Add getIdTokenResult method to mock User

This commit ensures mock users are created with a correspondng
IdTokenResult and adds the proper Firebase SDK method to retrieve it.
I've taken care to synchronize the new method with 'getIdToken'.

Author: dmurvihill

src/user.js

@@ -6,7 +6,10 @@ var Promise = require('rsvp').Promise;
 function MockFirebaseUser(ref, data) {
   this._auth = ref;
   this._idtoken = Math.random().toString();
-  this.customClaims = {};
+  this._tokenValidity = _tokenValidity(
+    data._tokenValidity ? data._tokenValidity : {}
+  );
+  this.customClaims = data.customClaims || {};
   this.uid = data.uid;
   this.email = data.email;
   this.password = data.password;
@@ -21,6 +24,15 @@ function MockFirebaseUser(ref, data) {
   this.refreshToken = data.refreshToken;
 }
 
+MockFirebaseUser.msg_tokenExpiresBeforeIssuance =
+    'Auth token expires before it is issued';
+MockFirebaseUser.msg_tokenIssuedBeforeAuth =
+    'Auth token was issued before the user authenticated';
+MockFirebaseUser.msg_tokenAuthedInTheFuture =
+    'Auth token shows user authenticating in the future';
+MockFirebaseUser.msg_tokenIssuedInTheFuture =
+    'Auth token was issued in the future';
+
 MockFirebaseUser.prototype.clone = function () {
   var user = new MockFirebaseUser(this._auth, this);
   user._idtoken = this._idtoken;
@@ -105,10 +117,62 @@ MockFirebaseUser.prototype.getIdToken = function (forceRefresh) {
   var self = this;
   return new Promise(function(resolve) {
     if (forceRefresh) {
-      self._idtoken = Math.random().toString();
+        self._refreshIdToken();
     }
     resolve(self._idtoken);
   });
 };
 
+MockFirebaseUser.prototype.getIdTokenResult = function (forceRefresh) {
+  if (forceRefresh) {
+    this._refreshIdToken();
+  }
+
+  return Promise.resolve({
+    authTime: this._tokenValidity.authTime.toISOString(),
+    issuedAtTime: this._tokenValidity.issuedAtTime.toISOString(),
+    expirationTime: this._tokenValidity.expirationTime.toISOString(),
+    signInProvider: this.providerId || null,
+    claims: this.customClaims,
+    token: this._idtoken,
+  });
+};
+
+MockFirebaseUser.prototype._refreshIdToken = function () {
+  this._tokenValidity.issuedAtTime = new Date();
+  this._tokenValidity.expirationTime = defaultExpirationTime(new Date());
+  this._idtoken = Math.random().toString();
+};
+
+/** Create a user's internal token validity store
+ *
+ * @param data the `data.idTokenResult` object from the User constructor
+ * @return object that is to become the User's _tokenValidity member
+ */
+function _tokenValidity(data) {
+  const now = new Date();
+  const authTime = data.authTime ?
+    data.authTime : new Date();
+  const issuedTime = data.issuedAtTime || new Date(authTime.getTime());
+  const expirationTime = data.expirationTime ?
+      data.expirationTime : defaultExpirationTime(issuedTime);
+  if (expirationTime < issuedTime) {
+    throw new Error(MockFirebaseUser.msg_tokenExpiresBeforeIssuance);
+  } else if (issuedTime < authTime) {
+    throw new Error(MockFirebaseUser.msg_tokenIssuedBeforeAuth);
+  } else if (now < authTime) {
+    throw new Error(MockFirebaseUser.msg_tokenAuthedInTheFuture);
+  } else if (now < issuedTime) {
+    throw new Error(MockFirebaseUser.msg_tokenIssuedInTheFuture);
+  } else return {
+    authTime: authTime,
+    issuedAtTime: issuedTime,
+    expirationTime: expirationTime,
+  };
+}
+
+function defaultExpirationTime(issuedTime) {
+  return new Date(issuedTime.getTime() + 3600000);
+}
+
 module.exports = MockFirebaseUser;

test/unit/user.js

@@ -1,15 +1,73 @@
 'use strict';
 
