fix(instantsearch.js): prevent authenticated token being set as the userToken (#6443)

* remove auth token

* remove auth tests

* clean vars

* add tests

* add test for init props

* fix typo

* remove immediate flag

* fix assertion

* add immediate flag

---------

Co-authored-by: Haroen Viaene <hello@haroen.me>

Author: shaejaz

packages/instantsearch.js/src/middlewares/__tests__/createInsightsMiddleware.ts

@@ -927,7 +927,7 @@ describe('insights', () => {
 
     describe('authenticatedUserToken', () => {
       describe('before `init`', () => {
-        it('uses the `authenticatedUserToken` as the `userToken` when defined', () => {
+        it('does not use `authenticatedUserToken` as the `userToken` when defined', () => {
           const { insightsClient, instantSearchInstance, getUserToken } =
             createTestEnvironment();
 
@@ -937,10 +937,10 @@ describe('insights', () => {
             createInsightsMiddleware({ insightsClient })
           );
 
-          expect(getUserToken()).toEqual('abc');
+          expect(getUserToken()).toEqual(expect.stringMatching(/^anonymous-/));
         });
 
-        it('uses the `authenticatedUserToken` as the `userToken` when both are defined', () => {
+        it('does not use `authenticatedUserToken` as the `userToken` when both are defined', () => {
           const { insightsClient, instantSearchInstance, getUserToken } =
             createTestEnvironment();
 
@@ -951,60 +951,60 @@ describe('insights', () => {
             createInsightsMiddleware({ insightsClient })
           );
 
-          expect(getUserToken()).toEqual('def');
+          expect(getUserToken()).toEqual('abc');
         });
 
-        it('reverts to the `userToken` when unsetting the `authenticatedUserToken`', () => {
+        it('does not use `authenticatedUserToken` when a `userToken` is set after', () => {
           const { insightsClient, instantSearchInstance, getUserToken } =
             createTestEnvironment();
 
-          insightsClient('setUserToken', 'abc');
           insightsClient('setAuthenticatedUserToken', 'def');
-          insightsClient('setAuthenticatedUserToken', undefined);
 
           instantSearchInstance.use(
             createInsightsMiddleware({ insightsClient })
           );
 
+          insightsClient('setUserToken', 'abc');
+
           expect(getUserToken()).toEqual('abc');
         });
+      });
 
-        it('uses the `authenticatedUserToken` when a `userToken` is set after', () => {
+      describe('from `init` props', () => {
+        it('does not use `authenticatedUserToken` as the `userToken` when defined', () => {
           const { insightsClient, instantSearchInstance, getUserToken } =
             createTestEnvironment();
 
-          insightsClient('setAuthenticatedUserToken', 'def');
-
           instantSearchInstance.use(
-            createInsightsMiddleware({ insightsClient })
+            createInsightsMiddleware({
+              insightsClient,
+              insightsInitParams: { authenticatedUserToken: 'abc' },
+            })
           );
 
-          insightsClient('setUserToken', 'abc');
-
-          expect(getUserToken()).toEqual('def');
+          expect(getUserToken()).toEqual(expect.stringMatching(/^anonymous-/));
         });
 
-        it('resets the token to the `userToken` when `authenticatedUserToken` is set as undefined', () => {
+        it('does not use `authenticatedUserToken` as the `userToken` when both are defined', () => {
           const { insightsClient, instantSearchInstance, getUserToken } =
             createTestEnvironment();
 
-          insightsClient('setUserToken', 'abc');
-          insightsClient('setAuthenticatedUserToken', 'def');
-
           instantSearchInstance.use(
-            createInsightsMiddleware({ insightsClient })
+            createInsightsMiddleware({
+              insightsClient,
+              insightsInitParams: {
+                authenticatedUserToken: 'abc',
+                userToken: 'def',
+              },
+            })
           );
 
           expect(getUserToken()).toEqual('def');
-
-          insightsClient('setAuthenticatedUserToken', undefined);
-
-          expect(getUserToken()).toEqual('abc');
         });
       });
 
       describe('after `init`', () => {
-        it('uses the `authenticatedUserToken` as the `userToken` when defined', async () => {
+        it('does not use `authenticatedUserToken` as the `userToken` when defined', async () => {
           const { insightsClient, instantSearchInstance, getUserToken } =
             createTestEnvironment();
           instantSearchInstance.use(
@@ -1015,25 +1015,10 @@ describe('insights', () => {
 
           await wait(0);
 
-          expect(getUserToken()).toEqual('abc');
-        });
-
-        it('uses the `authenticatedUserToken` as the `userToken` when both are defined', async () => {
-          const { insightsClient, instantSearchInstance, getUserToken } =
-            createTestEnvironment();
-          instantSearchInstance.use(
-            createInsightsMiddleware({ insightsClient })
-          );
-
-          insightsClient('setUserToken', 'abc');
-          insightsClient('setAuthenticatedUserToken', 'def');
-
-          await wait(0);
-
-          expect(getUserToken()).toEqual('def');
+          expect(getUserToken()).toEqual(expect.stringMatching(/^anonymous-/));
         });
 
-        it('reverts to the `userToken` when unsetting the `authenticatedUserToken`', async () => {
+        it('does not use `authenticatedUserToken` as the `userToken` when both are defined', async () => {
           const { insightsClient, instantSearchInstance, getUserToken } =
             createTestEnvironment();
           instantSearchInstance.use(
@@ -1042,7 +1027,6 @@ describe('insights', () => {
 
           insightsClient('setUserToken', 'abc');
           insightsClient('setAuthenticatedUserToken', 'def');
-          insightsClient('setAuthenticatedUserToken', undefined);
 
           await wait(0);
 
@@ -1051,7 +1035,7 @@ describe('insights', () => {
       });
 
       describe('from queue', () => {
-        it('uses the `authenticatedUserToken` as the `userToken` when defined', () => {
+        it('does not use `authenticatedUserToken` as the `userToken` when defined', () => {
           const {
             insightsClient,
             libraryLoadedAndProcessQueue,
@@ -1069,10 +1053,10 @@ describe('insights', () => {
           );
           libraryLoadedAndProcessQueue();
 
-          expect(getUserToken()).toEqual('abc');
+          expect(getUserToken()).toEqual(expect.stringMatching(/^anonymous-/));
         });
 
-        it('uses the `authenticatedUserToken` as the `userToken` when both are defined', () => {
+        it('does not use `authenticatedUserToken` as the `userToken` when both are defined', () => {
           const {
             insightsClient,
             libraryLoadedAndProcessQueue,
@@ -1091,28 +1075,6 @@ describe('insights', () => {
           );
           libraryLoadedAndProcessQueue();
 
-          expect(getUserToken()).toEqual('def');
-        });
-
-        it('reverts to the `userToken` when unsetting the `authenticatedUserToken`', () => {
-          const {
-            insightsClient,
-            libraryLoadedAndProcessQueue,
-            instantSearchInstance,
-            getUserToken,
-          } = createUmdTestEnvironment();
-
-          insightsClient('setUserToken', 'abc');
-          insightsClient('setAuthenticatedUserToken', 'def');
-          insightsClient('setAuthenticatedUserToken', undefined);
-
-          instantSearchInstance.use(
-            createInsightsMiddleware({
-              insightsClient,
-            })
-          );
-          libraryLoadedAndProcessQueue();
-
           expect(getUserToken()).toEqual('abc');
         });
       });