fixes #145 and fixes #151

gyselroth · Apr 2, 2019 · d16ad61 · d16ad61
1 parent 4b436ee
commit d16ad61
Show file tree

Hide file tree

Showing 2 changed files with 84 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,12 @@
+## 3.1.0-beta3
+**Maintainer**: balloon-team <[email protected]>\
+**Date**: Tue Apr 02 14:32:43 CEST 2019
+
+* [FIX] search summary attributes are now displayed correctly
+* [CHANGE] Renew access_token for token login #151
+* [FIX] Handle expired auth tokens #145
+
+
 ## 3.1.0-beta2
 **Maintainer**: balloon-team <[email protected]>\
 **Date**: Fri Mar 29 16:32:43 CET 2019

diff --git a/src/lib/auth.js b/src/lib/auth.js
@@ -13,7 +13,8 @@ const {AuthorizationNotifier} = require('@openid/appauth/built/authorization_req
 const {RedirectRequestHandler} = require('@openid/appauth/built/redirect_based_handler.js');
 
 var login = {
-  token: undefined,
+  accessToken: undefined,
+  refreshToken: undefined,
   adapter: null,
   user: null,
   credentials: 'token',
@@ -95,7 +96,7 @@ var login = {
     this.notifier.setAuthorizationListener(function (request, response, error) {
       var hash = login.parseAuthorizationResponse();
       if (response && hash.access_token) {
-        login.token = hash.access_token;
+        login.accessToken = hash.access_token;
         login.adapter = 'oidc';
         login.internalIdp = false;
         login.verifyOidcAuthentication();
@@ -152,7 +153,7 @@ var login = {
           break;
 
         case 400:
-          if(login.token) {
+          if(login.accessToken) {
             login.adapter = 'oidc';
           } else {
             login.adapter = 'basic';
@@ -174,17 +175,19 @@ var login = {
       }
     }
 
-    if(login.token) {
+    if(login.accessToken) {
       options.headers = {
-        "Authorization": 'Bearer '+login.token,
+        "Authorization": 'Bearer '+login.accessToken,
       }
     }
 
     $.ajax(options);
   },
 
   logout: function() {
-    login.token = null;
+    login.internalIdp = true;
+    login.refreshToken = null;
+    login.accessToken = null;
     login.destroyBrowser();
 
     $(window).unbind('popstate').bind('popstate', function(e) {
@@ -278,20 +281,47 @@ var login = {
   },
 
   getAccessToken: function() {
-    return login.token;
+    return login.accessToken;
   },
 
-  xmlHttpRequest: function(options) {
-    if(login.token && !options.disableToken) {
+  getRequestHeaders: function(options) {
+    if(login.accessToken && !options.disableToken) {
       if(options.headers) {
-        options.headers["Authorization"] = 'Bearer '+login.token;
+        options.headers["Authorization"] = 'Bearer '+login.accessToken;
       } else {
         options.headers = {
-          "Authorization": 'Bearer '+login.token
+          "Authorization": 'Bearer '+login.accessToken
         };
       }
     }
 
+    return options;
+  },
+
+  xmlHttpRequest: function(options) {
+    options = login.getRequestHeaders(options);
+
+    var error = options.error;
+    options.error = function(response) {
+      if(response.status === 401) {
+        if(login.refreshToken) {
+          login.renewToken().then(() => {
+            options.error = error;
+            options = login.getRequestHeaders(options);
+            return $.ajax(options);
+          }).catch(() => {
+            login.logout();
+          });
+        } else if(login.internalIdp === false && localStorage.lastIdpUrl) {
+          login.initOidcAuth(localStorage.lastIdpUrl);
+        } else {
+          login.logout();
+        }
+      } else if(error !== undefined) {
+        error(response);
+      }
+    };
+
     return $.ajax(options);
   },
 
@@ -310,6 +340,8 @@ var login = {
       return false;
     }
 
+    localStorage.lastIdpUrl = provider_url;
+
     AuthorizationServiceConfiguration.fetchFromIssuer(idp.providerUrl).then(configuration => {
       var request = new AuthorizationRequest(
         idp.clientId, idp.redirectUri, idp.scope, 'id_token token', undefined, {'nonce': Math.random().toString(36).slice(2)});
@@ -431,7 +463,8 @@ var login = {
       case 200:
         login.internalIdp = true;
         login.adapter = 'oidc';
-        login.token = response.responseJSON.access_token;
+        login.accessToken = response.responseJSON.access_token;
+        login.refreshToken = response.responseJSON.refresh_token;
         login.fetchIdentity();
         login.initBrowser();
         break;
@@ -444,6 +477,36 @@ var login = {
     }
   },
 
+  renewToken: function() {
+    var $d = $.Deferred();
+    var $spinner = $('#fs-spinner').show();
+
+    $.ajax({
+      type: 'POST',
+      data: {
+        refresh_token: login.refreshToken,
+        grant_type: 'refresh_token',
+      },
+      url: '/api/v2/tokens',
+      beforeSend: function (xhr) {
+        xhr.setRequestHeader("Authorization", "Basic " + btoa('balloon-client-web:'));
+      },
+      complete: function(response) {
+        if(response.responseJSON.access_token) {
+          login.accessToken = response.responseJSON.access_token;
+          $d.resolve();
+        } else {
+          login.logout();
+          $d.reject();
+        }
+      }
+    }).always(function() {
+      $spinner.hide();
+    });
+
+    return $d;
+  },
+
   doMultiFactorTokenAuth: function(username, password, code) {
     var $spinner = $('#fs-spinner').show();