From 7dee87a9d2d0e8c02ec02f1679a95faae7a078be Mon Sep 17 00:00:00 2001 From: yaoweiprc <6896642+yaoweiprc@users.noreply.github.com> Date: Fri, 29 May 2026 16:15:15 +0800 Subject: [PATCH 1/4] tmp --- packages/insomnia/src/main/network/o-auth-2/get-token.ts | 1 + packages/insomnia/src/network/authentication.ts | 1 + packages/insomnia/src/network/network.ts | 2 ++ 3 files changed, 4 insertions(+) diff --git a/packages/insomnia/src/main/network/o-auth-2/get-token.ts b/packages/insomnia/src/main/network/o-auth-2/get-token.ts index c040244a2fb2..1c3d45963614 100644 --- a/packages/insomnia/src/main/network/o-auth-2/get-token.ts +++ b/packages/insomnia/src/main/network/o-auth-2/get-token.ts @@ -341,6 +341,7 @@ async function getExistingAccessTokenAndRefreshIfExpired( const requestGroups = ( await db.withAncestors(activeRequest, [models.requestGroup.type]) ).filter(isRequestGroup) as RequestGroup[]; + console.log('----------------------------------requestGroups1', requestGroups); const closestFolderAuth = [...requestGroups] .reverse() .find(({ authentication }) => getAuthObjectOrNull(authentication) && isAuthEnabled(authentication)); diff --git a/packages/insomnia/src/network/authentication.ts b/packages/insomnia/src/network/authentication.ts index 55c163b35973..90a6d835a2f7 100644 --- a/packages/insomnia/src/network/authentication.ts +++ b/packages/insomnia/src/network/authentication.ts @@ -16,5 +16,6 @@ export const _buildBearerHeader = (accessToken: string, prefix?: string) => { }; export const isAuthEnabled = (auth?: RequestAuthentication | {}) => auth && 'disabled' in auth ? auth.disabled !== true : true; +// TODO: 这里应该检查type不为none export const getAuthObjectOrNull = (auth?: RequestAuthentication | {} | null): RequestAuthentication | null => !auth || Object.keys(auth).length === 0 || !('type' in auth) ? null : auth; diff --git a/packages/insomnia/src/network/network.ts b/packages/insomnia/src/network/network.ts index 9779ded8e2b0..cbcbbd1394f5 100644 --- a/packages/insomnia/src/network/network.ts +++ b/packages/insomnia/src/network/network.ts @@ -78,6 +78,8 @@ export const getOrInheritAuthentication = ({ return request.authentication; } const hasParentFolders = requestGroups.length > 0; + console.log('----------------------------------requestGroups2', requestGroups); + // TODO: 顺序反了 const closestParentFolderWithAuth = [...requestGroups] .reverse() .find(({ authentication }) => getAuthObjectOrNull(authentication) && isAuthEnabled(authentication)); From 6e4be7b4e6133fc994d1e2f2814645d0787d987d Mon Sep 17 00:00:00 2001 From: yaoweiprc <6896642+yaoweiprc@users.noreply.github.com> Date: Mon, 1 Jun 2026 16:48:03 +0800 Subject: [PATCH 2/4] Fix the bug that inherited auth is not applied as expected --- packages/insomnia/src/common/render.ts | 1 + .../insomnia-data/node-src/database/database-nedb.ts | 2 +- .../insomnia/src/main/network/o-auth-2/get-token.ts | 8 ++++---- packages/insomnia/src/network/authentication.ts | 1 - packages/insomnia/src/network/network.ts | 11 +++++------ 5 files changed, 11 insertions(+), 12 deletions(-) diff --git a/packages/insomnia/src/common/render.ts b/packages/insomnia/src/common/render.ts index d401b3f34939..ad2cf5274768 100644 --- a/packages/insomnia/src/common/render.ts +++ b/packages/insomnia/src/common/render.ts @@ -556,6 +556,7 @@ export async function getRenderedRequestAndContext({ }> { const ancestors = await getRenderContextAncestors(request); const workspace = ancestors.find(models.workspace.isWorkspace); + // requestGroups is of order leaf to root const requestGroups = ancestors.filter(isRequestGroup); const parentId = workspace ? workspace._id : 