Ensure refreshing ID tokens persists

dmurvihill · dmurvihill · commit a372cff4474b · 2019-11-25T17:49:21.000-05:00
- Add new method updateUser to the auth object, so that users can 'phone
  home' about ID token changes
- Move ID token refresh into a publicly-exposed method
- Make sure token refresh phones home
diff --git a/API.md b/API.md
@@ -15,6 +15,7 @@ Only `MockFirebase` methods are included here. For details on normal Firebase AP
   - [`changeAuthState(user)`](#changeauthstateuser---undefined)
   - [`getUserByEmail(email)`](#getuserbyemailemail---promiseobject)
   - [`getUser(uid)`](#getuseruid---promiseobject)
+  - [`updateUser(user)`](#updateuseruser---promiseobject)
 - [Server Timestamps](#server-timestamps)
   - [`setClock(fn)`](#firebasesetclockfn---undefined)
   - [`restoreClock()`](#firebasesetclockfn---undefined)
@@ -220,6 +221,12 @@ Finds a user previously created with [`createUser`](https://www.firebase.com/doc
 
 Finds a user previously created with [`createUser`](https://www.firebase.com/docs/web/api/firebase/createuser.html). If no user was created with the specified `email`, the promise is rejected.
 
+##### `updateUser(user)` -> `Promise<Object>`
+
+Replace the existing user with a new one, by matching uid. Throws an
+error If no user exists whose uid matches the given user's uid. Returns
+the updated user.
+
 ## Server Timestamps
 
 MockFirebase allow you to simulate the behavior of [server timestamps](https://www.firebase.com/docs/web/api/servervalue/timestamp.html) when using a real Firebase instance. Unless you use `Firebase.setClock`, `Firebase.ServerValue.TIMESTAMP` will be transformed to the current date (`Date.now()`) when your data change is flushed.
diff --git a/src/firebase-auth.js b/src/firebase-auth.js
@@ -75,9 +75,7 @@ FirebaseAuth.prototype.getUser = function (uid, onComplete) {
     var user = null;
     err = err || self._validateExistingUid(uid);
     if (!err) {
-      user = _.find(self._auth.users, function(u) {
-        return u.uid == uid;
-      });
+      user = self._getUser(uid);
       if (onComplete) {
         onComplete(err, user.clone());
       }
@@ -91,6 +89,21 @@ FirebaseAuth.prototype.getUser = function (uid, onComplete) {
   });
 };
 
+FirebaseAuth.prototype.updateUser = function (newUser) {
+  const self = this;
+  return new Promise((resolve, reject) => {
+    this._defer('updateUser', _.toArray(arguments), () => {
+      const i = _.findIndex(self._auth.users, u => u.uid === newUser.uid);
+      if (i === -1) {
+        return reject(new Error('Tried to update a nonexistent user'));
+      } else {
+        self._auth.users[i] = newUser.clone();
+        return resolve(newUser);
+      }
+    });
+  });
+};
+
 // number of arguments
 var authMethods = {
   authWithCustomToken: 2,
@@ -205,6 +218,12 @@ FirebaseAuth.prototype._triggerAuthEvent = function () {
   });
 };
 
+FirebaseAuth.prototype._getUser = function (uid) {
+  return _.find(this._auth.users, function(u) {
+    return u.uid === uid;
+  });
+};
+
 FirebaseAuth.prototype.getAuth = function () {
   return this.currentUser;
 };
@@ -279,7 +298,8 @@ FirebaseAuth.prototype._createUser = function (method, credentials, onComplete)
           phoneNumber: credentials.phoneNumber,
           emailVerified: credentials.emailVerified,
           displayName: credentials.displayName,
-          photoURL: credentials.photoURL
+          photoURL: credentials.photoURL,
+          _tokenValidity: credentials._tokenValidity
         });
         self._auth.users.push(user);
         if (onComplete) {
diff --git a/src/user.js b/src/user.js
@@ -142,6 +142,9 @@ MockFirebaseUser.prototype._refreshIdToken = function () {
   this._tokenValidity.issuedAtTime = new Date();
   this._tokenValidity.expirationTime = defaultExpirationTime(new Date());
   this._idtoken = Math.random().toString();
+  return this._auth.updateUser(this)
+    .then(() => this.getIdTokenResult())
+    .catch(() => this.getIdTokenResult());
 };
 
