Merge pull request #30 from solid/fix/refresh-tokens

bourgeoa · web-flow · commit 05242188c0b6 · 2021-02-26T09:45:32.000+01:00
Fixed not completing refresh tokens
diff --git a/src/AccessToken.js b/src/AccessToken.js
@@ -140,7 +140,7 @@ class AccessToken extends JWT {
         let responseTypes = request.responseTypes || []
         let refresh
 
-        if (code || responseTypes.includes('code')) {
+        if (code || responseTypes.includes('code') || request.grantType === 'refresh_token') {
           refresh = random(16)
         }
 
diff --git a/src/handlers/TokenRequest.js b/src/handlers/TokenRequest.js
@@ -38,7 +38,10 @@ class TokenRequest extends BaseRequest {
       .then(request.authenticateClient)
       .then(request.verifyAuthorizationCode)
       .then(request.grant)
-      .catch(err => request.error(err))
+      .catch(err => {
+        console.error(err)
+        request.error(err)
+      })
   }
 
   /**
@@ -497,8 +500,39 @@ class TokenRequest extends BaseRequest {
    * @returns {Promise<Object>} Resolves to response object
    */
   refreshTokenGrant (request) {
-    // TODO: I don't think this.tokenResponse is implemented..
-    return AccessToken.refresh(request).then(this.tokenResponse)
+    return Promise.resolve({})
+      .then(() => this.verifyRefreshToken(request))
+      .then(response => request.includeAccessToken(response))
+      .then(response => {
+        request.res.json(response)
+      })
+  }
+
+  /**
+   * Verify the refresh token
+   */
+  verifyRefreshToken(request) {
+    const { params, provider } = request;
+    const refreshToken = params['refresh_token']
+    if (!refreshToken || typeof refreshToken !== 'string') {
+      return request.badRequest({
+        error: 'invalid_grant',
+        error_description: 'Invalid refresh token'
+      })
+    }
+    return provider.backend.get('refresh', refreshToken).then((refreshTokenInfo) => {
+      if (!refreshTokenInfo) {
+        console.log('in here')
+        return request.badRequest({
+          error: 'invalid_grant',
+          error_description: 'Refresh token not found'
+        })
+      }
+      request.subject = {
+        _id: refreshTokenInfo.payload.sub
+      }
+      return {}
+    })
   }
 
   /**
diff --git a/test/handlers/TokenRequestSpec.js b/test/handlers/TokenRequestSpec.js
@@ -1360,11 +1360,6 @@ describe('TokenRequest', () => {
     })
   })
 
-  /**
-   * Include Refresh Token
-   */
-  describe('includeRefreshToken', () => {})
-
   /**
    * Include ID Token
    */
@@ -1396,6 +1391,67 @@ describe('TokenRequest', () => {
     })
   })
 
+  describe('verifyRefreshToken', () => {
+    it('should be okay with an existing token', () => {
+      const params = {
+        grant_type: 'refresh_token',
+        refresh_token: 'some_token',
+        client_id: 'uuid',
+        client_secret: 's3cr3t'
+      }
+      const req = {
+        method: 'POST',
+        body: params
+      }
+      const res = {}
+      const provider = {
+        host: {},
+        grant_types_supported: ['refresh_token'],
+        backend: {
+          get: async () => { Promise.resolve({"header":{},"payload":{"sub":"https://jackson.localhost:8443/profile/card#me"}}) }
+        }
+      }
+      const request = new TokenRequest(req, res, provider)
+      request.authenticateClient(request)
+      request.verifyRefreshToken(request).then(() => {
+        expect(request.subject._id).to.equal("https://jackson.localhost:8443/profile/card#me")
+      })
+    });
+
+    it('should fail without a refresh token', () => {
+      sinon.stub(TokenRequest.prototype, 'badRequest')
+      const params = {
+        grant_type: 'refresh_token',
+        client_id: 'uuid',
+        client_secret: 's3cr3t'
+      }
+      const req = {
+        method: 'POST',
+        body: params
+      }
+      const res = {
+        json: sinon.stub(),
+        set: sinon.stub(),
+        status: sinon.stub(),
+      }
+      const provider = {
+        host: {},
+        grant_types_supported: ['refresh_token'],
+        backend: {
+          get: async () => {}
+        }
+      }
+      const request = new TokenRequest(req, res, provider)
+      request.authenticateClient(request)
+      request.verifyRefreshToken(request)
+      request.badRequest.should.have.been.calledWith({
+        error: 'invalid_grant',
+        error_description: 'Invalid refresh token'
+      })
+      TokenRequest.prototype.badRequest.restore()
+    });
+  });
+
   /**
    * Include Session State
    * TODO: should this be on the base class?

Original file line number	Diff line number	Diff line change
`@@ -140,7 +140,7 @@ class AccessToken extends JWT {`
`140`	`140`	`let responseTypes = request.responseTypes \|\| []`
`141`	`141`	`let refresh`
`142`	`142`
`143`		`- if (code \|\| responseTypes.includes('code')) {`
	`143`	`+ if (code \|\| responseTypes.includes('code') \|\| request.grantType === 'refresh_token') {`
`144`	`144`	`refresh = random(16)`
`145`	`145`	`}`
`146`	`146`