Ability to override Collection Auth

[lil5]

1. I set the Collection Auth to bearer token
2. I click on a request and go to the Auth tab

Expected result

I expect a list starting with Collection default - Bearer Token (selected), AWS sigV4, Basic Auth, Bearer Token, No Auth.

Result

I get this list: AWS sigV4, Basic Auth, Bearer Token, No Auth (selected).

When No Auth is selected, the Collection default is used. I think this is confusing.

[DaPutzy]

Yes, i was confused by this as well. Postman called the default "inherit auth from parent" which worked well enough to get across whats happening.

[btgs-0]

Hi. I have a WIP feature branch to implement a specific auth selection for this case: https://github.com/btgs-0/bruno/tree/feature/auth-from-collection

Let me know what you think

[lil5]

@btgs-0 The code looks good!

---

I'm unable to build your fork, I believe its due to the way the electron packages/bruno-electron/package.json doesn't install any @usebruno/* packages with npm i (I had a look at the ls -ahl packages/bruno-electron/node_modules).

I'm probably forgetting an install step.

Application log:

Uncaught Exception:
Error: Cannot find module '/Users/lil5/Desktop/bruno/packages/bruno-electron/out/mac-arm64/Bruno.app/Contents/Resources/app.asar/node_modules/@usebruno/query/dist/cjs/index.js'. Please verify that the package.json has a valid "main" entry
at tryPackage (node:internal/modules/cjs/loader:360:19)
at Module._findPath (node:internal/modules/cjs/loader:573:18)
at Module._resolveFilename (node:internal/modules/cjs/loader:926:27)
at n._resolveFilename (node:electron/js2c/browser_init:249:1105)
at Module._load (node:internal/modules/cjs/loader:785:27)
at c._load (node:electron/js2c/asar_bundle:5:13339)
at Module.require (node:internal/modules/cjs/loader:1012:19)
at require (node:internal/modules/cjs/helpers:102:18)
at Object.<anonymous> (/Users/lil5/Desktop/bruno/packages/bruno-electron/out/mac-arm64/Bruno.app/Contents/Resources/app.asar/node_modules/@usebruno/js/src/utils.js:2:17)
at Module._compile (node:internal/modules/cjs/loader:1120:14)

[lil5]

@btgs-0 to change this from a breaking change to a feature (see https://semver.org )

I suggest adding a migration (bruno.json version: 1.1 -> 1.2 ) to change none to parent in bru files, this would keep the current functionality (see: packages/bruno-electron/src/ipc/network/prepare-request.js:left-11 main...btgs-0:bruno:feature/auth-from-collection#diff-51d1d24aec5f93461b5fdbe155fc8ef7c6b8766f169ba03a41f5ef05dacc24e6 ).

[btgs-0]

@lil5 that's a great idea, thanks. Your comment compelled me to double check export function and I've found that my branch does not export the collection auth to .bru correctly

[btgs-0]

I've opened a draft pull request: #907

[lil5]

To keep it on version 1 the auth schema could include a

const authSchema = Yup.object({
  mode: Yup.string().oneOf(['none', 'awsv4', 'basic', 'bearer', 'digest']).required('mode is required'),
+  collectionOverride: Yup.boolean().nullable(),
  awsv4: authAwsV4Schema.nullable(),
  basic: authBasicSchema.nullable(),
  bearer: authBearerSchema.nullable(),
  digest: authDigestSchema.nullable()
})

https://github.com/usebruno/bruno/blob/main/packages/bruno-schema/src/collections/index.js

that way you don't need to include any difficult migration logic.

[btgs-0]

@lil5 will my branch cause a breaking change in the auth schema? since new auth type only applies to new requests, and I've only changed the schema to add the new auth type to it

const authSchema = Yup.object({
+ mode: Yup.string().oneOf(['none', 'awsv4', 'basic', 'bearer', 'digest', 'parent']).required('mode is required'),
  awsv4: authAwsV4Schema.nullable(),
  basic: authBasicSchema.nullable(),
  bearer: authBearerSchema.nullable(),
  digest: authDigestSchema.nullable()
})
  .noUnknown(true)
  .strict();

[lil5]

It will break old Bruno projects (where the bru files contain auth type none) that rely on auth type none to default to the collection auth.

These are hard decisions the project owner ( @helloanoop ?) should make:

1. Add a migration function that reads the bruno.json file for which version it is and, on the users permission, migrate the collection to the latest format.
2. Add a key to the auth schema, it's more messy but it works (see my above comment).
3. Handles both version 1 and 2 or 1.2 and only fix this issue on the next version. (Like how docker compose can read version 2 & 3 yaml)
4. Break it for the old version anyway. (It's still early days)
5. Any other suggestions?

I'm personally for option 4 or 3 in that order.

[shille]

Postman carries Auth at the Folder level, can we please implement this where Parent has Auth and all levels can inherit from the parent be it the folder or the collection if it is the parent. This should be supported for the Postman import as well. Can raise a new feature request if required.

[lil5]

@shille
Although adding folder level auth, is good to keep in mind! It requires a lot more change in the frontend unless Anoop is up for reviewing a much larger PR I suggest splitting your suggestion to a separate issue/pr

[btgs-0]

@shille it's a good idea, but like @lil5 said I think it would be better as a separate issue/pr. If my pr #907 gets pulled in it would cover 90+% of use cases

[sanjai0py]

This PR implementing the feature has already been merged and released in v1.10.0.

Now, there is an option in the request auth panel where the user can select Inherit, which inherits the auth used in the parent collection.

Screen.Recording.2024-07-02.at.12.06.20.PM.mov