fix(portal-bff): use the real portal-admin dev port (4300) in admin-flow references
PR #129 baked `4201` into a few comments and test fixtures as the admin SPA's dev port. The actual port wired in `apps/portal-admin/project.json` `serve.options.port` is `4300` — the Nx serve target listens on 4300 in dev. Aligning the references so a contributor reading `.env.example` or the test fixtures sees the same number their browser is hitting. Touched: - `apps/portal-bff/.env.example` — `ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI` default + the surrounding comment. - `apps/portal-bff/src/config/check-cors-allowlist.ts` — stale doc-comment that pre-dated the portal-admin scaffolding. - `auth.module.spec.ts`, `auth.controller.spec.ts`, `auth.service.spec.ts`, `admin-auth.controller.spec.ts`, `check-entra-config.spec.ts` — fixture `adminPostLogoutRedirectUri` values. Tests don't depend on the port; aligned for clarity only. No behaviour change. 278 specs still pass.
This commit is contained in:
@@ -67,9 +67,10 @@ ENTRA_POST_LOGOUT_REDIRECT_URI=http://localhost:4200/
|
|||||||
# session. Both `ENTRA_REDIRECT_URI` and `ENTRA_ADMIN_REDIRECT_URI`
|
# session. Both `ENTRA_REDIRECT_URI` and `ENTRA_ADMIN_REDIRECT_URI`
|
||||||
# must be registered in the same Entra app registration's
|
# must be registered in the same Entra app registration's
|
||||||
# "Redirect URIs" list. Distinct post-logout URL routes admin
|
# "Redirect URIs" list. Distinct post-logout URL routes admin
|
||||||
# sign-outs to the admin SPA's landing page (port 4201 in dev).
|
# sign-outs to the admin SPA's landing page (port 4300 in dev — see
|
||||||
|
# apps/portal-admin/project.json `serve.options.port`).
|
||||||
ENTRA_ADMIN_REDIRECT_URI=http://localhost:3000/api/admin/auth/callback
|
ENTRA_ADMIN_REDIRECT_URI=http://localhost:3000/api/admin/auth/callback
|
||||||
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI=http://localhost:4201/
|
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI=http://localhost:4300/
|
||||||
|
|
||||||
# Cookie signing secret (per ADR-0009 §"Cookies"). Used to sign the
|
# Cookie signing secret (per ADR-0009 §"Cookies"). Used to sign the
|
||||||
# transient pre-auth cookie that carries the OIDC `state` + PKCE
|
# transient pre-auth cookie that carries the OIDC `state` + PKCE
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ const ENTRA: EntraConfig = {
|
|||||||
redirectUri: 'http://localhost:3000/api/auth/callback',
|
redirectUri: 'http://localhost:3000/api/auth/callback',
|
||||||
postLogoutRedirectUri: 'http://localhost:4200/',
|
postLogoutRedirectUri: 'http://localhost:4200/',
|
||||||
adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback',
|
adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback',
|
||||||
adminPostLogoutRedirectUri: 'http://localhost:4201/',
|
adminPostLogoutRedirectUri: 'http://localhost:4300/',
|
||||||
authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
|
authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ const ENTRA: EntraConfig = {
|
|||||||
redirectUri: 'http://localhost:3000/api/auth/callback',
|
redirectUri: 'http://localhost:3000/api/auth/callback',
|
||||||
postLogoutRedirectUri: 'http://localhost:4200/',
|
postLogoutRedirectUri: 'http://localhost:4200/',
|
||||||
adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback',
|
adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback',
|
||||||
adminPostLogoutRedirectUri: 'http://localhost:4201/',
|
adminPostLogoutRedirectUri: 'http://localhost:4300/',
|
||||||
authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
|
authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ const VALID = {
|
|||||||
ENTRA_REDIRECT_URI: 'http://localhost:3000/api/auth/callback',
|
ENTRA_REDIRECT_URI: 'http://localhost:3000/api/auth/callback',
|
||||||
ENTRA_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4200/',
|
ENTRA_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4200/',
|
||||||
ENTRA_ADMIN_REDIRECT_URI: 'http://localhost:3000/api/admin/auth/callback',
|
ENTRA_ADMIN_REDIRECT_URI: 'http://localhost:3000/api/admin/auth/callback',
|
||||||
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4201/',
|
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4300/',
|
||||||
// Well-formed but unreachable Redis URL — `ioredis` opens the
|
// Well-formed but unreachable Redis URL — `ioredis` opens the
|
||||||
// socket lazily so the module compiles without any network access.
|
// socket lazily so the module compiles without any network access.
|
||||||
REDIS_URL: 'redis://default:test-pass@127.0.0.1:65535/0',
|
REDIS_URL: 'redis://default:test-pass@127.0.0.1:65535/0',
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ const ENTRA: EntraConfig = {
|
|||||||
redirectUri: 'http://localhost:3000/api/auth/callback',
|
redirectUri: 'http://localhost:3000/api/auth/callback',
|
||||||
postLogoutRedirectUri: 'http://localhost:4200/',
|
postLogoutRedirectUri: 'http://localhost:4200/',
|
||||||
adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback',
|
adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback',
|
||||||
adminPostLogoutRedirectUri: 'http://localhost:4201/',
|
adminPostLogoutRedirectUri: 'http://localhost:4300/',
|
||||||
authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
|
authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -21,8 +21,9 @@
|
|||||||
* Production should set `CORS_ALLOWED_ORIGINS` to the SPA / admin
|
* Production should set `CORS_ALLOWED_ORIGINS` to the SPA / admin
|
||||||
* SPA's deploy origins (e.g.
|
* SPA's deploy origins (e.g.
|
||||||
* `https://portal.apf.example,https://admin.portal.apf.example`).
|
* `https://portal.apf.example,https://admin.portal.apf.example`).
|
||||||
* Dev `.env` lists `http://localhost:4200` (and 4201 once
|
* Dev `.env` lists `http://localhost:4200` (portal-shell) and
|
||||||
* portal-admin grows a dev server).
|
* `http://localhost:4300` (portal-admin) — see
|
||||||
|
* apps/portal-admin/project.json `serve.options.port`.
|
||||||
*/
|
*/
|
||||||
export function readCorsAllowlist(): readonly string[] {
|
export function readCorsAllowlist(): readonly string[] {
|
||||||
const raw = process.env['CORS_ALLOWED_ORIGINS'];
|
const raw = process.env['CORS_ALLOWED_ORIGINS'];
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ const VALID = {
|
|||||||
ENTRA_REDIRECT_URI: 'http://localhost:3000/api/auth/callback',
|
ENTRA_REDIRECT_URI: 'http://localhost:3000/api/auth/callback',
|
||||||
ENTRA_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4200/',
|
ENTRA_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4200/',
|
||||||
ENTRA_ADMIN_REDIRECT_URI: 'http://localhost:3000/api/admin/auth/callback',
|
ENTRA_ADMIN_REDIRECT_URI: 'http://localhost:3000/api/admin/auth/callback',
|
||||||
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4201/',
|
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4300/',
|
||||||
};
|
};
|
||||||
|
|
||||||
describe('assertEntraConfig', () => {
|
describe('assertEntraConfig', () => {
|
||||||
|
|||||||
Reference in New Issue
Block a user