@truedat/auth 4.48.0 → 4.48.4

package/CHANGELOG.md

@@ -1,10 +1,23 @@
 # Changelog
 
+## [4.48.3] 2022-07-11
+
+### Changed
+
+- [TD-3614] Refresh access token before expiry
+
+## [4.48.2] 2022-07-08
+
+### Changed
+
+- [TD-4995] Support localization of template fields and fixed values
+
 ## [4.45.4] 2022-06-03
 
 ### Fixed
 
-- [TD-4873] Removed password and rep_password field from UserForm user update to avoid 403 error
+- [TD-4873] Removed `password` and `rep_password` fields from `UserForm` user
+  update to avoid 403 error
 
 ## [4.44.4] 2022-05-19
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@truedat/auth",
-  "version": "4.48.0",
+  "version": "4.48.4",
   "description": "Truedat Web Auth",
   "sideEffects": false,
   "jsnext:main": "src/index.js",
@@ -87,7 +87,7 @@
     ]
   },
   "dependencies": {
-    "@truedat/core": "4.48.0",
+    "@truedat/core": "4.48.4",
     "auth0-js": "^9.12.2",
     "immutable": "^4.0.0-rc.12",
     "jwt-decode": "^2.2.0",
@@ -109,5 +109,5 @@
     "react-dom": ">= 16.8.6 < 17",
     "semantic-ui-react": ">= 0.88.2 < 2.1"
   },
-  "gitHead": "c4587d045fa6c9028082bdfbcfb35e4383f117ed"
+  "gitHead": "5e50a034469bf3ad8e02a64eb875ad2b710b6b03"
 }

package/src/groups/reducers/index.js

@@ -2,4 +2,4 @@ export * from "./group";
 export * from "./groups";
 export * from "./groupsSearch";
 export * from "./groupRedirect";
-export * from "./groupUsers";
+export { groupUsers } from "./groupUsers";

package/src/reducers/__tests__/authMessage.spec.js

@@ -11,72 +11,50 @@ describe("reducers: authMessage", () => {
   });
 
   it("should handle the login.TRIGGER action", () => {
-    expect(authMessage(fooState, { type: login.TRIGGER })).toEqual(fooState);
+    expect(authMessage(fooState, login())).toEqual(fooState);
   });
 
   it("should handle the login.FAILURE action", () => {
-    expect(
-      authMessage(fooState, {
-        type: login.FAILURE
-      })
-    ).toEqual({
+    expect(authMessage(fooState, login.failure())).toEqual({
       error: true,
       icon: "attention",
       header: "alert.login.failed.header",
-      content: "alert.login.failed.content"
+      content: "alert.login.failed.content",
     });
   });
 
   it("should handle the login.SUCCESS action", () => {
-    expect(
-      authMessage(fooState, {
-        type: login.SUCCESS
-      })
-    ).toEqual(initialState);
+    expect(authMessage(fooState, login.success())).toEqual(initialState);
   });
 
   it("should handle the login.SUCCESS action", () => {
-    expect(
-      authMessage(fooState, {
-        type: login.SUCCESS
-      })
-    ).toEqual(initialState);
+    expect(authMessage(fooState, login.success())).toEqual(initialState);
   });
 
   it("should handle the auth0Login.SUCCESS action", () => {
-    expect(
-      authMessage(fooState, {
-        type: auth0Login.SUCCESS
-      })
-    ).toEqual(initialState);
+    expect(authMessage(fooState, auth0Login.success())).toEqual(initialState);
   });
 
   it("should handle the updatePassword.FAILURE status ", () => {
     expect(
-      authMessage(fooState, {
-        type: updatePassword.FAILURE,
-        payload: "Failed with xxx"
-      })
+      authMessage(fooState, updatePassword.failure("Failed with xxx"))
     ).toEqual({
       error: true,
       header: "user.password.error.xxx.header",
       content: "user.password.error.xxx.content",
-      icon: "attention"
+      icon: "attention",
     });
   });
 
   it("should handle the updatePassword.SUCCESS with OK payload action", () => {
     expect(
-      authMessage(fooState, {
-        type: updatePassword.SUCCESS,
-        payload: { foo: "bar" }
-      })
+      authMessage(fooState, updatePassword.success({ foo: "bar" }))
     ).toEqual({
       error: false,
       header: "user.password.change",
       content: "user.password.success.change",
       icon: "check",
-      color: "green"
+      color: "green",
     });
   });
 });

package/src/reducers/authMessage.js

@@ -1,5 +1,11 @@
 import { dismissAlert } from "@truedat/core/routines";
-import { login, auth0Login, updatePassword } from "../routines";
+import {
+  login,
+  auth0Login,
+  openIdLogin,
+  nonceLogin,
+  updatePassword,
+} from "../routines";
 
 const initialState = {};
 
