Skip to content

C
coopwire-hypothesis
Commit 8620bf98 authored by Robert Knight's avatar Robert Knight Committed by GitHub
Browse files
Options

Merge pull request #219 from hypothesis/dont-reuse-oauth-grant-tokens 

Don't reuse OAuth grant tokens
parents 7f75f29e d0bfcce7
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 30 deletions
src/sidebar/oauth-auth.js
View file @ 8620bf98
...@@ -16,11 +16,6 @@ function auth($http, settings) { ...@@ -16,11 +16,6 @@ function auth($http, settings) {
var cachedToken; var cachedToken;
var tokenUrl = resolve('token', settings.apiUrl); var tokenUrl = resolve('token', settings.apiUrl);
var grantToken;
if (Array.isArray(settings.services) && settings.services.length > 0) {
grantToken = settings.services[0].grantToken;
}
// Exchange the JWT grant token for an access token. // Exchange the JWT grant token for an access token.
// See https://tools.ietf.org/html/rfc7523#section-4 // See https://tools.ietf.org/html/rfc7523#section-4
function exchangeToken(grantToken) { function exchangeToken(grantToken) {
...@@ -41,21 +36,25 @@ function auth($http, settings) { ...@@ -41,21 +36,25 @@ function auth($http, settings) {
} }
function tokenGetter() { function tokenGetter() {
// performance.now() is used instead of Date.now() because it is if (cachedToken) {
// monotonically increasing.
if (cachedToken && cachedToken.expiresAt > performance.now()) {
return Promise.resolve(cachedToken.token); return Promise.resolve(cachedToken.token);
} else if (grantToken) { } else {
var refreshStart = performance.now(); var grantToken;
if (Array.isArray(settings.services) && settings.services.length > 0) {
grantToken = settings.services[0].grantToken;
}
if (!grantToken) {
return Promise.resolve(null);
}
return exchangeToken(grantToken).then(function (tokenInfo) { return exchangeToken(grantToken).then(function (tokenInfo) {
cachedToken = { cachedToken = {
token: tokenInfo.access_token, token: tokenInfo.access_token,
expiresAt: refreshStart + tokenInfo.expires_in * 1000,
}; };
return cachedToken.token; return cachedToken.token;
}); });
} else {
return Promise.resolve(null);
} }
} }
......
src/sidebar/test/oauth-auth-test.js
View file @ 8620bf98
...@@ -84,22 +84,5 @@ describe('oauth auth', function () { ...@@ -84,22 +84,5 @@ describe('oauth auth', function () {
assert.equal(token, null); assert.equal(token, null);
}); });
}); });
it('should refresh the access token if it has expired', function () {
return auth.tokenGetter().then(function () {
var now = performance.now();
nowStub.returns(now + DEFAULT_TOKEN_EXPIRES_IN_SECS * 1000 + 100);
fakeHttp.post.returns(Promise.resolve({
status: 200,
data: {
access_token: 'a-different-access-token',
expires_in: DEFAULT_TOKEN_EXPIRES_IN_SECS,
},
}));
return auth.tokenGetter();
}).then(function (token) {
assert.equal(token, 'a-different-access-token');
});
});
}); });
}); });
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment