Skip to content

Commit fc3f9e6

Browse files
lmajanolmajano
authored
Merge pull request #58 from lanechase34/jwthandler-exceptionfix
JWT Handler Add missing TokenRejectionException
2 parents 2670aca + b14258f commit fc3f9e6

File tree

2 files changed

+18
-25
lines changed

2 files changed

+18
-25
lines changed

handlers/Jwt.cfc

Lines changed: 7 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -14,13 +14,7 @@ component extends="coldbox.system.RestHandler" {
1414
function refreshToken( event, rc, prc ){
1515
// If endpoint not enabled, just 404 it
1616
if ( !variables.jwtService.getSettings().jwt.enableRefreshEndpoint ) {
17-
event
18-
.getResponse()
19-
.setErrorMessage(
20-
"Refresh Token Endpoint Disabled",
21-
404,
22-
"Disabled"
23-
);
17+
event.getResponse().setErrorMessage( "Refresh Token Endpoint Disabled", 404 );
2418
return;
2519
}
2620

@@ -33,31 +27,20 @@ component extends="coldbox.system.RestHandler" {
3327
.setData( prc.newTokens )
3428
.addMessage( "Tokens refreshed! The passed in refresh token has been invalidated" );
3529
} catch ( RefreshTokensNotActive e ) {
36-
event.getResponse().setErrorMessage( "Refresh Tokens Not Active", 404, "Disabled" );
30+
event.getResponse().setErrorMessage( "Refresh Tokens Not Active", 404 );
3731
} catch ( TokenNotFoundException e ) {
3832
event
3933
.getResponse()
4034
.setErrorMessage(
4135
"The refresh token was not passed via the header or the rc. Cannot refresh the unrefreshable!",
42-
400,
43-
"Missing refresh token"
36+
400
4437
);
4538
} catch ( TokenInvalidException e ) {
46-
event
47-
.getResponse()
48-
.setErrorMessage(
49-
"Invalid Token - #e.message#",
50-
401,
51-
"Invalid Token"
52-
);
39+
event.getResponse().setErrorMessage( "Invalid Token", 401 );
5340
} catch ( TokenExpiredException e ) {
54-
event
55-
.getResponse()
56-
.setErrorMessage(
57-
"Token Expired - #e.message#",
58-
400,
59-
"Token Expired"
60-
);
41+
event.getResponse().setErrorMessage( "Token Expired", 400 );
42+
} catch ( TokenRejectionException e ) {
43+
event.getResponse().setErrorMessage( "Invalid Token", 401 );
6144
}
6245
}
6346

test-harness/tests/specs/integration/JWTSpec.cfc

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -188,11 +188,21 @@ component extends="coldbox.system.testing.BaseTestCase" appMapping="/root" {
188188
} );
189189
given( "An activated endpoint and an invalid refresh token", function(){
190190
then( "it should kick me out", function(){
191+
var oUser = variables.userService.retrieveUserByUsername( "test" );
192+
var tokens = variables.jwtService.fromUser( oUser );
191193
variables.jwtService.getSettings().jwt.enableRefreshEndpoint = true;
194+
195+
// Force invalidate the refresh token
196+
variables.jwtService.invalidate( tokens.refresh_token );
197+
192198
var event = this.post(
193199
"/cbsecurity/refreshtoken",
194-
{ "x-refresh-token" : variables.invalid_token }
200+
{ "x-refresh-token" : tokens.refresh_token }
195201
);
202+
203+
var jsonResponse = deserializeJSON( event.getRenderedContent() );
204+
expect( jsonResponse.messages[ 1 ] ).toBe( event.getResponse().getMessagesString() );
205+
196206
expect( event.getResponse().getStatusCode() ).toBe(
197207
401,
198208
event.getResponse().getMessagesString()

0 commit comments

Comments
 (0)