imacat/lucia-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use globalThis instead of window (S7764)

Browse Source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
依瑪貓
2026-03-10 00:30:33 +08:00
parent ebd198e28d
commit 5d143d4cc3
8 changed files with 21 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/stores/files.test.js
View File

@@ -235,13 +235,13 @@ describe("filesStore", () => {
it("downloads CSV for a log", async () => {
mockGet.mockResolvedValue({ data: "col1,col2\na,b" });
window.URL.createObjectURL = vi.fn().mockReturnValue("blob:test");
window.URL.revokeObjectURL = vi.fn();
globalThis.URL.createObjectURL = vi.fn().mockReturnValue("blob:test");
globalThis.URL.revokeObjectURL = vi.fn();
await store.downloadFileCSV("log", 3, "my-file");
expect(mockGet).toHaveBeenCalledWith("/api/logs/3/csv");
expect(window.URL.revokeObjectURL).toHaveBeenCalledWith("blob:test");
expect(globalThis.URL.revokeObjectURL).toHaveBeenCalledWith("blob:test");
});
it("returns early for unsupported type", async () => {

22
tests/stores/login.test.js
View File

@@ -96,15 +96,15 @@ describe("loginStore", () => {
// btoa('/dashboard') = 'L2Rhc2hib2FyZA=='
store.rememberedReturnToUrl = btoa("/dashboard");
// Mock window.location.href setter
const originalLocation = window.location;
delete window.location;
window.location = { href: "" };
// Mock globalThis.location.href setter
const originalLocation = globalThis.location;
delete globalThis.location;
globalThis.location = { href: "" };
await store.signIn();
expect(window.location.href).toBe("/dashboard");
window.location = originalLocation;
expect(globalThis.location.href).toBe("/dashboard");
globalThis.location = originalLocation;
});
it("does not redirect to external URL (open redirect prevention)", async () => {
@@ -117,17 +117,17 @@ describe("loginStore", () => {
// Attacker crafts a return-to URL pointing to an external site
store.rememberedReturnToUrl = btoa("https://evil.example.com/steal");
const originalLocation = window.location;
delete window.location;
window.location = { href: "" };
const originalLocation = globalThis.location;
delete globalThis.location;
globalThis.location = { href: "" };
await store.signIn();
// Should NOT redirect to the external URL
expect(window.location.href).not.toBe("https://evil.example.com/steal");
expect(globalThis.location.href).not.toBe("https://evil.example.com/steal");
// Should fall back to /files
expect(store.$router.push).toHaveBeenCalledWith("/files");
window.location = originalLocation;
globalThis.location = originalLocation;
});
it("falls back to /files when return-to is not valid base64", async () => {