npm - @labdigital/commercetools-mock - Versions diffs - 2.11.0 → 2.12.0 - Mend

@labdigital/commercetools-mock 2.11.0 → 2.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@labdigital/commercetools-mock",
   "author": "Michael van Tellingen",
-  "version": "2.11.0",
+  "version": "2.12.0",
   "license": "MIT",
   "main": "dist/index.cjs",
   "module": "dist/index.js",

package/src/exceptions.ts CHANGED Viewed

@@ -21,3 +21,10 @@ export interface InvalidRequestError {
 	readonly code: 'invalid_request'
 	readonly message: string
 }
+export interface AuthError {
+	readonly statusCode: number
+	readonly message: string
+	readonly error: string
+	readonly error_description: string
+}

package/src/oauth/server.test.ts CHANGED Viewed

@@ -26,6 +26,40 @@ describe('OAuth2Server', () => {
 			expect(response.status, JSON.stringify(body)).toBe(200)
 			expect(body).toHaveProperty('access_token')
 		})
+		it('should failed on invalid refresh token', async () => {
+			const response = await supertest(app)
+				.post('/token')
+				.auth('validClientId', 'validClientSecret')
+				.query({ grant_type: 'refresh_token', refresh_token: 'invalid' })
+				.send()
+			const body = await response.body
+			expect(response.status, JSON.stringify(body)).toBe(400)
+		})
+		it('should refresh a token', async () => {
+			const createResponse = await supertest(app)
+				.post(`/my-project/anonymous/token`)
+				.auth('validClientId', 'validClientSecret')
+				.query({ grant_type: 'client_credentials' })
+				.send()
+			const refreshToken = createResponse.body.refresh_token
+			const response = await supertest(app)
+				.post('/token')
+				.auth('validClientId', 'validClientSecret')
+				.query({ grant_type: 'refresh_token', refresh_token: refreshToken })
+				.send()
+			const body = await response.body
+			expect(response.status, JSON.stringify(body)).toBe(200)
+			expect(body.access_token).not.toBe(createResponse.body.access_token)
+			expect(body.refresh_token).toBeUndefined()
+		})
 	})
 	describe('POST /:projectKey/anonymous/token', () => {

package/src/oauth/server.ts CHANGED Viewed

@@ -6,7 +6,11 @@ import express, {
 	type Response,
 } from 'express'
 import { InvalidTokenError } from '@commercetools/platform-sdk'
-import { CommercetoolsError, InvalidRequestError } from '../exceptions.js'
+import {
+	AuthError,
+	CommercetoolsError,
+	InvalidRequestError,
+} from '../exceptions.js'
 import { InvalidClientError, UnsupportedGrantType } from './errors.js'
 import { OAuth2Store } from './store.js'
 import { getBearerToken } from './helpers.js'
@@ -160,11 +164,37 @@ export class OAuth2Server {
 			)
 			return response.status(200).send(token)
 		} else if (grantType === 'refresh_token') {
-			const token = this.store.getClientToken(
+			const refreshToken = request.query.refresh_token?.toString()
+			if (!refreshToken) {
+				return next(
+					new CommercetoolsError<InvalidRequestError>(
+						{
+							code: 'invalid_request',
+							message: 'Missing required parameter: refresh_token.',
+						},
+						400
+					)
+				)
+			}
+			const token = this.store.refreshToken(
 				request.credentials.clientId,
 				request.credentials.clientSecret,
-				request.query.scope?.toString()
+				refreshToken
 			)
+			if (!token) {
+				return next(
+					new CommercetoolsError<AuthError>(
+						{
+							statusCode: 400,
+							message: 'The refresh token was not found. It may have expired.',
+							error: 'invalid_grant',
+							error_description:
+								'The refresh token was not found. It may have expired.',
+						},
+						400
+					)
+				)
+			}
 			return response.status(200).send(token)
 		} else {
 			return next(

package/src/oauth/store.ts CHANGED Viewed

@@ -6,6 +6,7 @@ type Token = {
 	token_type: 'Bearer'
 	expires_in: number
 	scope: string
+	refresh_token?: string
 }
 export class OAuth2Store {
@@ -22,6 +23,7 @@ export class OAuth2Store {
 			token_type: 'Bearer',
 			expires_in: 172800,
 			scope: scope || 'todo',
+			refresh_token: `my-project-${randomBytes(16).toString('base64')}`,
 		}
 		this.tokens.push(token)
 		return token
@@ -38,6 +40,7 @@ export class OAuth2Store {
 			scope: scope
 				? `${scope} anonymous_id:${anonymousId}`
 				: `anonymous_id:${anonymousId}`,
+			refresh_token: `my-project-${randomBytes(16).toString('base64')}`,
 		}
 		this.tokens.push(token)
 		return token
@@ -51,11 +54,32 @@ export class OAuth2Store {
 			scope: scope
 				? `${scope} customer_id:${customerId}`
 				: `customer_id:${customerId}`,
+			refresh_token: `my-project-${randomBytes(16).toString('base64')}`,
 		}
 		this.tokens.push(token)
 		return token
 	}
+	refreshToken(clientId: string, clientSecret: string, refreshToken: string) {
+		const existing = this.tokens.find((t) => t.refresh_token === refreshToken)
+		if (!existing) {
+			return undefined
+		}
+		const token: Token = {
+			...existing,
+			access_token: randomBytes(16).toString('base64'),
+		}
+		this.tokens.push(token)
+		// We don't want to return the refresh_token again
+		return {
+			access_token: token.access_token,
+			token_type: token.token_type,
+			expires_in: token.expires_in,
+			scope: token.scope,
+		}
+	}
 	validateToken(token: string) {
 		if (!this.validate) return true