npm - @webex/webex-core - Versions diffs - 2.59.2 → 2.59.3-next.1 - Mend

@webex/webex-core 2.59.2 → 2.59.3-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (189) hide show

package/.eslintrc.js +6 -6
package/README.md +79 -79
package/babel.config.js +3 -3
package/dist/config.js +24 -24
package/dist/config.js.map +1 -1
package/dist/credentials-config.js +56 -56
package/dist/credentials-config.js.map +1 -1
package/dist/index.js.map +1 -1
package/dist/interceptors/auth.js +28 -28
package/dist/interceptors/auth.js.map +1 -1
package/dist/interceptors/default-options.js +24 -24
package/dist/interceptors/default-options.js.map +1 -1
package/dist/interceptors/embargo.js +9 -9
package/dist/interceptors/embargo.js.map +1 -1
package/dist/interceptors/network-timing.js +19 -19
package/dist/interceptors/network-timing.js.map +1 -1
package/dist/interceptors/payload-transformer.js +19 -19
package/dist/interceptors/payload-transformer.js.map +1 -1
package/dist/interceptors/rate-limit.js +40 -40
package/dist/interceptors/rate-limit.js.map +1 -1
package/dist/interceptors/redirect.js +13 -13
package/dist/interceptors/redirect.js.map +1 -1
package/dist/interceptors/request-event.js +23 -23
package/dist/interceptors/request-event.js.map +1 -1
package/dist/interceptors/request-logger.js +13 -13
package/dist/interceptors/request-logger.js.map +1 -1
package/dist/interceptors/request-timing.js +23 -23
package/dist/interceptors/request-timing.js.map +1 -1
package/dist/interceptors/response-logger.js +19 -19
package/dist/interceptors/response-logger.js.map +1 -1
package/dist/interceptors/user-agent.js +29 -29
package/dist/interceptors/user-agent.js.map +1 -1
package/dist/interceptors/webex-tracking-id.js +15 -15
package/dist/interceptors/webex-tracking-id.js.map +1 -1
package/dist/interceptors/webex-user-agent.js +13 -13
package/dist/interceptors/webex-user-agent.js.map +1 -1
package/dist/lib/batcher.js +83 -83
package/dist/lib/batcher.js.map +1 -1
package/dist/lib/credentials/credentials.js +103 -103
package/dist/lib/credentials/credentials.js.map +1 -1
package/dist/lib/credentials/grant-errors.js +17 -17
package/dist/lib/credentials/grant-errors.js.map +1 -1
package/dist/lib/credentials/index.js +2 -2
package/dist/lib/credentials/index.js.map +1 -1
package/dist/lib/credentials/scope.js +11 -11
package/dist/lib/credentials/scope.js.map +1 -1
package/dist/lib/credentials/token-collection.js +2 -2
package/dist/lib/credentials/token-collection.js.map +1 -1
package/dist/lib/credentials/token.js +145 -145
package/dist/lib/credentials/token.js.map +1 -1
package/dist/lib/page.js +49 -49
package/dist/lib/page.js.map +1 -1
package/dist/lib/services/constants.js.map +1 -1
package/dist/lib/services/index.js +2 -2
package/dist/lib/services/index.js.map +1 -1
package/dist/lib/services/interceptors/server-error.js +9 -9
package/dist/lib/services/interceptors/server-error.js.map +1 -1
package/dist/lib/services/interceptors/service.js +24 -24
package/dist/lib/services/interceptors/service.js.map +1 -1
package/dist/lib/services/metrics.js.map +1 -1
package/dist/lib/services/service-catalog.js +104 -104
package/dist/lib/services/service-catalog.js.map +1 -1
package/dist/lib/services/service-fed-ramp.js.map +1 -1
package/dist/lib/services/service-host.js +134 -134
package/dist/lib/services/service-host.js.map +1 -1
package/dist/lib/services/service-registry.js +175 -175
package/dist/lib/services/service-registry.js.map +1 -1
package/dist/lib/services/service-state.js +38 -38
package/dist/lib/services/service-state.js.map +1 -1
package/dist/lib/services/service-url.js +31 -31
package/dist/lib/services/service-url.js.map +1 -1
package/dist/lib/services/services.js +245 -245
package/dist/lib/services/services.js.map +1 -1
package/dist/lib/stateless-webex-plugin.js +28 -28
package/dist/lib/stateless-webex-plugin.js.map +1 -1
package/dist/lib/storage/decorators.js +27 -27
package/dist/lib/storage/decorators.js.map +1 -1
package/dist/lib/storage/errors.js +4 -4
package/dist/lib/storage/errors.js.map +1 -1
package/dist/lib/storage/index.js.map +1 -1
package/dist/lib/storage/make-webex-plugin-store.js +44 -44
package/dist/lib/storage/make-webex-plugin-store.js.map +1 -1
package/dist/lib/storage/make-webex-store.js +40 -40
package/dist/lib/storage/make-webex-store.js.map +1 -1
package/dist/lib/storage/memory-store-adapter.js +9 -9
package/dist/lib/storage/memory-store-adapter.js.map +1 -1
package/dist/lib/webex-core-plugin-mixin.js +13 -13
package/dist/lib/webex-core-plugin-mixin.js.map +1 -1
package/dist/lib/webex-http-error.js +9 -9
package/dist/lib/webex-http-error.js.map +1 -1
package/dist/lib/webex-internal-core-plugin-mixin.js +13 -13
package/dist/lib/webex-internal-core-plugin-mixin.js.map +1 -1
package/dist/lib/webex-plugin.js +36 -36
package/dist/lib/webex-plugin.js.map +1 -1
package/dist/plugins/logger.js +9 -9
