Merge pull request #7 from shoutem/feature/added-is-response-unauthorized

Added is response unauthorized callback to config

Author: Domagoj Rukavina

.babelrc

@@ -1,8 +1,8 @@
 {
-  presets: ["es2015"],
-  plugins: ["transform-object-rest-spread",
+  "presets": ["es2015"],
+  "plugins": ["transform-object-rest-spread",
     ["babel-plugin-transform-builtin-extend", {
-      globals: ["Error", "Array"]
+      "globals": ["Error", "Array"]
     }]],
-  sourceMaps: true
+  "sourceMaps": true
 }

README.md

@@ -6,6 +6,7 @@ by renewing the current access token and then retrying an initial fetch operatio
 If you are not familiar with refresh token flow you should check some of the following resources:
 - [RFC standards track regarding refresh token flow](https://tools.ietf.org/html/rfc6749#page-10)
 - [Auth0 blog - Refresh Tokens: When to Use Them and How They Interact with JWTs](https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/)
+- [Shoutem blog - Keeping your tokens fresh](https://medium.com/shoutem/keeping-your-api-tokens-fresh-72059a7b0586)
 
 >Note:
 This library expects that fetch and promise api's are available at target environment. You should
@@ -43,6 +44,11 @@ config: {
   // When set, response which invalidates token will be resolved after the token has been renewed
   // in effect, token will be loaded in sync with response, otherwise renew will run async to response
   shouldWaitForTokenRenewal: boolean,
+  
+  // Checks if response should be considered unauthorized (by default only 401 responses are 
+  // considered unauthorized). Override this method if you need to trigger token renewal for 
+  // other response statuses. Check API reference for helper method which defines default behaviour
+  isResponseUnauthorized: (response) => boolean,
    
   // (Required) Adds authorization for intercepted requests
   authorizeRequest: (request, accessToken) => authorizedRequest,
@@ -92,7 +98,7 @@ to stop fetch interception.
    ...
 ```
 
-## API reference
+## API reference <a name="api-reference"></a>
 
 ### Exports
  `configure(configuration)`
@@ -107,6 +113,14 @@ to stop fetch interception.
 
  Clears all tokens from interceptor.
 
+ `isResponseUnauthorized(response)`
+ 
+ Utility method which determines if given response should be considered unauthorized. 
+ By default, responses with status code `401` are considered unauthorized.
+ You can use this method in `isResponseUnauthorized` of `config` object 
+ when you want to extend default behaviour.
+ 
+ 
 ## Tests
 
 ```

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shoutem/fetch-token-intercept",
-  "version": "0.1.3",
+  "version": "0.2.1",
   "description": "Fetch interceptor for managing refresh token flow.",
   "main": "lib/index.js",
   "files": [
@@ -34,6 +34,7 @@
     "babel-core": "^6.9.1",
     "babel-eslint": "^6.0.0",
     "babel-plugin-transform-builtin-extend": "^1.1.2",
+    "babel-plugin-transform-object-rest-spread": "^6.23.0",
     "babel-preset-es2015": "^6.9.0",
     "babel-preset-stage-0": "^6.3.13",
     "babel-register": "^6.9.0",

src/AccessTokenProvider.js

@@ -1,7 +1,3 @@
-import {
-  isResponseUnauthorized,
-} from './services/http';
-
 /**
  * Provides a way for renewing access token with correct refresh token. It will automatically
  * dispatch a call to server with request provided via config. It also ensures that
@@ -39,7 +35,6 @@ export default class AccessTokenProvider {
   renew() {
     // if token resolver is not authorized it should just resolve
     if (!this.isAuthorized()) {
-      console.warn('Please authorize provider before renewing or check shouldIntercept config.');
       return Promise.resolve();
     }
 
@@ -89,7 +84,7 @@ export default class AccessTokenProvider {
   handleFetchAccessTokenResponse(response) {
     this.renewAccessTokenPromise = null;
 
