mirror of
https://github.com/bitwarden/browser.git
synced 2024-12-21 16:18:28 +01:00
Auth/PM-7092 - Fix CLI login via API key not working due to TokenService changes (#8499)
* PM-7092 - Fix CLI login via API key not working (it apparently receives an undefined refresh token which was rejected by setTokens) * PM-7092 - Fix base login strategy tests * PM-7092 - per discucssion with jake, refactor setTokens to accept optional refresh token instead of exposing setRefreshToken as public.
This commit is contained in:
parent
d9bec7f984
commit
8cdc94076e
@ -186,9 +186,9 @@ describe("LoginStrategy", () => {
|
||||
|
||||
expect(tokenService.setTokens).toHaveBeenCalledWith(
|
||||
accessToken,
|
||||
refreshToken,
|
||||
mockVaultTimeoutAction,
|
||||
mockVaultTimeout,
|
||||
refreshToken,
|
||||
);
|
||||
|
||||
expect(stateService.addAccount).toHaveBeenCalledWith(
|
||||
|
@ -182,9 +182,9 @@ export abstract class LoginStrategy {
|
||||
// User id will be derived from the access token.
|
||||
await this.tokenService.setTokens(
|
||||
tokenResponse.accessToken,
|
||||
tokenResponse.refreshToken,
|
||||
vaultTimeoutAction as VaultTimeoutAction,
|
||||
vaultTimeout,
|
||||
tokenResponse.refreshToken, // Note: CLI login via API key sends undefined for refresh token.
|
||||
);
|
||||
|
||||
await this.stateService.addAccount(
|
||||
|
@ -10,17 +10,18 @@ export abstract class TokenService {
|
||||
* Note 2: this method also enforces always setting the access token and the refresh token together as
|
||||
* we can retrieve the user id required to set the refresh token from the access token for efficiency.
|
||||
* @param accessToken The access token to set.
|
||||
* @param refreshToken The refresh token to set.
|
||||
* @param clientIdClientSecret The API Key Client ID and Client Secret to set.
|
||||
* @param vaultTimeoutAction The action to take when the vault times out.
|
||||
* @param vaultTimeout The timeout for the vault.
|
||||
* @param refreshToken The optional refresh token to set. Note: this is undefined when using the CLI Login Via API Key flow
|
||||
* @param clientIdClientSecret The API Key Client ID and Client Secret to set.
|
||||
*
|
||||
* @returns A promise that resolves when the tokens have been set.
|
||||
*/
|
||||
setTokens: (
|
||||
accessToken: string,
|
||||
refreshToken: string,
|
||||
vaultTimeoutAction: VaultTimeoutAction,
|
||||
vaultTimeout: number | null,
|
||||
refreshToken?: string,
|
||||
clientIdClientSecret?: [string, string],
|
||||
) => Promise<void>;
|
||||
|
||||
|
@ -991,6 +991,7 @@ describe("TokenService", () => {
|
||||
refreshToken,
|
||||
VaultTimeoutAction.Lock,
|
||||
null,
|
||||
null,
|
||||
);
|
||||
// Assert
|
||||
await expect(result).rejects.toThrow("User id not found. Cannot save refresh token.");
|
||||
@ -1854,7 +1855,7 @@ describe("TokenService", () => {
|
||||
|
||||
// Act
|
||||
// Note: passing a valid access token so that a valid user id can be determined from the access token
|
||||
await tokenService.setTokens(accessTokenJwt, refreshToken, vaultTimeoutAction, vaultTimeout, [
|
||||
await tokenService.setTokens(accessTokenJwt, vaultTimeoutAction, vaultTimeout, refreshToken, [
|
||||
clientId,
|
||||
clientSecret,
|
||||
]);
|
||||
@ -1901,7 +1902,7 @@ describe("TokenService", () => {
|
||||
tokenService.setClientSecret = jest.fn();
|
||||
|
||||
// Act
|
||||
await tokenService.setTokens(accessTokenJwt, refreshToken, vaultTimeoutAction, vaultTimeout);
|
||||
await tokenService.setTokens(accessTokenJwt, vaultTimeoutAction, vaultTimeout, refreshToken);
|
||||
|
||||
// Assert
|
||||
expect((tokenService as any)._setAccessToken).toHaveBeenCalledWith(
|
||||
@ -1933,9 +1934,9 @@ describe("TokenService", () => {
|
