Merge pull request #677 from watson-developer-cloud/accept-access-token

accept access_token

Author: germanattanasio

lib/base_service.ts

@@ -38,6 +38,7 @@ export interface UserOptions {
   use_unauthenticated?: boolean;
   headers?: HeaderOptions;
   token?: string;
+  access_token?: string;
 }
 
 export interface BaseServiceOptions extends UserOptions {
@@ -52,18 +53,19 @@ export interface Credentials {
   password: string;
   api_key: string;
   url: string;
+  access_token: string;
 }
 
 function hasCredentials(obj: any): boolean {
-  return obj && ((obj.username && obj.password) || obj.api_key);
+  return obj && ((obj.username && obj.password) || obj.api_key || obj.access_token);
 }
 
 function hasBasicCredentials(obj: any): boolean {
   return obj && obj.username && obj.password;
 }
 
-function acceptsApiKey(name: string): boolean {
-  return name === 'visual_recognition';
+function hasAccessToken(obj: any): boolean {
+  return obj && obj.access_token;
 }
 
 export class BaseService {
@@ -132,9 +134,30 @@ export class BaseService {
     if (this._options.url) {
       _credentials.url = this._options.url;
     }
+    if (this._options.access_token) {
+      _credentials.access_token = this._options.access_token;
+    }
     return _credentials;
   }
 
+  /**
+   * Set an IAM access token to use when authenticating with the service.
+   * The access token should be valid and not yet expired.
+   *
+   * By using this method, you accept responsibility for managing the
+   * access token yourself. You must set a new access token before this
+   * one expires. Failing to do so will result in authentication errors
+   * after this token expires.
+   *
+   * @param {string} access_token - A valid, non-expired IAM access token
+   * @returns {void}
+   */
+  public setAccessToken(access_token: string) { // tslint:disable-line variable-name
+    this._options.access_token = access_token;
+    this._options.headers = this._options.headers || {};
+    this._options.headers.Authorization = `Bearer ${access_token}`;
+  }
+
   /**
    * @private
    * @param {UserOptions} options
@@ -162,24 +185,12 @@ export class BaseService {
       _options
     );
     if (!_options.use_unauthenticated) {
-      if (!hasCredentials(_options) && acceptsApiKey(this.name)) {
-        throw new Error(
-          `Argument error: api_key or username/password are required for ${this.name
-            .toUpperCase()
-            .replace(
-              /_/g,
-              ' '
-            )} ${this.serviceVersion.toUpperCase()} unless use_unauthenticated is set`
-        );
-      } else if (!hasCredentials(_options)) {
-        throw new Error(
-          `Argument error: username and password are required for ${this.name
-            .toUpperCase()
-            .replace(
-              /_/g,
-              ' '
-            )} ${this.serviceVersion.toUpperCase()} unless use_unauthenticated is set`
-        );
+      if (!hasCredentials(_options)) {
+        const errorMessage = 'Insufficient credentials provided in ' +
+          'constructor argument. Refer to the documentation for the ' +
+          'required parameters. Common examples are username/password, ' +
+          'api_key, and access_token.';
+        throw new Error(errorMessage);
       }
       if (hasBasicCredentials(_options)) {
         // Calculate and add Authorization header to base options
@@ -188,6 +199,9 @@ export class BaseService {
         ).toString('base64');
         const authHeader = { Authorization: `Basic ${encodedCredentials}` };
         _options.headers = extend(authHeader, _options.headers);
+      } else if (hasAccessToken(_options)) {
+        const authHeader = { Authorization: `Bearer ${_options.access_token}` };
+        _options.headers = extend(authHeader, _options.headers);
       } else {
         _options.qs = extend({ api_key: _options.api_key }, _options.qs);
       }
@@ -221,12 +235,14 @@ export class BaseService {
     const _password: string = process.env[`${_name}_PASSWORD`] || process.env[`${_nameWithUnderscore}_PASSWORD`];
     const _apiKey: string = process.env[`${_name}_API_KEY`] || process.env[`${_nameWithUnderscore}_API_KEY`];
     const _url: string = process.env[`${_name}_URL`] || process.env[`${_nameWithUnderscore}_URL`];
+    const _accessToken: string = process.env[`${_name}_ACCESS_TOKEN`] || process.env[`${_nameWithUnderscore}_ACCESS_TOKEN`];
 
     return {
       username: _username,
       password: _password,
       api_key: _apiKey,
-      url: _url
+      url: _url,
+      access_token: _accessToken
     };
   }
   /**

lib/requestwrapper.ts

@@ -110,19 +110,20 @@ export function formatErrorIfExists(cb: Function): request.RequestCallback {
       });
       body = null;
     }
-
     // If we still don't have an error and there was an error...
     if (!error && (response.statusCode < 200 || response.statusCode >= 300)) {
       // The JSON stringify for the error below is for the Dialog service
       // It stringifies "[object Object]" into the correct error (PR #445)
       error = new Error(typeof body === 'object' ? JSON.stringify(body) : body);
       error.code = response.statusCode;
-      if (error.code === 401 || error.code === 403) {
-        error.body = error.message;
-        error.message = 'Unauthorized: Access is denied due to invalid credentials.';
-      }
       body = null;
     }
+
+    // ensure a more descriptive error message
+    if (error && (error.code === 401 || error.code === 403)) {
+      error.body = error.message;
+      error.message = 'Unauthorized: Access is denied due to invalid credentials.';
+    }
     if (error && response && response.headers) {
       error[globalTransactionId] = response.headers[globalTransactionId];
     }

test/unit/test.base_service.js

@@ -124,4 +124,17 @@ describe('BaseService', function() {
     };
     assert.deepEqual(actual, expected);
   });
+
+  it('should set header with access_token parameter', function() {
+    const token = 'abc-1234';
+    const instance = new TestService({ access_token: token });
+    assert.equal(instance._options.headers['Authorization'], `Bearer ${token}`);
+  });
+
+  it('should update header with setAccessToken', function() {
+    const instance = new TestService({ access_token: 'abc-1234' });
+    const newToken = 'zyx-9876';
+    instance.setAccessToken(newToken);
+    assert.equal(instance._options.headers['Authorization'], `Bearer ${newToken}`);
+  });
 });

test/unit/test.visual_recognition.v3.js

@@ -105,15 +105,15 @@ describe('visual_recognition', function() {
     });
 
     it('should throw when no/insufficient credentials are provided', () => {
-      assert.throws(() => new watson.VisualRecognitionV3(), /use_unauthenticated/);
-      assert.throws(() => new watson.VisualRecognitionV3({}), /use_unauthenticated/);
+      assert.throws(() => new watson.VisualRecognitionV3(), /Insufficient credentials/);
+      assert.throws(() => new watson.VisualRecognitionV3({}), /Insufficient credentials/);
       assert.throws(
         () => new watson.VisualRecognitionV3({ version: '2016-05-20' }),
-        /use_unauthenticated/
+        /Insufficient credentials/
       );
       assert.throws(
         () => new watson.VisualRecognitionV3({ username: 'foo' }),
-        /use_unauthenticated/
+        /Insufficient credentials/
       );
     });
 

test/unit/test.wrapper.js

@@ -39,7 +39,7 @@ describe('wrapper', function() {
         use_unauthenticated: false,
         version: 'v1',
       });
-    }, /use_unauthenticated/);
+    }, /Insufficient credentials/);
   });
 
   it('should check for missing version', function() {