Add token manager

Author: sam-gc

packages-exp/auth-exp/src/core/user/token_manager.test.ts

@@ -0,0 +1,99 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { expect, use } from 'chai';
+import * as chaiAsPromised from 'chai-as-promised';
+import { StsTokenManager, DATE_GENERATOR } from './token_manager';
+import { IdTokenResponse } from '../../model/id_token';
+import { createSandbox } from 'sinon';
+
+use(chaiAsPromised);
+
+const sandbox = createSandbox();
+
+describe('core/user/token_manager', () => {
+  let stsTokenManager: StsTokenManager;
+  let now: number;
+
+  beforeEach(() => {
+    stsTokenManager = new StsTokenManager();
+    now = Date.now();
+    sandbox.stub(DATE_GENERATOR, 'now').returns(now);
+  });
+
+  afterEach(() => sandbox.restore());
+
+  describe('#isExpired', () => {
+    it('is true if past expiration time', () => {
+      stsTokenManager.expirationTime = 1;  // Ancient history
+      expect(stsTokenManager.isExpired).to.eq(true);
+    });
+
+    it('is true if exp is in future but within buffer', () => {
+      // Buffer is 30_000
+      stsTokenManager.expirationTime = now + 20_000;
+      expect(stsTokenManager.isExpired).to.eq(true);
+    });
+
+    it('is fals if exp is far enough in future', () => {
+      stsTokenManager.expirationTime = now + 40_000;
+      expect(stsTokenManager.isExpired).to.eq(false);
+    });
+  });
+
+  describe('#updateFromServerResponse', () => {
+    it('sets all the fields correctly', () => {
+      stsTokenManager.updateFromServerResponse({
+        idToken: 'id-token',
+        refreshToken: 'refresh-token',
+        expiresIn: '60',  // From the server this is 30s
+      } as IdTokenResponse);
+
+      expect(stsTokenManager.expirationTime).to.eq(now + 60_000);
+      expect(stsTokenManager.accessToken).to.eq('id-token');
+      expect(stsTokenManager.refreshToken).to.eq('refresh-token');
+    });
+  });
+
+  describe('#getToken', () => {
+    it('throws if forceRefresh is true', async () => {
+      Object.assign(stsTokenManager, {accessToken: 'token', expirationTime: now + 100_000});
+      await expect(stsTokenManager.getToken(true)).to.be.rejectedWith(Error);
+    });
+
+    it('throws if token is expired', async () => {
+      Object.assign(stsTokenManager, {accessToken: 'token', expirationTime: now - 1});
+      await expect(stsTokenManager.getToken()).to.be.rejectedWith(Error);
+    });
+
+    it('throws if access token is missing', async () => {
+      await expect(stsTokenManager.getToken()).to.be.rejectedWith(Error);
+    });
+
+    it('returns access token if not expired, not refreshing', async () => {
+      Object.assign(stsTokenManager, {
+        accessToken: 'token',
+        refreshToken: 'refresh',
+        expirationTime: now + 100_000,
+      });
+
+      const tokens = await stsTokenManager.getToken();
+      expect(tokens.accessToken).to.eq('token');
+      expect(tokens.refreshToken).to.eq('refresh');
+    });
+  });
+});

packages-exp/auth-exp/src/core/user/token_manager.ts

@@ -0,0 +1,63 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { IdTokenResponse } from '../../model/id_token';
+
+/**
+ * The number of milliseconds before the official expiration time of a token
+ * to refresh that token, to provide a buffer for RPCs to complete.
+ */
+const TOKEN_REFRESH_BUFFER_MS = 30_000;
+
+export interface Tokens {
+  accessToken: string;
+  refreshToken: string|null;
+}
+
+export const DATE_GENERATOR = {
+  now: () => Date.now(),
+};
+
+export class StsTokenManager {
+  refreshToken: string|null = null;
+  accessToken: string|null = null;
+  expirationTime: number|null = null;
+
+  get isExpired(): boolean {
+    return !this.expirationTime ||
+        DATE_GENERATOR.now() > this.expirationTime - TOKEN_REFRESH_BUFFER_MS;
+  }
+
+  updateFromServerResponse({idToken, refreshToken, expiresIn}: IdTokenResponse): void {
+    this.refreshToken = refreshToken;
+    this.accessToken = idToken;
+    this.expirationTime = DATE_GENERATOR.now() + (Number.parseInt(expiresIn, 10) * 1000);
+  }
+
+  async getToken(forceRefresh = false): Promise<Tokens> {
+    if (!forceRefresh && this.accessToken && !this.isExpired) {
+      return {
+        accessToken: this.accessToken,
+        refreshToken: this.refreshToken,
+      };
+    }
+
+    throw new Error('StsTokenManager: token refresh not implemented');
+  }
+
+  // TODO: There are a few more methods in here that need implemented
+}

