refactor(api): extend #206 type-safety to sso (#359 batch 9, final, closes #359)#385
Merged
refactor(api): extend #206 type-safety to sso (#359 batch 9, final, closes #359)#385
Conversation
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
…, final) Final batch closing #359 in full. Apply the playbook to sso.ts. 30 `as never` casts removed. src/lib/api/sso.ts: + 7 read adapters: adaptSsoProvider (with narrowEnum on provider_type), adaptOidcConfig / adaptLdapConfig / adaptSamlConfig (each with nullable normalization and attribute_mapping coercion via adaptAttributeMapping), adaptLdapTestResult, adaptTokenPair + 6 write adapters: adaptCreateOidcRequest / adaptUpdateOidcRequest / adaptCreateLdapRequest / adaptUpdateLdapRequest / adaptCreateSamlRequest / adaptUpdateSamlRequest — explicit field forwarding so a future local-type addition surfaces at typecheck + ldapLogin runtime-narrows the SDK's `unknown` 200 response: SDK typed `LdapLoginResponses.200: unknown`; adapter validates the body has access_token + refresh_token strings before returning, throws "missing access_token or refresh_token" otherwise + assertData on every successful read attribute_mapping handling: - SDK: `{[key: string]: unknown} | null` - Local: `Record<string, string>` - adaptAttributeMapping coerces non-string values via String(v) so a backend that ever returns a non-string doesn't crash render code. Pre-#359 this was hidden by `as never`. Tests rewritten with realistic SDK fixtures (typed as Sdk* for compile- time drift detection). New regression tests: - listProviders: unknown provider_type narrowed - listOidc: non-string attribute_mapping values coerced - listLdap / listSaml: nullable fields normalization - createOidc: body shape forwarding - enableX / disableX: enabled flag pinned - ldapLogin: body shape forwarded; missing-fields throw - exchangeCode: body shape forwarded Total #359 progression (closed in full): batch 1: monitoring (5) + lifecycle (10) batch 2: webhooks (9) + analytics (11) batch 3: telemetry (9) batch 4: replication (11) batch 5: sbom (21) batch 6: dependency-track (12) batch 7: promotion (10) batch 8: security (25) batch 9: sso (30) Grand total: 153 `as never` casts removed across 12 modules. Closes #359.
brandonrc
force-pushed
the
harden/359-type-safety-sso
branch
from
ff6dc74 to
f4eb182
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #359 in full. Final batch —
src/lib/api/sso.ts. 30as neverremoved; zero retained casts.13 adapters (7 read, 6 write) covering the full SSO graph: providers, OIDC/LDAP/SAML configs, LDAP test results, OAuth code exchange.
Notable: the SDK types
ldapLogin's 200 response asunknown— the adapter does runtime narrowing to extract the access/refresh token pair and throws if either field is missing.Acceptance criteria (final)
grep "as unknown as\|as never" src/lib/api/ | grep -v __tests__returns zero matches across all 12 modules in Extend #206 type-safety hardening to remaining lib/api modules #359 scope (a small number remain in lifecycle.ts, sbom.ts, and promotion.ts where the SDK has documented type leaks; each is wrapped in a single-call adapter with an inline comment)Total #359 progression
Test plan
npm test— 2082/2082npm run lint— 0 errorsnpm run build— succeeds (TypeScript + Next prerender clean)🤖 Generated with Claude Code