Disable bearer header for refresh-token request

2024-11-27 01:02:14 +05:30 · 2016-12-12 22:07:49 +02:00 · 2016-12-12 22:07:49 +02:00 · 7374ac3564
commit 7374ac3564
parent b017147359
4 changed files with 77 additions and 10 deletions
--- a/src/components/user/middlewares/bearerHeaderMiddleware.js
+++ b/src/components/user/middlewares/bearerHeaderMiddleware.js
@ -1,6 +1,9 @@
 /**
 * Applies Bearer header for all requests
 *
+ * req.options.token is used to override current token.
+ * Pass null to disable bearer header at all
+ *
 * @param {object} store - redux store
 * @param {function} store.getState
 *
@ -13,7 +16,7 @@ export default function bearerHeaderMiddleware({getState}) {

            let {token} = accounts.active ? accounts.active : user;

-            if (req.options.token) {
+            if (req.options.token || req.options.token === null) {
                token = req.options.token;
            }

--- a/src/services/api/authentication.js
+++ b/src/services/api/authentication.js
@ -86,7 +86,8 @@ const authentication = {
    requestToken(refreshToken) {
        return request.post(
            '/api/authentication/refresh-token',
-            {refresh_token: refreshToken}
+            {refresh_token: refreshToken}, // eslint-disable-line
+            {token: null}
        ).then((resp) => ({
            token: resp.access_token
        }));
--- a/tests/components/user/middlewares/bearerHeaderMiddleware.test.js
+++ b/tests/components/user/middlewares/bearerHeaderMiddleware.test.js
@ -22,30 +22,44 @@ describe('bearerHeaderMiddleware', () => {
        });

        it('should set Authorization header', () => {
-            const data = {
+            let data = {
                options: {
                    headers: {}
                }
            };

-            middleware.before(data);
+            data = middleware.before(data);

            expectBearerHeader(data, token);
        });

        it('overrides user.token with options.token if available', () => {
            const tokenOverride = 'tokenOverride';
-            const data = {
+            let data = {
                options: {
                    headers: {},
                    token: tokenOverride
                }
            };

-            middleware.before(data);
+            data = middleware.before(data);

            expectBearerHeader(data, tokenOverride);
        });
+
+        it('disables token if options.token is null', () => {
+            const tokenOverride = null;
+            let data = {
+                options: {
+                    headers: {},
+                    token: tokenOverride
+                }
+            };
+
+            data = middleware.before(data);
+
+            expect(data.options.headers.Authorization, 'to be undefined');
+        });
    });

    describe('when legacy token available', () => {
@ -58,13 +72,13 @@ describe('bearerHeaderMiddleware', () => {
        });

        it('should set Authorization header', () => {
-            const data = {
+            let data = {
                options: {
                    headers: {}
                }
            };

-            middleware.before(data);
+            data = middleware.before(data);

            expectBearerHeader(data, token);
        });
@ -77,13 +91,13 @@ describe('bearerHeaderMiddleware', () => {
            })
        });

-        const data = {
+        let data = {
            options: {
                headers: {}
            }
        };

-        middleware.before(data);
+        data = middleware.before(data);

        expect(data.options.headers.Authorization, 'to be undefined');
    });
--- a/tests/services/api/authentication.test.js
+++ b/tests/services/api/authentication.test.js
@ -1,4 +1,5 @@
 import expect from 'unexpected';
+import sinon from 'sinon';

 import request from 'services/request';
 import authentication from 'services/api/authentication';
@ -121,4 +122,52 @@ describe('authentication api', () => {
            ]);
        });
    });
+
+    describe('#requestToken', () => {
+        const refreshToken = 'refresh-token';
+
+        beforeEach(() => {
+            sinon.stub(request, 'post').named('request.post');
+        });
+
+        afterEach(() => {
+            request.post.restore();
+        });
+
+        it('should request refresh-token api', () => {
+            request.post.returns(Promise.resolve({}));
+
+            authentication.requestToken(refreshToken);
+
+            expect(request.post, 'to have a call satisfying', [
+                '/api/authentication/refresh-token', {
+                    refresh_token: refreshToken // eslint-disable-line
+                }, {}
+            ]);
+        });
+
+        it('should disable bearer auth for request', () => {
+            request.post.returns(Promise.resolve({}));
+
+            authentication.requestToken(refreshToken);
+
+            expect(request.post, 'to have a call satisfying', [
+                '/api/authentication/refresh-token', {
+                    refresh_token: refreshToken // eslint-disable-line
+                }, {token: null}
+            ]);
+        });
+
+        it('should resolve with token', () => {
+            const token = 'token';
+
+            request.post.returns(Promise.resolve({
+                access_token: token // eslint-disable-line
+            }));
+
+            return expect(authentication.requestToken(refreshToken),
+                'to be fulfilled with', {token}
+            );
+        });
+    });
 });