-var expect   = require('chai').use(require('sinon-chai')).expect;
-var sinon    = require('sinon');
-var User = require('../../src/user');
-var Firebase = require('../../').MockFirebase;
-
-describe('User', function () {
-  var auth;
-  beforeEach(function () {
+const expect = require('chai').use(require('sinon-chai')).expect;
+const sinon = require('sinon');
+const User = require('../../src/user');
+const Firebase = require('../../').MockFirebase;
+const _isEqual = require('lodash.isequal');
+const _cloneDeep = require('lodash.clonedeep');
+
+describe('User', function() {
+  let auth;
+  let now;
+  let clock;
+
+  beforeEach(function() {
     auth = new Firebase().child('data');
     auth.autoFlush();
+    now = new Date(randomTimestamp());
+    clock = sinon.useFakeTimers(now);
+  });
+
+  afterEach(() => {
+    clock.restore();
+  });
+
+  describe('#constructor', function() {
+
+    it('should reject ID tokens that expire before the issuance time', () => {
+      expect(() => {
+        const t = randomTimestamp();
+        new User(auth, {
+          _tokenValidity: {
+            authTime: new Date(t - 2),
+            issuedAtTime: new Date(t),
+            expirationTime: new Date(t - 1),
+          }
+        });
+      }).to.throw(User.msg_tokenExpiresBeforeIssuance);
+    });
+
+    it('should reject ID tokens that are issued before the auth time', () => {
+      expect(() => {
+        const t = randomTimestamp();
+        new User(auth, {
+          _tokenValidity: {
+            authTime: new Date(t),
+            issuedAtTime: new Date(t - 1),
+          }
+        });
+      }).to.throw(User.msg_tokenIssuedBeforeAuth);
+    });
+
+    it('should reject ID tokens that are issued in the future', () => {
+      expect(() => new User(auth, {
+        _tokenValidity: {
+          authTime: new Date(now.getTime() - 1),
+          issuedAtTime: new Date(now.getTime() + 1),
+        },
+      })).to.throw(User.msg_tokenIssuedInTheFuture);
+    });
+
+    it('should reject ID tokens that show the user authenticating in the future', () => {
+      expect(() => {
+        new User(auth, {
+          _tokenValidity: {
+            authTime: new Date(now.getTime() + 1),
+          },
+        });
+      }).to.throw(User.msg_tokenAuthedInTheFuture);
+    });
   });
 
   describe('#delete', function() {
@@ -135,9 +193,222 @@ describe('User', function () {
     });
 