'n/a'; diff --git a/packages/insomnia/src/insomnia-data/node-src/database/database-nedb.ts b/packages/insomnia/src/insomnia-data/node-src/database/database-nedb.ts index a5808708dd20..3cdf85197469 100644 --- a/packages/insomnia/src/insomnia-data/node-src/database/database-nedb.ts +++ b/packages/insomnia/src/insomnia-data/node-src/database/database-nedb.ts @@ -469,7 +469,7 @@ export const createNedbDatabase = ( return docWithDefaults; }, - /** get all ancestors of specified types of a document including the original */ + /** get all ancestors of specified types of a document including the original, the order of the returned array is leaf to root */ withAncestors: async function (doc: T | undefined, types: AllTypes[] = []) { if (!doc) { return []; diff --git a/packages/insomnia/src/main/network/o-auth-2/get-token.ts b/packages/insomnia/src/main/network/o-auth-2/get-token.ts index 1c3d45963614..6aabf849b979 100644 --- a/packages/insomnia/src/main/network/o-auth-2/get-token.ts +++ b/packages/insomnia/src/main/network/o-auth-2/get-token.ts @@ -341,10 +341,10 @@ async function getExistingAccessTokenAndRefreshIfExpired( const requestGroups = ( await db.withAncestors(activeRequest, [models.requestGroup.type]) ).filter(isRequestGroup) as RequestGroup[]; - console.log('----------------------------------requestGroups1', requestGroups); - const closestFolderAuth = [...requestGroups] - .reverse() - .find(({ authentication }) => getAuthObjectOrNull(authentication) && isAuthEnabled(authentication)); + // requestGroups is of order leaf to root + const closestFolderAuth = requestGroups.find( + ({ authentication }) => getAuthObjectOrNull(authentication) && isAuthEnabled(authentication), + ); const isRequestAuthEnabled = getAuthObjectOrNull(activeRequest?.authentication) && isAuthEnabled(activeRequest?.authentication); closestAuthId = isRequestAuthEnabled ? requestId : closestFolderAuth?._id || requestId; diff --git a/packages/insomnia/src/network/authentication.ts b/packages/insomnia/src/network/authentication.ts index 90a6d835a2f7..55c163b35973 100644 --- a/packages/insomnia/src/network/authentication.ts +++ b/packages/insomnia/src/network/authentication.ts @@ -16,6 +16,5 @@ export const _buildBearerHeader = (accessToken: string, prefix?: string) => { }; export const isAuthEnabled = (auth?: RequestAuthentication | {}) => auth && 'disabled' in auth ? auth.disabled !== true : true; -// TODO: 这里应该检查type不为none export const getAuthObjectOrNull = (auth?: RequestAuthentication | {} | null): RequestAuthentication | null => !auth || Object.keys(auth).length === 0 || !('type' in auth) ? null : auth; diff --git a/packages/insomnia/src/network/network.ts b/packages/insomnia/src/network/network.ts index 54f728307986..028c5894ee4a 100644 --- a/packages/insomnia/src/network/network.ts +++ b/packages/insomnia/src/network/network.ts @@ -65,6 +65,7 @@ export interface SendActionRuntime { export const getOrInheritAuthentication = ({ request, + // requestGroups is supposed to be of order leaf to root requestGroups, }: { request: Request | WebSocketRequest | SocketIORequest; @@ -75,11 +76,9 @@ export const getOrInheritAuthentication = ({ return request.authentication; } const hasParentFolders = requestGroups.length > 0; - console.log('----------------------------------requestGroups2', requestGroups); - // TODO: 顺序反了 - const closestParentFolderWithAuth = [...requestGroups] - .reverse() - .find(({ authentication }) => getAuthObjectOrNull(authentication) && isAuthEnabled(authentication)); + const closestParentFolderWithAuth = requestGroups.find( + ({ authentication }) => getAuthObjectOrNull(authentication) && isAuthEnabled(authentication), + ); const closestAuth = getAuthObjectOrNull(closestParentFolderWithAuth?.authentication); const shouldCheckFolderAuth = hasParentFolders && closestAuth; if (shouldCheckFolderAuth) { @@ -99,7 +98,7 @@ export function getOrInheritHeaders({ const httpHeaders = new Map(); const originalCaseMap = new Map(); // parent folders, then child folders, then request - const headerContexts = [...requestGroups.reverse(), request]; + const headerContexts = [...