accounts-frontend/packages/app/components/user/middlewares/refreshTokenMiddleware.test.ts

import expect from 'app/test/unexpected';
import sinon from 'sinon';

import refreshTokenMiddleware from 'app/components/user/middlewares/refreshTokenMiddleware';
import { browserHistory } from 'app/services/history';
import * as authentication from 'app/services/api/authentication';
import { InternalServerError } from 'app/services/request';
import { updateToken } from 'app/components/accounts/actions';

const refreshToken = 'foo';
const expiredToken =
  'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0NzA3NjE0NDMsImV4cCI6MTQ3MDc2MTQ0MywiaWF0IjoxNDcwNzYxNDQzLCJqdGkiOiJpZDEyMzQ1NiJ9.gWdnzfQQvarGpkbldUvB8qdJZSVkvdNtCbhbbl2yJW8';
// valid till 2100 year
const validToken =
  'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0NzA3NjE5NzcsImV4cCI6NDEwMjQ0NDgwMCwiaWF0IjoxNDcwNzYxOTc3LCJqdGkiOiJpZDEyMzQ1NiJ9.M4KY4QgHOUzhpAZjWoHJbGsEJPR-RBsJ1c1BKyxvAoU';

describe('refreshTokenMiddleware', () => {
  let middleware;
  let getState;
  let dispatch;

  const email = 'test@email.com';

  beforeEach(() => {
    sinon
      .stub(authentication, 'requestToken')
      .named('authentication.requestToken');
    sinon.stub(authentication, 'logout').named('authentication.logout');
    sinon.stub(browserHistory, 'push');

    getState = sinon.stub().named('store.getState');
    dispatch = sinon
      .spy(arg => (typeof arg === 'function' ? arg(dispatch, getState) : arg))
      .named('store.dispatch');

    middleware = refreshTokenMiddleware({ getState, dispatch } as any);
  });

  afterEach(() => {
    (authentication.requestToken as any).restore();
    (authentication.logout as any).restore();
    (browserHistory.push as any).restore();
  });

  function assertRelogin() {
    expect(dispatch, 'to have a call satisfying', [
      {
        type: 'auth:setCredentials',
        payload: {
          login: email,
          returnUrl: expect.it('to be a string'),
        },
      },
    ]);

    expect(browserHistory.push, 'to have a call satisfying', ['/login']);
  }

  it('must be till 2100 to test with validToken', () =>
    expect(new Date().getFullYear(), 'to be less than', 2100));

  describe('#before', () => {
    describe('when token expired', () => {
      beforeEach(() => {
        const account = {
          id: 42,
          email,
          token: expiredToken,
          refreshToken,
        };
        getState.returns({
          accounts: {
            active: account.id,
            available: [account],
          },
          auth: {
            credentials: {},
          },
          user: {},
        });
      });

      it('should request new token', () => {
        const data = {
          url: 'foo',
          options: {
            headers: {},
          },
        };

        (authentication.requestToken as any).returns(
          Promise.resolve(validToken),
        );

        return middleware.before(data).then(resp => {
          expect(resp, 'to satisfy', data);

          expect(authentication.requestToken, 'to have a call satisfying', [
            refreshToken,
          ]);
        });
      });

      it('should not apply to refresh-token request', () => {
        const data = { url: '/refresh-token', options: {} };
        const resp = middleware.before(data);

        return expect(resp, 'to be fulfilled with', data).then(() =>
          expect(authentication.requestToken, 'was not called'),
        );
      });

      it('should not auto refresh token if options.token specified', () => {
        const data = {
          url: 'foo',
          options: { token: 'foo' },
        };
        middleware.before(data);

        expect(authentication.requestToken, 'was not called');
      });

      it('should update user with new token', () => {
        const data = {
          url: 'foo',
          options: {
            headers: {},
          },
        };

