Merge branch 'main' into yuhengsh-ci-test-auth

packages/adapter-nextjs/__tests__/auth/handlers/handleSignInCallbackRequest.test.ts

@@ -329,6 +329,7 @@ describe('handleSignInCallbackRequest', () => {
 			});
 			expect(mockCreateTokenCookiesSetOptions).toHaveBeenCalledWith(
 				mockSetCookieOptions,
+				mockOrigin,
 			);
 			expect(mockCreateSignInFlowProofCookies).toHaveBeenCalledWith({
 				state: '',

packages/adapter-nextjs/__tests__/auth/handlers/handleSignInCallbackRequestForPagesRouter.test.ts

@@ -386,6 +386,7 @@ describe('handleSignInCallbackRequest', () => {
 			});
 			expect(mockCreateTokenCookiesSetOptions).toHaveBeenCalledWith(
 				mockSetCookieOptions,
+				mockOrigin,
 			);
 			expect(mockCreateSignInFlowProofCookies).toHaveBeenCalledWith({
 				state: '',

packages/adapter-nextjs/__tests__/auth/handlers/handleSignInSignUpRequest.test.ts

@@ -10,7 +10,6 @@ import {
 	createSignInFlowProofCookies,
 	createSignUpEndpoint,
 	createUrlSearchParamsForSignInSignUp,
-	isSSLOrigin,
 } from '../../../src/auth/utils';
 
 jest.mock('../../../src/auth/utils');
@@ -28,7 +27,6 @@ const mockCreateSignUpEndpoint = jest.mocked(createSignUpEndpoint);
 const mockCreateUrlSearchParamsForSignInSignUp = jest.mocked(
 	createUrlSearchParamsForSignInSignUp,
 );
-const mockIsSSLOrigin = jest.mocked(isSSLOrigin);
 
 describe('handleSignInSignUpRequest', () => {
 	const mockCustomState = 'mockCustomState';
@@ -40,10 +38,6 @@ describe('handleSignInSignUpRequest', () => {
 	};
 	const mockToCodeChallenge = jest.fn(() => 'mockCodeChallenge');
 
-	beforeAll(() => {
-		mockIsSSLOrigin.mockReturnValue(true);
-	});
-
 	afterEach(() => {
 		mockAppendSetCookieHeaders.mockClear();
 		mockCreateAuthFlowProofCookiesSetOptions.mockClear();
@@ -53,7 +47,6 @@ describe('handleSignInSignUpRequest', () => {
 		mockCreateSignUpEndpoint.mockClear();
 		mockCreateUrlSearchParamsForSignInSignUp.mockClear();
 		mockToCodeChallenge.mockClear();
-		mockIsSSLOrigin.mockClear();
 	});
 
 	test.each(['signIn' as const, 'signUp' as const])(
@@ -152,17 +145,14 @@ describe('handleSignInSignUpRequest', () => {
 
 			expect(mockCreateAuthFlowProofCookiesSetOptions).toHaveBeenCalledWith(
 				mockSetCookieOptions,
-				{
-					secure: true,
-				},
+				mockOrigin,
 			);
 
 			expect(mockAppendSetCookieHeaders).toHaveBeenCalledWith(
 				expect.any(Headers),
 				mockCreateSignInFlowProofCookiesResult,
 				mockCreateAuthFlowProofCookiesSetOptionsResult,
 			);
-			expect(isSSLOrigin).toHaveBeenCalledWith(mockOrigin);
 		},
 	);
 });

packages/adapter-nextjs/__tests__/auth/handlers/handleSignInSignUpRequestForPagesRouter.test.ts

@@ -11,7 +11,6 @@ import {
 	createSignInFlowProofCookies,
 	createSignUpEndpoint,
 	createUrlSearchParamsForSignInSignUp,
-	isSSLOrigin,
 } from '../../../src/auth/utils';
 import { createMockNextApiResponse } from '../testUtils';
 
@@ -32,7 +31,6 @@ const mockCreateSignUpEndpoint = jest.mocked(createSignUpEndpoint);
 const mockCreateUrlSearchParamsForSignInSignUp = jest.mocked(
 	createUrlSearchParamsForSignInSignUp,
 );
-const mockIsSSLOrigin = jest.mocked(isSSLOrigin);
 
 describe('handleSignInSignUpRequest', () => {
 	const mockCustomState = 'mockCustomState';
@@ -53,10 +51,6 @@ describe('handleSignInSignUpRequest', () => {
 		mockResponse,
 	} = createMockNextApiResponse();
 
