Merged
Conversation
* ops: updated release pipeline to run only on version changes, and created ci workflow * 1.0.8
- Add Git Flow branching strategy (develop/master) - Document npm version command before push - Add prepublishOnly hook recommendation - Update workflow with proper branch management - Clear warnings about PR targeting Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com>
* parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged
* parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * 1.0.12
* parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * added error handling to forgot password, reset password and signin/up page * 1.0.13
…t logout bounce-back
…ript - Fix typecheck: add paths aliases to resolve @types/react dual-version conflict - Fix test:cov script: use 'vitest run --coverage' (was watch mode) - Add vitest coverage config: include src/**, exclude models/assets - Add tests/utils/errorHelpers.test.ts: 9 tests covering extractHttpErrorMessage - Add tests/components/SocialButton.test.tsx: 3 tests for SocialButton render - Add tests/components/ProfilePage.test.tsx: 7 tests (load, edit, save, cancel, error toast) - Add tests/pages/auth/authPages.test.tsx: tests for ForgotPassword, ResetPassword, VerifyEmail, GoogleCallback, SignIn, SignUp pages - Add tests/exports.test.ts: smoke test for src/main/app re-exports Coverage: 28.81%% -> 85%% statements
There was a problem hiding this comment.
Pull request overview
This PR expands the auth kit’s test setup (Vitest + RTL + coverage) and adjusts several auth/UI utilities and flows (error extraction, token refresh handling, signup customization, RBAC hooks), aiming to address an auth bootstrap “bounce” while adding broader automated test coverage.
Changes:
- Configure Vitest for jsdom + global setup + coverage and add a comprehensive
tests/suite. - Introduce
extractHttpErrorMessageand use it across auth pages + interceptor to surface backend error details. - Update auth provider/bootstrap logic, RBAC permission checks, and Profile page field handling.
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| vitest.config.ts | Switch Vitest to jsdom, add setup file, test include glob, and coverage config. |
| tsconfig.json | Add TS paths mappings for react-related packages. |
| package.json | Update scripts, add testing/linting deps, and bump version. |
| eslint.config.mjs | Enable/downgrade new react-hooks rules. |
| README.md | Document test commands and test folder layout. |
| src/utils/errorHelpers.ts | Add shared helper to extract user-facing error messages from axios/common shapes. |
| src/utils/colorHelpers.ts | Refine Tailwind prefix typing. |
| src/utils/attachAuthInterceptor.ts | Improve _retry typing and store refresh failure message for UI display. |
| src/providers/AuthProvider.tsx | Rework bootstrap deps/logic and routing; add/retain callback-related code. |
| src/pages/auth/*.tsx | Use extractHttpErrorMessage; add signup customization and improve defaults. |
| src/models/AuthConfig.ts | Add new config options for custom signup URL/fields/endpoint/payload transform. |
| src/hooks/useAbility.ts | Add useCanAny helper. |
| src/context/RbacContext.ts | Fix hook call order by using useCanAny / unconditional hook calls. |
| src/components/RequirePermissions.tsx | Avoid conditional hook calls; support “any permission” checks via useCanAny. |
| src/components/ProfilePage.tsx | Split user name into fname/lname/username fields with cancel/original state tracking. |
| src/components/InlineError.tsx | Change dismissal logic to avoid set-state-in-effect patterns. |
| tests/** | Add unit/component tests across utils, hooks, contexts, providers, and pages. |
Comments suppressed due to low confidence (4)
src/providers/AuthProvider.tsx:50
GoogleOAuthCallbackis introduced with an eslint suppression but is not used anywhere (the callback route renders<GoogleCallbackPage />). This dead code increases maintenance burden and can drift from the actual callback behavior. Remove it or wire the route to use it consistently.
/* ── Google OAuth callback component (inside AuthProvider so it can touch state) ── */
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const GoogleOAuthCallback: React.FC = () => {
const location = useLocation();
package.json:3
- Manual version bump in
package.jsonconflicts with the repo’s Changesets-based versioning workflow. Please revert the direct version edit and add a.changeset/*.mdentry instead (then run the changeset versioning step during release).