@@ -14,27 +20,44 @@ export const authMessage = (state = initialState, foo) => {
         header: "alert.auth0.failed.header",
         content: "alert.auth0.failed.content",
         icon: "attention",
-        text: payload
+        text: payload,
       };
     case login.FAILURE:
       return {
         error: true,
         header: "alert.login.failed.header",
         content: "alert.login.failed.content",
-        icon: "attention"
+        icon: "attention",
+      };
+    case openIdLogin.FAILURE:
+      return {
+        error: true,
+        header: "alert.login.failed.header",
+        content: "alert.login.failed.content",
+        icon: "attention",
+      };
+    case nonceLogin.FAILURE:
+      return {
+        error: true,
+        header: "alert.login.failed.header",
+        content: "alert.login.failed.content",
+        icon: "attention",
       };
     case login.SUCCESS:
       return initialState;
     case auth0Login.SUCCESS:
       return initialState;
+    case openIdLogin.SUCCESS:
+      return initialState;
+    case nonceLogin.SUCCESS:
+      return initialState;
     case updatePassword.FAILURE:
       const status = payload.substr(payload.length - 3);
-
       return {
         error: true,
         header: `user.password.error.${status}.header`,
         content: `user.password.error.${status}.content`,
-        icon: "attention"
+        icon: "attention",
       };
     case updatePassword.SUCCESS:
       return {
@@ -42,7 +65,7 @@ export const authMessage = (state = initialState, foo) => {
         header: "user.password.change",
         content: "user.password.success.change",
         icon: "check",
-        color: "green"
+        color: "green",
       };
     default:
       return state;

package/src/roles/components/PermissionGroup.js

@@ -25,7 +25,10 @@ export const PermissionGroup = ({
           <List.Item key={i}>
             <Checkbox
               label={{
-                children: formatMessage({ id: `permission.${p.name}` }),
+                children: formatMessage({
+                  id: `permission.${p.name}`,
+                  defaultMessage: p.name,
+                }),
               }}
               checked={_.any(_.propEq("id", p.id))(rolePermissions)}
               onChange={(e, data) => {

package/src/sessions/api.js

@@ -1,4 +1,5 @@
 const API_AUTH_METHODS = "/api/auth";
 const API_SESSIONS = "/api/sessions";
+const API_SESSIONS_REFRESH = "/api/sessions/refresh";
 
-export { API_AUTH_METHODS, API_SESSIONS };
+export { API_AUTH_METHODS, API_SESSIONS, API_SESSIONS_REFRESH };

package/src/sessions/components/PrivateRoute.js

@@ -1,24 +1,25 @@
+import _ from "lodash/fp";
 import React from "react";
 import PropTypes from "prop-types";
 import { compose } from "redux";
 import { connect } from "react-redux";
 import { Route, Redirect, withRouter } from "react-router-dom";
 import { LOGIN, UNAUTHORIZED } from "@truedat/core/routes";
-import { REQUEST_TOKEN } from "../actions";
+import { retrieveToken } from "../routines";
 
 class PrivateRoute extends React.Component {
   static propTypes = {
     token: PropTypes.string,
     component: PropTypes.func,
-    has_permissions: PropTypes.bool,
+    hasPermissions: PropTypes.bool,
     location: PropTypes.object,
-    readTokenFromStorage: PropTypes.func,
+    retrieveToken: PropTypes.func,
   };
 
   componentDidMount() {
-    const { token, readTokenFromStorage } = this.props;
+    const { token, retrieveToken } = this.props;
     if (token === undefined) {
-      readTokenFromStorage();
+      retrieveToken();
     }
   }
 
@@ -26,7 +27,7 @@ class PrivateRoute extends React.Component {
     const {
       component: Component,
       token,
-      has_permissions,
+      hasPermissions,
       location,
       ...rest
     } = this.props;
@@ -35,7 +36,7 @@ class PrivateRoute extends React.Component {
       <Route
         {...rest}
         render={(props) => {
-          if (token && !has_permissions) {
+          if (token && !hasPermissions) {
             return (
               <Redirect
                 to={{
@@ -59,14 +60,10 @@ class PrivateRoute extends React.Component {
 
 const mapStateToProps = ({ authentication }) => ({
   token: authentication.token,
-  has_permissions: authentication.has_permissions,
-});
-
-const mapDispatchToProps = (dispatch) => ({
-  readTokenFromStorage: () => dispatch({ type: REQUEST_TOKEN }),
+  hasPermissions: !_.isEmpty(authentication.entitlements),
 });
 
 export default compose(
   withRouter,
-  connect(mapStateToProps, mapDispatchToProps)
+  connect(mapStateToProps, { retrieveToken })
 )(PrivateRoute);

package/src/sessions/components/UnauthorizedRoute.js

@@ -1,37 +1,33 @@
+import _ from "lodash/fp";
 import React from "react";
 import PropTypes from "prop-types";
 import { connect } from "react-redux";
 import { Route, Redirect } from "react-router-dom";
 import { LOGIN } from "@truedat/core/routes";
-import { REQUEST_TOKEN } from "../actions";
+import { retrieveToken } from "../routines";
 
 class UnauthorizedRoute extends React.Component {
   static propTypes = {
     token: PropTypes.string,
     component: PropTypes.func,
-    readTokenFromStorage: PropTypes.func,
-    has_permissions: PropTypes.bool
+    retrieveToken: PropTypes.func,
+    hasPermissions: PropTypes.bool,
   };
 
   componentDidMount() {
-    const { token, readTokenFromStorage } = this.props;
+    const { token, retrieveToken } = this.props;
     if (token === undefined) {
-      readTokenFromStorage();
+      retrieveToken();
     }
   }
 
