Token refresh endpoint + stsTokenManager implementation

Author: sam-gc

packages-exp/auth-exp/src/api/authentication/token.test.ts

@@ -0,0 +1,85 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { expect, use } from 'chai';
+import * as chaiAsPromised from 'chai-as-promised';
+
+import { FirebaseError, querystringDecode } from '@firebase/util';
+
+import { mockAuth } from '../../../test/mock_auth';
+import * as fetch from '../../../test/mock_fetch';
+import { ServerError } from '../errors';
+import { _ENDPOINT, requestStsToken } from './token';
+
+use(chaiAsPromised);
+
+describe('requestStsToken', () => {
+  const endpoint = `${_ENDPOINT}?key=${mockAuth.config.apiKey}`;
+  beforeEach(fetch.setUp);
+  afterEach(fetch.tearDown);
+
+  it('should POST to the correct endpoint', async () => {
+    const mock = fetch.mock(endpoint, {
+      'access_token': 'new-access-token',
+      'expires_in': '3600',
+      'refresh_token': 'new-refresh-token',
+    });
+
+    const response = await requestStsToken(mockAuth, 'old-refresh-token');
+    expect(response.accessToken).to.eq('new-access-token');
+    expect(response.expiresIn).to.eq('3600');
+    expect(response.refreshToken).to.eq('new-refresh-token');
+    const request = querystringDecode(`?${mock.calls[0].request}`);
+    expect(request).to.eql({
+      'grant_type': 'refresh_token',
+      'refresh_token': 'old-refresh-token',
+    });
+    expect(mock.calls[0].method).to.eq('POST');
+    expect(mock.calls[0].headers).to.eql({
+      'Content-Type': 'application/x-www-form-urlencoded',
+      'X-Client-Version': 'testSDK/0.0.0'
+    });
+  });
+
+  it('should handle errors', async () => {
+    const mock = fetch.mock(
+      endpoint,
+      {
+        error: {
+          code: 400,
+          message: ServerError.TOKEN_EXPIRED,
+          errors: [
+            {
+              message: ServerError.TOKEN_EXPIRED
+            }
+          ]
+        }
+      },
+      400
+    );
+
+    await expect(requestStsToken(mockAuth, 'old-token')).to.be.rejectedWith(
+      FirebaseError,
+      'Firebase: The user\'s credential is no longer valid. The user must sign in again. (auth/user-token-expired)'
+    );
+    const request = querystringDecode(`?${mock.calls[0].request}`);
+    expect(request).to.eql({
+      'grant_type': 'refresh_token',
+      'refresh_token': 'old-token',
+    });
+  });
+});

packages-exp/auth-exp/src/api/authentication/token.ts

@@ -20,32 +20,42 @@ import { querystring } from '@firebase/util';
 import { performFetchWithErrorHandling } from '../';
 import { Auth } from '../../model/auth';
 
-const ENDPOINT = 'https://securetoken.googleapis.com/v1/token';
+export const _ENDPOINT = 'https://securetoken.googleapis.com/v1/token';
 const GRANT_TYPE = 'refresh_token';
 
+enum ServerField {
+  ACCESS_TOKEN = 'access_token',
+  EXPIRES_IN = 'expires_in',
+  REFRESH_TOKEN = 'refresh_token',
+}
+
 export interface RequestStsTokenResponse {
-  access_token?: string;
-  expires_in?: string;
-  token_type?: string;
-  refresh_token?: string;
-  id_token?: string;
-  user_id?: string;
-  project_id?: string;
+  accessToken?: string;
+  expiresIn?: string;
+  refreshToken?: string;
 }
 
 export async function requestStsToken(auth: Auth, refreshToken: string): Promise<RequestStsTokenResponse> {
-  return performFetchWithErrorHandling<RequestStsTokenResponse>(auth, {}, () => {
+  const response = await performFetchWithErrorHandling<{[key: string]: string}>(auth, {}, () => {
     const body = querystring({
       'grant_type': GRANT_TYPE,
       'refresh_token': refreshToken,
     }).slice(1);
 