-    if (isResponseUnauthorized(response)) {
+    if (this.config.isResponseUnauthorized(response)) {
       this.clear();
       return null;
     }

src/FetchInterceptor.js

@@ -1,9 +1,7 @@
 import {
   ERROR_INVALID_CONFIG,
 } from './const';
-import {
-  isResponseUnauthorized,
-} from './services/http';
+import * as http from './services/http';
 import TokenExpiredException from './services/TokenExpiredException';
 import RetryCountExceededException from './services/RetryCountExceededException';
 import AccessTokenProvider from './AccessTokenProvider';
@@ -22,6 +20,7 @@ export default class FetchInterceptor {
       createAccessTokenRequest: null,
       shouldIntercept: () => true,
       shouldInvalidateAccessToken: () => false,
+      isResponseUnauthorized: http.isResponseUnauthorized,
       parseAccessToken: null,
       authorizeRequest: null,
       onAccessTokenChange: null,
@@ -66,6 +65,11 @@ export default class FetchInterceptor {
    * (Required) Adds authorization for intercepted requests
    *   authorizeRequest: (request, accessToken) => authorizedRequest,
    *
+   * Checks if response should be considered unauthorized (by default only 401 responses are
+   * considered unauthorized. Override this method if you need to trigger token renewal for
+   * other response statuses.
+   *   isResponseUnauthorized: (response) => boolean,
+   *
    * Number of retries after initial request was unauthorized
    *   fetchRetryCount: 1,
    *
@@ -191,7 +195,7 @@ export default class FetchInterceptor {
       fetchArgs,
       fetchResolve,
       fetchReject,
-    }
+    };
   }
 
   createRequest(requestContext) {
@@ -201,14 +205,13 @@ export default class FetchInterceptor {
     return {
       ...requestContext,
       request,
-    }
+    };
   }
 
   shouldIntercept(requestContext) {
     const { request } = requestContext;
-    const { shouldIntercept } = this.config;
 
-    return Promise.resolve(shouldIntercept(request))
+    return Promise.resolve(this.config.shouldIntercept(request))
       .then(shouldIntercept =>
         ({ ...requestContext, shouldIntercept })
       );
@@ -225,10 +228,10 @@ export default class FetchInterceptor {
     const { accessToken } = this.accessTokenProvider.getAuthorization();
     const { authorizeRequest } = this.config;
 
-    if (request && accessToken){
+    if (request && accessToken) {
       return Promise.resolve(authorizeRequest(request, accessToken))
-        .then(request =>
-          ({ ...requestContext, accessToken, request })
+        .then(authorizedRequest =>
+          ({ ...requestContext, accessToken, request: authorizedRequest })
         );
     }
 
@@ -237,14 +240,13 @@ export default class FetchInterceptor {
 
   shouldFetch(requestContext) {
     const { request } = requestContext;
-    const { shouldFetch } = this.config;
 
     // verifies all outside conditions from config are met
-    if (!shouldFetch) {
+    if (!this.config.shouldFetch) {
       return requestContext;
     }
 
-    return Promise.resolve(shouldFetch(request))
+    return Promise.resolve(this.config.shouldFetch(request))
       .then(shouldFetch =>
         ({ ...requestContext, shouldFetch })
       );
@@ -278,15 +280,14 @@ export default class FetchInterceptor {
 
   shouldInvalidateAccessToken(requestContext) {
     const { shouldIntercept } = requestContext;
-    const { shouldInvalidateAccessToken } = this.config;
 
     if (!shouldIntercept) {
       return requestContext;
     }
 
     const { response } = requestContext;
     // check if response invalidates access token
-    return Promise.resolve(shouldInvalidateAccessToken(response))
+    return Promise.resolve(this.config.shouldInvalidateAccessToken(response))
       .then(shouldInvalidateAccessToken =>
         ({ ...requestContext, shouldInvalidateAccessToken })
       );
@@ -311,15 +312,15 @@ export default class FetchInterceptor {
 
   handleResponse(requestContext) {
     const { shouldIntercept, response, fetchResolve, fetchReject } = requestContext;
+    const { isResponseUnauthorized } = this.config;
 
