sharetribe-flex-sdk 1.14.0

package/src/interceptors/add_auth_header.test.js

@@ -0,0 +1,50 @@
+import AddAuthHeader from './add_auth_header';
+
+describe('AddAuthHeader', () => {
+  it('adds the auth token to the header', () => {
+    const ctx = {
+      authToken: {
+        token_type: 'Bearer',
+        access_token: 'secret-123',
+      },
+    };
+
+    const addAuthHeader = new AddAuthHeader();
+
+    const newCtx = addAuthHeader.enter(ctx);
+
+    expect(newCtx).toEqual(
+      expect.objectContaining({
+        headers: {
+          Authorization: 'Bearer secret-123',
+        },
+      })
+    );
+  });
+
+  it('merges the new header, and does not override existing headers, except the auth header', () => {
+    const ctx = {
+      authToken: {
+        token_type: 'Bearer',
+        access_token: 'secret-123',
+      },
+      headers: {
+        Authorization: 'Bearer old-invalid-token',
+        'Content-Type': 'application/transit+json',
+      },
+    };
+
+    const addAuthHeader = new AddAuthHeader();
+
+    const newCtx = addAuthHeader.enter(ctx);
+
+    expect(newCtx).toEqual(
+      expect.objectContaining({
+        headers: {
+          Authorization: 'Bearer secret-123',
+          'Content-Type': 'application/transit+json',
+        },
+      })
+    );
+  });
+});

package/src/interceptors/add_auth_token_response.js

@@ -0,0 +1,16 @@
+/**
+   Take `authToken` from `res` and add it to `ctx` top-level.
+
+   Changes to `ctx`:
+
+   - add `authToken` (from res)
+*/
+export default class AddAuthTokenResponse {
+  leave(ctx) {
+    const {
+      res: { data: authToken },
+    } = ctx;
+
+    return { ...ctx, authToken };
+  }
+}

package/src/interceptors/add_client_id_to_params.js

@@ -0,0 +1,12 @@
+/**
+   Read `clientId` from `ctx` and add it to `params`
+
+   Changes to `ctx`:
+
+   - add `params.clientId`
+ */
+export default class AddClientIdToParams {
+  enter({ clientId, params, ...ctx }) {
+    return { ...ctx, clientId, params: { ...params, client_id: clientId } };
+  }
+}

package/src/interceptors/add_client_secret_to_params.js

@@ -0,0 +1,15 @@
+/**
+   Read `clientSecret` from `ctx` and add it to `params`
+
+   Changes to `ctx`:
+
+   - add `params.client_secret`
+ */
+export default class AddClientSecretToParams {
+  enter({ clientSecret, params, ...ctx }) {
+    if (!clientSecret) {
+      throw new Error('SDK instance is missing the clientSecret config.');
+    }
+    return { ...ctx, clientSecret, params: { ...params, client_secret: clientSecret } };
+  }
+}

package/src/interceptors/add_grant_type_to_params.js

@@ -0,0 +1,23 @@
+/**
+   See what credentials (`username`, `password`, and `authorizationCode`) are
+   passed in params and set the grant_type based on those.
+
+   Changes to `ctx`:
+
+   - add `params.grant_type`
+ */
+export default class AddGrantTypeToParams {
+  enter({ params, ...ctx }) {
+    const { username, password, code } = params;
+
+    if (username && password) {
+      return { ...ctx, params: { grant_type: 'password', ...params } };
+    }
+
+    if (code) {
+      return { ...ctx, params: { grant_type: 'authorization_code', ...params } };
+    }
+
+    return { ...ctx, params: { ...params } };
+  }
+}

package/src/interceptors/add_idp_client_id_to_params.js

@@ -0,0 +1,17 @@
+/**
+   Read `idpClientId` from `ctx` and add it to `params`
+
+   Changes to `ctx`:
+
+   - add `params.idpClientId`
+ */
+export default class AddIdpClientIdToParams {
+  enter({ params, ...ctx }) {
+    const { idpClientId } = params;
+    return {
+      ...ctx,
+      idpClientId,
+      params: { ...params, idp_client_id: idpClientId },
+    };
+  }
+}

package/src/interceptors/add_idp_id_to_params.js

@@ -0,0 +1,17 @@
+/**
+   Read `idpId` from `ctx` and add it to `params`
+
+   Changes to `ctx`:
+
+   - add `params.idpId`
+ */
+export default class AddIdpIdToParams {
+  enter({ params, ...ctx }) {
+    const { idpId } = params;
+    return {
+      ...ctx,
+      idpId,
+      params: { ...params, idp_id: idpId },
+    };
+  }
+}