-    return fetch(`${ENDPOINT}?key=${auth.config.apiKey}`, {
+    return fetch(`${_ENDPOINT}?key=${auth.config.apiKey}`, {
       method: 'POST',
       headers: {
         'X-Client-Version': auth.config.sdkClientVersion,
+        'Content-Type': 'application/x-www-form-urlencoded',
       },
       body,
     });
   });
+
+  // The response comes back in snake_case. Convert to camel:
+  return {
+    accessToken: response[ServerField.ACCESS_TOKEN],
+    expiresIn: response[ServerField.EXPIRES_IN],
+    refreshToken: response[ServerField.REFRESH_TOKEN],
+  };
 }

packages-exp/auth-exp/src/core/user/token_manager.test.ts

@@ -17,26 +17,31 @@
 
 import { expect, use } from 'chai';
 import * as chaiAsPromised from 'chai-as-promised';
-import { createSandbox } from 'sinon';
+import * as sinon from 'sinon';
+
+import { FirebaseError } from '@firebase/util';
+
+import { mockAuth } from '../../../test/mock_auth';
+import * as fetch from '../../../test/mock_fetch';
+import { _ENDPOINT } from '../../api/authentication/token';
 import { IdTokenResponse } from '../../model/id_token';
 import { StsTokenManager, TOKEN_REFRESH_BUFFER_MS } from './token_manager';
-import { FirebaseError } from '@firebase/util';
 
 use(chaiAsPromised);
 
-const sandbox = createSandbox();
-
 describe('core/user/token_manager', () => {
   let stsTokenManager: StsTokenManager;
   let now: number;
 
   beforeEach(() => {
     stsTokenManager = new StsTokenManager();
     now = Date.now();
-    sandbox.stub(Date, 'now').returns(now);
+    sinon.stub(Date, 'now').returns(now);
   });
 
-  afterEach(() => sandbox.restore());
+  beforeEach(fetch.setUp);
+  afterEach(fetch.tearDown);
+  afterEach(() => sinon.restore());
 
   describe('#isExpired', () => {
     it('is true if past expiration time', () => {
@@ -70,32 +75,71 @@ describe('core/user/token_manager', () => {
   });
 
   describe('#getToken', () => {
-    it('throws if forceRefresh is true', async () => {
-      Object.assign(stsTokenManager, {
-        accessToken: 'token',
-        expirationTime: now + 100_000
+    context('with endpoint setup', () => {
+      let mock: fetch.Route;
+      beforeEach(() => {
+        const endpoint = `${_ENDPOINT}?key=${mockAuth.config.apiKey}`;
+        mock = fetch.mock(endpoint, {
+          'access_token': 'new-access-token',
+          'refresh_token': 'new-refresh-token',
+          'expires_in': '3600',
+        });
+      });
+
+      it('refreshes the token if forceRefresh is true', async () => {
+        Object.assign(stsTokenManager, {
+          accessToken: 'old-access-token',
+          refreshToken: 'old-refresh-token',
+          expirationTime: now + 100_000
+        });
+
+        const tokens = await stsTokenManager.getToken(mockAuth, true);
+        expect(mock.calls[0].request).to.contain('old-refresh-token');
+        expect(stsTokenManager.accessToken).to.eq('new-access-token');
+        expect(stsTokenManager.refreshToken).to.eq('new-refresh-token');
+        expect(stsTokenManager.expirationTime).to.eq(now + 3_600_000);
+
+        expect(tokens).to.eql({
+          accessToken: 'new-access-token',
+          refreshToken: 'new-refresh-token',
+          wasRefreshed: true,
+        });
+      });
+
+      it('refreshes the token if token is expired', async () => {
+        Object.assign(stsTokenManager, {
+          accessToken: 'old-access-token',
+          refreshToken: 'old-refresh-token',
+          expirationTime: now - 1
+        });
+
+        const tokens = await stsTokenManager.getToken(mockAuth, false);
+        expect(mock.calls[0].request).to.contain('old-refresh-token');
+        expect(stsTokenManager.accessToken).to.eq('new-access-token');
+        expect(stsTokenManager.refreshToken).to.eq('new-refresh-token');
+        expect(stsTokenManager.expirationTime).to.eq(now + 3_600_000);
+
+        expect(tokens).to.eql({
+          accessToken: 'new-access-token',
+          refreshToken: 'new-refresh-token',
+          wasRefreshed: true,
+        });
       });
-      await expect(stsTokenManager.getToken(true)).to.be.rejectedWith(
-        Error,
-        'StsTokenManager: token refresh not implemented'
-      );
     });
 