   render() {
-    const {
-      component: Component,
-      token,
-      has_permissions,
-      ...rest
-    } = this.props;
+    const { component: Component, token, hasPermissions, ...rest } = this.props;
     return (
       <Route
         {...rest}
-        render={props => {
-          if (token && !has_permissions) {
+        render={(props) => {
+          if (token && !hasPermissions) {
             return <Component {...props} />;
           }
           return <Redirect to={{ pathname: LOGIN }} />;
@@ -43,11 +39,7 @@ class UnauthorizedRoute extends React.Component {
 
 const mapStateToProps = ({ authentication }) => ({
   token: authentication.token,
-  has_permissions: authentication.has_permissions
+  hasPermissions: !_.isEmpty(authentication.entitlements),
 });
 
-const mapDispatchToProps = dispatch => ({
-  readTokenFromStorage: () => dispatch({ type: REQUEST_TOKEN })
-});
-
-export default connect(mapStateToProps, mapDispatchToProps)(UnauthorizedRoute);
+export default connect(mapStateToProps, { retrieveToken })(UnauthorizedRoute);

package/src/sessions/reducers/__tests__/authRedirect.spec.js

@@ -11,36 +11,30 @@ describe("reducers: authRedirect", () => {
   });
 
   it("should handle the clearRedirect.TRIGGER action", () => {
-    expect(authRedirect(fooState, { type: clearRedirect.TRIGGER })).toEqual(
-      initialState
-    );
+    expect(authRedirect(fooState, clearRedirect())).toEqual(initialState);
   });
 
   it("should handle the auth0Login.FAILURE action", () => {
-    expect(authRedirect(fooState, { type: auth0Login.FAILURE })).toEqual(
-      "/login"
-    );
+    expect(authRedirect(fooState, auth0Login.failure())).toEqual("/login");
   });
 
   it("should handle the auth0Login.SUCCESS action", () => {
-    expect(authRedirect(fooState, { type: auth0Login.SUCCESS })).toEqual("");
+    expect(authRedirect(fooState, auth0Login.success())).toEqual("");
   });
 
   it("should handle the openIdLogin.FAILURE action", () => {
-    expect(authRedirect(fooState, { type: openIdLogin.FAILURE })).toEqual(
-      "/login"
-    );
+    expect(authRedirect(fooState, openIdLogin.failure())).toEqual("/login");
   });
 
   it("should handle the openIdLogin.SUCCESS action", () => {
-    expect(authRedirect(fooState, { type: openIdLogin.SUCCESS })).toEqual("");
+    expect(authRedirect(fooState, openIdLogin.success())).toEqual("");
   });
 
-  it("should handle FAILURES with status 401 payload", () => {
+  it("should handle FAILURES with status 401 status and unauthorized message", () => {
     expect(
       authRedirect(fooState, {
         type: "random/FAILURE",
-        payload: { status: 401 },
+        payload: { status: 401, data: { message: "unauthorized" } },
       })
     ).toEqual("/login");
   });

package/src/sessions/reducers/__tests__/authentication.spec.js

@@ -1,6 +1,9 @@
-import { authentication, loginSubmitting } from "../../reducers";
-import { login } from "../../routines";
-import { RECEIVE_LOGOUT, RECEIVE_TOKEN } from "../../actions";
+import {
+  authentication,
+  loginSubmitting,
+  initialState,
+} from "../authentication";
+import { login, logout, retrieveToken } from "../../routines";
 
 const fooState = { foo: "bar" };
 
@@ -23,44 +26,34 @@ describe("reducers: loginSubmitting", () => {
 });
 
 describe("reducers: authentication", () => {
-  const initialState = {
-    token: undefined,
-    role: undefined,
-    has_permissions: false,
-    groups: []
-  };
   it("should provide the initial state", () => {
-    expect(authentication(undefined, {})).toEqual(initialState);
+    expect(authentication(undefined, {})).toBe(initialState);
   });
 
   it("should handle the SUCCESS action", () => {
     const payload = { token: "TOKEN", refresh_token: "REFRESH" };
     expect(
-      authentication({ foo: "bar" }, { type: login.SUCCESS, payload })
+      authentication({ foo: "bar" }, login.success(payload))
     ).toMatchObject({ token: "TOKEN" });
   });
 
   it("should handle the FAILURE action", () => {
-    expect(authentication({ foo: "bar" }, { type: login.FAILURE })).toEqual(
-      initialState
-    );
+    expect(authentication({ foo: "bar" }, login.failure())).toBe(initialState);
   });
 
-  it("should handle the RECEIVE_LOGOUT action", () => {
-    expect(authentication({ foo: "bar" }, { type: RECEIVE_LOGOUT })).toEqual(
-      initialState
-    );
+  it("should handle the logout.FULFILL action", () => {
+    expect(authentication({ foo: "bar" }, logout.fulfill())).toBe(initialState);
   });
 
