fix(auth): add sessionStorage fallback for web auto-login

- add shared token store backend with local/session/memory fallback - cover fallback behavior with flutter unit tests - add wasm e2e coverage for sessionStorage login state - document mobile installed webapp auto-login policy
2026-03-30 18:02:34 +09:00
parent 2f893a6d9e
commit 72551e5f9d
6 changed files with 344 additions and 74 deletions
--- a/userfront-e2e/playwright.config.ts
+++ b/userfront-e2e/playwright.config.ts
@@ -21,13 +21,20 @@ export default defineConfig({
    screenshot: 'only-on-failure',
    video: 'retain-on-failure',
    locale: process.env.LOCALE ?? 'ko-KR',
-    serviceWorkers: 'block',
  },
  projects: [
    {
-      name: 'chromium',
+      name: 'chromium-desktop',
      use: {
        ...devices['Desktop Chrome'],
+        serviceWorkers: 'block',
+      },
+    },
+    {
+      name: 'chromium-mobile-webapp',
+      use: {
+        ...devices['Pixel 7'],
+        serviceWorkers: 'allow',
      },
    },
  ],
--- a/userfront-e2e/tests/auth-routing.spec.ts
+++ b/userfront-e2e/tests/auth-routing.spec.ts
@@ -14,6 +14,19 @@ async function seedTokenLogin(page: Page): Promise<void> {
  });
 }

+async function seedSessionTokenLogin(page: Page): Promise<void> {
+  await page.addInitScript(() => {
+    window.sessionStorage.setItem('baron_auth_token', 'e30.e30.e30');
+    window.sessionStorage.setItem('baron_auth_provider', 'ory');
+    window.sessionStorage.removeItem('baron_auth_cookie_mode');
+    window.sessionStorage.removeItem('baron_auth_pending_provider');
+    window.localStorage.removeItem('baron_auth_token');
+    window.localStorage.removeItem('baron_auth_provider');
+    window.localStorage.removeItem('baron_auth_cookie_mode');
+    window.localStorage.removeItem('baron_auth_pending_provider');
+  });
+}
+
 async function mockUserfrontApis(
  page: Page,
  options: MockOptions = {},
@@ -125,6 +138,16 @@ test.describe('UserFront WASM auth routing', () => {
    await expect(page).toHaveURL(/\/ko\/dashboard$/);
  });

+  test('sessionStorage 기반 로그인 상태에서도 /ko/dashboard 를 유지한다', async ({
+    page,
+  }) => {
+    await seedSessionTokenLogin(page);
+    await mockUserfrontApis(page);
+
+    await page.goto('/ko');
+    await expect(page).toHaveURL(/\/ko\/dashboard$/);
+  });
+
  test('비로그인 /ko/approve 는 signin(+notice)으로 이동한다', async ({ page }) => {
    await mockUserfrontApis(page, { sessionStatus: 401 });