package/src/interceptors/add_idp_token_to_params.js

@@ -0,0 +1,17 @@
+/**
+   Read `idpToken` from `ctx` and add it to `params`
+
+   Changes to `ctx`:
+
+   - add `params.idpToken`
+ */
+export default class AddIdpTokenToParams {
+  enter({ params, ...ctx }) {
+    const { idpToken } = params;
+    return {
+      ...ctx,
+      idpToken,
+      params: { ...params, idp_token: idpToken },
+    };
+  }
+}

package/src/interceptors/add_scope_to_params.js

@@ -0,0 +1,18 @@
+/**
+   Set the scope for a token request based on the params.
+
+   Changes to `ctx`:
+
+   - add `params.scope`
+ */
+export default class AddScopeToParams {
+  enter({ params, ...ctx }) {
+    const { username, password } = params;
+
+    if (username && password) {
+      return { ...ctx, params: { scope: 'user', ...params } };
+    }
+
+    return { ...ctx, params: { ...params } };
+  }
+}

package/src/interceptors/add_subject_token_to_params.js

@@ -0,0 +1,18 @@
+/**
+   Read `authToken.access_token` from `ctx` and adds it as
+   `subject_token` in params
+
+   Changes to `ctx`:
+
+   - add `params.subject_token`
+
+ */
+export default class AddSubjectTokenToParams {
+  enter(ctx) {
+    const { authToken, params } = ctx;
+    if (authToken && authToken.access_token) {
+      return { ...ctx, params: { ...params, subject_token: authToken.access_token } };
+    }
+    return ctx;
+  }
+}

package/src/interceptors/add_token_exchange_grant_type_to_params.js

@@ -0,0 +1,12 @@
+/**
+   Add "token_exchange" as the `grant_type` in `params`
+
+   Changes to `ctx`:
+
+   - add `params.grant_type`
+ */
+export default class AddTokenExchangeGrantTypeToParams {
+  enter({ params, ...ctx }) {
+    return { ...ctx, params: { ...params, grant_type: 'token_exchange' } };
+  }
+}

package/src/interceptors/auth_info.js

@@ -0,0 +1,50 @@
+/**
+   Reads current authentication token from the tokenStore and returns
+   the following information:
+
+   - scopes: list of scopes associated with the access token in store
+   - isAnonymous: boolean value indicating if the access token only grants
+     access to publicly read data from API
+
+
+   Changes to `ctx`:
+
+   - add `res`
+
+*/
+export default class AuthInfo {
+  enter(ctx) {
+    const { tokenStore } = ctx;
+
+    if (tokenStore) {
+      return Promise.resolve()
+        .then(tokenStore.getToken)
+        .then(storedToken => {
+          if (storedToken) {
+            const tokenScope = storedToken.scope;
+
+            if (tokenScope) {
+              const scopes = tokenScope.split(' ');
+              const isAnonymous = tokenScope === 'public-read';
+
+              // Deprecated attribute, maintained here for client implementations
+              // that rely on this attribute
+              const grantType = isAnonymous ? 'client_credentials' : 'refresh_token';
+
+              return { ...ctx, res: { scopes, isAnonymous, grantType } };
+            }
+
+            // Support old tokens that are stored in the client's token store
+            // and possibly do not have the scope attribute
+            const isAnonymous = !storedToken.refresh_token;
+            const grantType = isAnonymous ? 'client_credentials' : 'refresh_token';
+            return { ...ctx, res: { isAnonymous, grantType } };
+          }
+
+          return { ...ctx, res: {} };
+        });
+    }
+
+    return { ...ctx, res: {} };
+  }
+}

package/src/interceptors/clear_token_after_revoke.js

@@ -0,0 +1,45 @@
+import _ from 'lodash';
+
+/**
+   Clears token after revoke.
+
+   If the `revoke` call was successful, clear token.
+
+   If the `revoke` call was unsuccessful, and the reason
+   was that we we're not authorized (401), rescue the chain
+   and clear token
+
+   Otherwise, do nothing.
+
+   Changes to `ctx`:
+
+   - Remove `error`, if 401
+*/
+export default class ClearTokenAfterRevoke {
+  static clearTokenAndResque(ctx) {
+    const { tokenStore } = ctx;
+
+    if (tokenStore) {
+      return Promise.resolve()
+        .then(tokenStore.removeToken)
+        .then(() => ({ ...ctx, error: null }));
+    }
+
+    return { ...ctx, error: null };
+  }
+
+  leave(ctx) {
+    return ClearTokenAfterRevoke.clearTokenAndResque(ctx);
+  }
+
+  error(ctx) {
+    const { status } = ctx.res || {};
+    const retryStatus = _.get(ctx, ['refreshTokenRetry', 'res', 'status']);
+
+    if (status === 401 && retryStatus === 401) {
+      return ClearTokenAfterRevoke.clearTokenAndResque(ctx);
+    }
+
+    return ctx;
+  }
+}