-	beforeAll(() => {
-		mockIsSSLOrigin.mockReturnValue(true);
-	});
-
 	afterEach(() => {
 		mockAppendSetCookieHeadersToNextApiResponse.mockClear();
 		mockCreateAuthFlowProofCookiesSetOptions.mockClear();
@@ -66,7 +60,6 @@ describe('handleSignInSignUpRequest', () => {
 		mockCreateSignUpEndpoint.mockClear();
 		mockCreateUrlSearchParamsForSignInSignUp.mockClear();
 		mockToCodeChallenge.mockClear();
-		mockIsSSLOrigin.mockClear();
 
 		mockResponseAppendHeader.mockClear();
 		mockResponseEnd.mockClear();
@@ -177,17 +170,14 @@ describe('handleSignInSignUpRequest', () => {
 
 			expect(mockCreateAuthFlowProofCookiesSetOptions).toHaveBeenCalledWith(
 				mockSetCookieOptions,
-				{
-					secure: true,
-				},
+				mockOrigin,
 			);
 
 			expect(mockAppendSetCookieHeadersToNextApiResponse).toHaveBeenCalledWith(
 				mockResponse,
 				mockCreateSignInFlowProofCookiesResult,
 				mockCreateAuthFlowProofCookiesSetOptionsResult,
 			);
-			expect(isSSLOrigin).toHaveBeenCalledWith(mockOrigin);
 		},
 	);
 });

packages/adapter-nextjs/__tests__/auth/handlers/handleSignOutRequest.test.ts

@@ -6,7 +6,6 @@ import {
 	createAuthFlowProofCookiesSetOptions,
 	createLogoutEndpoint,
 	createSignOutFlowProofCookies,
-	isSSLOrigin,
 	resolveRedirectSignOutUrl,
 } from '../../../src/auth/utils';
 
@@ -21,20 +20,14 @@ const mockCreateSignOutFlowProofCookies = jest.mocked(
 	createSignOutFlowProofCookies,
 );
 const mockResolveRedirectSignOutUrl = jest.mocked(resolveRedirectSignOutUrl);
-const mockIsSSLOrigin = jest.mocked(isSSLOrigin);
 
 describe('handleSignOutRequest', () => {
-	beforeAll(() => {
-		mockIsSSLOrigin.mockReturnValue(true);
-	});
-
 	afterEach(() => {
 		mockAppendSetCookieHeaders.mockClear();
 		mockCreateAuthFlowProofCookiesSetOptions.mockClear();
 		mockCreateLogoutEndpoint.mockClear();
 		mockCreateSignOutFlowProofCookies.mockClear();
 		mockResolveRedirectSignOutUrl.mockClear();
-		mockIsSSLOrigin.mockClear();
 	});
 
 	it('returns a 302 response with the correct headers and cookies', async () => {
@@ -98,12 +91,9 @@ describe('handleSignOutRequest', () => {
 			expect.any(URLSearchParams),
 		);
 		expect(mockCreateSignOutFlowProofCookies).toHaveBeenCalled();
-		expect(mockIsSSLOrigin).toHaveBeenCalledWith(mockOrigin);
 		expect(mockCreateAuthFlowProofCookiesSetOptions).toHaveBeenCalledWith(
 			mockSetCookieOptions,
-			{
-				secure: true,
-			},
+			mockOrigin,
 		);
 		expect(mockAppendSetCookieHeaders).toHaveBeenCalledWith(
 			expect.any(Headers),

packages/adapter-nextjs/__tests__/auth/handlers/handleSignOutRequestForPagesRouter.test.ts

@@ -6,7 +6,6 @@ import {
 	createAuthFlowProofCookiesSetOptions,
 	createLogoutEndpoint,
 	createSignOutFlowProofCookies,
-	isSSLOrigin,
 	resolveRedirectSignOutUrl,
 } from '../../../src/auth/utils';
 import { createMockNextApiResponse } from '../testUtils';
@@ -24,7 +23,6 @@ const mockCreateSignOutFlowProofCookies = jest.mocked(
 	createSignOutFlowProofCookies,
 );
 const mockResolveRedirectSignOutUrl = jest.mocked(resolveRedirectSignOutUrl);
-const mockIsSSLOrigin = jest.mocked(isSSLOrigin);
 
 describe('handleSignOutRequest', () => {
 	const {
@@ -36,10 +34,6 @@ describe('handleSignOutRequest', () => {
 		mockResponse,
 	} = createMockNextApiResponse();
 