 /** Create a user's internal token validity store
diff --git a/test/unit/auth.js b/test/unit/auth.js
@@ -377,18 +377,33 @@ describe('Auth', function () {
     });
 
     it('creates a new user with preset additional attributes', function () {
-      ref.createUser({
-        uid: 'uid1',
+      const uid = 'uid1';
+      const now = new Date().getTime();
+      const authTime = new Date(now - 1);
+      const issuedAtTime = new Date(now);
+      const expirationTime = new Date(now + 1);
+      ref.autoFlush();
+      return ref.createUser({
+        uid: uid,
         email: 'new1@new1.com',
         password: 'new1',
         displayName: 'new user 1',
         emailVerified: true,
-      }, spy);
-      ref.flush();
-      return Promise.all([
-        expect(ref.getUser('uid1')).to.eventually.have.property('displayName', 'new user 1'),
-        expect(ref.getUser('uid1')).to.eventually.have.property('emailVerified', true),
-      ]);
+        _tokenValidity: {
+          authTime: authTime,
+          issuedAtTime: issuedAtTime,
+          expirationTime: expirationTime,
+        },
+      }).then(() => Promise.all([
+        expect(ref.getUser(uid)).to.eventually.have.property('displayName', 'new user 1'),
+        expect(ref.getUser(uid)).to.eventually.have.property('emailVerified', true),
+        expect(ref.getUser(uid).then(u => u.getIdTokenResult()).then(t => t.authTime))
+          .to.eventually.equal(authTime.toISOString()),
+        expect(ref.getUser(uid).then(u => u.getIdTokenResult()).then(t => t.issuedAtTime))
+          .to.eventually.equal(issuedAtTime.toISOString()),
+        expect(ref.getUser(uid).then(u => u.getIdTokenResult()).then(t => t.expirationTime))
+          .to.eventually.equal(expirationTime.toISOString()),
+        ]));
     });
 
     it('fails if credentials is not an object', function () {
@@ -860,7 +875,113 @@ describe('Auth', function () {
         })).to.be.rejectedWith(Error, 'custom error');
       });
     });
+  });
+
+
+  describe('#updateUser', () => {
+
+    beforeEach(() => {
+      ref.autoFlush();
+    });
+
+    it('should replace the existing user', () => {
+      const uid = 123;
+      const newUser = new User(ref, {
+        uid: uid,
+        email: 'test2@example.com',
+        providerId: 'test-provider-id',
+      });
+      return ref.createUser({
+        uid: uid,
+        email: 'test@example.com',
+      }).then(() => ref.updateUser(newUser))
+        .then(() => ref.getUser(uid))
+        .then(updatedUser => expect(updatedUser).to.deep.equal(newUser));
+    });
 
+    it('should select by uid', () => {
+      const uid = 456;
+      const email = 'newEmail@example.com';
+      return ref.createUser({
+        uid: 123,
+        email: 'test1@example.com',
+      }).then(u1 =>
+        ref.createUser({
+          uid: uid,
+          email: 'test2@example.com',
+        }).then(() => ref.updateUser(new User(ref, {
+          uid: uid,
+          email: email,
+        }))).then(() => Promise.all([
+          expect(ref.getUser(123)).to.eventually.deep.equal(u1),
+          expect(ref.getUser(uid).then(u => u.email))
+            .to.eventually.deep.equal(email),
+        ]))
+      );
+    });
+
+    it('should return the updated user', () => {
+      const uid = 123;
+      const email = 'test2@example.com';
+      const newUser = new User(ref, {
+        uid: uid,
+        email: email,
+      });
+      return ref.createUser({
+        uid: uid,
+        email: 'test1@example.com',
+      }).then(() => ref.updateUser(newUser))
+        .then(rtn => expect(rtn).to.deep.equal(newUser));
+    });
+
+    it('should store a referentially different user from the argument', () => {
+      const uid = 123;
+      const email = 'test2@example.com';
+      const arg = new User(ref, {
+        uid: uid,
+        email: email,
+      });
+      return ref.createUser({
+        uid: uid,
+        email: 'test1@example.com',
+      }).then(() => ref.updateUser(arg))
+        .then(() => {
+          arg.email = 'test3@example.com';
+          return ref.getUser(uid);
+        })
+        .then(newUser => newUser.email)
+        .then(newEmail => expect(newEmail).to.equal(email));
+    });
+
+    it('should reject if the user does not exist', () => {
+      return expect(ref.updateUser(new User(ref, {
+        uid: 123,
+        email: 'test@example.com',
+      }))).to.be.rejectedWith('Tried to update a nonexistent user');
+    });
+
+    it('should wait for flush', () => {
+      const uid = 123;
+      const oldEmail = 'test1@example.com';
+      const newEmail = 'test2@example.com';
+      const newUser = new User(ref, {
+        uid: uid,
+        email: newEmail,
+      });
+      ref.createUser({
+        uid: uid,
+        email: oldEmail,
+      });
+      ref.autoFlush(false);
+      ref.updateUser(newUser);
+      const emailBeforeFlush = ref.getUser(uid).then(u => u.email);
+      ref.flush();
+      const emailAfterFlush = ref.getUser(uid).then(u => u.email);
+      return Promise.all([
+        expect(emailBeforeFlush).to.eventually.equal(oldEmail),
+        expect(emailAfterFlush).to.eventually.equal(newEmail),
+      ]);
+    });
   });
 
