@webex/webex-core 3.0.0-beta.31 → 3.0.0-beta.310

package/test/unit/spec/credentials/credentials.js

@@ -11,6 +11,7 @@ import {inBrowser} from '@webex/common';
 import FakeTimers from '@sinonjs/fake-timers';
 import {skipInBrowser} from '@webex/test-helper-mocha';
 import Logger from '@webex/plugin-logger';
+import Metrics, {config} from '@webex/internal-plugin-metrics';
 
 /* eslint camelcase: [0] */
 
@@ -59,6 +60,34 @@ describe('webex-core', () => {
       });
     });
 
+    describe('#isUnverifiedGuest', () => {
+      let credentials;
+      let webex;
+      beforeEach('generate the webex instance', () => {
+        webex = new MockWebex();
+        credentials = new Credentials(undefined, {parent: webex});
+      });
+
+      it('should have #isUnverifiedGuest', () => {
+        assert.exists(credentials.isUnverifiedGuest);
+      });
+
+      it('should get the user status and return as a boolean', () => {
+        credentials.set('supertoken', 'AT');
+        assert.isFalse(credentials.isUnverifiedGuest);
+      });
+
+      it('should get guest user ', () => {
+        credentials.set('supertoken', 'eyJhbGciOiJSUzI1NiJ9.eyJ1c2VyX3R5cGUiOiJndWVzdCJ9');
+        assert.isTrue(credentials.isUnverifiedGuest);
+      });
+
+      it('should get login user ', () => {
+        credentials.set('supertoken', 'dGhpc2lzbm90YXJlYWx1c2VydG9rZW4=');
+        assert.isFalse(credentials.isUnverifiedGuest);
+      });
+    });
+
     describe('#canAuthorize', () => {
       it('indicates if the current state has enough information to populate an auth header, even if a token refresh or token downscope is required', () => {
         const webex = new MockWebex();
@@ -417,7 +446,11 @@ describe('webex-core', () => {
         });
 
       it('schedules a refreshTimer', () => {
-        const webex = new MockWebex();
+        const webex = new MockWebex({
+          children: {
+            metrics: Metrics,
+          },
+        });
         const supertoken = makeToken(webex, {
           access_token: 'ST',
           refresh_token: 'RT',
@@ -430,6 +463,7 @@ describe('webex-core', () => {
         });
 
         sinon.stub(supertoken, 'refresh').returns(Promise.resolve(supertoken2));
+        sinon.stub(webex.internal.metrics, 'submitClientMetrics').callsFake(() => {});
         const credentials = new Credentials(supertoken, {parent: webex});
 
         webex.trigger('change:config');
@@ -464,7 +498,19 @@ describe('webex-core', () => {
     });
 
     describe('#getUserToken()', () => {
-      it('resolves with the supertoken if the supertoken matches the requested scopes');
+      it('resolves with the supertoken if the supertoken matches the requested scopes', () => {
+        const webex = new MockWebex();
+        const credentials = new Credentials(undefined, {parent: webex});
+
+        webex.trigger('change:config');
+        const st = makeToken(webex, {access_token: 'ST', scope: 'scope1'});
+
+        credentials.set({
+          supertoken: st,
+        });
+
+        return credentials.getUserToken('scope1').then((result) => assert.deepEqual(result, st));
+      });
 
       it('resolves with the token identified by the specified scopes', () => {
         const webex = new MockWebex();
@@ -492,6 +538,25 @@ describe('webex-core', () => {
         ]);
       });
 
+      it('uses the supertoken.scope instead of the config.scope for downscope', () => {
+        const webex = new MockWebex();
+        const credentials = new Credentials(undefined, {parent: webex});
+
+        webex.trigger('change:config');
+        const st = makeToken(webex, {access_token: 'ST', scope: 'scope1 spark:kms'});
+
+        credentials.set({
+          supertoken: st,
+          scope: 'invalidScope scope1',
+        });
+
+        sinon.stub(credentials, 'downscope').returns(Promise.resolve());
+
+        return credentials.getUserToken().then(() => {
+          assert.calledWith(credentials.downscope, 'scope1');
+        });
+      });
+
       describe('when no matching token is found', () => {
         it('downscopes the supertoken', () => {
           const webex = new MockWebex();
@@ -529,13 +594,13 @@ describe('webex-core', () => {
         it('resolves with a token containing all but the kms scopes', () => {
           const webex = new MockWebex();
 
-          webex.config.credentials.scope = 'scope1 spark:kms';
           const credentials = new Credentials(undefined, {parent: webex});
 
           webex.trigger('change:config');
 
           credentials.supertoken = makeToken(webex, {
             access_token: 'ST',
+            scope: 'scope1 spark:kms',
           });
 