-	beforeAll(() => {
-		mockIsSSLOrigin.mockReturnValue(true);
-	});
-
 	afterEach(() => {
 		mockAppendSetCookieHeadersToNextApiResponse.mockClear();
 		mockCreateAuthFlowProofCookiesSetOptions.mockClear();
@@ -121,12 +115,9 @@ describe('handleSignOutRequest', () => {
 			expect.any(URLSearchParams),
 		);
 		expect(mockCreateSignOutFlowProofCookies).toHaveBeenCalled();
-		expect(mockIsSSLOrigin).toHaveBeenCalledWith(mockOrigin);
 		expect(mockCreateAuthFlowProofCookiesSetOptions).toHaveBeenCalledWith(
 			mockSetCookieOptions,
-			{
-				secure: true,
-			},
+			mockOrigin,
 		);
 	});
 });

packages/adapter-nextjs/__tests__/auth/utils/authFlowProofCookies.test.ts

@@ -43,7 +43,10 @@ describe('createAuthFlowProofCookiesSetOptions', () => {
 			sameSite: 'strict',
 		};
 
-		const options = createAuthFlowProofCookiesSetOptions(setCookieOptions);
+		const options = createAuthFlowProofCookiesSetOptions(
+			setCookieOptions,
+			'https://example.com',
+		);
 
 		expect(options).toEqual({
 			domain: setCookieOptions?.domain,
@@ -61,9 +64,10 @@ describe('createAuthFlowProofCookiesSetOptions', () => {
 			sameSite: 'strict',
 		};
 
-		const options = createAuthFlowProofCookiesSetOptions(setCookieOptions, {
-			secure: false,
-		});
+		const options = createAuthFlowProofCookiesSetOptions(
+			setCookieOptions,
+			'http://example.com',
+		);
 
 		expect(options).toEqual({
 			domain: setCookieOptions?.domain,

packages/adapter-nextjs/__tests__/auth/utils/tokenCookies.test.ts

@@ -83,7 +83,10 @@ describe('createTokenCookiesSetOptions', () => {
 			expires: new Date('2024-09-17'),
 		};
 
-		const result = createTokenCookiesSetOptions(mockSetCookieOptions);
+		const result = createTokenCookiesSetOptions(
+			mockSetCookieOptions,
+			'https://example.com',
+		);
 
 		expect(result).toEqual({
 			domain: mockSetCookieOptions.domain,
@@ -97,7 +100,7 @@ describe('createTokenCookiesSetOptions', () => {
 
 	it('returns an object with the default expiry and sameSite properties', () => {
 		const dateNowSpy = jest.spyOn(Date, 'now').mockReturnValue(0);
-		const result = createTokenCookiesSetOptions({});
+		const result = createTokenCookiesSetOptions({}, 'https://example.com');
 
 		expect(result).toEqual({
 			domain: undefined,
@@ -118,9 +121,10 @@ describe('createTokenCookiesSetOptions', () => {
 			expires: new Date('2024-09-17'),
 		};
 
-		const result = createTokenCookiesSetOptions(mockSetCookieOptions, {
-			secure: false,
-		});
+		const result = createTokenCookiesSetOptions(
+			mockSetCookieOptions,
+			'http://example.com',
+		);
 
 		expect(result).toEqual({
 			domain: mockSetCookieOptions.domain,

packages/adapter-nextjs/src/auth/handlers/handleSignInCallbackRequest.ts

@@ -96,7 +96,7 @@ export const handleSignInCallbackRequest: HandleSignInCallbackRequest = async ({
 			tokensPayload,
 			userPoolClientId,
 		}),
-		createTokenCookiesSetOptions(setCookieOptions),
+		createTokenCookiesSetOptions(setCookieOptions, origin),
 	);
 	appendSetCookieHeaders(
 		headers,

packages/adapter-nextjs/src/auth/handlers/handleSignInCallbackRequestForPagesRouter.ts