        (authentication.requestToken as any).returns(
          Promise.resolve(validToken),
        );

        return middleware
          .before(data)
          .then(() =>
            expect(dispatch, 'to have a call satisfying', [
              updateToken(validToken),
            ]),
          );
      });

      it('should relogin if token can not be parsed', () => {
        const account = {
          id: 42,
          email,
          token: 'realy bad token',
          refreshToken,
        };
        getState.returns({
          accounts: {
            active: account.id,
            available: [account],
          },
          auth: {
            credentials: {},
          },
          user: {},
        });

        const req = { url: 'foo', options: {} };

        return expect(middleware.before(req), 'to be rejected with', {
          message: 'Invalid token',
        }).then(() => {
          expect(authentication.requestToken, 'was not called');

          assertRelogin();
        });
      });

      it('should relogin if token request failed', () => {
        (authentication.requestToken as any).returns(Promise.reject());

        return expect(
          middleware.before({ url: 'foo', options: {} }),
          'to be rejected',
        ).then(() => assertRelogin());
      });

      it('should not logout if request failed with 5xx', () => {
        const resp = new InternalServerError({}, { status: 500 });

        (authentication.requestToken as any).returns(Promise.reject(resp));

        return expect(
          middleware.before({ url: 'foo', options: {} }),
          'to be rejected with',
          resp,
        ).then(() =>
          expect(dispatch, 'to have no calls satisfying', [
            { payload: { isGuest: true } },
          ]),
        );
      });
    });

    it('should not be applied if no token', () => {
      getState.returns({
        accounts: {
          active: null,
          available: [],
        },
        user: {},
      });

      const data = {
        url: 'foo',
        options: {},
      };
      const resp = middleware.before(data);

      return expect(resp, 'to be fulfilled with', data).then(() =>
        expect(authentication.requestToken, 'was not called'),
      );
    });
  });

  describe('#catch', () => {
    const expiredResponse = {
      name: 'Unauthorized',
      message: 'Token expired',
      code: 0,
      status: 401,
      type: 'yii\\web\\UnauthorizedHttpException',
    };

    const badTokenReponse = {
      name: 'Unauthorized',
      message: 'You are requesting with an invalid credential.',
      code: 0,
      status: 401,
      type: 'yii\\web\\UnauthorizedHttpException',
    };

    const incorrectTokenReponse = {
      name: 'Unauthorized',
      message: 'Incorrect token',
      code: 0,
      status: 401,
      type: 'yii\\web\\UnauthorizedHttpException',
    };

    let restart;

    beforeEach(() => {
      getState.returns({
        accounts: {
          active: 1,
          available: [
            {
              id: 1,
              email,
              token: 'old token',
              refreshToken,
            },
          ],
        },
        user: {},
      });

      restart = sinon.stub().named('restart');

      (authentication.requestToken as any).returns(Promise.resolve(validToken));
    });

    function assertNewTokenRequest() {
      expect(authentication.requestToken, 'to have a call satisfying', [
        refreshToken,
      ]);
      expect(restart, 'was called');
      expect(dispatch, 'was called');
    }

    it('should request new token if expired', () =>
      expect(
        middleware.catch(expiredResponse, { options: {} }, restart),
        'to be fulfilled',
      ).then(assertNewTokenRequest));

    it('should request new token if invalid credential', () =>
      expect(
        middleware.catch(badTokenReponse, { options: {} }, restart),
        'to be fulfilled',
      ).then(assertNewTokenRequest));

    it('should request new token if token is incorrect', () =>
      expect(
        middleware.catch(incorrectTokenReponse, { options: {} }, restart),
        'to be fulfilled',
      ).then(assertNewTokenRequest));

    it('should relogin if no refreshToken', () => {
      getState.returns({
        accounts: {
          active: 1,
          available: [
            {
              id: 1,
              email,
              refreshToken: null,
            },
          ],
        },
        auth: {
          credentials: {},
        },
        user: {},
      });

      return expect(
        middleware.catch(incorrectTokenReponse, { options: {} }, restart),
        'to be rejected',
      ).then(() => {
        assertRelogin();
      });
    });

    it('should pass the request through if options.token specified', () => {
      const promise = middleware.catch(
        expiredResponse,
        {
          options: {
            token: 'foo',
          },
        },
        restart,
      );