-    it('throws if token is expired', async () => {
+    it('returns null if the refresh token is missing', async () => {
+      expect(await stsTokenManager.getToken(mockAuth)).to.be.null;
+    });
+
+    it('throws an error if expired but refresh token is missing', async () => {
       Object.assign(stsTokenManager, {
-        accessToken: 'token',
+        accessToken: 'old-access-token',
         expirationTime: now - 1
       });
-      await expect(stsTokenManager.getToken()).to.be.rejectedWith(
-        Error,
-        'StsTokenManager: token refresh not implemented'
-      );
-    });
 
-    it('throws if access token is missing', async () => {
-      await expect(stsTokenManager.getToken()).to.be.rejectedWith(
-        Error,
-        'StsTokenManager: token refresh not implemented'
+      await expect(stsTokenManager.getToken(mockAuth)).to.be.rejectedWith(
+        FirebaseError,
+        'Firebase: The user\'s credential is no longer valid. The user must sign in again. (auth/user-token-expired)'
       );
     });
 
@@ -106,9 +150,12 @@ describe('core/user/token_manager', () => {
         expirationTime: now + 100_000
       });
 
-      const tokens = await stsTokenManager.getToken();
-      expect(tokens.accessToken).to.eq('token');
-      expect(tokens.refreshToken).to.eq('refresh');
+      const tokens = (await stsTokenManager.getToken(mockAuth))!;
+      expect(tokens).to.eql({
+        accessToken: 'token',
+        refreshToken: 'refresh',
+        wasRefreshed: false,
+      });
     });
   });
 

packages-exp/auth-exp/src/core/user/token_manager.ts

@@ -89,12 +89,12 @@ export class StsTokenManager {
     };
   }
 
-  private async refresh(auth: Auth, refreshToken: string) {
-    const {access_token, refresh_token, expires_in} = await requestStsToken(auth, refreshToken);
-    this.updateTokensAndExpiration(access_token, refresh_token, expires_in);
+  private async refresh(auth: Auth, oldToken: string): Promise<void> {
+    const {accessToken, refreshToken, expiresIn} = await requestStsToken(auth, oldToken);
+    this.updateTokensAndExpiration(accessToken, refreshToken, expiresIn);
   }
 
-  private updateTokensAndExpiration(accessToken: string|undefined, refreshToken: string|undefined, expiresInSec: string|undefined) {
+  private updateTokensAndExpiration(accessToken: string|undefined, refreshToken: string|undefined, expiresInSec: string|undefined): void {
     this.refreshToken = refreshToken || null;
     this.accessToken = accessToken || null;
     this.expirationTime = expiresInSec ? Date.now() + Number(expiresInSec) * 1000 : null;

packages-exp/auth-exp/src/core/user/user_impl.test.ts

@@ -18,6 +18,9 @@
 import { FirebaseError } from '@firebase/util';
 import { expect, use } from 'chai';
 import * as chaiAsPromised from 'chai-as-promised';
+
+import { FirebaseError } from '@firebase/util';
+
 import { mockAuth } from '../../../test/mock_auth';
 import { IdTokenResponse } from '../../model/id_token';
 import { StsTokenManager } from './token_manager';
@@ -79,11 +82,6 @@ describe('core/user/user_impl', () => {
       expect(token).to.eq('id-token-string');
       expect(user.refreshToken).to.eq('refresh-token-string');
     });
-
-    it('throws if refresh is required', async () => {
-      const user = new UserImpl({ uid: 'uid', auth, stsTokenManager });
-      await expect(user.getIdToken()).to.be.rejectedWith(Error);
-    });
   });
 
   describe('#getIdTokenResult', () => {

packages-exp/auth-exp/test/mock_fetch.ts

@@ -18,7 +18,7 @@
 import { SinonStub, stub } from 'sinon';
 
 export interface Call {
-  request?: object;
+  request?: object|string;
   method?: string;
   headers?: HeadersInit;
 }
@@ -45,8 +45,11 @@ const fakeFetch: typeof fetch = (input: RequestInfo, request?: RequestInit) => {
   // Bang-assertion is fine since we check for routes.has() above
   const { response, status, calls } = routes.get(input)!;
 
+  const requestBody = request?.body && (request?.headers as any)?.['Content-Type'] === 'application/json' ? 
+    JSON.parse(request.body as string) : request?.body;
+
   calls.push({
-    request: request?.body ? JSON.parse(request.body as string) : undefined,
+    request: requestBody,
     method: request?.method,
     headers: request?.headers
   });