@@ -104,7 +104,7 @@ export const handleSignInCallbackRequestForPagesRouter: HandleSignInCallbackRequ
 				tokensPayload,
 				userPoolClientId,
 			}),
-			createTokenCookiesSetOptions(setCookieOptions),
+			createTokenCookiesSetOptions(setCookieOptions, origin),
 		);
 		appendSetCookieHeadersToNextApiResponse(
 			response,

packages/adapter-nextjs/src/auth/handlers/handleSignInSignUpRequest.ts

@@ -9,7 +9,6 @@ import {
 	createSignInFlowProofCookies,
 	createSignUpEndpoint,
 	createUrlSearchParamsForSignInSignUp,
-	isSSLOrigin,
 } from '../utils';
 
 import { HandleSignInSignUpRequest } from './types';
@@ -44,9 +43,7 @@ export const handleSignInSignUpRequest: HandleSignInSignUpRequest = ({
 	appendSetCookieHeaders(
 		headers,
 		createSignInFlowProofCookies({ state, pkce: codeVerifier.value }),
-		createAuthFlowProofCookiesSetOptions(setCookieOptions, {
-			secure: isSSLOrigin(origin),
-		}),
+		createAuthFlowProofCookiesSetOptions(setCookieOptions, origin),
 	);
 
 	return new Response(null, {

packages/adapter-nextjs/src/auth/handlers/handleSignInSignUpRequestForPagesRouter.ts

@@ -9,7 +9,6 @@ import {
 	createSignInFlowProofCookies,
 	createSignUpEndpoint,
 	createUrlSearchParamsForSignInSignUp,
-	isSSLOrigin,
 } from '../utils';
 
 import { HandleSignInSignUpRequestForPagesRouter } from './types';
@@ -38,9 +37,7 @@ export const handleSignInSignUpRequestForPagesRouter: HandleSignInSignUpRequestF
 		appendSetCookieHeadersToNextApiResponse(
 			response,
 			createSignInFlowProofCookies({ state, pkce: codeVerifier.value }),
-			createAuthFlowProofCookiesSetOptions(setCookieOptions, {
-				secure: isSSLOrigin(origin),
-			}),
+			createAuthFlowProofCookiesSetOptions(setCookieOptions, origin),
 		);
 
 		const redirectUrl =

packages/adapter-nextjs/src/auth/handlers/handleSignOutRequest.ts

@@ -6,7 +6,6 @@ import {
 	createAuthFlowProofCookiesSetOptions,
 	createLogoutEndpoint,
 	createSignOutFlowProofCookies,
-	isSSLOrigin,
 	resolveRedirectSignOutUrl,
 } from '../utils';
 
@@ -31,9 +30,7 @@ export const handleSignOutRequest: HandleSignOutRequest = ({
 	appendSetCookieHeaders(
 		headers,
 		createSignOutFlowProofCookies(),
-		createAuthFlowProofCookiesSetOptions(setCookieOptions, {
-			secure: isSSLOrigin(origin),
-		}),
+		createAuthFlowProofCookiesSetOptions(setCookieOptions, origin),
 	);
 
 	return new Response(null, {

packages/adapter-nextjs/src/auth/handlers/handleSignOutRequestForPagesRouter.ts

@@ -6,7 +6,6 @@ import {
 	createAuthFlowProofCookiesSetOptions,
 	createLogoutEndpoint,
 	createSignOutFlowProofCookies,
-	isSSLOrigin,
 	resolveRedirectSignOutUrl,
 } from '../utils';
 
@@ -22,9 +21,7 @@ export const handleSignOutRequestForPagesRouter: HandleSignOutRequestForPagesRou
 		appendSetCookieHeadersToNextApiResponse(
 			response,
 			createSignOutFlowProofCookies(),
-			createAuthFlowProofCookiesSetOptions(setCookieOptions, {
-				secure: isSSLOrigin(origin),
-			}),
+			createAuthFlowProofCookiesSetOptions(setCookieOptions, origin),
 		);
 
 		response.redirect(

packages/adapter-nextjs/src/auth/utils/authFlowProofCookies.ts

@@ -11,6 +11,8 @@ import {
 	STATE_COOKIE_NAME,
 } from '../constant';
 
+import { isSSLOrigin } from './origin';
+
 export const createSignInFlowProofCookies = ({
 	state,
 	pkce,
@@ -37,12 +39,12 @@ export const createSignOutFlowProofCookies = () => [
 
 export const createAuthFlowProofCookiesSetOptions = (
 	setCookieOptions: CookieStorage.SetCookieOptions,
-	overrides?: Pick<CookieStorage.SetCookieOptions, 'secure'>,
+	origin: string,
 ) => ({
 	domain: setCookieOptions?.domain,
 	path: '/',
 	httpOnly: true,
-	secure: overrides?.secure ?? true,
+	secure: isSSLOrigin(origin),
 	sameSite: 'lax' as const,
 	maxAge: AUTH_FLOW_PROOF_MAX_AGE,
 });