package/dist/plugins/logger.js.map +1 -1
package/dist/webex-core.js +104 -104
package/dist/webex-core.js.map +1 -1
package/dist/webex-internal-core.js +12 -12
package/dist/webex-internal-core.js.map +1 -1
package/jest.config.js +3 -3
package/package.json +20 -19
package/process +1 -1
package/src/config.js +90 -90
package/src/credentials-config.js +212 -212
package/src/index.js +62 -62
package/src/interceptors/auth.js +186 -186
package/src/interceptors/default-options.js +55 -55
package/src/interceptors/embargo.js +43 -43
package/src/interceptors/network-timing.js +54 -54
package/src/interceptors/payload-transformer.js +55 -55
package/src/interceptors/rate-limit.js +169 -169
package/src/interceptors/redirect.js +106 -106
package/src/interceptors/request-event.js +93 -93
package/src/interceptors/request-logger.js +78 -78
package/src/interceptors/request-timing.js +65 -65
package/src/interceptors/response-logger.js +98 -98
package/src/interceptors/user-agent.js +77 -77
package/src/interceptors/webex-tracking-id.js +73 -73
package/src/interceptors/webex-user-agent.js +79 -79
package/src/lib/batcher.js +307 -307
package/src/lib/credentials/credentials.js +552 -552
package/src/lib/credentials/grant-errors.js +92 -92
package/src/lib/credentials/index.js +16 -16
package/src/lib/credentials/scope.js +34 -34
package/src/lib/credentials/token-collection.js +17 -17
package/src/lib/credentials/token.js +559 -559
package/src/lib/page.js +159 -159
package/src/lib/services/constants.js +9 -9
package/src/lib/services/index.js +26 -26
package/src/lib/services/interceptors/server-error.js +48 -48
package/src/lib/services/interceptors/service.js +101 -101
package/src/lib/services/metrics.js +4 -4
package/src/lib/services/service-catalog.js +435 -435
package/src/lib/services/service-fed-ramp.js +4 -4
package/src/lib/services/service-host.js +267 -267
package/src/lib/services/service-registry.js +465 -465
package/src/lib/services/service-state.js +78 -78
package/src/lib/services/service-url.js +124 -124
package/src/lib/services/services.js +1018 -1018
package/src/lib/stateless-webex-plugin.js +98 -98
package/src/lib/storage/decorators.js +220 -220
package/src/lib/storage/errors.js +15 -15
package/src/lib/storage/index.js +10 -10
package/src/lib/storage/make-webex-plugin-store.js +211 -211
package/src/lib/storage/make-webex-store.js +140 -140
package/src/lib/storage/memory-store-adapter.js +79 -79
package/src/lib/webex-core-plugin-mixin.js +114 -114
package/src/lib/webex-http-error.js +61 -61
package/src/lib/webex-internal-core-plugin-mixin.js +107 -107
package/src/lib/webex-plugin.js +222 -222
package/src/plugins/logger.js +60 -60
package/src/webex-core.js +745 -745
package/src/webex-internal-core.js +46 -46
package/test/integration/spec/credentials/credentials.js +139 -139
package/test/integration/spec/credentials/token.js +102 -102
package/test/integration/spec/services/service-catalog.js +838 -838
package/test/integration/spec/services/services.js +1221 -1221
package/test/integration/spec/webex-core.js +178 -178
package/test/unit/spec/_setup.js +44 -44
package/test/unit/spec/credentials/credentials.js +1017 -1017
package/test/unit/spec/credentials/token.js +441 -441
package/test/unit/spec/interceptors/auth.js +521 -521
package/test/unit/spec/interceptors/default-options.js +84 -84
package/test/unit/spec/interceptors/embargo.js +144 -144
package/test/unit/spec/interceptors/network-timing.js +49 -49
package/test/unit/spec/interceptors/payload-transformer.js +155 -155
package/test/unit/spec/interceptors/rate-limit.js +302 -302
package/test/unit/spec/interceptors/redirect.js +102 -102
package/test/unit/spec/interceptors/request-timing.js +92 -92
package/test/unit/spec/interceptors/user-agent.js +76 -76
package/test/unit/spec/interceptors/webex-tracking-id.js +76 -76
package/test/unit/spec/interceptors/webex-user-agent.js +159 -159
package/test/unit/spec/lib/batcher.js +330 -330
package/test/unit/spec/lib/page.js +148 -148
package/test/unit/spec/lib/webex-plugin.js +48 -48
package/test/unit/spec/services/interceptors/server-error.js +204 -204
package/test/unit/spec/services/interceptors/service.js +188 -188
package/test/unit/spec/services/service-catalog.js +194 -194
package/test/unit/spec/services/service-host.js +260 -260
package/test/unit/spec/services/service-registry.js +747 -747
package/test/unit/spec/services/service-state.js +60 -60
package/test/unit/spec/services/service-url.js +258 -258
package/test/unit/spec/services/services.js +348 -348
package/test/unit/spec/storage/persist.js +50 -50
package/test/unit/spec/storage/storage-adapter.js +12 -12
package/test/unit/spec/storage/wait-for-value.js +81 -81
package/test/unit/spec/webex-core.js +253 -253
package/test/unit/spec/webex-internal-core.js +91 -91

package/test/unit/spec/interceptors/auth.js CHANGED Viewed

@@ -1,521 +1,521 @@
-/*!
- * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
- */
-/* eslint-disable camelcase */
-import chai from 'chai';
-import chaiAsPromised from 'chai-as-promised';
-import sinon from 'sinon';
-import {browserOnly, nodeOnly} from '@webex/test-helper-mocha';
-import Logger from '@webex/plugin-logger';
-import MockWebex from '@webex/test-helper-mock-webex';
-import {AuthInterceptor, config, Credentials, WebexHttpError, Token} from '@webex/webex-core';
-import {cloneDeep, merge} from 'lodash';
-const {assert} = chai;
-chai.use(chaiAsPromised);
-sinon.assert.expose(chai.assert, {prefix: ''});
-describe('webex-core', () => {
-  describe('Interceptors', () => {
-    describe('AuthInterceptor', () => {
-      let interceptor, webex;
-      beforeEach(() => {
-        webex = new MockWebex({
-          children: {
-            credentials: Credentials,
-            logger: Logger,
-          },
-          config: merge(cloneDeep(config), {credentials: {client_secret: 'fake'}}),
-        });
-        webex.credentials.supertoken = new Token(
-          {
-            access_token: 'ST1',
-            token_type: 'Bearer',
-          },
-          {parent: webex}
-        );
-        interceptor = Reflect.apply(AuthInterceptor.create, webex, []);
-      });
-      describe('#onRequest()', () => {
-        it('does not replace the auth header if one has been provided', () =>
-          interceptor
-            .onRequest({
-              uri: `${config.services.discovery.hydra}/ping`,
-              headers: {
-                authorization: 'Bearer Alternate',
-              },
-            })
-            .then((result) =>
-              assert.deepEqual(result, {
-                uri: `${config.services.discovery.hydra}/ping`,
-                headers: {
-                  authorization: 'Bearer Alternate',
-                },
-              })
-            ));
-        [undefined, null, false].forEach((falsey) => {
-          it(`does not add an auth header if ${falsey} has been provided`, () =>
-            interceptor
-              .onRequest({
-                uri: `${config.services.discovery.hydra}/ping`,
-                headers: {
-                  authorization: falsey,
-                },
-              })
-              .then((result) =>
-                assert.deepEqual(result, {
-                  uri: `${config.services.discovery.hydra}/ping`,
-                  headers: {},
-                })
-              ));
-        });
-        // There should never be a case in which the services plugin is not
-        // loaded. But testing for legacy support.
-        describe('when the services plugin has not been loaded', () => {
-          it('does not add the auth header to hydra requests', () =>
-            interceptor
-              .onRequest({
-                uri: `${config.services.discovery.hydra}/ping`,
-              })
-              .then((result) =>
-                assert.deepEqual(result, {
-                  uri: `${config.services.discovery.hydra}/ping`,
-                  headers: {},
-                })
-              ));
-          it('does not add the auth header to u2c requests', () =>
-            interceptor
-              .onRequest({
-                uri: `${config.services.discovery.u2c}/ping`,
-              })
-              .then((result) =>
-                assert.deepEqual(result, {
-                  uri: `${config.services.discovery.u2c}/ping`,
-                  headers: {},
-                })
-              ));
-        });
-        describe('when the services plugin has been loaded', () => {
-          let services;
-          beforeEach(() => {
-            services = {
-              hydra: 'https://hydra-a.wbx.com',
-              example: 'https://service.example.com',
-            };
-            webex.internal.services = {
-              hasService: (service) => Object.keys(services).includes(service),
-              hasAllowedDomains: () => true,
-              isAllowedDomainUrl: (uri) =>
-                !!config.services.allowedDomains.find((host) => uri.includes(host)),
-              getServiceFromUrl: (uri) => {
-                let targetKey;
-                Object.keys(services).forEach((key) => {
-                  if (uri.includes(services[key])) {
-                    targetKey = key;
-                  }
-                });
-                return targetKey ? {name: targetKey} : undefined;
-              },
-            };
-            webex.internal.services.waitForService = (pto) =>
-              Promise.resolve(services[pto.name] || pto.url);
-          });
-          it('adds the header to hydra requests', () =>
-            Promise.all([
-              interceptor.onRequest({uri: `${services.hydra}/ping`}).then((result) =>
-                assert.deepEqual(result, {
-                  uri: `${services.hydra}/ping`,
-                  headers: {
-                    authorization: 'Bearer ST1',
-                  },
-                })
-              ),
-              interceptor
-                .onRequest({
-                  service: 'hydra',
-                  resource: 'ping',
-                })
-                .then((result) =>
-                  assert.deepEqual(result, {
-                    service: 'hydra',
-                    resource: 'ping',
-                    headers: {
-                      authorization: 'Bearer ST1',
-                    },
-                  })
-                ),
-            ]));
-          it('adds an auth header to uris that are in the service catalog', () =>
-            interceptor
-              .onRequest({
-                uri: `${services.example}/ping`,
-              })
-              .then((result) =>
-                assert.deepEqual(result, {
