Fix axios session credentials#531
Open
Tanish-Solanki wants to merge 2 commits into
Open
Conversation
✅ Deploy Preview for github-spy ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Contributor
📝 WalkthroughWalkthroughThe PR fixes a critical authentication bug where session cookies were not persisted due to missing credential flags, enforces minimum password length validation in the backend schema, aligns frontend validation rules with backend requirements, and refactors Navbar tests to use accessibility-driven assertions. ChangesAuthentication Credentials & Validation
Navbar Test Accessibility
Sequence DiagramsequenceDiagram
participant Browser
participant LoginForm as Login Component
participant AxiosClient as Axios (withCredentials)
participant AuthAPI as Backend Auth Endpoint
participant SessionStore as Session Store
Browser->>LoginForm: Submit credentials
LoginForm->>AxiosClient: POST /api/auth/login (withCredentials: true)
AxiosClient->>AuthAPI: Include session cookie in request
AuthAPI->>SessionStore: Validate and create session
SessionStore->>AuthAPI: Session created, Set-Cookie header
AuthAPI->>AxiosClient: 200 + Set-Cookie response
AxiosClient->>Browser: Store session cookie via credentials flag
Browser->>LoginForm: Login successful, navigate to /
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~35 minutes Possibly related issues
Possibly related PRs
Suggested labels
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
Author
|
Hi @mehul-m-prajapati, |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/pages/Signup/Signup.tsx`:
- Around line 67-69: The live (change-time) username validation in the Signup
component is out of sync with the submit-time validation: update the change-time
check that references formData.username so it uses the same regex
/^[a-zA-Z0-9_]+$/ and update the corresponding error message from "Only letters
are allowed" to "Username can only contain letters, numbers, and underscores"
(or otherwise match the submit-time message) so both validations accept digits
and underscores consistently.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 43cc1e27-bb52-465f-bff8-3679c13df998
📒 Files selected for processing (5)
backend/validators/authValidator.jssrc/components/__test__/Navbar.test.tsxsrc/main.tsxsrc/pages/Login/Login.tsxsrc/pages/Signup/Signup.tsx
Comment on lines
+67
to
+69
| : !/^[a-zA-Z0-9_]+$/.test(formData.username) | ||
| ? "Username can only contain letters, numbers, and underscores" | ||
| : ""; |
Contributor
There was a problem hiding this comment.
Keep change-time username validation in sync with submit validation.
Lines 67-69 now accept digits and underscores, but the live validation at Line 42 still rejects them with "Only letters are allowed". That leaves usernames like user_1 showing an error while typing even though submit accepts them.
Suggested fix
if (name === "username") {
if (!value.trim()) {
errorMessage = "Username is required";
- } else if (!/^[A-Za-z\s]+$/.test(value)) {
- errorMessage = "Only letters are allowed";
+ } else if (!/^[a-zA-Z0-9_]+$/.test(value)) {
+ errorMessage = "Username can only contain letters, numbers, and underscores";
}
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| : !/^[a-zA-Z0-9_]+$/.test(formData.username) | |
| ? "Username can only contain letters, numbers, and underscores" | |
| : ""; | |
| if (name === "username") { | |
| if (!value.trim()) { | |
| errorMessage = "Username is required"; | |
| } else if (!/^[a-zA-Z0-9_]+$/.test(value)) { | |
| errorMessage = "Username can only contain letters, numbers, and underscores"; | |
| } | |
| } |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/pages/Signup/Signup.tsx` around lines 67 - 69, The live (change-time)
username validation in the Signup component is out of sync with the submit-time
validation: update the change-time check that references formData.username so it
uses the same regex /^[a-zA-Z0-9_]+$/ and update the corresponding error message
from "Only letters are allowed" to "Username can only contain letters, numbers,
and underscores" (or otherwise match the submit-time message) so both
validations accept digits and underscores consistently.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related Issue
Description
Fixed authentication session persistence issues caused by Axios requests not sending credentials/cookies to the backend. Also aligned frontend and backend validation logic to eliminate contradictory signup validation behavior and updated broken mobile navigation tests.
Frontend Changes
Global Axios Configuration
axios.defaults.withCredentials = trueinmain.tsxconnect.sid) are correctly stored and sent with future requestsAuthentication Requests
{ withCredentials: true }to login requests inLogin.tsx{ withCredentials: true }to signup requests inSignup.tsxValidation Alignment
Updated frontend validation patterns in
Signup.tsxto exactly match backend validation rules:Username Validation
/^[A-Za-z\s]+$//^[a-zA-Z0-9_]+$/Password Validation
Updated frontend password regex to:
/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$/Requires:
Backend Changes
Validator Regex Fix
authValidator.js{8,}+to{8,}Testing & QA
Navbar Mobile Tests
Updated
Navbar.test.tsxto reflect the current navbar structure:aria-labelAutomated Testing
npx vitest runBuild Validation
npm run buildHow Has This Been Tested?
Type of Change
Summary by CodeRabbit
Release Notes
Bug Fixes
Tests