 });
diff --git a/test/unit/user.js b/test/unit/user.js
@@ -357,61 +357,105 @@ describe('User', function() {
     });
 
     describe('with forceRefresh', () => {
-      it('persists the new token', () => {
-        const user = new User(auth, {
-          _tokenValidity: {
-            authTime: new Date(randomPastTimestamp()),
-          },
-        });
-        return expect(user.getIdTokenResult(true)
-          .then(_t1 => {
-            const t1 = _cloneDeep(_t1);
-            return user.getIdTokenResult(false).then(t2 =>
-              _isEqual(t1, t2)
-            );
-          })
-        ).to.eventually.equal(true);
+
+      it('should refresh the ID token', () => {
+        const user = new User(auth, {_tokenValidity: {},});
+        const refreshIdToken = sinon.spy(user, '_refreshIdToken');
+        return user.getIdTokenResult(true)
+          .then(() => expect(refreshIdToken.called).to.be.true);
       });
+    });
+  });
 
-      it('should use authTime from previous token', () => {
-        const authTime = new Date(randomPastTimestamp());
-        const user = new User(auth, {
-          _tokenValidity:
-            {authTime: authTime},
-        });
-        return expect(user.getIdTokenResult(true).then(r => r.authTime))
-          .to.eventually.equal(authTime.toISOString());
+  describe('#_refreshIdToken', () => {
+
+    let now;
+    let clock;
+
+    beforeEach(() => {
+      auth.autoFlush();
+      now = randomTimestamp();
+      clock = sinon.useFakeTimers(now);
+    });
+
+    afterEach(() => {
+      clock.restore();
+    });
+
+    it('should return a new token result', () => {
+      const user = new User(auth, {_tokenValidity: {},});
+      return expect(user.getIdToken(false)
+        .then(oldToken => user._refreshIdToken()
+          .then(newTokenResult => oldToken === newTokenResult.token)
+        )
+      ).to.eventually.equal(false);
+    });
+
+    it('should persist the new token result', () => {
+      const user = new User(auth, {
+        _tokenValidity: {
+          authTime: new Date(randomPastTimestamp()),
+        },
       });
+      return expect(user._refreshIdToken()
+        .then(_t1 => {
+          const t1 = _cloneDeep(_t1);
+          return user.getIdTokenResult().then(t2 =>
+            _isEqual(t1, t2)
+          );
+        })
+      ).to.eventually.equal(true);
+    });
 
-      it('should use current time as issuance time', () => {
-        const user = new User(auth, {
-          _tokenValidity: {
-            authTime: new Date(randomPastTimestamp()),
-          }
-        });
-        return expect(user.getIdTokenResult(true).then(r => r.issuedAtTime))
-          .to.eventually.equal(now.toISOString());
+    it('should use the previous token\'s authTime by default', () => {
+      const authTime = new Date(randomPastTimestamp());
+      const user = new User(auth, {
+        _tokenValidity: {
+          authTime: authTime,
+        },
       });
+      return expect(user._refreshIdToken().then(r => r.authTime))
+        .to.eventually.equal(authTime.toISOString());
+    });
 
-      it('should expire one hour after issuance', () => {
-        const user = new User(auth, {
-          _tokenValidity: {
-            authTime: new Date(randomPastTimestamp()),
-          },
-        });
-        const expTime = new Date(now.getTime() + 3600000);
-        return expect(user.getIdTokenResult(true).then(r => r.expirationTime))
-          .to.eventually.equal(expTime.toISOString());
+    it('should use current time as new issuance time by default', () => {
+      const authTime = new Date(randomPastTimestamp());
+      const user = new User(auth, {
+        _tokenValidity: {
+          authTime: authTime,
+        },
       });
+      return expect(user._refreshIdToken().then(r => r.issuedAtTime))
+        .to.eventually.equal(new Date(now).toISOString());
+    });
 
-      it('should generate a new token', () => {
-        const user = new User(auth, {_tokenValidity: {},});
-        return expect(user.getIdToken(false)
-          .then(oldToken => user.getIdTokenResult(true)
-            .then(newTokenResult => oldToken === newTokenResult.token)
-          )
-        ).to.eventually.equal(false);
+    it('should expire one hour after issuance by default', () => {
+      const authTime = new Date(randomPastTimestamp());
+      const user = new User(auth, {
+        _tokenValidity: {
+          authTime: authTime,
+        },
       });
+      return expect(user._refreshIdToken().then(r => r.expirationTime))
+        .to.eventually.equal(new Date(now + 3600000).toISOString());
+    });
+
+
+    it('should update the upstream user if there is one', () => {
+      const uid = 123;
+      return auth.createUser({
+        uid: uid,
+        email: 'me@example.com',
+      }).then(user =>
+        expect(user._refreshIdToken()
+          .then(() => auth.getUser(uid))
+        ).to.eventually.deep.equal(user)
+      );
+    });
+
+    it('should accept missing upstream users', () => {
+      const user = new User(auth, {_tokenValidity: {},});
+      return expect(user._refreshIdToken()).not.to.be.rejected;
     });
   });
 });