      return expect(promise, 'to be rejected with', expiredResponse).then(
        () => {
          expect(restart, 'was not called');
          expect(authentication.requestToken, 'was not called');
        },
      );
    });

    it('should pass the rest of failed requests through', () => {
      const resp = {};

      const promise = middleware.catch(
        resp,
        {
          options: {},
        },
        restart,
      );

      return expect(promise, 'to be rejected with', resp).then(() => {
        expect(restart, 'was not called');
        expect(authentication.requestToken, 'was not called');
      });
    });
  });
});
Create app namespace for all absolute requires of app modules. Move all packages under packages yarn workspace 2019-12-08 00:32:00 +05:30			`import expect from 'app/test/unexpected';`
#246: remove outdated code from refreshTokenMiddleware 2017-01-06 11:04:39 +05:30			`import sinon from 'sinon';`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
Create app namespace for all absolute requires of app modules. Move all packages under packages yarn workspace 2019-12-08 00:32:00 +05:30			`import refreshTokenMiddleware from 'app/components/user/middlewares/refreshTokenMiddleware';`
			`import { browserHistory } from 'app/services/history';`
			`import * as authentication from 'app/services/api/authentication';`
			`import { InternalServerError } from 'app/services/request';`
			`import { updateToken } from 'app/components/accounts/actions';`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
			`const refreshToken = 'foo';`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`const expiredToken =`
			`'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0NzA3NjE0NDMsImV4cCI6MTQ3MDc2MTQ0MywiaWF0IjoxNDcwNzYxNDQzLCJqdGkiOiJpZDEyMzQ1NiJ9.gWdnzfQQvarGpkbldUvB8qdJZSVkvdNtCbhbbl2yJW8';`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30			`// valid till 2100 year`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`const validToken =`
			`'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0NzA3NjE5NzcsImV4cCI6NDEwMjQ0NDgwMCwiaWF0IjoxNDcwNzYxOTc3LCJqdGkiOiJpZDEyMzQ1NiJ9.M4KY4QgHOUzhpAZjWoHJbGsEJPR-RBsJ1c1BKyxvAoU';`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
			`describe('refreshTokenMiddleware', () => {`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`let middleware;`
			`let getState;`
			`let dispatch;`

			`const email = 'test@email.com';`

			`beforeEach(() => {`
			`sinon`
			`.stub(authentication, 'requestToken')`
			`.named('authentication.requestToken');`
			`sinon.stub(authentication, 'logout').named('authentication.logout');`
			`sinon.stub(browserHistory, 'push');`

			`getState = sinon.stub().named('store.getState');`
			`dispatch = sinon`
			`.spy(arg => (typeof arg === 'function' ? arg(dispatch, getState) : arg))`
			`.named('store.dispatch');`

Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`middleware = refreshTokenMiddleware({ getState, dispatch } as any);`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`});`

			`afterEach(() => {`
Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`(authentication.requestToken as any).restore();`
			`(authentication.logout as any).restore();`
			`(browserHistory.push as any).restore();`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`});`

			`function assertRelogin() {`
			`expect(dispatch, 'to have a call satisfying', [`
			`{`
			`type: 'auth:setCredentials',`
			`payload: {`
			`login: email,`
			`returnUrl: expect.it('to be a string'),`
			`},`
			`},`
			`]);`

			`expect(browserHistory.push, 'to have a call satisfying', ['/login']);`
			`}`

			`it('must be till 2100 to test with validToken', () =>`
			`expect(new Date().getFullYear(), 'to be less than', 2100));`

			`describe('#before', () => {`
			`describe('when token expired', () => {`
			`beforeEach(() => {`
			`const account = {`
Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`id: 42,`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`email,`
			`token: expiredToken,`
			`refreshToken,`
			`};`
			`getState.returns({`
			`accounts: {`
			`active: account.id,`
			`available: [account],`
			`},`
			`auth: {`
			`credentials: {},`
			`},`
			`user: {},`
			`});`
			`});`