-                  uri: `${services.example}/ping`,
-                  headers: {
-                    authorization: 'Bearer ST1',
-                  },
-                })
-              ));
-          it('adds an auth header to services that are in the service catalog', () =>
-            interceptor
-              .onRequest({
-                service: 'example',
-                resource: 'some-resource',
-              })
-              .then((result) =>
-                assert.deepEqual(result, {
-                  service: 'example',
-                  resource: 'some-resource',
-                  headers: {
-                    authorization: 'Bearer ST1',
-                  },
-                })
-              ));
-          it('does not add an auth header to uris not in the service catalog', () =>
-            interceptor
-              .onRequest({
-                uri: 'https://not-a-service.com/ping',
-              })
-              .then((result) =>
-                assert.deepEqual(result, {
-                  headers: {},
-                  uri: 'https://not-a-service.com/ping',
-                })
-              ));
-          it('does not add an auth header to non-existant services', () =>
-            interceptor
-              .onRequest({
-                service: 'non-existant',
-                resource: 'no-resource',
-              })
-              .then((result) =>
-                assert.deepEqual(result, {
-                  headers: {},
-                  service: 'non-existant',
-                  resource: 'no-resource',
-                })
-              ));
-        });
-      });
-      describe('#requiresCredentials()', () => {
-        let services;
-        beforeEach(() => {
-          services = {
-            hydra: 'https://hydra-a.wbx.com',
-            u2c: 'https://u2c.wbx2.com/u2c/api/v1',
-            example: 'https://service.example.com',
-          };
-          webex.internal.services = {
-            getServiceFromUrl: (uri) => {
-              let targetKey;
-              Object.keys(services).forEach((key) => {
-                if (uri.includes(services[key])) {
-                  targetKey = key;
-                }
-              });
-              return targetKey ? {name: targetKey} : undefined;
-            },
-            hasService: (service) => Object.keys(services).includes(service),
-            hasAllowedDomains: () => true,
-            isAllowedDomainUrl: (uri) =>
-              !!config.services.allowedDomains.find((host) => uri.includes(host)),
-            validateDomains: true,
-          };
-          webex.internal.services.waitForService = (pto) =>
-            Promise.resolve(services[pto.name] || pto.url);
-        });
-        afterEach(() => {
-          if (webex.internal.services) {
-            delete webex.internal.services;
-          }
-        });
-        it('resolves to false when services plugin does not exist', () => {
-          delete webex.internal.services;
-          return interceptor
-            .requiresCredentials({
-              uri: `${services.hydra}/ping`,
-            })
-            .then((response) => assert.isFalse(response));
-        });
-        it('resolves to true when the u2c service is specified via service', () => {
-          services = {};
-          return interceptor
-            .requiresCredentials({
-              service: 'u2c',
-              resource: 'something',
-            })
-            .then((response) => assert.isTrue(response));
-        });
-        it('resolves to false when the u2c limited service is used via uri', () =>
-          interceptor
-            .requiresCredentials({
-              uri: `${services.u2c}/limited`,
-            })
-            .then((response) => assert.isFalse(response)));
-        it('resolves to true if the service exists in catalog via service', () =>
-          interceptor
-            .requiresCredentials({service: 'hydra'})
-            .then((response) => assert.isTrue(response)));
-        it('resolves to true if the service exists in catalog via uri', () =>
-          interceptor
-            .requiresCredentials({uri: services.hydra})
-            .then((response) => assert.isTrue(response)));
-        it('resolves to false if that `addAuthHeader` is set to false', () =>
-          interceptor
-            .requiresCredentials({
-              addAuthHeader: false,
-              service: 'unknown',
-              resource: 'ping',
-            })
-            .then((response) => assert.isFalse(response)));
-        it('resolves to false if `validateDomains` is set to false', () => {
-          webex.internal.services.validateDomains = false;
-          return interceptor
-            .requiresCredentials({
-              uri: 'https://allowed-uri.com/resource',
-            })
-            .then((response) => assert.isFalse(response));
-        });
-        it('resolves to true with an allowed domain uri', () =>
-          interceptor
-            .requiresCredentials({
-              uri: `https://${config.services.allowedDomains[0]}/resource`,
-            })
-            .then((response) => assert.isTrue(response)));
-        it('resolves to false with a non-allowed uri', () =>
-          interceptor
-            .requiresCredentials({
-              uri: 'https://not-allowed/resource',
-            })
-            .then((response) => assert.isFalse(response)));
-        it('should return true if domain exists using  isAllowedDomainUrl()', () => {
-          webex.internal.services.waitForService = sinon.stub();
-          const {isAllowedDomainUrl} = webex.internal.services;
-          const result = isAllowedDomainUrl(
-            `https://${config.services.allowedDomains[0]}/resource`
-          );
