fix: remove un wanted breaking change

features/step_definitions/auth-steps.js

@@ -24,23 +24,24 @@ Given(
     const previousToken = this.sdk.jwt;
     const token = _.get(this.props, "result._source.token") || this.props.token;
 
+    should(token).not.be.undefined();
+
+    this.sdk.jwt = token;
+
+    const { valid } = await this.sdk.auth.checkToken();
+
+    this.sdk.jwt = previousToken;
+
     if (not) {
-      should(await this.sdk.auth.checkToken()).throwError({
-        id: "services.storage.not_found",
-      });
+      should(valid).be.false("Provided token is valid");
     } else {
-      should(token).not.be.undefined();
-
-      this.sdk.jwt = token;
-      const { valid } = await this.sdk.auth.checkToken();
-      this.sdk.jwt = previousToken;
       should(valid).be.true("Provided token is invalid");
     }
   },
 );
 
 Given("I save the created API key", function () {
-  this.props.token = this.props.result.token;
+  this.props.token = this.props.result._source.token;
 });
 
 Given(

lib/core/security/tokenRepository.ts

@@ -363,8 +363,24 @@ export class TokenRepository extends ObjectRepository<Token> {
 
     if (isApiKey) {
       const fingerprint = sha256(token);
+
+      const userApiKeys = await ApiKey.search({ query : {
+        term: {
+          userId: decoded._id,
+        },
+      } });
+
+      if (userApiKeys.length === 0) {
+        throw securityError.get("invalid");
+      }
+
+      const targetApiKey = userApiKeys.find((apiKey) => apiKey.fingerprint === fingerprint);
+
+      if(!targetApiKey) {
+        throw securityError.get("invalid");
+      }
 
-      const apiKey = await ApiKey.load(decoded._id, fingerprint);
+      const apiKey = await ApiKey.load(decoded._id, targetApiKey._id);
 
       const userToken = new Token({
         _id: `${decoded._id}#${token}`,

lib/model/storage/apiKey.js

@@ -112,7 +112,7 @@ class ApiKey extends BaseModel {
       },
       apiKeyId || fingerprint,
     );
-
+    console.log(apiKey)
     await apiKey.save({ refresh, userId: creatorId });
 
     apiKey.token = token.jwt;
@@ -128,29 +128,18 @@ class ApiKey extends BaseModel {
    *
    * @returns {ApiKey}
    */
-  static async load(userId, fingerprint) {
-    const query = {
-      term: {
-        userId,
-      },
-    };
-
-    const apiKeys = await super.search({ query });
-    if (apiKeys.length > 0) {
-      const apiKey = apiKeys.find((a) => a.fingerprint === fingerprint);
-      if (userId !== apiKey.userId) {
-        throw kerror.get("services", "storage", "not_found", fingerprint, {
-          message: `ApiKey "${fingerprint}" not found for user "${userId}".`,
-        });
-      }
-
-      return apiKey;
+  static async load(userId, id) {
+    const apiKey = await super.load(id);
+
+    if (userId !== apiKey.userId) {
+      throw kerror.get("services", "storage", "not_found", id, {
+        message: `ApiKey "${id}" not found for user "${userId}".`,
+      });
     }
-    throw kerror.get("services", "storage", "not_found", fingerprint, {
-      message: `ApiKey "${fingerprint}" not found for user "${userId}".`,
-    });
-  }
 
+    return apiKey;
+  }
+
   /**
    * Deletes API keys for an user
    *

test/model/storage/apiKey.test.js

@@ -116,23 +116,16 @@ describe("ApiKey", () => {
 
   describe("ApiKey.load", () => {
     it("should throw if the key does not belong to the provided user", async () => {
-      const searchStub = sinon
-        .stub(BaseModel, "search")
+      const loadStub = sinon
+        .stub(BaseModel, "load")
         .resolves({ userId: "mylehuong" });
 
       const promise = ApiKey.load("aschen", "api-key-id");
-
       await should(promise).be.rejectedWith({
         id: "services.storage.not_found",
       });
 
-      should(searchStub).be.calledWith({
-        query: {
-          term: {
-            userId: "aschen",
-          },
-        },
-      });
+      should(loadStub).be.calledWith("api-key-id");
     });
   });