-  it("should handle the RECEIVE_TOKEN action", () => {
+  it("should handle the retrieveToken.SUCCESS action", () => {
     expect(
-      authentication({ foo: "bar" }, { type: RECEIVE_TOKEN, token: "token" })
+      authentication({ foo: "bar" }, retrieveToken.success({ token: "token" }))
     ).toHaveProperty("token");
   });
 
   it("should ignore unknown actions", () => {
     expect(authentication({ foo: "bar" }, { type: "WTF" })).toEqual({
-      foo: "bar"
+      foo: "bar",
     });
   });
 });

package/src/sessions/reducers/authRedirect.js

@@ -21,7 +21,11 @@ const authRedirect = (state = initialState, { type, payload }) => {
     case nonceLogin.SUCCESS:
       return "/";
     default:
-      if (_.endsWith("/FAILURE")(type) && _.prop("status")(payload) === 401) {
+      if (
+        _.endsWith("/FAILURE")(type) &&
+        payload?.status === 401 &&
+        payload?.data?.message === "unauthorized"
+      ) {
         return "/login";
       }
       return state;

package/src/sessions/reducers/authentication.js

@@ -1,6 +1,12 @@
 import _ from "lodash/fp";
-import { login, auth0Login, openIdLogin } from "../routines";
-import { RECEIVE_LOGOUT, RECEIVE_TOKEN } from "../actions";
+import {
+  login,
+  auth0Login,
+  openIdLogin,
+  nonceLogin,
+  logout,
+} from "../routines";
+import { retrieveToken } from "../routines";
 
 const loginSubmitting = (state = false, { type }) => {
   switch (type) {
@@ -13,80 +19,56 @@ const loginSubmitting = (state = false, { type }) => {
   }
 };
 
-const initialState = {
+export const initialState = {
   auth_realm: undefined,
   token: undefined,
   role: undefined,
-  has_permissions: false,
+  entitlements: undefined,
   groups: [],
 };
 
-const authentication = (state = initialState, { type, payload, ...data }) => {
+const TOKEN_PROPS = [
+  "amr",
+  "groups",
+  "entitlements",
+  "role",
+  "token",
+  "user_name",
+];
+
+const authentication = (state = initialState, { type, payload }) => {
   switch (type) {
     case login.TRIGGER:
       const { auth_realm } = payload;
       return { ...initialState, auth_realm };
-    case openIdLogin.SUCCESS:
-      return Object.assign(
-        {},
-        state,
-        _.pick([
-          "user_name",
-          "token",
-          "role",
-          "has_permissions",
-          "remember",
-          "access_method",
-          "groups",
-        ])(payload)
-      );
     case auth0Login.SUCCESS:
-      return Object.assign(
-        {},
-        state,
-        _.pick([
-          "user_name",
-          "token",
-          "role",
-          "has_permissions",
-          "remember",
-          "access_method",
-          "groups",
-        ])(payload)
-      );
+      return Object.assign({}, state, _.pick(TOKEN_PROPS)(payload));
     case login.SUCCESS:
-      return Object.assign(
-        {},
-        state,
-        _.pick([
-          "user_name",
-          "token",
-          "role",
-          "has_permissions",
-          "remember",
-          "access_method",
-          "groups",
-        ])(payload)
-      );
+      return Object.assign({}, state, _.pick(TOKEN_PROPS)(payload));
+    case nonceLogin.SUCCESS:
+      return Object.assign({}, state, _.pick(TOKEN_PROPS)(payload));
+    case openIdLogin.SUCCESS:
+      return Object.assign({}, state, _.pick(TOKEN_PROPS)(payload));
+    case retrieveToken.SUCCESS:
+      return Object.assign({}, state, _.pick(TOKEN_PROPS)(payload));
+    case auth0Login.FAILURE:
+      return initialState;
     case login.FAILURE:
       return initialState;
-    case RECEIVE_TOKEN:
-      return Object.assign(
-        {},
-        state,
-        _.pick([
-          "user_name",
-          "token",
-          "role",
-          "has_permissions",
-          "remember",
-          "access_method",
-          "groups",
-        ])(data)
-      );
-    case RECEIVE_LOGOUT:
+    case nonceLogin.FAILURE:
+      return initialState;
+    case openIdLogin.FAILURE:
+      return initialState;
+    case logout.FULFILL:
       return initialState;
     default:
+      if (
+        _.endsWith("/FAILURE")(type) &&
+        payload?.status === 401 &&
+        payload?.data?.message === "unauthorized"
+      ) {
+        return initialState;
+      }
       return state;
   }
 };

package/src/sessions/{routines/index.js → routines.js}

@@ -1,7 +1,10 @@
 import { createRoutine } from "redux-saga-routines";
 
 export const login = createRoutine("LOGIN");
+export const logout = createRoutine("LOGOUT");
 export const auth0Login = createRoutine("AUTH0");
 export const openIdLogin = createRoutine("OPENID");
 export const nonceLogin = createRoutine("NONCE");
 export const fetchAuthMethods = createRoutine("FETCH_AUTH_METHODS");
+export const refreshSession = createRoutine("REFRESH_SESSION");
+export const retrieveToken = createRoutine("READ_TOKEN");