-          assert.equal(result, true);
-        });
-        it('should return true when called `requiresCredentials` with valid url', () => {
-          webex.internal.services.waitForService = sinon.stub();
-          return interceptor
-            .requiresCredentials({
-              uri: `https://${config.services.allowedDomains[0]}/resource`,
-            })
-            .then((res) => {
-              assert.equal(res, true);
-            });
-        });
-        it('should call waitForService()', () => {
-          webex.internal.services.waitForService = sinon.stub();
-          const {waitForService} = webex.internal.services;
-          waitForService.resolves(`https://${config.services.allowedDomains[0]}/resource`);
-          return interceptor
-            .requiresCredentials({
-              service: 'locus',
-            })
-            .then(() => assert.calledOnce(waitForService));
-        });
-      });
-      describe('#onResponseError()', () => {
-        describe('when the server responds with 401', () => {
-          nodeOnly(it)('refreshes the access token and replays the request', () => {
-            webex.request.onCall(0).returns(
-              Promise.resolve({
-                body: {
-                  access_token: 'ST2',
-                },
-              })
-            );
-            webex.credentials.supertoken = new Token(
-              {
-                access_token: 'ST1',
-                refresh_token: 'RT1',
-              },
-              {parent: webex}
-            );
-            const err = new WebexHttpError.Unauthorized({
-              statusCode: 401,
-              options: {
-                headers: {
-                  trackingid: 'blarg',
-                },
-                uri: `${config.services.discovery.hydra}/ping`,
-              },
-              body: {
-                error: 'fake error',
-              },
-            });
-            assert.notCalled(webex.request);
-            return interceptor.onResponseError(err.options, err).then(() => {
-              // once for refresh, once for replay
-              assert.calledTwice(webex.request);
-              assert.equal(webex.credentials.supertoken.access_token, 'ST2');
-              assert.equal(webex.request.args[1][0].replayCount, 1);
-            });
-          });
-          browserOnly(it)('refreshes the access token and replays the request', () => {
-            webex.config.credentials.refreshCallback = sinon.stub().returns(
-              Promise.resolve({
-                access_token: 'ST2',
-              })
-            );
-            webex.credentials.supertoken = new Token(
-              {
-                access_token: 'ST1',
-                refresh_token: 'RT1',
-              },
-              {parent: webex}
-            );
-            const err = new WebexHttpError.Unauthorized({
-              statusCode: 401,
-              options: {
-                headers: {
-                  trackingid: 'blarg',
-                },
-                uri: `${config.services.discovery.hydra}/ping`,
-              },
-              body: {
-                error: 'fake error',
-              },
-            });
-            assert.notCalled(webex.request);
-            return interceptor.onResponseError(err.options, err).then(() => {
-              // once for replay
-              assert.calledOnce(webex.request);
-              assert.equal(webex.credentials.supertoken.access_token, 'ST2');
-              assert.equal(webex.request.args[0][0].replayCount, 1);
-            });
-          });
-          describe('when the access token is not refreshable', () => {
-            it('responds with the original error', () => {
-              webex.credentials.supertoken = new Token(
-                {
-                  access_token: 'ST1',
-                },
-                {parent: webex}
-              );
-              const err = new WebexHttpError.Unauthorized({
-                statusCode: 401,
-                options: {
-                  headers: {
-                    trackingid: 'blarg',
-                  },
-                  uri: `${config.services.discovery.hydra}/ping`,
-                },
-                body: {
-                  error: 'fake error',
-                },
-              });
-              assert.notCalled(webex.request);
-              return assert
-                .isRejected(interceptor.onResponseError(err.options, err))
-                .then((err2) => {
-                  assert.equal(err2, err);
-                });
-            });
-          });
-          it('does not refresh if shouldRefreshAccessToken was false', () => {
-            webex.config.credentials.refreshCallback = sinon.stub().returns(
-              Promise.resolve({
-                access_token: 'ST2',
-              })
-            );
-            webex.credentials.supertoken = new Token(
-              {
-                access_token: 'ST1',
-                refresh_token: 'RT1',
-              },
-              {parent: webex}
-            );
-            const err = new WebexHttpError.Unauthorized({
-              statusCode: 401,
-              options: {
-                headers: {
-                  trackingid: 'blarg',
-                },
-                uri: `${config.services.discovery.hydra}/ping`,
-                shouldRefreshAccessToken: false,
-              },
-              body: {
-                error: 'fake error',
-              },
-            });
-            assert.notCalled(webex.request);
-            return assert.isRejected(interceptor.onResponseError(err.options, err)).then((err2) => {
-              assert.equal(err2, err);
-            });
-          });
-        });
-      });
-    });
-  });
-});
+/*!
+ * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
+ */
+/* eslint-disable camelcase */
+import chai from 'chai';
+import chaiAsPromised from 'chai-as-promised';
+import sinon from 'sinon';
+import {browserOnly, nodeOnly} from '@webex/test-helper-mocha';
+import Logger from '@webex/plugin-logger';
+import MockWebex from '@webex/test-helper-mock-webex';
+import {AuthInterceptor, config, Credentials, WebexHttpError, Token} from '@webex/webex-core';
+import {cloneDeep, merge} from 'lodash';
+const {assert} = chai;
+chai.use(chaiAsPromised);
+sinon.assert.expose(chai.assert, {prefix: ''});
+describe('webex-core', () => {
+  describe('Interceptors', () => {
+    describe('AuthInterceptor', () => {
+      let interceptor, webex;
+      beforeEach(() => {
+        webex = new MockWebex({
+          children: {
+            credentials: Credentials,
+            logger: Logger,
+          },
+          config: merge(cloneDeep(config), {credentials: {client_secret: 'fake'}}),
+        });
+        webex.credentials.supertoken = new Token(
+          {
+            access_token: 'ST1',
+            token_type: 'Bearer',
+          },
+          {parent: webex}
+        );
+        interceptor = Reflect.apply(AuthInterceptor.create, webex, []);
+      });
+      describe('#onRequest()', () => {
+        it('does not replace the auth header if one has been provided', () =>
+          interceptor
+            .onRequest({
+              uri: `${config.services.discovery.hydra}/ping`,
+              headers: {
+                authorization: 'Bearer Alternate',
+              },
+            })
+            .then((result) =>
+              assert.deepEqual(result, {
+                uri: `${config.services.discovery.hydra}/ping`,
+                headers: {
+                  authorization: 'Bearer Alternate',
+                },
+              })
+            ));
+        [undefined, null, false].forEach((falsey) => {
+          it(`does not add an auth header if ${falsey} has been provided`, () =>
+            interceptor
+              .onRequest({
+                uri: `${config.services.discovery.hydra}/ping`,
+                headers: {
+                  authorization: falsey,
+                },
+              })
+              .then((result) =>
+                assert.deepEqual(result, {
+                  uri: `${config.services.discovery.hydra}/ping`,
+                  headers: {},
+                })
+              ));
+        });
+        // There should never be a case in which the services plugin is not
+        // loaded. But testing for legacy support.
+        describe('when the services plugin has not been loaded', () => {
+          it('does not add the auth header to hydra requests', () =>
+            interceptor
+              .onRequest({
+                uri: `${config.services.discovery.hydra}/ping`,
+              })
+              .then((result) =>
+                assert.deepEqual(result, {
+                  uri: `${config.services.discovery.hydra}/ping`,
+                  headers: {},
+                })
+              ));
+          it('does not add the auth header to u2c requests', () =>
+            interceptor
+              .onRequest({
+                uri: `${config.services.discovery.u2c}/ping`,
+              })
+              .then((result) =>
+                assert.deepEqual(result, {
+                  uri: `${config.services.discovery.u2c}/ping`,
+                  headers: {},
+                })
+              ));
+        });
+        describe('when the services plugin has been loaded', () => {
+          let services;
+          beforeEach(() => {
+            services = {
+              hydra: 'https://hydra-a.wbx.com',
+              example: 'https://service.example.com',
+            };
+            webex.internal.services = {
+              hasService: (service) => Object.keys(services).includes(service),
+              hasAllowedDomains: () => true,
+              isAllowedDomainUrl: (uri) =>
+                !!config.services.allowedDomains.find((host) => uri.includes(host)),
+              getServiceFromUrl: (uri) => {
+                let targetKey;
+                Object.keys(services).forEach((key) => {
+                  if (uri.includes(services[key])) {
+                    targetKey = key;
+                  }
+                });
+                return targetKey ? {name: targetKey} : undefined;
+              },
+            };
+            webex.internal.services.waitForService = (pto) =>
+              Promise.resolve(services[pto.name] || pto.url);
+          });
+          it('adds the header to hydra requests', () =>
+            Promise.all([
+              interceptor.onRequest({uri: `${services.hydra}/ping`}).then((result) =>
+                assert.deepEqual(result, {
+                  uri: `${services.hydra}/ping`,
+                  headers: {
+                    authorization: 'Bearer ST1',
+                  },
+                })
+              ),
+              interceptor
+                .onRequest({
+                  service: 'hydra',
+                  resource: 'ping',
+                })
+                .then((result) =>
+                  assert.deepEqual(result, {
+                    service: 'hydra',
+                    resource: 'ping',
+                    headers: {
+                      authorization: 'Bearer ST1',
+                    },
+                  })
+                ),
+            ]));
+          it('adds an auth header to uris that are in the service catalog', () =>
+            interceptor
+              .onRequest({
+                uri: `${services.example}/ping`,
+              })
+              .then((result) =>
+                assert.deepEqual(result, {