     // can only be empty on network errors
     if (!response) {
-      fetchReject();
-      return;
+      return fetchReject();
     }
 
     if (shouldIntercept && isResponseUnauthorized(response)) {
-      throw new TokenExpiredException({ ...requestContext })
+      throw new TokenExpiredException({ ...requestContext });
     }
 
     if (this.config.onResponse) {

src/index.js

@@ -4,24 +4,11 @@ import {
   isWeb,
   isNode,
 } from './services/environment';
+import { isResponseUnauthorized } from './services/http';
 import FetchInterceptor from './FetchInterceptor';
 
 let interceptor = null;
 
-function init() {
-  if (isReactNative()) {
-    attach(global);
-  } else if (isWorker()) {
-    attach(self);
-  } else if (isWeb()) {
-    attach(window);
-  } else if (isNode()) {
-    attach(global);
-  } else {
-    throw new Error('Unsupported environment for fetch-token-intercept');
-  }
-}
-
 export function attach(env) {
   if (!env.fetch) {
     throw Error('No fetch available. Unable to register fetch-token-intercept');
@@ -35,10 +22,26 @@ export function attach(env) {
   interceptor = new FetchInterceptor(env.fetch);
 
   // monkey patch fetch
+  // eslint-disable-next-line no-unused-vars
   const fetchWrapper = fetch => (...args) => interceptor.intercept(...args);
+  // eslint-disable-next-line no-param-reassign
   env.fetch = fetchWrapper(env.fetch);
 }
 
+function init() {
+  if (isReactNative()) {
+    attach(global);
+  } else if (isWorker()) {
+    attach(self);
+  } else if (isWeb()) {
+    attach(window);
+  } else if (isNode()) {
+    attach(global);
+  } else {
+    throw new Error('Unsupported environment for fetch-token-intercept');
+  }
+}
+
 export function configure(config) {
   interceptor.configure(config);
 }
@@ -55,4 +58,8 @@ export function clear() {
   return interceptor.clear();
 }
 
+export {
+  isResponseUnauthorized,
+};
+
 init();

src/services/http.js

@@ -6,7 +6,7 @@ function isResponseStatus(response, status) {
     return false;
   }
 
-  return response['status'] === status;
+  return response.status === status;
 }
 
 export function isResponseOk(response) {

test/fetchInterceptor.spec.js

@@ -24,6 +24,7 @@ const configuration = config => ({
   },
   onAccessTokenChange: null,
   onResponse: null,
+  isResponseUnauthorized: response => response.status === 401,
   ...config,
 });
 
@@ -410,6 +411,26 @@ describe('fetch-intercept', function () {
         done(error);
       });
     });
+
+    it('should fetch successfully with access token expired and status 403', function (done) {
+      fetchInterceptor.configure(configuration({
+        isResponseUnauthorized: (response) => response.status === 403
+      }));
+      // set expired access token
+      fetchInterceptor.authorize('refresh_token', 'token1');
+
+      fetch('http://localhost:5000/401/1?respondStatus=403').then(response => {
+        expect(response.status).to.be.equal(200);
+        return response.json();
+      })
+        .then(data => {
+          expect(data.value).to.be.equal('1');
+          done();
+        })
+        .catch(error => {
+          done(error);
+        });
+    });
   });
 
   describe('refresh token is invalid', () => {

test/helpers/server.js

@@ -16,17 +16,18 @@ app.get('/200', function(req, res) {
 function handleUnauthorizedRequest(req, res ){
   const response = () => {
     const token = req.header('authorization') && req.header('authorization').split(' ')[1];
+    const responseStatus = req.query.respondStatus || 401;
 
     if (token === EXPIRED_TOKEN) {
-      res.status(401).send();
+      res.status(responseStatus).send();
     } else if (token === VALID_TOKEN) {
       if (req.query.invalidate){
         res.set('invalidates-token', true);
       }
 
       res.json({ 'value': req.params.id });
     } else {
-      res.status(401).send();
+      res.status(responseStatus).send();
     }
   };