package/src/sessions/sagas/__tests__/login.spec.js

@@ -38,17 +38,17 @@ describe("sagas: post login", () => {
   it("should handle postLoginSaga when a response is returned", () => {
     const user_name = "fulanito.menganito@bluetab.net";
     const password = "top_secret";
-    const access_method = "alternative_login";
+    const access_method = "pwd";
     const token = "token";
-    const has_permissions = true;
+    const entitlements = ["p"];
     const token_username = "some_username";
     const role = "user";
-    const type = "type";
     const exp = "exp";
     const pre_user = { user_name, password };
     const user = { user_name, password };
     const data = { token };
     const groups = ["foo"];
+    const amr = ["pwd"];
 
     expect(() => {
       testSaga(postLoginSaga, { payload: pre_user, access_method })
@@ -61,24 +61,22 @@ describe("sagas: post login", () => {
         .next()
         .call(jwt_decode, token)
         .next({
-          user_name: token_username,
-          role,
-          has_permissions,
-          access_method,
-          type,
+          amr,
+          entitlements,
           exp,
           groups,
+          role,
+          user_name: token_username,
         })
         .put(
           login.success({
-            user_name: token_username,
-            token,
-            role,
-            has_permissions,
-            access_method,
-            type,
+            amr,
+            entitlements,
             exp,
             groups,
+            role,
+            token,
+            user_name: token_username,
           })
         )
         .next()
@@ -95,7 +93,7 @@ describe("sagas: post login", () => {
     const user = { user_name: username, password };
     const errorData = "Login failed";
     const error = { response: { data: errorData } };
-    const access_method = "alternative_login";
+    const access_method = "pwd";
 
     expect(() => {
       testSaga(postLoginSaga, { payload: user })
@@ -119,10 +117,10 @@ describe("sagas: openIdLogin", () => {
     const state = "bar";
     const payload = { code, state };
 
+    const amr = [];
     const user_name = "some_username";
     const role = "user";
-    const has_permissions = true;
-    const type = "type";
+    const entitlements = ["p"];
     const exp = "exp";
     const groups = ["foo"];
     const token = "token";
@@ -140,22 +138,22 @@ describe("sagas: openIdLogin", () => {
         .next()
         .call(jwt_decode, token)
         .next({
-          user_name,
-          role,
-          has_permissions,
-          type,
+          amr,
+          entitlements,
           exp,
           groups,
+          role,
+          user_name,
         })
         .put(
           openIdLogin.success({
-            user_name,
-            token,
-            role,
-            has_permissions,
-            type,
+            amr,
+            entitlements,
             exp,
             groups,
+            role,
+            token,
+            user_name,
           })
         )
         .next()
@@ -170,10 +168,10 @@ describe("sagas: openIdLogin", () => {
     const state = "bar";
     const payload = { id_token, state };
 
+    const amr = [];
     const user_name = "some_username";
     const role = "user";
-    const has_permissions = true;
-    const type = "type";
+    const entitlements = [];
     const exp = "exp";
     const groups = ["foo"];
     const token = "token";
@@ -196,22 +194,22 @@ describe("sagas: openIdLogin", () => {
         .next()
         .call(jwt_decode, token)
         .next({
-          user_name,
-          role,
-          has_permissions,
-          type,
+          amr,
+          entitlements,
           exp,
           groups,
+          role,
+          user_name,
         })
         .put(
           openIdLogin.success({
-            user_name,
-            token,
-            role,
-            has_permissions,
-            type,
+            amr,
+            entitlements,
             exp,
             groups,
+            role,
+            token,
+            user_name,
           })
         )
         .next()

package/src/sessions/sagas/__tests__/logout.spec.js

@@ -1,14 +1,16 @@
 import { testSaga } from "redux-saga-test-plan";
+import { apiJsonDelete, JSON_OPTS } from "@truedat/core/services/api";
 import { clearToken } from "@truedat/core/services/storage";
+import { API_SESSIONS } from "../../api";
 import { logoutSaga, logoutRequestSaga } from "../logout";
-import { REQUEST_LOGOUT, RECEIVE_LOGOUT } from "../../actions";
+import { logout } from "../../routines";
 
 describe("sagas: logout request", () => {
-  it("should success handling loginRequestSaga", () => {
+  it("should success handling logoutRequestSaga", () => {
     expect(() => {
       testSaga(logoutRequestSaga)
         .next()
-        .takeLatest(REQUEST_LOGOUT, logoutSaga)
+        .takeLatest(logout.TRIGGER, logoutSaga)
         .finish()
         .isDone();
     }).not.toThrow();
@@ -22,13 +24,20 @@ describe("sagas: logout request", () => {
 });
 
 describe("sagas: logoutSaga", () => {
-  it("should call clearToken", () => {
+  it("should call DELETE /api/sessions and clearToken", () => {
+    const data = "";
     expect(() => {
       testSaga(logoutSaga)
+        .next()
+        .put(logout.request())
+        .next()
+        .call(apiJsonDelete, API_SESSIONS, JSON_OPTS)
+        .next({ data })
+        .put(logout.success(data))
         .next()
         .call(clearToken)
         .next()
-        .put({ type: RECEIVE_LOGOUT })
+        .put(logout.fulfill())
         .next()
         .isDone();
     }).not.toThrow();