package/src/interceptors/default_params.js

@@ -0,0 +1,12 @@
+/**
+   Add given params to the `ctx.params`
+
+   Changes to `ctx`:
+
+   - Modify `ctx.params`
+ */
+const defaultParams = (params = {}) => ({
+  enter: ({ params: ctxParams, ...ctx }) => ({ ...ctx, params: { ...params, ...ctxParams } }),
+});
+
+export default defaultParams;

package/src/interceptors/fetch_auth_token_from_api.js

@@ -0,0 +1,33 @@
+import contextRunner from '../context_runner';
+import SaveToken from './save_token';
+import AddAuthTokenResponse from './add_auth_token_response';
+
+/**
+   If there's no `authToken` stored to the `ctx`, try to fetch new auth token from the API.
+
+   Changes to the `ctx`:
+
+   - add `authToken`
+*/
+export default class FetchAuthTokenFromApi {
+  enter(ctx) {
+    const { tokenStore, authToken, endpointInterceptors, clientId } = ctx;
+
+    if (authToken) {
+      return ctx;
+    }
+
+    return contextRunner([
+      new SaveToken(),
+      new AddAuthTokenResponse(),
+      ...endpointInterceptors.auth.token,
+    ])({
+      params: {
+        client_id: clientId,
+        grant_type: 'client_credentials',
+        scope: 'public-read',
+      },
+      tokenStore,
+    }).then(({ authToken: newAuthToken }) => ({ ...ctx, authToken: newAuthToken }));
+  }
+}

package/src/interceptors/fetch_auth_token_from_store.js

@@ -0,0 +1,27 @@
+/**
+   Fetches the auth token from tokenStore and adds it to the context.
+
+   Changes to `ctx`:
+
+   - add `authToken`
+
+ */
+export default class FetchAuthTokenFromStore {
+  enter(enterCtx) {
+    const { tokenStore } = enterCtx;
+
+    if (!tokenStore) {
+      return enterCtx;
+    }
+
+    return Promise.resolve()
+      .then(tokenStore.getToken)
+      .then(storedToken => {
+        if (storedToken) {
+          return { ...enterCtx, authToken: storedToken };
+        }
+
+        return enterCtx;
+      });
+  }
+}

package/src/interceptors/fetch_refresh_token_for_revoke.js

@@ -0,0 +1,24 @@
+/**
+   Fetch `refresh_token` from `authToken` in `ctx`. If
+   `refresh_token` doesn't exist, clear the `enterQueue`, because we
+   don't need to revoke the refresh token we don't have.
+
+   Changes to `ctx`:
+
+   - Add `params.token`
+   - Clear `enterQueue` (if no need to revoke)
+*/
+export default class FetchRefreshTokenForRevoke {
+  enter(ctx) {
+    const { authToken: { refresh_token: token } = {} } = ctx;
+
+    if (token) {
+      return { ...ctx, params: { token } };
+    }
+
+    // No need to call `revoke` endpoint, because we don't have
+    // refresh_token.
+    // Clear the enterQueue
+    return { ...ctx, enterQueue: [] };
+  }
+}

package/src/interceptors/multipart_request.js

@@ -0,0 +1,35 @@
+import _ from 'lodash';
+
+/**
+   Takes `params` from `ctx` and converts to `FormData`
+
+   Changes to `ctx`:
+
+   - Modify `ctx.params`
+ */
+export default class MultipartRequest {
+  enter({ params, ...ctx }) {
+    if (_.isPlainObject(params)) {
+      /* eslint-disable no-undef */
+      if (typeof FormData === 'undefined') {
+        throw new Error(
+          "Don't know how to create multipart request from Object, when the FormData is undefined"
+        );
+      }
+
+      const formDataObj = _.reduce(
+        params,
+        (fd, val, key) => {
+          fd.append(key, val);
+          return fd;
+        },
+        new FormData()
+      );
+      /* eslint-enable no-undef */
+
+      return { params: formDataObj, ...ctx };
+    }
+
+    return { params, ...ctx };
+  }
+}

