Allow cookies in shopper login API (#2190)

* Allow cookies in shopper login API
SalesforceCommerceCloud · Jan 13, 2025 · 3ebf7c7 · 3ebf7c7
1 parent 66bbdbc
commit 3ebf7c7
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 3 deletions.
diff --git a/packages/commerce-sdk-react/CHANGELOG.md b/packages/commerce-sdk-react/CHANGELOG.md
@@ -1,4 +1,5 @@
 ## v3.2.0-dev (Oct 29, 2024)
+- Allow cookies for ShopperLogin API [#2190](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2190
 - Fix refresh token TTL warning from firing when override is not provided [#2114](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2114)
 
 - Update CacheUpdateMatrix for mergeBasket mutation [#2138](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2092)

diff --git a/packages/commerce-sdk-react/src/auth/index.test.ts b/packages/commerce-sdk-react/src/auth/index.test.ts
@@ -7,15 +7,15 @@
 import Auth, {AuthData} from './'
 import {waitFor} from '@testing-library/react'
 import jwt from 'jsonwebtoken'
-import {helpers, ShopperCustomersTypes} from 'commerce-sdk-isomorphic'
+import {helpers, ShopperCustomersTypes, ShopperLogin} from 'commerce-sdk-isomorphic'
 import * as utils from '../utils'
 import {SLAS_SECRET_PLACEHOLDER} from '../constant'
 import {ShopperLoginTypes} from 'commerce-sdk-isomorphic'
 import {
     DEFAULT_SLAS_REFRESH_TOKEN_REGISTERED_TTL,
     DEFAULT_SLAS_REFRESH_TOKEN_GUEST_TTL
 } from './index'
-import {RequireKeys} from '../hooks/types'
+import {ApiClientConfigParams, RequireKeys} from '../hooks/types'
 
 const baseCustomer: RequireKeys<ShopperCustomersTypes.Customer, 'login'> = {
     customerId: 'customerId',
@@ -720,3 +720,87 @@ describe('Auth', () => {
         })
     })
 })
+
+describe('Auth service sends credentials fetch option to the ShopperLogin API', () => {
+    beforeEach(() => {
+        jest.clearAllMocks()
+    })
+
+    test('Adds fetch options with credentials when not defined in config', async () => {
+        const auth = new Auth(config)
+        await auth.loginGuestUser()
+
+        // Ensure the helper method was called
+        expect(helpers.loginGuestUser).toHaveBeenCalled()
+        expect(helpers.loginGuestUser).toHaveBeenCalledTimes(1)
+
+        // Check that the correct parameters were passed to the helper
+        const callArguments = (helpers.loginGuestUser as jest.Mock).mock.calls[0]
+        expect(callArguments).toBeDefined()
+        expect(callArguments.length).toBeGreaterThan(0)
+
+        const shopperLogin: ShopperLogin<ApiClientConfigParams> = callArguments[0]
+        expect(shopperLogin).toBeDefined()
+        expect(shopperLogin.clientConfig).toBeDefined()
+        expect(shopperLogin.clientConfig.fetchOptions).toBeDefined()
+
+        // Ensure fetch options include the expected credentials
+        expect(shopperLogin.clientConfig.fetchOptions.credentials).toBe('same-origin')
+    })
+
+    test('Does not override the credentials in fetch options if already exists', async () => {
+        const configWithFetchOptions = {
+            ...config,
+            fetchOptions: {
+                credentials: 'include'
+            }
+        }
+        const auth = new Auth(configWithFetchOptions)
+        await auth.loginGuestUser()
+
+        // Ensure the helper method was called
+        expect(helpers.loginGuestUser).toHaveBeenCalled()
+        expect(helpers.loginGuestUser).toHaveBeenCalledTimes(1)
+
+        // Check that the correct parameters were passed to the helper
+        const callArguments = (helpers.loginGuestUser as jest.Mock).mock.calls[0]
+        expect(callArguments).toBeDefined()
+        expect(callArguments.length).toBeGreaterThan(0)
+
+        const shopperLogin: ShopperLogin<ApiClientConfigParams> = callArguments[0]
+        expect(shopperLogin).toBeDefined()
+        expect(shopperLogin.clientConfig).toBeDefined()
+        expect(shopperLogin.clientConfig.fetchOptions).toBeDefined()
+
+        // Ensure fetch options include the expected credentials
+        expect(shopperLogin.clientConfig.fetchOptions.credentials).toBe('include')
+    })
+
+    test('Adds credentials to the fetch options if it is missing', async () => {
+        const configWithFetchOptions = {
+            ...config,
+            fetchOptions: {
+                cache: 'no-cache'
+            }
+        }
+        const auth = new Auth(configWithFetchOptions)
+        await auth.loginGuestUser()
+
+        // Ensure the helper method was called
+        expect(helpers.loginGuestUser).toHaveBeenCalled()
+        expect(helpers.loginGuestUser).toHaveBeenCalledTimes(1)
+
+        // Check that the correct parameters were passed to the helper
+        const callArguments = (helpers.loginGuestUser as jest.Mock).mock.calls[0]
+        expect(callArguments).toBeDefined()
+        expect(callArguments.length).toBeGreaterThan(0)
+
+        const shopperLogin: ShopperLogin<ApiClientConfigParams> = callArguments[0]
+        expect(shopperLogin).toBeDefined()
+        expect(shopperLogin.clientConfig).toBeDefined()
+        expect(shopperLogin.clientConfig.fetchOptions).toBeDefined()
+
+        // Ensure fetch options include the expected credentials
+        expect(shopperLogin.clientConfig.fetchOptions.credentials).toBe('same-origin')
+    })
+})
diff --git a/packages/commerce-sdk-react/src/auth/index.ts b/packages/commerce-sdk-react/src/auth/index.ts
@@ -218,7 +218,13 @@ class Auth {
                 siteId: config.siteId
             },
             throwOnBadResponse: true,
-            fetchOptions: config.fetchOptions
+            // We need to set credentials to 'same-origin' to allow cookies to be set.
+            // This is required as SLAS calls return a dwsid cookie for hybrid sites.
+            // The dwsid value is then passed to the SCAPI as a header maintain the server affinity.
+            fetchOptions: {
+                credentials: 'same-origin',
+                ...config.fetchOptions
+            }
         })
         this.shopperCustomersClient = new ShopperCustomers({
             proxy: config.proxy,