package/src/sessions/sagas/__tests__/refresh.spec.js

@@ -0,0 +1,87 @@
+import jwt_decode from "jwt-decode";
+import { testSaga } from "redux-saga-test-plan";
+import { takeLatest } from "redux-saga/effects";
+import { apiJsonPost, JSON_OPTS } from "@truedat/core/services/api";
+import { saveToken } from "@truedat/core/services/storage";
+import { API_SESSIONS_REFRESH } from "../../api";
+import { refreshDelay, refreshSaga, refreshRequestSaga } from "../refresh";
+import {
+  login,
+  auth0Login,
+  openIdLogin,
+  nonceLogin,
+  refreshSession,
+  retrieveToken,
+} from "../../routines";
+
+describe("sagas: refresh request", () => {
+  it(`should success handling login success, etc.`, () => {
+    expect(() => {
+      testSaga(refreshRequestSaga)
+        .next()
+        .all([
+          takeLatest(login.SUCCESS, refreshSaga),
+          takeLatest(auth0Login.SUCCESS, refreshSaga),
+          takeLatest(openIdLogin.SUCCESS, refreshSaga),
+          takeLatest(nonceLogin.SUCCESS, refreshSaga),
+          takeLatest(refreshSession.SUCCESS, refreshSaga),
+          takeLatest(retrieveToken.SUCCESS, refreshSaga),
+        ])
+        .finish()
+        .isDone();
+    }).not.toThrow();
+  });
+
+  it("should fail handling refreshRequestSaga if wrong pattern", () => {
+    expect(() => {
+      testSaga(refreshRequestSaga)
+        .next()
+        .takeLatest("WTF_PATTERN", refreshSaga);
+    }).toThrow();
+  });
+});
+
+describe("sagas: refreshSaga", () => {
+  it("should call POST /api/sessions/refresh and saveToken", () => {
+    const amr = "pwd";
+    const entitlements = ["p"];
+    const groups = [];
+    const role = "user";
+    const user_name = "user_name";
+    const exp = 1657026;
+    const payload = { exp };
+    const token = "token";
+    const data = { token };
+    expect(() => {
+      testSaga(refreshSaga, { payload })
+        .next()
+        .call(refreshDelay, payload)
+        .next(5000)
+        .delay(5000)
+        .next()
+        .put(refreshSession.request(payload))
+        .next()
+        .call(apiJsonPost, API_SESSIONS_REFRESH, {}, JSON_OPTS)
+        .next({ data })
+        .call(saveToken, token)
+        .next()
+        .call(jwt_decode, token)
+        .next({ amr, entitlements, exp, groups, role, user_name })
+        .put(
+          refreshSession.success({
+            amr,
+            entitlements,
+            exp,
+            groups,
+            role,
+            user_name,
+            token,
+          })
+        )
+        .next()
+        .put(refreshSession.fulfill())
+        .next()
+        .isDone();
+    }).not.toThrow();
+  });
+});

package/src/sessions/sagas/__tests__/token.spec.js

@@ -1,11 +1,12 @@
+import _ from "lodash/fp";
 import jwt_decode from "jwt-decode";
 import { testSaga } from "redux-saga-test-plan";
 import { readToken as readTokenFromStorage } from "@truedat/core/services/storage";
 import { tokenRequestSaga, checkExpired, readToken } from "../token";
-import { REQUEST_TOKEN, RECEIVE_TOKEN } from "../../actions";
+import { retrieveToken } from "../../routines";
 
 describe("sagas: check expired", () => {
-  const now = Date.now().valueOf() / 1000;
+  const now = _.toInteger(Date.now().valueOf() / 1000);
   const oneMinuteAgo = now - 60;
   const oneMinuteFromNow = now + 60;
 
@@ -27,13 +28,13 @@ describe("sagas: check expired", () => {
 });
 
 describe("sagas: read token", () => {
-  const exp = Date.now().valueOf() / 1000 + 60;
+  const exp = _.toInteger(Date.now().valueOf() / 1000 + 60);
   const user_name = "user";
   const token = "TOKEN";
   const role = "user";
-  const has_permissions = false;
-  const access_method = undefined;
+  const amr = undefined;
   const groups = ["business_glossary"];
+  const entitlements = ["p"];
 
   it("should call readTokenFromStorage, jwt_decode and checkExpired", () => {
     expect(() => {
@@ -42,18 +43,20 @@ describe("sagas: read token", () => {
         .call(readTokenFromStorage)
         .next(token)
         .call(jwt_decode, token)
-        .next({ user_name, exp, role, has_permissions, groups })
+        .next({ user_name, entitlements, exp, role, groups })
         .call(checkExpired, exp)
         .next(false)
-        .put({
-          type: RECEIVE_TOKEN,
-          user_name,
-          token,
-          role,
-          has_permissions,
-          access_method,
-          groups,
-        })
+        .put(
+          retrieveToken.success({
+            amr,
+            entitlements,
+            exp,
+            groups,
+            role,
+            token,
+            user_name,
+          })
+        )
         .next()
         .isDone();
     }).not.toThrow();
@@ -89,7 +92,7 @@ describe("sagas: token request", () => {
     expect(() => {
       testSaga(tokenRequestSaga)
         .next()
-        .takeLatest(REQUEST_TOKEN, readToken)
+        .takeLatest(retrieveToken.TRIGGER, readToken)
         .finish()
         .isDone();
     }).not.toThrow();

package/src/sessions/sagas/index.js

@@ -2,17 +2,20 @@ import { fetchAuthMethodsRequestSaga } from "./fetchAuthMethods";
 import { loginRequestSaga } from "./login";
 import { logoutRequestSaga } from "./logout";
 import { tokenRequestSaga } from "./token";
+import { refreshRequestSaga } from "./refresh";
 
 export {
   fetchAuthMethodsRequestSaga,
   loginRequestSaga,
   logoutRequestSaga,
-  tokenRequestSaga
+  tokenRequestSaga,
+  refreshRequestSaga,
 };
 
 export default [
   fetchAuthMethodsRequestSaga(),
   loginRequestSaga(),
   logoutRequestSaga(),
-  tokenRequestSaga()
+  tokenRequestSaga(),
+  refreshRequestSaga(),
 ];

package/src/sessions/sagas/login.js

@@ -23,18 +23,18 @@ export function* auth0LoginSaga({ payload }) {
     const { data } = yield call(apiJsonPost, url, body, opts);
     const { token } = data;
     yield call(saveToken, token);
-    const { user_name, has_permissions, type, exp, role, groups } = yield call(
+    const { amr, entitlements, exp, groups, role, user_name } = yield call(
       jwt_decode,
       token
     );
     yield put(
       auth0Login.success({
-        user_name,
-        type,
+        amr,
+        entitlements,
         exp,
-        has_permissions,
         groups,
         role,
+        user_name,
         ...data,
       })
     );
@@ -58,19 +58,18 @@ export function* openIdLoginSaga({ payload }) {
     const { data } = yield call(apiJsonPost, url, body, opts);
     const { token } = data;
     yield call(saveToken, token);
-    const { user_name, has_permissions, type, exp, role, groups } = yield call(
+    const { amr, entitlements, exp, groups, role, user_name } = yield call(
       jwt_decode,
       token
     );
-    // TODO: push username to GTM dataLayer
     yield put(
       openIdLogin.success({
-        user_name,
-        type,
+        amr,
+        entitlements,
         exp,
-        has_permissions,
-        role,
         groups,
+        role,
+        user_name,
         ...data,
       })
     );
@@ -90,18 +89,18 @@ export function* nonceLoginSaga({ payload }) {
     const { data } = yield call(apiJsonPost, url, body, JSON_OPTS);
     const { token } = data;
     yield call(saveToken, token);
-    const { user_name, has_permissions, type, exp, role, groups } = yield call(
+    const { amr, entitlements, exp, groups, role, user_name } = yield call(
       jwt_decode,
       token
     );
     yield put(
       nonceLogin.success({
-        user_name,
-        type,
+        amr,
+        entitlements,
         exp,
-        has_permissions,
-        role,
         groups,
+        role,
+        user_name,
         ...data,
       })
     );
@@ -118,30 +117,24 @@ export function* postLoginSaga({ payload }) {
     const auth_realm = _.prop("auth_realm")(payload);
     const user = _.pick(["user_name", "password"])(payload);
     const requestData = auth_realm
-      ? { access_method: "alternative_login", auth_realm, user }
-      : { access_method: "alternative_login", user };
+      ? { access_method: "pwd", auth_realm, user }
+      : { access_method: "pwd", user };
     yield put(login.request());
     const { data } = yield call(apiJsonPost, url, requestData, JSON_OPTS);
     const { token } = data;
     yield call(saveToken, token);
-    const {
-      user_name,
-      has_permissions,
-      type,
-      exp,
-      role,
-      groups,
-      access_method,
-    } = yield call(jwt_decode, token);
+    const { amr, entitlements, exp, groups, role, user_name } = yield call(
+      jwt_decode,
+      token
+    );
     yield put(
       login.success({
-        user_name,
-        has_permissions,
-        type,
+        amr,
+        entitlements,
         exp,
-        role,
         groups,
-        access_method,
+        role,
+        user_name,
         ...data,
       })
     );

package/src/sessions/sagas/logout.js

@@ -1,12 +1,27 @@
-import { call, put, takeLatest } from "redux-saga/effects";
+import { all, call, put, takeLatest } from "redux-saga/effects";
+import { apiJsonDelete, JSON_OPTS } from "@truedat/core/services/api";
 import { clearToken } from "@truedat/core/services/storage";
-import { REQUEST_LOGOUT, RECEIVE_LOGOUT } from "../actions";
+import { API_SESSIONS } from "../api";
+import { logout } from "../routines";
 
 export function* logoutSaga() {
-  yield call(clearToken);
-  yield put({ type: RECEIVE_LOGOUT });
+  try {
+    yield put(logout.request());
+    const { data } = yield call(apiJsonDelete, API_SESSIONS, JSON_OPTS);
+    yield put(logout.success(data));
+  } catch (error) {
+    if (error.response) {
+      const { status, data } = error.response;
+      yield put(logout.failure({ status, data }));
+    } else {
+      yield put(logout.failure(error.message));
+    }
+  } finally {
+    yield call(clearToken);
+    yield put(logout.fulfill());
+  }
 }
 
 export function* logoutRequestSaga() {
-  yield takeLatest(REQUEST_LOGOUT, logoutSaga);
+  yield takeLatest(logout.TRIGGER, logoutSaga);
 }