package/src/interceptors/retry_with_anon_token.js

@@ -0,0 +1,58 @@
+import contextRunner from '../context_runner';
+import SaveToken from './save_token';
+import AddAuthTokenResponse from './add_auth_token_response';
+
+/**
+   Retries with a fresh anon token.
+
+   `enter`: Save current `enterQueue` to `retryQueue` and save current `attempts` count
+
+   `error`: Try to fetch new anon token. If successful, save it to `ctx`
+
+   Changes to `ctx`:
+
+   - add `anonTokenRetry`
+   - add `authToken`
+ */
+export default class RetryWithAnonToken {
+  enter(enterCtx) {
+    const { enterQueue, anonTokenRetry: { attempts = 0 } = {} } = enterCtx;
+    return {
+      ...enterCtx,
+      anonTokenRetry: {
+        retryQueue: [...enterQueue, new RetryWithAnonToken()],
+        attempts: attempts + 1,
+      },
+    };
+  }
+
+  error(errorCtx) {
+    const {
+      clientId,
+      tokenStore,
+      endpointInterceptors,
+      anonTokenRetry: { retryQueue, attempts },
+    } = errorCtx;
+
+    if (attempts > 1) {
+      return errorCtx;
+    }
+
+    if (errorCtx.res && errorCtx.res.status === 401) {
+      return contextRunner([
+        new SaveToken(),
+        new AddAuthTokenResponse(),
+        ...endpointInterceptors.auth.token,
+      ])({
+        params: {
+          client_id: clientId,
+          grant_type: 'client_credentials',
+          scope: 'public-read',
+        },
+        tokenStore,
+      }).then(({ authToken }) => ({ ...errorCtx, authToken, enterQueue: retryQueue, error: null }));
+    }
+
+    return errorCtx;
+  }
+}

package/src/interceptors/retry_with_refresh_token.js

@@ -0,0 +1,70 @@
+import contextRunner from '../context_runner';
+import SaveToken from './save_token';
+import AddAuthTokenResponse from './add_auth_token_response';
+
+/**
+   Retries with a fresh password token.
+
+
+   `enter`: Save current `enterQueue` to `retryQueue` and save current `attempts` count
+
+   `error`: Try to fetch new password token. If successful, save it to `ctx`
+
+   Changes to `ctx`:
+
+   - add `anonTokenRetry`
+   - add `authToken`
+ */
+export default class RetryWithRefreshToken {
+  enter(enterCtx) {
+    const { enterQueue, refreshTokenRetry: { attempts = 0 } = {} } = enterCtx;
+    return {
+      ...enterCtx,
+      refreshTokenRetry: {
+        retryQueue: [...enterQueue, new RetryWithRefreshToken()],
+        attempts: attempts + 1,
+      },
+    };
+  }
+
+  error(errorCtx) {
+    const {
+      authToken,
+      clientId,
+      tokenStore,
+      endpointInterceptors,
+      refreshTokenRetry: { retryQueue, attempts },
+    } = errorCtx;
+
+    if (attempts > 1) {
+      return errorCtx;
+    }
+
+    if (errorCtx.res && errorCtx.res.status === 401 && authToken.refresh_token) {
+      return contextRunner([
+        new SaveToken(),
+        new AddAuthTokenResponse(),
+        ...endpointInterceptors.auth.token,
+      ])({
+        params: {
+          client_id: clientId,
+          grant_type: 'refresh_token',
+          refresh_token: authToken.refresh_token,
+        },
+        tokenStore,
+      })
+        .then(({ authToken: newAuthToken }) => ({
+          ...errorCtx,
+          authToken: newAuthToken,
+          enterQueue: retryQueue,
+          error: null,
+        }))
+        .catch(e => ({
+          ...errorCtx,
+          refreshTokenRetry: { retryQueue, attempts, res: e.response },
+        }));
+    }
+
+    return errorCtx;
+  }
+}

package/src/interceptors/save_token.js

@@ -0,0 +1,20 @@
+/**
+   On `leave` phase, take `authToken` from `ctx` and save it to tokenStore
+
+   Changes to `ctx`:
+
+   - None
+*/
+export default class SaveToken {
+  leave(ctx) {
+    const { authToken, tokenStore } = ctx;
+
+    if (tokenStore) {
+      return Promise.resolve()
+        .then(() => tokenStore.setToken(authToken))
+        .then(() => ctx);
+    }
+
+    return ctx;
+  }
+}

package/src/interceptors/transit_request.js

@@ -0,0 +1,27 @@
+import { createTransitConverters } from '../serializer';
+
+/**
+   Transit encode the request
+ */
+export default class TransitRequest {
+  enter(ctx) {
+    const { params, headers = {}, typeHandlers, transitVerbose, ...restCtx } = ctx;
+
+    if (headers['Content-Type'] === 'application/transit+json') {
+      return ctx;
+    }
+
+    const { writer } = createTransitConverters(typeHandlers, { verbose: transitVerbose });
+
+    return {
+      params: writer.write(params),
+      headers: {
+        ...headers,
+        'Content-Type': 'application/transit+json',
+      },
+      typeHandlers,
+      transitVerbose,
+      ...restCtx,
+    };
+  }
+}