			`it('should request new token', () => {`
			`const data = {`
			`url: 'foo',`
			`options: {`
			`headers: {},`
			`},`
			`};`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`(authentication.requestToken as any).returns(`
			`Promise.resolve(validToken),`
			`);`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`return middleware.before(data).then(resp => {`
			`expect(resp, 'to satisfy', data);`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`expect(authentication.requestToken, 'to have a call satisfying', [`
			`refreshToken,`
			`]);`
#48: integrate accounts with app 2016-11-05 15:41:41 +05:30			`});`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`});`
#48: integrate accounts with app 2016-11-05 15:41:41 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`it('should not apply to refresh-token request', () => {`
			`const data = { url: '/refresh-token', options: {} };`
			`const resp = middleware.before(data);`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`return expect(resp, 'to be fulfilled with', data).then(() =>`
			`expect(authentication.requestToken, 'was not called'),`
			`);`
			`});`
#48: initial logic for multy-accounts actions 2016-10-30 17:42:49 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`it('should not auto refresh token if options.token specified', () => {`
			`const data = {`
			`url: 'foo',`
			`options: { token: 'foo' },`
#48: integrate accounts with app 2016-11-05 15:41:41 +05:30			`};`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`middleware.before(data);`

			`expect(authentication.requestToken, 'was not called');`
			`});`
#48: integrate accounts with app 2016-11-05 15:41:41 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`it('should update user with new token', () => {`
			`const data = {`
			`url: 'foo',`
			`options: {`
			`headers: {},`
			`},`
#48: initial logic for multy-accounts actions 2016-10-30 17:42:49 +05:30			`};`

Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`(authentication.requestToken as any).returns(`
			`Promise.resolve(validToken),`
			`);`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30
			`return middleware`
			`.before(data)`
			`.then(() =>`
			`expect(dispatch, 'to have a call satisfying', [`
			`updateToken(validToken),`
			`]),`
			`);`
			`});`

			`it('should relogin if token can not be parsed', () => {`
			`const account = {`
Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`id: 42,`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`email,`
			`token: 'realy bad token',`
			`refreshToken,`
			`};`
			`getState.returns({`
			`accounts: {`
			`active: account.id,`
			`available: [account],`
			`},`
			`auth: {`
			`credentials: {},`
			`},`
			`user: {},`
#48: initial logic for multy-accounts actions 2016-10-30 17:42:49 +05:30			`});`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`const req = { url: 'foo', options: {} };`
#48: initial logic for multy-accounts actions 2016-10-30 17:42:49 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`return expect(middleware.before(req), 'to be rejected with', {`
			`message: 'Invalid token',`
			`}).then(() => {`
			`expect(authentication.requestToken, 'was not called');`
#48: integrate accounts with app 2016-11-05 15:41:41 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`assertRelogin();`
			`});`
			`});`

			`it('should relogin if token request failed', () => {`
Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`(authentication.requestToken as any).returns(Promise.reject());`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30
			`return expect(`
			`middleware.before({ url: 'foo', options: {} }),`
			`'to be rejected',`
			`).then(() => assertRelogin());`
			`});`

			`it('should not logout if request failed with 5xx', () => {`
Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`const resp = new InternalServerError({}, { status: 500 });`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30
Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`(authentication.requestToken as any).returns(Promise.reject(resp));`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30
			`return expect(`
			`middleware.before({ url: 'foo', options: {} }),`
			`'to be rejected with',`
			`resp,`
			`).then(() =>`
			`expect(dispatch, 'to have no calls satisfying', [`
			`{ payload: { isGuest: true } },`
			`]),`
#48: integrate accounts with app 2016-11-05 15:41:41 +05:30			`);`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`});`
			`});`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`it('should not be applied if no token', () => {`
			`getState.returns({`
			`accounts: {`
			`active: null,`
			`available: [],`
			`},`
			`user: {},`
			`});`

			`const data = {`
			`url: 'foo',`
			`options: {},`
			`};`
			`const resp = middleware.before(data);`