+                  uri: `${services.example}/ping`,
+                  headers: {
+                    authorization: 'Bearer ST1',
+                  },
+                })
+              ));
+          it('adds an auth header to services that are in the service catalog', () =>
+            interceptor
+              .onRequest({
+                service: 'example',
+                resource: 'some-resource',
+              })
+              .then((result) =>
+                assert.deepEqual(result, {
+                  service: 'example',
+                  resource: 'some-resource',
+                  headers: {
+                    authorization: 'Bearer ST1',
+                  },
+                })
+              ));
+          it('does not add an auth header to uris not in the service catalog', () =>
+            interceptor
+              .onRequest({
+                uri: 'https://not-a-service.com/ping',
+              })
+              .then((result) =>
+                assert.deepEqual(result, {
+                  headers: {},
+                  uri: 'https://not-a-service.com/ping',
+                })
+              ));
+          it('does not add an auth header to non-existant services', () =>
+            interceptor
+              .onRequest({
+                service: 'non-existant',
+                resource: 'no-resource',
+              })
+              .then((result) =>
+                assert.deepEqual(result, {
+                  headers: {},
+                  service: 'non-existant',
+                  resource: 'no-resource',
+                })
+              ));
+        });
+      });
+      describe('#requiresCredentials()', () => {
+        let services;
+        beforeEach(() => {
+          services = {
+            hydra: 'https://hydra-a.wbx.com',
+            u2c: 'https://u2c.wbx2.com/u2c/api/v1',
+            example: 'https://service.example.com',
+          };
+          webex.internal.services = {
+            getServiceFromUrl: (uri) => {
+              let targetKey;
+              Object.keys(services).forEach((key) => {
+                if (uri.includes(services[key])) {
+                  targetKey = key;
+                }
+              });
+              return targetKey ? {name: targetKey} : undefined;
+            },
+            hasService: (service) => Object.keys(services).includes(service),
+            hasAllowedDomains: () => true,
+            isAllowedDomainUrl: (uri) =>
+              !!config.services.allowedDomains.find((host) => uri.includes(host)),
+            validateDomains: true,
+          };
+          webex.internal.services.waitForService = (pto) =>
+            Promise.resolve(services[pto.name] || pto.url);
+        });
+        afterEach(() => {
+          if (webex.internal.services) {
+            delete webex.internal.services;
+          }
+        });
+        it('resolves to false when services plugin does not exist', () => {
+          delete webex.internal.services;
+          return interceptor
+            .requiresCredentials({
+              uri: `${services.hydra}/ping`,
+            })
+            .then((response) => assert.isFalse(response));
+        });
+        it('resolves to true when the u2c service is specified via service', () => {
+          services = {};
+          return interceptor
+            .requiresCredentials({
+              service: 'u2c',
+              resource: 'something',
+            })
+            .then((response) => assert.isTrue(response));
+        });
+        it('resolves to false when the u2c limited service is used via uri', () =>
+          interceptor
+            .requiresCredentials({
+              uri: `${services.u2c}/limited`,
+            })
+            .then((response) => assert.isFalse(response)));
+        it('resolves to true if the service exists in catalog via service', () =>
+          interceptor
+            .requiresCredentials({service: 'hydra'})
+            .then((response) => assert.isTrue(response)));
+        it('resolves to true if the service exists in catalog via uri', () =>
+          interceptor
+            .requiresCredentials({uri: services.hydra})
+            .then((response) => assert.isTrue(response)));
+        it('resolves to false if that `addAuthHeader` is set to false', () =>
+          interceptor
+            .requiresCredentials({
+              addAuthHeader: false,
+              service: 'unknown',
+              resource: 'ping',
+            })
+            .then((response) => assert.isFalse(response)));
+        it('resolves to false if `validateDomains` is set to false', () => {
+          webex.internal.services.validateDomains = false;
+          return interceptor
+            .requiresCredentials({
+              uri: 'https://allowed-uri.com/resource',
+            })
+            .then((response) => assert.isFalse(response));
+        });
+        it('resolves to true with an allowed domain uri', () =>
+          interceptor
+            .requiresCredentials({
+              uri: `https://${config.services.allowedDomains[0]}/resource`,
+            })
+            .then((response) => assert.isTrue(response)));
+        it('resolves to false with a non-allowed uri', () =>
+          interceptor
+            .requiresCredentials({
+              uri: 'https://not-allowed/resource',
+            })
+            .then((response) => assert.isFalse(response)));
+        it('should return true if domain exists using  isAllowedDomainUrl()', () => {
+          webex.internal.services.waitForService = sinon.stub();
+          const {isAllowedDomainUrl} = webex.internal.services;
+          const result = isAllowedDomainUrl(
+            `https://${config.services.allowedDomains[0]}/resource`
+          );