           // const t2 = makeToken(webex, {
@@ -562,9 +627,11 @@ describe('webex-core', () => {
           const webex = new MockWebex({
             children: {
               logger: Logger,
+              metrics: Metrics,
             },
           });
 
+          webex.config.metrics = config.metrics;
           webex.config.credentials.scope = 'scope1 spark:kms';
           const credentials = new Credentials(undefined, {parent: webex});
 
@@ -574,9 +641,11 @@ describe('webex-core', () => {
             access_token: 'ST',
           });
 
-          sinon
-            .stub(credentials.supertoken, 'downscope')
-            .returns(Promise.reject(new Error('downscope failed')));
+          const failReason = 'downscope failed';
+          sinon.stub(credentials.supertoken, 'downscope').returns(Promise.reject(failReason));
+
+          sinon.stub(credentials.logger, 'warn').callsFake(() => {});
+          sinon.stub(webex.internal.metrics, 'submitClientMetrics').callsFake(() => {});
 
           const t1 = makeToken(webex, {
             access_token: 'AT1',
@@ -587,14 +656,27 @@ describe('webex-core', () => {
             userTokens: [t1],
           });
 
-          return credentials
-            .getUserToken('scope2')
-            .then((t) => assert.equal(t.access_token, credentials.supertoken.access_token));
+          return credentials.getUserToken('scope2').then((t) => {
+            assert.equal(t.access_token, credentials.supertoken.access_token);
+            assert.calledWith(
+              credentials.logger.warn,
+              'credentials: failed to downscope supertoken to "scope2"'
+            );
+            assert.calledWith(
+              webex.internal.metrics.submitClientMetrics,
+              'JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED',
+              {fields: {failReason, requestedScope: 'scope2'}}
+            );
+          });
         });
       });
 
       it('is blocked while a token refresh is inflight', () => {
-        const webex = new MockWebex();
+        const webex = new MockWebex({
+          children: {
+            metrics: Metrics,
+          },
+        });
 
         webex.config.credentials.scope = 'scope1 spark:kms';
         const credentials = new Credentials(undefined, {parent: webex});
@@ -620,6 +702,7 @@ describe('webex-core', () => {
         const at2 = makeToken(webex, {access_token: 'ST2ATD'});
 
         sinon.stub(supertoken2, 'downscope').returns(Promise.resolve(at2));
+        sinon.stub(webex.internal.metrics, 'submitClientMetrics').callsFake(() => {});
 
         return Promise.all([
           credentials.refresh(),
@@ -750,18 +833,24 @@ describe('webex-core', () => {
 
     describe('#refresh()', () => {
       it('refreshes and downscopes the supertoken, and revokes previous tokens', () => {
-        const webex = new MockWebex();
+        const webex = new MockWebex({
+          children: {
+            metrics: Metrics,
+          },
+        });
         const credentials = new Credentials(undefined, {parent: webex});
 
         webex.trigger('change:config');
         const st = makeToken(webex, {
           access_token: 'ST',
           refresh_token: 'RT',
+          scope: 'scope1 scope2',
         });
 
         const st2 = makeToken(webex, {
           access_token: 'ST2',
           refresh_token: 'RT2',
+          scope: 'scope1 scope2',
         });
 
         const t1 = makeToken(webex, {
@@ -778,6 +867,7 @@ describe('webex-core', () => {
         sinon.stub(st, 'refresh').returns(Promise.resolve(st2));
         sinon.stub(t1, 'revoke').returns(Promise.resolve());
         sinon.spy(credentials, 'scheduleRefresh');
+        sinon.stub(webex.internal.metrics, 'submitClientMetrics').callsFake(() => {});
 
         credentials.set({
           supertoken: st,
@@ -797,7 +887,11 @@ describe('webex-core', () => {
       });
 
       it('refreshes and downscopes the supertoken even if revocation of previous token fails', () => {
-        const webex = new MockWebex();
+        const webex = new MockWebex({
+          children: {
+            metrics: Metrics,
+          },
+        });
         const credentials = new Credentials(undefined, {parent: webex});
 
         webex.trigger('change:config');
@@ -809,6 +903,7 @@ describe('webex-core', () => {
         const st2 = makeToken(webex, {
           access_token: 'ST2',
           refresh_token: 'RT2',
+          scope: 'scope1 scope2',
         });
 
         const t1 = makeToken(webex, {
@@ -825,6 +920,7 @@ describe('webex-core', () => {
         sinon.stub(st, 'refresh').returns(Promise.resolve(st2));
         sinon.stub(t1, 'revoke').returns(Promise.reject());
         sinon.spy(credentials, 'scheduleRefresh');
+        sinon.stub(webex.internal.metrics, 'submitClientMetrics').callsFake(() => {});
 