			`return expect(resp, 'to be fulfilled with', data).then(() =>`
			`expect(authentication.requestToken, 'was not called'),`
			`);`
			`});`
			`});`

			`describe('#catch', () => {`
			`const expiredResponse = {`
			`name: 'Unauthorized',`
			`message: 'Token expired',`
			`code: 0,`
			`status: 401,`
			`type: 'yii\\web\\UnauthorizedHttpException',`
			`};`

			`const badTokenReponse = {`
			`name: 'Unauthorized',`
			`message: 'You are requesting with an invalid credential.',`
			`code: 0,`
			`status: 401,`
			`type: 'yii\\web\\UnauthorizedHttpException',`
			`};`

			`const incorrectTokenReponse = {`
			`name: 'Unauthorized',`
			`message: 'Incorrect token',`
			`code: 0,`
			`status: 401,`
			`type: 'yii\\web\\UnauthorizedHttpException',`
			`};`

			`let restart;`
#365: Redirect user to login page, when token can not be refreshed. Further improvement of auth errors handling 2017-12-31 00:34:31 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`beforeEach(() => {`
			`getState.returns({`
			`accounts: {`
			`active: 1,`
			`available: [`
			`{`
			`id: 1,`
			`email,`
			`token: 'old token',`
			`refreshToken,`
			`},`
			`],`
			`},`
			`user: {},`
			`});`

			`restart = sinon.stub().named('restart');`

Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`(authentication.requestToken as any).returns(Promise.resolve(validToken));`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`});`

			`function assertNewTokenRequest() {`
			`expect(authentication.requestToken, 'to have a call satisfying', [`
			`refreshToken,`
			`]);`
			`expect(restart, 'was called');`
			`expect(dispatch, 'was called');`
			`}`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`it('should request new token if expired', () =>`
			`expect(`
			`middleware.catch(expiredResponse, { options: {} }, restart),`
			`'to be fulfilled',`
			`).then(assertNewTokenRequest));`

			`it('should request new token if invalid credential', () =>`
			`expect(`
			`middleware.catch(badTokenReponse, { options: {} }, restart),`
			`'to be fulfilled',`
			`).then(assertNewTokenRequest));`

			`it('should request new token if token is incorrect', () =>`
			`expect(`
			`middleware.catch(incorrectTokenReponse, { options: {} }, restart),`
			`'to be fulfilled',`
			`).then(assertNewTokenRequest));`

			`it('should relogin if no refreshToken', () => {`
			`getState.returns({`
			`accounts: {`
			`active: 1,`
			`available: [`
			`{`
			`id: 1,`
			`email,`
			`refreshToken: null,`
			`},`
			`],`
			`},`
			`auth: {`
			`credentials: {},`
			`},`
			`user: {},`
			`});`

			`return expect(`
			`middleware.catch(incorrectTokenReponse, { options: {} }, restart),`
			`'to be rejected',`
			`).then(() => {`
			`assertRelogin();`
			`});`
			`});`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`it('should pass the request through if options.token specified', () => {`
			`const promise = middleware.catch(`
			`expiredResponse,`
			`{`
			`options: {`
			`token: 'foo',`
			`},`
			`},`
			`restart,`
			`);`

			`return expect(promise, 'to be rejected with', expiredResponse).then(`
			`() => {`
			`expect(restart, 'was not called');`
			`expect(authentication.requestToken, 'was not called');`
			`},`
			`);`
			`});`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`it('should pass the rest of failed requests through', () => {`
			`const resp = {};`

			`const promise = middleware.catch(`
			`resp,`
			`{`
			`options: {},`
			`},`
			`restart,`
			`);`

			`return expect(promise, 'to be rejected with', resp).then(() => {`
			`expect(restart, 'was not called');`
			`expect(authentication.requestToken, 'was not called');`
			`});`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30			`});`
Add prettier and re-configure lint according to current best practises 2019-11-27 14:33:32 +05:30			`});`
Add tests for auth middlewares 2016-08-10 00:47:49 +05:30			`});`