||||
// Act
|
||||
const result = tokenService.setTokens(
|
||||
accessToken,
|
||||
refreshToken,
|
||||
vaultTimeoutAction,
|
||||
vaultTimeout,
|
||||
refreshToken,
|
||||
);
|
||||
|
||||
// Assert
|
||||
@ -1952,32 +1953,27 @@ describe("TokenService", () => {
|
||||
// Act
|
||||
const result = tokenService.setTokens(
|
||||
accessToken,
|
||||
refreshToken,
|
||||
vaultTimeoutAction,
|
||||
vaultTimeout,
|
||||
refreshToken,
|
||||
);
|
||||
|
||||
// Assert
|
||||
await expect(result).rejects.toThrow("Access token and refresh token are required.");
|
||||
await expect(result).rejects.toThrow("Access token is required.");
|
||||
});
|
||||
|
||||
it("should throw an error if the refresh token is missing", async () => {
|
||||
it("should not throw an error if the refresh token is missing and it should just not set it", async () => {
|
||||
// Arrange
|
||||
const accessToken = "accessToken";
|
||||
const refreshToken: string = null;
|
||||
const vaultTimeoutAction = VaultTimeoutAction.Lock;
|
||||
const vaultTimeout = 30;
|
||||
(tokenService as any).setRefreshToken = jest.fn();
|
||||
|
||||
// Act
|
||||
const result = tokenService.setTokens(
|
||||
accessToken,
|
||||
refreshToken,
|
||||
vaultTimeoutAction,
|
||||
vaultTimeout,
|
||||
);
|
||||
await tokenService.setTokens(accessTokenJwt, vaultTimeoutAction, vaultTimeout, refreshToken);
|
||||
|
||||
// Assert
|
||||
await expect(result).rejects.toThrow("Access token and refresh token are required.");
|
||||
expect((tokenService as any).setRefreshToken).not.toHaveBeenCalled();
|
||||
});
|
||||
});
|
||||
|
||||
|
@ -149,13 +149,13 @@ export class TokenService implements TokenServiceAbstraction {
|
||||
|
||||
async setTokens(
|
||||
accessToken: string,
|
||||
refreshToken: string,
|
||||
vaultTimeoutAction: VaultTimeoutAction,
|
||||
vaultTimeout: number | null,
|
||||
refreshToken?: string,
|
||||
clientIdClientSecret?: [string, string],
|
||||
): Promise<void> {
|
||||
if (!accessToken || !refreshToken) {
|
||||
throw new Error("Access token and refresh token are required.");
|
||||
if (!accessToken) {
|
||||
throw new Error("Access token is required.");
|
||||
}
|
||||
|
||||
// get user id the access token
|
||||
@ -166,7 +166,11 @@ export class TokenService implements TokenServiceAbstraction {
|
||||
}
|
||||
|
||||
await this._setAccessToken(accessToken, vaultTimeoutAction, vaultTimeout, userId);
|
||||
await this.setRefreshToken(refreshToken, vaultTimeoutAction, vaultTimeout, userId);
|
||||
|
||||
if (refreshToken) {
|
||||
await this.setRefreshToken(refreshToken, vaultTimeoutAction, vaultTimeout, userId);
|
||||
}
|
||||
|
||||
if (clientIdClientSecret != null) {
|
||||
await this.setClientId(clientIdClientSecret[0], vaultTimeoutAction, vaultTimeout, userId);
|
||||
await this.setClientSecret(clientIdClientSecret[1], vaultTimeoutAction, vaultTimeout, userId);
|
||||
|
@ -1780,9 +1780,9 @@ export class ApiService implements ApiServiceAbstraction {
|
||||
|
||||
await this.tokenService.setTokens(
|
||||
tokenResponse.accessToken,
|
||||
tokenResponse.refreshToken,
|
||||
vaultTimeoutAction as VaultTimeoutAction,
|
||||
vaultTimeout,
|
||||
tokenResponse.refreshToken,
|
||||
);
|
||||
} else {
|
||||
const error = await this.handleError(response, true, true);
|
||||
|
@ -52,7 +52,7 @@ export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceA
|
||||
|
||||
await this.stateService.setVaultTimeoutAction(action);
|
||||
|
||||
await this.tokenService.setTokens(accessToken, refreshToken, action, timeout, [
|
||||
await this.tokenService.setTokens(accessToken, action, timeout, refreshToken, [
|
||||
clientId,
|
||||
clientSecret,
|
||||
]);
|
||||
|
Loading…
Reference in New Issue
Block a user