packages-exp/auth-exp/src/core/user_impl.test.ts renamed to packages-exp/auth-exp/src/core/user/user_impl.test.ts

@@ -15,16 +15,26 @@
  * limitations under the License.
  */
 
-import { expect } from 'chai';
+import { expect, use } from 'chai';
+import * as chaiAsPromised from 'chai-as-promised';
 import { UserImpl } from './user_impl';
-import { mockAuth } from '../../test/mock_auth';
+import { mockAuth } from '../../../test/mock_auth';
+import { StsTokenManager } from './token_manager';
+import { IdTokenResponse } from '../../model/id_token';
 
-describe('core/user_impl', () => {
+use(chaiAsPromised);
+
+describe('core/user/user_impl', () => {
   const auth = mockAuth('foo', 'i-am-the-api-key');
+  let stsTokenManager: StsTokenManager;
+
+  beforeEach(() => {
+    stsTokenManager = new StsTokenManager();
+  });
 
   describe('constructor', () => {
     it('attaches required fields', () => {
-      const user = new UserImpl({ uid: 'uid', auth });
+      const user = new UserImpl({ uid: 'uid', auth, stsTokenManager });
       expect(user.auth).to.eq(auth);
       expect(user.uid).to.eq('uid');
     });
@@ -33,6 +43,7 @@ describe('core/user_impl', () => {
       const user = new UserImpl({
         uid: 'uid',
         auth,
+        stsTokenManager,
         displayName: 'displayName',
         email: 'email',
         phoneNumber: 'phoneNumber',
@@ -46,7 +57,7 @@ describe('core/user_impl', () => {
     });
 
     it('sets optional fields to null if not provided', () => {
-      const user = new UserImpl({ uid: 'uid', auth });
+      const user = new UserImpl({ uid: 'uid', auth, stsTokenManager });
       expect(user.displayName).to.eq(null);
       expect(user.email).to.eq(null);
       expect(user.phoneNumber).to.eq(null);
@@ -55,29 +66,42 @@ describe('core/user_impl', () => {
   });
 
   describe('#getIdToken', () => {
-    it('throws', () => {
-      const user = new UserImpl({ uid: 'uid', auth });
-      expect(() => user.getIdToken()).to.throw();
+    it('returns the raw token if refresh tokens are in order', async () => {
+      stsTokenManager.updateFromServerResponse({
+        idToken: 'id-token-string',
+        refreshToken: 'refresh-token-string',
+        expiresIn: '100000',
+      } as IdTokenResponse);
+
+      const user = new UserImpl({uid: 'uid', auth, stsTokenManager});
+      const token = await user.getIdToken();
+      expect(token).to.eq('id-token-string');
+      expect(user.refreshToken).to.eq('refresh-token-string');
+    });
+
+    it('throws if refresh is required', async () => {
+      const user = new UserImpl({ uid: 'uid', auth, stsTokenManager });
+      await expect(user.getIdToken()).to.be.rejectedWith(Error);
     });
   });
 
   describe('#getIdTokenResult', () => {
-    it('throws', () => {
-      const user = new UserImpl({ uid: 'uid', auth });
-      expect(() => user.getIdTokenResult()).to.throw();
+    it('throws', async () => {
+      const user = new UserImpl({ uid: 'uid', auth, stsTokenManager });
+      await expect(user.getIdTokenResult()).to.be.rejectedWith(Error);
     });
   });
 
   describe('#reload', () => {
     it('throws', () => {
-      const user = new UserImpl({ uid: 'uid', auth });
+      const user = new UserImpl({ uid: 'uid', auth, stsTokenManager });
       expect(() => user.reload()).to.throw();
     });
   });
 
   describe('#delete', () => {
     it('throws', () => {
-      const user = new UserImpl({ uid: 'uid', auth });
+      const user = new UserImpl({ uid: 'uid', auth, stsTokenManager });
       expect(() => user.delete()).to.throw();
     });
   });

packages-exp/auth-exp/src/core/user_impl.ts renamed to packages-exp/auth-exp/src/core/user/user_impl.ts

@@ -15,14 +15,16 @@
  * limitations under the License.
  */
 
-import { User } from '../model/user';
-import { Auth } from '../model/auth';
-import { IdTokenResult } from '../model/id_token';
-import { ProviderId } from './providers';
+import { User } from '../../model/user';
+import { Auth } from '../../model/auth';
+import { IdTokenResult } from '../../model/id_token';
+import { ProviderId } from '../providers';
+import { StsTokenManager } from './token_manager';
 
 export interface UserParameters {
   uid: string;
   auth: Auth;
+  stsTokenManager: StsTokenManager;
 
   displayName?: string;
   email?: string;
@@ -33,6 +35,8 @@ export interface UserParameters {
 export class UserImpl implements User {
   // For the user object, provider is always Firebase.
   readonly providerId = ProviderId.FIREBASE;
+  stsTokenManager: StsTokenManager;
+  refreshToken = '';
 
   uid: string;
   auth: Auth;
@@ -43,21 +47,28 @@ export class UserImpl implements User {
   phoneNumber: string | null;
   photoURL: string | null;
 
-  constructor({ uid, auth, ...opt }: UserParameters) {
+  constructor({ uid, auth, stsTokenManager, ...opt }: UserParameters) {
     this.uid = uid;
     this.auth = auth;
+    this.stsTokenManager = stsTokenManager;
     this.displayName = opt.displayName || null;
     this.email = opt.email || null;
     this.phoneNumber = opt.phoneNumber || null;
     this.photoURL = opt.photoURL || null;
   }
 
-  getIdToken(forceRefresh?: boolean): Promise<string> {
-    throw new Error(`Method not implemented. forceRefresh: ${forceRefresh}`);
+  async getIdToken(forceRefresh?: boolean): Promise<string> {
+    const {refreshToken, accessToken} = await this.stsTokenManager.getToken(forceRefresh);
+    this.refreshToken = refreshToken || '';
+
+    // TODO: notify listeners at this point
+    return accessToken;
   }
 
-  getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult> {
-    throw new Error(`Method not implemented. forceRefresh: ${forceRefresh}`);
+  async getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult> {
+    await this.getIdToken(forceRefresh);
+    // TODO: Parse token
+    throw new Error('Method not implemented');
   }
 
   reload(): Promise<void> {

packages-exp/auth-exp/src/model/id_token.d.ts

@@ -22,6 +22,26 @@ import { ProviderId } from '../core/providers/index';
  */
 export type IdToken = string;
 
+/**
+ * Raw parsed JWT
+ */
+export interface ParsedIdToken {
+  iss: string;
+  aud: string;
+  exp: number;
+  sub: string;
+  iat: number;
+  email?: string;
+  verified: boolean;
+  providerId?: string;
+  tenantId?: string;
+  anonymous: boolean;
+  federatedId?: string;
+  displayName?: string;
+  photoURL?: string;
+  toString(): string;
+}
+
 /**
  * IdToken as returned by the API
  */

packages-exp/auth-exp/src/model/user.d.ts

@@ -29,6 +29,7 @@ export interface UserInfo {
 
 export interface User extends UserInfo {
   providerId: ProviderId.FIREBASE;
+  refreshToken: string;
 
   getIdToken(forceRefresh?: boolean): Promise<string>;
   getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult>;