From 2604ed3efd8248d574d6aff68b539678d7483129 Mon Sep 17 00:00:00 2001 From: Julien Gautier Date: Thu, 14 May 2026 15:28:32 +0200 Subject: [PATCH] fix(portal-bff): use the real portal-admin dev port (4300) in admin-flow references MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR #129 baked `4201` into a few comments and test fixtures as the admin SPA's dev port. The actual port wired in `apps/portal-admin/project.json` `serve.options.port` is `4300` — the Nx serve target listens on 4300 in dev. Aligning the references so a contributor reading `.env.example` or the test fixtures sees the same number their browser is hitting. Touched: - `apps/portal-bff/.env.example` — `ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI` default + the surrounding comment. - `apps/portal-bff/src/config/check-cors-allowlist.ts` — stale doc-comment that pre-dated the portal-admin scaffolding. - `auth.module.spec.ts`, `auth.controller.spec.ts`, `auth.service.spec.ts`, `admin-auth.controller.spec.ts`, `check-entra-config.spec.ts` — fixture `adminPostLogoutRedirectUri` values. Tests don't depend on the port; aligned for clarity only. No behaviour change. 278 specs still pass. --- apps/portal-bff/.env.example | 5 +++-- apps/portal-bff/src/admin/admin-auth.controller.spec.ts | 2 +- apps/portal-bff/src/auth/auth.controller.spec.ts | 2 +- apps/portal-bff/src/auth/auth.module.spec.ts | 2 +- apps/portal-bff/src/auth/auth.service.spec.ts | 2 +- apps/portal-bff/src/config/check-cors-allowlist.ts | 5 +++-- apps/portal-bff/src/config/check-entra-config.spec.ts | 2 +- 7 files changed, 11 insertions(+), 9 deletions(-) diff --git a/apps/portal-bff/.env.example b/apps/portal-bff/.env.example index 2df0dae..4ee0412 100644 --- a/apps/portal-bff/.env.example +++ b/apps/portal-bff/.env.example @@ -67,9 +67,10 @@ ENTRA_POST_LOGOUT_REDIRECT_URI=http://localhost:4200/ # session. Both `ENTRA_REDIRECT_URI` and `ENTRA_ADMIN_REDIRECT_URI` # must be registered in the same Entra app registration's # "Redirect URIs" list. Distinct post-logout URL routes admin -# sign-outs to the admin SPA's landing page (port 4201 in dev). +# sign-outs to the admin SPA's landing page (port 4300 in dev — see +# apps/portal-admin/project.json `serve.options.port`). ENTRA_ADMIN_REDIRECT_URI=http://localhost:3000/api/admin/auth/callback -ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI=http://localhost:4201/ +ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI=http://localhost:4300/ # Cookie signing secret (per ADR-0009 §"Cookies"). Used to sign the # transient pre-auth cookie that carries the OIDC `state` + PKCE diff --git a/apps/portal-bff/src/admin/admin-auth.controller.spec.ts b/apps/portal-bff/src/admin/admin-auth.controller.spec.ts index f5d7870..71bceaf 100644 --- a/apps/portal-bff/src/admin/admin-auth.controller.spec.ts +++ b/apps/portal-bff/src/admin/admin-auth.controller.spec.ts @@ -16,7 +16,7 @@ const ENTRA: EntraConfig = { redirectUri: 'http://localhost:3000/api/auth/callback', postLogoutRedirectUri: 'http://localhost:4200/', adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback', - adminPostLogoutRedirectUri: 'http://localhost:4201/', + adminPostLogoutRedirectUri: 'http://localhost:4300/', authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee', }; diff --git a/apps/portal-bff/src/auth/auth.controller.spec.ts b/apps/portal-bff/src/auth/auth.controller.spec.ts index 3e72138..9b09437 100644 --- a/apps/portal-bff/src/auth/auth.controller.spec.ts +++ b/apps/portal-bff/src/auth/auth.controller.spec.ts @@ -17,7 +17,7 @@ const ENTRA: EntraConfig = { redirectUri: 'http://localhost:3000/api/auth/callback', postLogoutRedirectUri: 'http://localhost:4200/', adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback', - adminPostLogoutRedirectUri: 'http://localhost:4201/', + adminPostLogoutRedirectUri: 'http://localhost:4300/', authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee', }; diff --git a/apps/portal-bff/src/auth/auth.module.spec.ts b/apps/portal-bff/src/auth/auth.module.spec.ts index 9490a6c..855d9ee 100644 --- a/apps/portal-bff/src/auth/auth.module.spec.ts +++ b/apps/portal-bff/src/auth/auth.module.spec.ts @@ -43,7 +43,7 @@ const VALID = { ENTRA_REDIRECT_URI: 'http://localhost:3000/api/auth/callback', ENTRA_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4200/', ENTRA_ADMIN_REDIRECT_URI: 'http://localhost:3000/api/admin/auth/callback', - ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4201/', + ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4300/', // Well-formed but unreachable Redis URL — `ioredis` opens the // socket lazily so the module compiles without any network access. REDIS_URL: 'redis://default:test-pass@127.0.0.1:65535/0', diff --git a/apps/portal-bff/src/auth/auth.service.spec.ts b/apps/portal-bff/src/auth/auth.service.spec.ts index 09a3f2e..685e872 100644 --- a/apps/portal-bff/src/auth/auth.service.spec.ts +++ b/apps/portal-bff/src/auth/auth.service.spec.ts @@ -12,7 +12,7 @@ const ENTRA: EntraConfig = { redirectUri: 'http://localhost:3000/api/auth/callback', postLogoutRedirectUri: 'http://localhost:4200/', adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback', - adminPostLogoutRedirectUri: 'http://localhost:4201/', + adminPostLogoutRedirectUri: 'http://localhost:4300/', authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee', }; diff --git a/apps/portal-bff/src/config/check-cors-allowlist.ts b/apps/portal-bff/src/config/check-cors-allowlist.ts index 470b3cb..7c477bb 100644 --- a/apps/portal-bff/src/config/check-cors-allowlist.ts +++ b/apps/portal-bff/src/config/check-cors-allowlist.ts @@ -21,8 +21,9 @@ * Production should set `CORS_ALLOWED_ORIGINS` to the SPA / admin * SPA's deploy origins (e.g. * `https://portal.apf.example,https://admin.portal.apf.example`). - * Dev `.env` lists `http://localhost:4200` (and 4201 once - * portal-admin grows a dev server). + * Dev `.env` lists `http://localhost:4200` (portal-shell) and + * `http://localhost:4300` (portal-admin) — see + * apps/portal-admin/project.json `serve.options.port`. */ export function readCorsAllowlist(): readonly string[] { const raw = process.env['CORS_ALLOWED_ORIGINS']; diff --git a/apps/portal-bff/src/config/check-entra-config.spec.ts b/apps/portal-bff/src/config/check-entra-config.spec.ts index 4c36260..23469bc 100644 --- a/apps/portal-bff/src/config/check-entra-config.spec.ts +++ b/apps/portal-bff/src/config/check-entra-config.spec.ts @@ -8,7 +8,7 @@ const VALID = { ENTRA_REDIRECT_URI: 'http://localhost:3000/api/auth/callback', ENTRA_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4200/', ENTRA_ADMIN_REDIRECT_URI: 'http://localhost:3000/api/admin/auth/callback', - ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4201/', + ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4300/', }; describe('assertEntraConfig', () => {