package/src/sessions/sagas/refresh.js

@@ -0,0 +1,66 @@
+import jwt_decode from "jwt-decode";
+import { all, call, put, takeLatest, delay } from "redux-saga/effects";
+import { apiJsonPost, JSON_OPTS } from "@truedat/core/services/api";
+import { saveToken } from "@truedat/core/services/storage";
+import {
+  login,
+  auth0Login,
+  openIdLogin,
+  nonceLogin,
+  refreshSession,
+  retrieveToken,
+} from "../routines";
+import { API_SESSIONS_REFRESH } from "../api";
+
+// 5 seconds
+const MIN_DELAY = 5000;
+
+// milliseconds until 1 minute before expiry, but at least MIN_DELAY
+export const refreshDelay = ({ exp }) =>
+  exp ? Math.max(MIN_DELAY, exp * 1000 - Date.now() - 60000) : MIN_DELAY;
+
+export function* refreshSaga({ payload }) {
+  const millis = yield call(refreshDelay, payload || {});
+  yield delay(millis);
+  yield put(refreshSession.request(payload));
+  try {
+    const { data } = yield call(
+      apiJsonPost,
+      API_SESSIONS_REFRESH,
+      {},
+      JSON_OPTS
+    );
+    const { token } = data;
+    yield call(saveToken, token);
+    const { amr, entitlements, exp, groups, role, user_name } = yield call(
+      jwt_decode,
+      token
+    );
+    yield put(
+      refreshSession.success({
+        amr,
+        entitlements,
+        exp,
+        groups,
+        role,
+        user_name,
+        ...data,
+      })
+    );
+  } catch (error) {
+    yield put(refreshSession.failure(error.message));
+  } finally {
+    yield put(refreshSession.fulfill());
+  }
+}
+
+export function* refreshRequestSaga() {
+  yield all([
+    takeLatest(login.SUCCESS, refreshSaga),
+    takeLatest(auth0Login.SUCCESS, refreshSaga),
+    takeLatest(openIdLogin.SUCCESS, refreshSaga),
+    takeLatest(nonceLogin.SUCCESS, refreshSaga),
+    takeLatest(refreshSession.SUCCESS, refreshSaga),
+    takeLatest(retrieveToken.SUCCESS, refreshSaga),
+  ]);
+}

package/src/sessions/sagas/token.js

@@ -1,7 +1,7 @@
 import jwt_decode from "jwt-decode";
 import { call, put, takeLatest } from "redux-saga/effects";
 import { readToken as readTokenFromStorage } from "@truedat/core/services/storage";
-import { REQUEST_TOKEN, RECEIVE_TOKEN } from "../actions";
+import { retrieveToken } from "../routines";
 
 export const checkExpired = (exp) => {
   if (exp) {
@@ -15,23 +15,27 @@ export const checkExpired = (exp) => {
 export function* readToken() {
   const token = yield call(readTokenFromStorage);
   if (token) {
-    const { user_name, exp, role, has_permissions, access_method, groups } =
-      yield call(jwt_decode, token);
+    const { amr, entitlements, exp, groups, role, user_name } = yield call(
+      jwt_decode,
+      token
+    );
     const isExpired = yield call(checkExpired, exp);
     if (!isExpired) {
-      yield put({
-        type: RECEIVE_TOKEN,
-        user_name,
-        has_permissions,
-        token,
-        role,
-        access_method,
-        groups,
-      });
+      yield put(
+        retrieveToken.success({
+          amr,
+          entitlements,
+          exp,
+          groups,
+          role,
+          token,
+          user_name,
+        })
+      );
     }
   }
 }
 
 export function* tokenRequestSaga() {
-  yield takeLatest(REQUEST_TOKEN, readToken);
+  yield takeLatest(retrieveToken.TRIGGER, readToken);
 }

package/src/users/sagas/__tests__/fetchUsers.spec.js

@@ -17,9 +17,7 @@ describe("sagas: fetchUsersRequestSaga", () => {
 
   it("should throw exception if an unhandled action is received", () => {
     expect(() => {
-      testSaga(fetchUsersRequestSaga)
-        .next()
-        .takeLatest("FOO", fetchUsersSaga);
+      testSaga(fetchUsersRequestSaga).next().takeLatest("FOO", fetchUsersSaga);
     }).toThrow();
   });
 });
@@ -28,8 +26,8 @@ describe("sagas: fetchUsersSaga", () => {
   const data = {
     collection: [
       { id: 1, name: "User 1", email: "user1@truedat.net" },
-      { id: 2, name: "User 2", email: "user2@truedat.net" }
-    ]
+      { id: 2, name: "User 2", email: "user2@truedat.net" },
+    ],
   };
 
   it("should put a success action when a response is returned", () => {

package/src/sessions/actions.js

@@ -1,6 +0,0 @@
-// Authentication
-export const REQUEST_LOGOUT = "REQUEST_LOGOUT";
-export const RECEIVE_LOGOUT = "RECEIVE_LOGOUT";
-
-export const REQUEST_TOKEN = "REQUEST_TOKEN";
-export const RECEIVE_TOKEN = "RECEIVE_TOKEN";