safe-global / safe-client-gateway / 23588612769

coverage: 89.558% (-0.04%) from 89.597%
23588612769

push

github

web-flow 
Epic/email auth (#2989)

* feat(auth): extend JWT payload (#2971)

* feat(auth): extend JWT payload with RFC 7519 registered claims

Standardize CGW JWT to use registered claims (sub, aud, auth_method)
instead of inferring auth type from field presence. This is a breaking
change that invalidates existing SIWE sessions.

- Add discriminated union schema on auth_method (siwe/oidc)
- Add sub claim (numeric user ID) and aud claim to JWT
- Auto-create user on first SIWE login via findOrCreateByWalletAddress
- Add audience validation at JWT library level
- Reject legacy tokens missing auth_method/sub fields

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: formatting

* refactor: rename from authPayloadDtoBuilder to siweAuthPayloadDtoBuilder

* test: enhance AuthPayload entity tests for SIWE and OIDC payloads

* fix: formatting

* docs: remove unnecessary comment

* test: refactor SpacesService tests to use siweAuthPayloadDtoBuilder for auth payloads

* refactor: extract TestUsersModule

* fix: remove unused import

* test: integrate UsersModule and enhance auth payload assertions in NotificationsController tests

* refactor: update AuthRepository to use new AuthPayloadWithClaimsDtoSchema for token decoding

- Removed unused imports and simplified the decodeToken method to utilize the new AuthPayloadWithClaimsDtoSchema.
- Introduced AuthPayloadWithClaimsDtoSchema to extend JWT claims with SIWE and OIDC payloads in the auth-payload.entity.ts file.

* chore: add license headers

* test: add integration tests for findOrCreateByWalletAddress

* fix: handle race condition in findOrCreateByWalletAddress

Catch the unique constraint violation (UQ_wallet_address) that can occur
when two concurrent SIWE logins for the same address both pass the
initial find check and attempt to insert. On conflict, retry the lookup.

* refactor: omit sub from JwtClaimsSchema in AuthPayloadWithClaimsDtoSchema

The auth payload schemas define sub as a required NumericSt... (continued)

3185 of 4002 branches covered (79.59%)

Branch coverage included in aggregate %.

291 of 298 new or added lines in 36 files covered. (97.65%)

53 existing lines in 15 files now uncovered.

15083 of 16396 relevant lines covered (91.99%)

602.55 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

75.0
/src/modules/csv-export/v1/csv-export.controller.ts


Source Not Available