         credentials.set({
           supertoken: st,
@@ -847,6 +943,7 @@ describe('webex-core', () => {
         const webex = new MockWebex({
           children: {
             logger: Logger,
+            metrics: Metrics,
           },
         });
         const credentials = new Credentials(undefined, {parent: webex});
@@ -855,9 +952,11 @@ describe('webex-core', () => {
         const st = makeToken(webex, {
           access_token: 'ST',
           refresh_token: 'RT',
+          scope: '',
         });
 
         sinon.stub(st, 'refresh').returns(Promise.resolve(makeToken(webex, {access_token: 'ST2'})));
+        sinon.stub(webex.internal.metrics, 'submitClientMetrics').callsFake(() => {});
 
         const t1 = makeToken(webex, {
           access_token: 'AT1',
@@ -873,7 +972,7 @@ describe('webex-core', () => {
       });
 
       it('allows #getUserToken() to be revoked, but #getUserToken() promises will not resolve until the suport token has been refreshed', () => {
-        const webex = new MockWebex();
+        const webex = new MockWebex({children: {metrics: Metrics}});
         const credentials = new Credentials(undefined, {parent: webex});
 
         webex.trigger('change:config');
@@ -899,6 +998,7 @@ describe('webex-core', () => {
 
         sinon.stub(st1, 'refresh').returns(Promise.resolve(st2));
         sinon.stub(st2, 'downscope').returns(Promise.resolve(t2));
+        sinon.stub(webex.internal.metrics, 'submitClientMetrics').callsFake(() => {});
 
         credentials.set({
           supertoken: st1,
@@ -955,6 +1055,61 @@ describe('webex-core', () => {
             assert.calledWith(triggerSpy, sinon.match('client:InvalidRequestError'));
           });
       });
+
+      it('exclude invalid scopes from user token, log and call metrics when fetched supertoken scope mismatch with the configured scope', () => {
+        const webex = new MockWebex({
+          children: {
+            logger: Logger,
+            metrics: Metrics,
+          },
+        });
+        const credentials = new Credentials(undefined, {parent: webex});
+
+        webex.trigger('change:config');
+        const st = makeToken(webex, {
+          access_token: 'ST',
+          refresh_token: 'RT',
+        });
+
+        const st2 = makeToken(webex, {
+          access_token: 'ST2',
+          refresh_token: 'RT2',
+          scope: 'scope1',
+        });
+
+        const userToken = makeToken(webex, {
+          access_token: 'AT1',
+          scope: 'scope1 invalidScope1',
+        });
+
+        credentials.set({
+          supertoken: st,
+          userTokens: [userToken],
+        });
+        const invalidScopes = 'invalidScope1 invalidScope2';
+        credentials.config.scope = `scope1 ${invalidScopes}`;
+
+        sinon.stub(st2, 'downscope').returns(Promise.resolve());
+        sinon.stub(st, 'refresh').returns(Promise.resolve(st2));
+        sinon.spy(credentials, 'downscope');
+        sinon.spy(credentials, 'scheduleRefresh');
+
+        sinon.stub(credentials.logger, 'warn').callsFake(() => {});
+        sinon.stub(webex.internal.metrics, 'submitClientMetrics').callsFake(() => {});
+
+        return credentials.refresh().then(() => {
+          assert.calledWith(
+            credentials.logger.warn,
+            `credentials: "${invalidScopes}" scope(s) are invalid because not listed in the supertoken, they will be excluded from user token requests.`
+          );
+          assert.calledWith(
+            webex.internal.metrics.submitClientMetrics,
+            'JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH',
+            {fields: {invalidScopes}}
+          );
+          assert.calledWith(credentials.downscope, 'scope1');
+        });
+      });
     });
 