"name": "@ciscode/ui-authentication-kit",
"version": "1.0.15",
src/providers/AuthProvider.tsx:139
- The bootstrap effect no longer depends on
accessToken, but it reads it and decodes it. When the interceptor refreshes the token viasetAccessToken(...),userwill not be updated (since the interceptor doesn’t callsetUser), leavinguserstale/null whileisAuthenticatedbecomes true. IncludeaccessTokenin the effect deps or add a separate effect that decodes/updatesuserwheneveraccessTokenchanges.
useEffect(() => {
const init = async () => {
if (accessToken) {
setUser(decodeToken(accessToken));
return;
}
try {
const { data } = await axios.post(
`${config.baseUrl}/api/auth/refresh-token`,
{},
{ withCredentials: true }
);
setAccessToken(data.accessToken);
setUser(decodeToken(data.accessToken));
localStorage.setItem('authToken', data.accessToken);
} catch {
/* no valid refresh cookie – remain logged-out */
}
};
init();
// eslint-disable-next-line react-hooks/exhaustive-deps
}, [config.baseUrl]);
src/providers/AuthProvider.tsx:76
GoogleOAuthCallbackis defined but unused (suppressed with an eslint disable). This dead code increases maintenance burden and can drift from the actual callback route (<GoogleCallbackPage />). Remove it or wire the route to use it consistently.
/* ── Google OAuth callback component (inside AuthProvider so it can touch state) ── */
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const GoogleOAuthCallback: React.FC = () => {
const location = useLocation();
useEffect(() => {
const params = new URLSearchParams(location.search);
const tokenFromQuery = params.get('accessToken');
if (tokenFromQuery) {
try {
setAccessToken(tokenFromQuery);
setUser(decodeToken(tokenFromQuery));
localStorage.setItem('authToken', tokenFromQuery);
resetSessionFlag();
} catch (e) {
console.error("Failed to decode or store Google access token:", e);
}
} else {
console.error("No accessToken found in Google OAuth callback URL.");
}
const redirectPath = sessionStorage.getItem('postLoginRedirect') || '/';
sessionStorage.removeItem('postLoginRedirect');
navigate(redirectPath, { replace: true });
}, [location.search]);
// No UI needed; this route just processes the tokens then redirects.
return null;
};
| "@types/node": "^22.13.1", | ||
| "@types/react": "^18.2.37", | ||
| "@types/react": "^19.0.0", | ||
| "@types/react-dom": "^18.3.6", |
There was a problem hiding this comment.
react-dom is on React 19, but @types/react-dom remains on the 18.x line. This version mismatch can cause TS type incompatibilities. Align @types/react-dom with the React major version you’re using (or rely on the correct bundled types if applicable).
Suggested change
| "@types/react-dom": "^18.3.6", | |
| "@types/react-dom": "^19.0.0", |
|
Zaiidmo
added a commit
that referenced
this pull request
Apr 20, 2026
* chore: standardize package workflows and ci/cd configuration - Replace non-standard ci.yml with standardized release-check.yml and pr-validation.yml - Create dependabot.yml for automated dependency management (weekly, 5 PR limit) - Add sonarqube_mcp.instructions.md for SonarQube MCP server guidance - Ensure consistent GitHub Actions versions (v4 for checkout and setup-node) - Configure standardized Node versions (v22 for release, v20 for validation/publish) - Pin SonarQube actions to commit SHA for security hardening - Standardize branch triggers ([master, main] for release, [develop] for validation) This aligns AuthKit-UI with the standardized CI/CD pattern used across all @ciscode/* packages. * ops: added sonarqube_mcp-instructions * chore: standardize npm scripts (lint, format, typecheck, test, build, clean, verify, prepublishOnly) * chore: Standardize ESLint and Prettier configs with best practices * chore: added comprehensive changesets for release automation * docs: add standardized instruction files structure - Add comprehensive instruction files in .github/instructions/ - Includes copilot, testing, bugfix, features, general guidelines - Standardize documentation across all repositories * refactor: move instruction files to .github/instructions/ - Remove deprecated instruction files from .github/ root - Consolidate all docs in .github/instructions/ directory - Improve documentation organization * ops: UPDATED publish workflow and dependabot PR limits * ops (ci): standardize publish validation and dependabot across all packages - Replace git tag --list strategy with package.json-driven tag validation in all 16 publish workflows; use git rev-parse to verify the exact tag exists rather than guessing the latest repo-wide tag - Update error guidance to reflect feat/** → develop → master flow - Standardize dependabot to npm-only, grouped, monthly cadence across all 16 packages; remove github-actions ecosystem updates - Add missing dependabot.yml to AuthKit-UI, ChartKit-UI, HealthKit, HooksKit, paymentkit, StorageKit * security: added CODEOWNER file for branches security * ops: updated relese check workflow# * ci: update