+          assert.equal(result, true);
+        });
+        it('should return true when called `requiresCredentials` with valid url', () => {
+          webex.internal.services.waitForService = sinon.stub();
+          return interceptor
+            .requiresCredentials({
+              uri: `https://${config.services.allowedDomains[0]}/resource`,
+            })
+            .then((res) => {
+              assert.equal(res, true);
+            });
+        });
+        it('should call waitForService()', () => {
+          webex.internal.services.waitForService = sinon.stub();
+          const {waitForService} = webex.internal.services;
+          waitForService.resolves(`https://${config.services.allowedDomains[0]}/resource`);
+          return interceptor
+            .requiresCredentials({
+              service: 'locus',
+            })
+            .then(() => assert.calledOnce(waitForService));
+        });
+      });
+      describe('#onResponseError()', () => {
+        describe('when the server responds with 401', () => {
+          nodeOnly(it)('refreshes the access token and replays the request', () => {
+            webex.request.onCall(0).returns(
+              Promise.resolve({
+                body: {
+                  access_token: 'ST2',
+                },
+              })
+            );
+            webex.credentials.supertoken = new Token(
+              {
+                access_token: 'ST1',
+                refresh_token: 'RT1',
+              },
+              {parent: webex}
+            );
+            const err = new WebexHttpError.Unauthorized({
+              statusCode: 401,
+              options: {
+                headers: {
+                  trackingid: 'blarg',
+                },
+                uri: `${config.services.discovery.hydra}/ping`,
+              },
+              body: {
+                error: 'fake error',
+              },
+            });
+            assert.notCalled(webex.request);
+            return interceptor.onResponseError(err.options, err).then(() => {
+              // once for refresh, once for replay
+              assert.calledTwice(webex.request);
+              assert.equal(webex.credentials.supertoken.access_token, 'ST2');
+              assert.equal(webex.request.args[1][0].replayCount, 1);
+            });
+          });
+          browserOnly(it)('refreshes the access token and replays the request', () => {
+            webex.config.credentials.refreshCallback = sinon.stub().returns(
+              Promise.resolve({
+                access_token: 'ST2',
+              })
+            );
+            webex.credentials.supertoken = new Token(
+              {
+                access_token: 'ST1',
+                refresh_token: 'RT1',
+              },
+              {parent: webex}
+            );
+            const err = new WebexHttpError.Unauthorized({
+              statusCode: 401,
+              options: {
+                headers: {
+                  trackingid: 'blarg',
+                },
+                uri: `${config.services.discovery.hydra}/ping`,
+              },
+              body: {
+                error: 'fake error',
+              },
+            });
+            assert.notCalled(webex.request);
+            return interceptor.onResponseError(err.options, err).then(() => {
+              // once for replay
+              assert.calledOnce(webex.request);
+              assert.equal(webex.credentials.supertoken.access_token, 'ST2');
+              assert.equal(webex.request.args[0][0].replayCount, 1);
+            });
+          });
+          describe('when the access token is not refreshable', () => {
+            it('responds with the original error', () => {
+              webex.credentials.supertoken = new Token(
+                {
+                  access_token: 'ST1',
+                },
+                {parent: webex}
+              );
+              const err = new WebexHttpError.Unauthorized({
+                statusCode: 401,
+                options: {
+                  headers: {
+                    trackingid: 'blarg',
+                  },
+                  uri: `${config.services.discovery.hydra}/ping`,
+                },
+                body: {
+                  error: 'fake error',
+                },
+              });
+              assert.notCalled(webex.request);
+              return assert
+                .isRejected(interceptor.onResponseError(err.options, err))
+                .then((err2) => {
+                  assert.equal(err2, err);
+                });
+            });
+          });
+          it('does not refresh if shouldRefreshAccessToken was false', () => {
+            webex.config.credentials.refreshCallback = sinon.stub().returns(
+              Promise.resolve({
+                access_token: 'ST2',
+              })
+            );
+            webex.credentials.supertoken = new Token(
+              {
+                access_token: 'ST1',
+                refresh_token: 'RT1',
+              },
+              {parent: webex}
+            );
+            const err = new WebexHttpError.Unauthorized({
+              statusCode: 401,
+              options: {
+                headers: {
+                  trackingid: 'blarg',
+                },
+                uri: `${config.services.discovery.hydra}/ping`,
+                shouldRefreshAccessToken: false,
+              },
+              body: {
+                error: 'fake error',
+              },
+            });
+            assert.notCalled(webex.request);
+            return assert.isRejected(interceptor.onResponseError(err.options, err)).then((err2) => {
+              assert.equal(err2, err);
+            });
+          });
+        });
+      });
+    });
+  });
+});