     describe('#scheduleRefresh()', () => {

package/test/unit/spec/credentials/scope.js

@@ -0,0 +1,55 @@
+import {assert} from '@webex/test-helper-chai';
+import {sortScope, filterScope, diffScopes} from '@webex/webex-core/src/lib/credentials/scope';
+
+describe('webex-core', () => {
+  describe('scope utils', () => {
+    describe('sortScope', () => {
+      it('should sort scopes alphabetically', () => {
+        assert.equal(sortScope(undefined), '');
+        assert.equal(sortScope(''), '');
+        assert.equal(sortScope('a'), 'a');
+        assert.equal(sortScope('b c a'), 'a b c');
+      });
+    });
+
+    describe('filterScope', () => {
+      it('should filter out one scope from the original scope and sort the result', () => {
+        assert.equal(filterScope('a', undefined), '');
+        assert.equal(filterScope('a', ''), '');
+        assert.equal(filterScope('a', 'a'), '');
+        assert.equal(filterScope('a', 'a b c'), 'b c');
+        assert.equal(filterScope('c', 'a c b'), 'a b');
+      });
+
+      it('should filter out a list of scopes from the original scope and sort the result', () => {
+        assert.equal(filterScope([], 'a'), 'a');
+        assert.equal(filterScope(['a', 'b'], undefined), '');
+        assert.equal(filterScope(['a', 'b'], ''), '');
+        assert.equal(filterScope(['a', 'b'], 'a'), '');
+        assert.equal(filterScope(['a', 'b'], 'a b c'), 'c');
+        assert.equal(filterScope(['a', 'd'], 'a c a b'), 'b c');
+      });
+    });
+
+    describe('diffScopes', () => {
+      it('should return an empty string, if all items in the first scope are contained in the second scope', () => {
+        assert.deepEqual(diffScopes(undefined, undefined), '');
+        assert.deepEqual(diffScopes(undefined, ''), '');
+        assert.deepEqual(diffScopes('', undefined), '');
+        assert.deepEqual(diffScopes('', ''), '');
+        assert.deepEqual(diffScopes('a', 'a'), '');
+        assert.deepEqual(diffScopes('a b c', 'a b c'), '');
+        assert.deepEqual(diffScopes(undefined, 'a b c'), '');
+        assert.deepEqual(diffScopes('a b c', 'a b c d'), '');
+      });
+
+      it('should return a string containing all items in the first scope that are not in the second scope', () => {
+        assert.deepEqual(diffScopes('a', undefined), 'a');
+        assert.deepEqual(diffScopes('a', 'b'), 'a');
+        assert.deepEqual(diffScopes('a b c', 'a b'), 'c');
+        assert.deepEqual(diffScopes('a b c d', 'a b c'), 'd');
+        assert.deepEqual(diffScopes('a b c', undefined), 'a b c');
+      });
+    });
+  });
+});

package/test/unit/spec/interceptors/auth.js

@@ -12,6 +12,7 @@ import Logger from '@webex/plugin-logger';
 import MockWebex from '@webex/test-helper-mock-webex';
 import {AuthInterceptor, config, Credentials, WebexHttpError, Token} from '@webex/webex-core';
 import {cloneDeep, merge} from 'lodash';
+import Metrics from '@webex/internal-plugin-metrics';
 
 const {assert} = chai;
 
@@ -28,6 +29,7 @@ describe('webex-core', () => {
           children: {
             credentials: Credentials,
             logger: Logger,
+            metrics: Metrics,
           },
           config: merge(cloneDeep(config), {credentials: {client_secret: 'fake'}}),
         });
@@ -41,6 +43,7 @@ describe('webex-core', () => {
         );
 
         interceptor = Reflect.apply(AuthInterceptor.create, webex, []);
+        sinon.stub(webex.internal.metrics, 'submitClientMetrics').callsFake(() => {});
       });
 
       describe('#onRequest()', () => {

package/test/unit/spec/services/interceptors/service.js

@@ -5,6 +5,7 @@ import chai from 'chai';
 import chaiAsPromised from 'chai-as-promised';
 import sinon from 'sinon';
 import {ServiceInterceptor} from '@webex/webex-core';
+import CONFIG from '../../../../../src/config';
 
 const {assert} = chai;
 
@@ -26,6 +27,7 @@ describe('webex-core', () => {
         service: 'example',
         serviceUrl: 'https://www.example-service.com/',
         uri: 'https://www.example-uri.com/',
+        waitForServiceTimeout: 11,
       };
 
       options = {};
@@ -107,6 +109,7 @@ describe('webex-core', () => {
 
           options.service = fixture.service;
           options.resource = fixture.resource;
+          options.timeout = fixture.waitForServiceTimeout;
         });
 
         it('should normalize the options', () =>
@@ -116,9 +119,12 @@ describe('webex-core', () => {
           interceptor.onRequest(options).then(() => assert.called(interceptor.validateOptions)));
 
         it('should attempt to collect the service url', () =>
-          interceptor
-            .onRequest(options)
-            .then(() => assert.calledWith(waitForService, {name: options.service})));
+          interceptor.onRequest(options).then(
+            assert.calledWith(waitForService, {
+              name: options.service,
+              timeout: options.waitForServiceTimeout,
+            })
+          ));
 
         describe('when the service url was collected successfully', () => {
           beforeEach('generate additional mocks', () => {});

package/test/unit/spec/webex-core.js

@@ -54,6 +54,18 @@ describe('Webex', () => {
     });
   });
 
+  describe('#request', () => {
+    it('exists', () => {
+      assert.property(webex, 'request');
+    });
+  });
+
+  describe('#prepareFetchOptions', () => {
+    it('exists', () => {
+      assert.property(webex, 'prepareFetchOptions');
+    });
+  });
+
   describe('#initialize()', () => {
     it('initializes without arguments', () => {
       let webex;