From 075fd68cdeabdbcb49d08edb03a763116c8dd11a Mon Sep 17 00:00:00 2001 From: Barkley Trimsworth Date: Fri, 3 Apr 2026 02:08:52 +0000 Subject: [PATCH] fix(e2e): use lean schema for OIDC test endpoint; add trailing newline MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix CTO review comments on GRO-392: - POST /api/setup/auth-provider/test now uses authProviderTestSchema (only issuerUrl + internalBaseUrl) instead of full authProviderBootstrapSchema — clientSecret is not needed for OIDC discovery and was not being sent by the frontend handler - POST /api/admin/auth-provider/test already uses omit() correctly; no change needed - apps/api/src/routes/admin/authProvider.ts: added trailing newline Co-Authored-By: Paperclip --- apps/api/src/routes/admin/authProvider.ts | 2 +- apps/api/src/routes/setup.ts | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/api/src/routes/admin/authProvider.ts b/apps/api/src/routes/admin/authProvider.ts index fa7b79c..e8acd15 100644 --- a/apps/api/src/routes/admin/authProvider.ts +++ b/apps/api/src/routes/admin/authProvider.ts @@ -187,4 +187,4 @@ authProviderRouter.delete("/", requireSuperUser(), async (c) => { await db.delete(authProviderConfig).where(eq(authProviderConfig.id, existing.id)); return c.json({ ok: true, message: "Auth provider config removed; auth will fall back to env vars" }); -}); \ No newline at end of file +}); diff --git a/apps/api/src/routes/setup.ts b/apps/api/src/routes/setup.ts index 87d0fcb..775ab1f 100644 --- a/apps/api/src/routes/setup.ts +++ b/apps/api/src/routes/setup.ts @@ -110,6 +110,12 @@ const authProviderBootstrapSchema = z.object({ scopes: z.string().default("openid profile email"), }); +// Minimal schema for test endpoint — OIDC discovery only needs issuer/internal URLs +const authProviderTestSchema = z.object({ + issuerUrl: z.string().url(), + internalBaseUrl: z.string().url().nullable().optional(), +}); + /** * POST /api/setup/auth-provider * Unauthenticated endpoint for first-time auth provider setup during OOBE. @@ -186,7 +192,7 @@ setupRouter.post("/auth-provider", zValidator("json", authProviderBootstrapSchem * Fetches the OIDC discovery document to confirm the issuer is reachable. * Only available when needsSetup is true (no super user = fresh install). */ -setupRouter.post("/auth-provider/test", zValidator("json", authProviderBootstrapSchema), async (c) => { +setupRouter.post("/auth-provider/test", zValidator("json", authProviderTestSchema), async (c) => { const db = getDb(); // Guard: only allow during fresh install (no super user yet)