     it('should refresh token', function() {
-      var user = new User(auth, {});
-      var token = user._idtoken;
+      const user = new User(auth, {});
+      const token = user._idtoken;
       return expect(user.getIdToken(true)).to.eventually.not.equal(token);
     });
+
+    it('should refresh token result', function() {
+      const authTime = new Date(randomPastTimestamp());
+      const user = new User(auth, {
+        _tokenValidity: {
+          authTime: authTime,
+          issuedAtTime: authTime,
+        },
+      });
+      return expect(user.getIdToken(true)
+        .then(() => user.getIdTokenResult(false))
+        .then(r =>
+          r.issuedAtTime === now.toISOString() &&
+          r.expirationTime === new Date(now.getTime() + 3600000).toISOString()
+        )
+      ).to.eventually.equal(true);
+    });
+  });
+
+  describe('#getIdTokenResult', function() {
+
+    it('should use defaults if the id token result param is omitted', () => {
+      expect(new User(auth, {}).getIdTokenResult())
+        .to.eventually.deep.equal(new User(auth, {_tokenValidity: {}}));
+    });
+
+    describe('without forceRefresh', () => {
+      describe('.authTime', () => {
+        it('should use provided auth time', () => {
+          const authTime = new Date(randomPastTimestamp());
+          const user = new User(auth, {
+            _tokenValidity: {
+              authTime: authTime,
+            },
+          });
+          return expect(user.getIdTokenResult().then(r => r.authTime))
+            .to.eventually.equal(authTime.toISOString());
+        });
+
+        it('should default auth time to current time', () => {
+          const user = new User(auth, {_tokenValidity: {}});
+          return expect(user.getIdTokenResult().then(r => r.authTime))
+            .to.eventually.equal(now.toISOString());
+        });
+      });
+
+      describe('.issuedAtTime', () => {
+        it('should use provided issued-at time', () => {
+          const issuedTs = randomPastTimestamp();
+          const issuedTime = new Date(issuedTs);
+          const user = new User(auth, {
+            _tokenValidity: {
+              authTime: new Date(issuedTs - 1),
+              issuedAtTime: issuedTime,
+            },
+          });
+          return expect(user.getIdTokenResult().then(r => r.issuedAtTime))
+            .to.eventually.equal(issuedTime.toISOString());
+        });
+
+        it('should default to auth time', () => {
+          const authTime = new Date(randomPastTimestamp());
+          const user = new User(auth, {
+            _tokenValidity: {
+              authTime: authTime,
+            },
+          });
+          return expect(user.getIdTokenResult().then(r => r.issuedAtTime))
+            .to.eventually.equal(authTime.toISOString());
+        });
+      });
+
+      describe('.expirationTime', () => {
+        it('should use provided expiration time', () => {
+          const expTime = new Date(now.getTime() + 1);
+          const user = new User(auth, {
+            _tokenValidity: {
+              expirationTime: expTime,
+            },
+          });
+          return expect(user.getIdTokenResult().then(r => r.expirationTime))
+            .to.eventually.equal(expTime.toISOString());
+        });
+
+        it('should default to issued at time plus 1 hour', () => {
+          const authTime = new Date(now.getTime() - 1);
+          const issuedTime = new Date(now.getTime());
+          const expTime = new Date(now.getTime() + 3600000);
+          const user = new User(auth, {
+            _tokenValidity: {
+              authTime: authTime,
+              issuedAtTime: issuedTime,
+            },
+          });
+          return expect(user.getIdTokenResult().then(r => r.expirationTime))
+            .to.eventually.equal(expTime.toISOString());
+        });
+      });
+
+      describe('.signInProvider', () => {
+        it('should use User\'s providerId string', () => {
+          const providerName = 'google';
+          const user = new User(auth, {
+            providerId: providerName,
+            _tokenValidity: {},
+          });
+          return expect(user.getIdTokenResult()
+            .then(r => r.signInProvider)
+          ).to.eventually.equal(providerName);
+        });
+
+        it('should default to null', () => {
+          const user = new User(auth, {_tokenValidity: {}});
+          return expect(user.getIdTokenResult()
+            .then(r => r.signInProvider)
+          ).to.eventually.equal(null);
+        });
+      });
+
+      describe('.claims', () => {
+        it('should use user\'s customClaims object', () => {
+          const claims = {'testclaim': 'abcd'};
+          const user = new User(auth, {
+            _tokenValidity: {},
+            customClaims: claims,
+          });
+          return expect(user.getIdTokenResult().then(r => r.claims))
+            .to.eventually.deep.equal(claims);
+        });
+
+        it('should default to empty object', () => {
+          const user = new User(auth, {_tokenValidity: {},});
+          return expect(user.getIdTokenResult().then(r => r.claims))
+            .to.eventually.deep.equal({});
+        });
+      });
+
+      describe('.token', () => {
+        it('should be the same as returned from getIdToken', () => {
+          const user = new User(auth, {_tokenValidity: {},});
+          return expect(Promise.all([
+            user.getIdTokenResult().then(r => r.token),
+            user.getIdToken()
+          ]).then(([t1, t2]) => t1 === t2)).to.eventually.equal(true);
+        });
+      });
+    });
+
+    describe('with forceRefresh', () => {
+      it('persists the new token', () => {
+        const user = new User(auth, {
+          _tokenValidity: {
+            authTime: new Date(randomPastTimestamp()),
+          },
+        });
+        return expect(user.getIdTokenResult(true)
+          .then(_t1 => {
+            const t1 = _cloneDeep(_t1);
+            return user.getIdTokenResult(false).then(t2 =>
+              _isEqual(t1, t2)
+            );
+          })
+        ).to.eventually.equal(true);
+      });
+
+      it('should use authTime from previous token', () => {
+        const authTime = new Date(randomPastTimestamp());
+        const user = new User(auth, {
+          _tokenValidity:
+            {authTime: authTime},
+        });
+        return expect(user.getIdTokenResult(true).then(r => r.authTime))
+          .to.eventually.equal(authTime.toISOString());
+      });
+
+      it('should use current time as issuance time', () => {
+        const user = new User(auth, {
+          _tokenValidity: {
+            authTime: new Date(randomPastTimestamp()),
+          }
+        });
+        return expect(user.getIdTokenResult(true).then(r => r.issuedAtTime))
+          .to.eventually.equal(now.toISOString());
+      });
+
+      it('should expire one hour after issuance', () => {
+        const user = new User(auth, {
+          _tokenValidity: {
+            authTime: new Date(randomPastTimestamp()),
+          },
+        });
+        const expTime = new Date(now.getTime() + 3600000);
+        return expect(user.getIdTokenResult(true).then(r => r.expirationTime))
+          .to.eventually.equal(expTime.toISOString());
+      });
+
+      it('should generate a new token', () => {
+        const user = new User(auth, {_tokenValidity: {},});
+        return expect(user.getIdToken(false)
+          .then(oldToken => user.getIdTokenResult(true)
+            .then(newTokenResult => oldToken === newTokenResult.token)
+          )
+        ).to.eventually.equal(false);
+      });
+    });
   });
 });
+
+function randomTimestamp() {
+  return Math.floor(Math.random() * 4000000000000);
+}
+
+function randomPastTimestamp() {
+  return Math.floor(Math.random() * Date.now());
+}