Merge pull request #216 from hypothesis/dont-delete-cached-oauth-access-token

Don't delete cached OAuth access token

Merge pull request #216 from hypothesis/dont-delete-cached-oauth-access-token
Don't delete cached OAuth access token
0e8e035f · Robert Knight · GitHub · 480e1bae · dbf5d781 · 0e8e035f
Commit 0e8e035f authored Feb 08, 2017 by Robert Knight Committed by GitHub Feb 08, 2017
Showing with 29 additions and 18 deletions

oauth-auth.js src/sidebar/oauth-auth.js +4 -1

session.js src/sidebar/session.js +14 -5

oauth-auth-test.js src/sidebar/test/oauth-auth-test.js +0 -12

session-test.js src/sidebar/test/session-test.js +11 -0

No files found.
--- a/src/sidebar/oauth-auth.js
+++ b/src/sidebar/oauth-auth.js
@@ -59,8 +59,11 @@ function auth($http, settings) {
    }
  }

+  // clearCache() isn't implemented (or needed) yet for OAuth.
+  // In the future, for example when OAuth-authenticated users can login and
+  // logout of the client, this clearCache() will need to clear the access
+  // token and cancel any scheduled refresh token requests.
  function clearCache() {
-    cachedToken = null;
  }

  return {

--- a/src/sidebar/session.js
+++ b/src/sidebar/session.js
@@ -59,6 +59,16 @@ function session($http, $resource, $rootScope, annotationUI, auth,
  var lastLoad;
  var lastLoadTime;

+
+  // Return the authority from the first service defined in the settings.
+  // Return null if there are no services defined in the settings.
+  function getAuthority() {
+    if (Array.isArray(settings.services) && settings.services.length > 0) {
+      return settings.services[0].authority;
+    }
+    return null;
+  }
+
  /**
   * @name session.load()
   * @description Fetches the session data from the server.
@@ -79,10 +89,7 @@ function session($http, $resource, $rootScope, annotationUI, auth,
      // the /app endpoint.
      lastLoadTime = Date.now();
      lastLoad = retryUtil.retryPromiseOperation(function () {
-        var authority;
-        if (Array.isArray(settings.services) && settings.services.length > 0) {
-          authority = settings.services[0].authority;
-        }
+        var authority = getAuthority();
        if (authority) {
          return store.profile.read({authority: authority}).then(update);
        } else {
@@ -138,7 +145,9 @@ function session($http, $resource, $rootScope, annotationUI, auth,
    lastLoadTime = Date.now();

    if (userChanged) {
+      if (!getAuthority()) {
        auth.clearCache();
+      }

      $rootScope.$broadcast(events.USER_CHANGED, {
        initialLoad: isInitialLoad,

--- a/src/sidebar/test/oauth-auth-test.js
+++ b/src/sidebar/test/oauth-auth-test.js
@@ -90,16 +90,4 @@ describe('oauth auth', function () {
      });
    });
  });
-
-  describe('#clearCache', function () {
-    it('should clear cached tokens', function () {
-      return auth.tokenGetter().then(function () {
-        fakeHttp.post.reset();
-        auth.clearCache();
-        return auth.tokenGetter();
-      }).then(function () {
-        assert.calledOnce(fakeHttp.post);
-      });
-    });
-  });
 });
--- a/src/sidebar/test/session-test.js
+++ b/src/sidebar/test/session-test.js
@@ -263,6 +263,17 @@ describe('session', function () {
        id: 'anne',
      });
    });
+
+    it('does not clear the access token when the host page provides a grant token', function () {
+      fakeSettings.services = [{
+        authority: 'publisher.org',
+        grantToken: 'a.jwt.token',
+      }];
+
+      session.update({userid: 'different-user', csrf: 'dummytoken'});
+
+      assert.notCalled(fakeAuth.clearCache);
+    });
  });

  describe('#dismissSidebarTutorial()', function () {