release check workflow * ops: updated release check jobs ] * Bugfix/fix auth bootstrap bounce (#19) * Updated workflows (#10) * ops: updated release pipeline to run only on version changes, and created ci workflow * 1.0.8 * docs(workflow): add Git Flow and npm version requirements (#11) - Add Git Flow branching strategy (develop/master) - Document npm version command before push - Add prepublishOnly hook recommendation - Update workflow with proper branch management - Clear warnings about PR targeting Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> * docs: added different documentations * 1.0.9 * ops: updated publishing trigger * Fix/verify email UI (#13) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * Unit tests (#17) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * 1.0.12 * Error handling (#18) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * added error handling to forgot password, reset password and signin/up page * 1.0.13 * feat(auth): add dynamic signup fields and custom endpoints * refactor(ui): cleanup imports and formatting in auth pages * fix(auth): remove accessToken from bootstrap useEffect deps to prevent logout bounce-back * fix: resolve lint errors, test failures and add eslint + prettier devDependencies * chore: bump version to 1.0.15 --------- Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> Co-authored-by: Ciscode-Admin <info@ciscod.com> Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiidmo <zaiidmoumnii@gmail.com> Co-authored-by: a-elkhiraooui-ciscode <a.elkhiraoui@ciscod.com> Co-authored-by: saad moumou <saad.moumou.coder@gmail.com> * Bugfix/fix auth bootstrap bounce (#22) * Updated workflows (#10) * ops: updated release pipeline to run only on version changes, and created ci workflow * 1.0.8 * docs(workflow): add Git Flow and npm version requirements (#11) - Add Git Flow branching strategy (develop/master) - Document npm version command before push - Add prepublishOnly hook recommendation - Update workflow with proper branch management - Clear warnings about PR targeting Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> * docs: added different documentations * 1.0.9 * ops: updated publishing trigger * Fix/verify email UI (#13) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * Unit tests (#17) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * 1.0.12 * Error handling (#18) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * added error handling to forgot password, reset password and signin/up page * 1.0.13 * feat(auth): add dynamic signup fields and custom endpoints * refactor(ui): cleanup imports and formatting in auth pages * fix(auth): remove accessToken from bootstrap useEffect deps to prevent logout bounce-back * fix: resolve lint errors, test failures and add eslint + prettier devDependencies * chore: bump version to 1.0.15 * test: enhance coverage for AuthKit-UI + fix typecheck and test:cov script - Fix typecheck: add paths aliases to resolve @types/react dual-version conflict - Fix test:cov script: use 'vitest run --coverage' (was watch mode) - Add vitest coverage config: include src/**, exclude models/assets - Add tests/utils/errorHelpers.test.ts: 9 tests covering extractHttpErrorMessage - Add tests/components/SocialButton.test.tsx: 3 tests for SocialButton render - Add tests/components/ProfilePage.test.tsx: 7 tests (load, edit, save, cancel, error toast) - Add tests/pages/auth/authPages.test.tsx: tests for ForgotPassword, ResetPassword, VerifyEmail, GoogleCallback, SignIn, SignUp pages - Add tests/exports.test.ts: smoke test for src/main/app re-exports Coverage: 28.81%% -> 85%% statements * fix: replace deprecated JSX.Element with React.ReactElement in AuthProvider * fix: upgrade @types/react-dom to ^19 to fix npm ci lock file mismatch --------- Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> Co-authored-by: Ciscode-Admin <info@ciscod.com> Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiidmo <zaiidmoumnii@gmail.com> Co-authored-by: a-elkhiraooui-ciscode <a.elkhiraoui@ciscod.com> Co-authored-by: saad moumou <saad.moumou.coder@gmail.com> * fix(security): upgrade axios >=1.14.1 and override follow-redirects >=1.15.12 to fix CVEs * style: apply prettier formatting to all files * fix(ci): correct sonar.tests path from 'test' to 'tests' and add .tsx inclusions * fix(ci): gate SonarCloud job to workflow_dispatch only, matching WidgetKit-UI pattern * added release check * style: prettier format release-check.yml --------- Co-authored-by: Zaiidmo <zaiidmoumnii@gmail.com> Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> Co-authored-by: Ciscode-Admin <info@ciscod.com> Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: a-elkhiraooui-ciscode <a.elkhiraoui@ciscod.com> Co-authored-by: saad moumou <saad.moumou.coder@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why
Checklist
npm run lintpassesnpm run typecheckpassesnpm testpassesnpm run buildpassesnpx changeset) if this affects consumersNotes