname : state?.from) ?? "/"; | ||
|
|
Comment on lines
6
to
7
| interface Props { | ||
| /** list of permissions; *every* one must be present */ |
Comment on lines
+48
to
+52
| const u = resp?.data?.data; | ||
| setEmail(u?.email ?? ''); | ||
| const f = u?.fullname?.fname ?? ''; | ||
| const l = u?.fullname?.lname ?? ''; | ||
| const un = u?.username ?? ''; |
Zaiidmo
added a commit
that referenced
this pull request
Apr 20, 2026
* chore: standardize package workflows and ci/cd configuration - Replace non-standard ci.yml with standardized release-check.yml and pr-validation.yml - Create dependabot.yml for automated dependency management (weekly, 5 PR limit) - Add sonarqube_mcp.instructions.md for SonarQube MCP server guidance - Ensure consistent GitHub Actions versions (v4 for checkout and setup-node) - Configure standardized Node versions (v22 for release, v20 for validation/publish) - Pin SonarQube actions to commit SHA for security hardening - Standardize branch triggers ([master, main] for release, [develop] for validation) This aligns AuthKit-UI with the standardized CI/CD pattern used across all @ciscode/* packages. * ops: added sonarqube_mcp-instructions * chore: standardize npm scripts (lint, format, typecheck, test, build, clean, verify, prepublishOnly) * chore: Standardize ESLint and Prettier configs with best practices * chore: added comprehensive changesets for release automation * docs: add standardized instruction files structure - Add comprehensive instruction files in .github/instructions/ - Includes copilot, testing, bugfix, features, general guidelines - Standardize documentation across all repositories * refactor: move instruction files to .github/instructions/ - Remove deprecated instruction files from .github/ root - Consolidate all docs in .github/instructions/ directory - Improve documentation organization * ops: UPDATED publish workflow and dependabot PR limits * ops (ci): standardize publish validation and dependabot across all packages - Replace git tag --list strategy with package.json-driven tag validation in all 16 publish workflows; use git rev-parse to verify the exact tag exists rather than guessing the latest repo-wide tag - Update error guidance to reflect feat/** → develop → master flow - Standardize dependabot to npm-only, grouped, monthly cadence across all 16 packages; remove github-actions ecosystem updates - Add missing dependabot.yml to AuthKit-UI, ChartKit-UI, HealthKit, HooksKit, paymentkit, StorageKit * security: added CODEOWNER file for branches security * ops: updated relese check workflow# * ci: update release check workflow * ops: updated release check jobs ] * Bugfix/fix auth bootstrap bounce (#19) * Updated workflows (#10) * ops: updated release pipeline to run only on version changes, and created ci workflow * 1.0.8 * docs(workflow): add Git Flow and npm version requirements (#11) - Add Git Flow branching strategy (develop/master) - Document npm version command before push - Add prepublishOnly hook recommendation - Update workflow with proper branch management - Clear warnings about PR targeting Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> * docs: added different documentations * 1.0.9 * ops: updated publishing trigger * Fix/verify email UI (#13) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * Unit tests (#17) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * 1.0.12 * Error handling (#18) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * added error handling to forgot password, reset password and signin/up page * 1.0.13 * feat(auth): add dynamic signup fields and custom endpoints * refactor(ui): cleanup imports and formatting in auth pages * fix(auth): remove accessToken from bootstrap useEffect deps to prevent logout bounce-back * fix: resolve lint errors, test failures and add eslint + prettier devDependencies * chore: bump version to 1.0.15 --------- Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> Co-authored-by: Ciscode-Admin <info@ciscod.com> Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiidmo <zaiidmoumnii@gmail.com> Co-authored-by: a-elkhiraooui-ciscode <a.elkhiraoui@ciscod.com> Co-authored-by: saad moumou <saad.moumou.coder@gmail.com> * Bugfix/fix auth bootstrap bounce (#22) * Updated workflows (#10) * ops: updated release pipeline to run only on version changes, and created ci workflow * 1.0.8 * docs(workflow): add Git Flow and npm version requirements (#11) - Add Git Flow branching strategy (develop/master) - Document npm version command before push - Add prepublishOnly hook recommendation - Update workflow with proper branch management - Clear warnings about PR targeting Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> * docs: added different documentations * 1.0.9 * ops: updated publishing trigger * Fix/verify email UI (#13) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * Unit tests (#17) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * 1.0.12 * Error handling (#18) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * added error handling to forgot password, reset password and signin/up page * 1.0.13 * feat(auth): add dynamic signup fields and custom endpoints * refactor(ui): cleanup imports and formatting in auth pages * fix(auth): remove accessToken from bootstrap useEffect deps to prevent logout bounce-back * fix: resolve lint errors, test failures and add eslint + prettier devDependencies * chore: bump version to 1.0.15 * test: enhance coverage for AuthKit-UI + fix typecheck and test:cov script - Fix typecheck: add paths aliases to resolve @types/react dual-version conflict - Fix test:cov script: use 'vitest run --coverage' (was watch mode) - Add vitest coverage config: include src/**, exclude models/assets - Add tests/utils/errorHelpers.test.ts: 9 tests covering extractHttpErrorMessage - Add tests/components/SocialButton.test.tsx: 3 tests for SocialButton render - Add tests/components/ProfilePage.test.tsx: 7 tests (load, edit, save, cancel, error toast) - Add tests/pages/auth/authPages.test.tsx: tests for ForgotPassword, ResetPassword, VerifyEmail, GoogleCallback, SignIn, SignUp pages - Add tests/exports.test.ts: smoke test for src/main/app re-exports Coverage: 28.81%% -> 85%% statements * fix: replace deprecated JSX.Element with React.ReactElement in AuthProvider * fix: upgrade @types/react-dom to ^19 to fix npm ci lock file mismatch --------- Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> Co-authored-by: Ciscode-Admin <info@ciscod.com> Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiidmo <zaiidmoumnii@gmail.com> Co-authored-by: a-elkhiraooui-ciscode <a.elkhiraoui@ciscod.com> Co-authored-by: saad moumou <saad.moumou.coder@gmail.com> * fix(security): upgrade axios >=1.14.1 and override follow-redirects >=1.15.12 to fix CVEs * style: apply prettier formatting to all files * fix(ci): correct sonar.tests path from 'test' to 'tests' and add .tsx inclusions * fix(ci): gate SonarCloud job to workflow_dispatch only, matching WidgetKit-UI pattern * added release check * style: prettier format release-check.yml --------- Co-authored-by: Zaiidmo <zaiidmoumnii@gmail.com> Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> Co-authored-by: Ciscode-Admin <info@ciscod.com> Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: a-elkhiraooui-ciscode <a.elkhiraoui@ciscod.com> Co-authored-by: saad moumou <saad.moumou.coder@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why
Checklist
npm run lintpassesnpm run typecheckpassesnpm testpassesnpm run buildpassesnpx changeset) if this affects consumersNotes