[...requestGroups].reverse(), request]; const headers = headerContexts.flatMap(({ headers }) => headers || []); headers.forEach(({ name, value, disabled }) => { if (disabled || !name.trim()) { From e2d67f06b438cbd316eee3f31a3620a686c676f6 Mon Sep 17 00:00:00 2001 From: yaoweiprc <6896642+yaoweiprc@users.noreply.github.com> Date: Mon, 1 Jun 2026 17:24:00 +0800 Subject: [PATCH 3/4] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- packages/insomnia/src/network/network.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/insomnia/src/network/network.ts b/packages/insomnia/src/network/network.ts index 028c5894ee4a..e303666f78fa 100644 --- a/packages/insomnia/src/network/network.ts +++ b/packages/insomnia/src/network/network.ts @@ -98,7 +98,7 @@ export function getOrInheritHeaders({ const httpHeaders = new Map(); const originalCaseMap = new Map(); // parent folders, then child folders, then request - const headerContexts = [...[...requestGroups].reverse(), request]; + const headerContexts = [...requestGroups].reverse().concat(request); const headers = headerContexts.flatMap(({ headers }) => headers || []); headers.forEach(({ name, value, disabled }) => { if (disabled || !name.trim()) { From 385b1f569293ff52f3fb4fee8c6e6062d4ea8c33 Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Mon, 1 Jun 2026 17:41:51 +0800 Subject: [PATCH 4/4] Add regression coverage for folder auth inheritance precedence (#10000) * Initial plan * test: add auth inheritance regression coverage --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> --- .../src/network/__tests__/network.test.ts | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/packages/insomnia/src/network/__tests__/network.test.ts b/packages/insomnia/src/network/__tests__/network.test.ts index d7772c4158fb..c2dc8596b525 100644 --- a/packages/insomnia/src/network/__tests__/network.test.ts +++ b/packages/insomnia/src/network/__tests__/network.test.ts @@ -1098,6 +1098,32 @@ describe('getCurrentUrl for tough-cookie', () => { }); }); +describe('getOrInheritAuthentication', () => { + it('should prefer the closest parent folder auth over higher-level folder auth', () => { + const request = { authentication: {} }; + const requestGroups = [ + { authentication: { type: 'basic', username: 'closest', password: 'closest-pass' } }, + { authentication: { type: 'basic', username: 'root', password: 'root-pass' } }, + ]; + + expect(networkUtils.getOrInheritAuthentication({ request, requestGroups })).toEqual({ + type: 'basic', + username: 'closest', + password: 'closest-pass', + }); + }); + + it("should stop inheritance when the closest parent folder auth is { type: 'none' }", () => { + const request = { authentication: {} }; + const requestGroups = [ + { authentication: { type: 'none' } }, + { authentication: { type: 'basic', username: 'root', password: 'root-pass' } }, + ]; + + expect(networkUtils.getOrInheritAuthentication({ request, requestGroups })).toEqual({ type: 'none' }); + }); +}); + describe('getOrInheritHeaders', () => { it('should combine headers', () => { const requestGroups = [{ headers: [{ name: 'foo', value: 'bar' }] }, { headers: [{ name: 'baz', value: 'qux' }] }];