Disable bearer header for refresh-token request

This commit is contained in:
SleepWalker 2016-12-12 22:07:49 +02:00
parent b017147359
commit 7374ac3564
4 changed files with 77 additions and 10 deletions
src
components/user/middlewares
services/api
tests
components/user/middlewares
services/api

@ -1,6 +1,9 @@
/** /**
* Applies Bearer header for all requests * Applies Bearer header for all requests
* *
* req.options.token is used to override current token.
* Pass null to disable bearer header at all
*
* @param {object} store - redux store * @param {object} store - redux store
* @param {function} store.getState * @param {function} store.getState
* *
@ -13,7 +16,7 @@ export default function bearerHeaderMiddleware({getState}) {
let {token} = accounts.active ? accounts.active : user; let {token} = accounts.active ? accounts.active : user;
if (req.options.token) { if (req.options.token || req.options.token === null) {
token = req.options.token; token = req.options.token;
} }

@ -86,7 +86,8 @@ const authentication = {
requestToken(refreshToken) { requestToken(refreshToken) {
return request.post( return request.post(
'/api/authentication/refresh-token', '/api/authentication/refresh-token',
{refresh_token: refreshToken} {refresh_token: refreshToken}, // eslint-disable-line
{token: null}
).then((resp) => ({ ).then((resp) => ({
token: resp.access_token token: resp.access_token
})); }));

@ -22,30 +22,44 @@ describe('bearerHeaderMiddleware', () => {
}); });
it('should set Authorization header', () => { it('should set Authorization header', () => {
const data = { let data = {
options: { options: {
headers: {} headers: {}
} }
}; };
middleware.before(data); data = middleware.before(data);
expectBearerHeader(data, token); expectBearerHeader(data, token);
}); });
it('overrides user.token with options.token if available', () => { it('overrides user.token with options.token if available', () => {
const tokenOverride = 'tokenOverride'; const tokenOverride = 'tokenOverride';
const data = { let data = {
options: { options: {
headers: {}, headers: {},
token: tokenOverride token: tokenOverride
} }
}; };
middleware.before(data); data = middleware.before(data);
expectBearerHeader(data, tokenOverride); expectBearerHeader(data, tokenOverride);
}); });
it('disables token if options.token is null', () => {
const tokenOverride = null;
let data = {
options: {
headers: {},
token: tokenOverride
}
};
data = middleware.before(data);
expect(data.options.headers.Authorization, 'to be undefined');
});
}); });
describe('when legacy token available', () => { describe('when legacy token available', () => {
@ -58,13 +72,13 @@ describe('bearerHeaderMiddleware', () => {
}); });
it('should set Authorization header', () => { it('should set Authorization header', () => {
const data = { let data = {
options: { options: {
headers: {} headers: {}
} }
}; };
middleware.before(data); data = middleware.before(data);
expectBearerHeader(data, token); expectBearerHeader(data, token);
}); });
@ -77,13 +91,13 @@ describe('bearerHeaderMiddleware', () => {
}) })
}); });
const data = { let data = {
options: { options: {
headers: {} headers: {}
} }
}; };
middleware.before(data); data = middleware.before(data);
expect(data.options.headers.Authorization, 'to be undefined'); expect(data.options.headers.Authorization, 'to be undefined');
}); });

@ -1,4 +1,5 @@
import expect from 'unexpected'; import expect from 'unexpected';
import sinon from 'sinon';
import request from 'services/request'; import request from 'services/request';
import authentication from 'services/api/authentication'; import authentication from 'services/api/authentication';
@ -121,4 +122,52 @@ describe('authentication api', () => {
]); ]);
}); });
}); });
describe('#requestToken', () => {
const refreshToken = 'refresh-token';
beforeEach(() => {
sinon.stub(request, 'post').named('request.post');
});
afterEach(() => {
request.post.restore();
});
it('should request refresh-token api', () => {
request.post.returns(Promise.resolve({}));
authentication.requestToken(refreshToken);
expect(request.post, 'to have a call satisfying', [
'/api/authentication/refresh-token', {
refresh_token: refreshToken // eslint-disable-line
}, {}
]);
});
it('should disable bearer auth for request', () => {
request.post.returns(Promise.resolve({}));
authentication.requestToken(refreshToken);
expect(request.post, 'to have a call satisfying', [
'/api/authentication/refresh-token', {
refresh_token: refreshToken // eslint-disable-line
}, {token: null}
]);
});
it('should resolve with token', () => {
const token = 'token';
request.post.returns(Promise.resolve({
access_token: token // eslint-disable-line
}));
return expect(authentication.requestToken(refreshToken),
'to be fulfilled with', {token}
);
});
});
}); });