Skip to content

Commit

Permalink
adds feature of reading from frontend with some tests. supertokens/su…
Browse files Browse the repository at this point in the history
  • Loading branch information
rishabhpoddar committed Sep 16, 2020
1 parent 1d74c39 commit 7dec48f
Show file tree
Hide file tree
Showing 5 changed files with 171 additions and 4 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [4.4.0] - 2020-08-30
### Changed
- Stores Anti CSRF token in cookie that can be shared across sub domains. This value is then read and added to the request header separately.
- Compatible with FDI 1.2
- Compatible with FDI 1.2 and not with previous versions
- Adds ability to get userID and JWT payload (securely) from the frontend

## [4.3.0] - 2020-08-20
Expand Down
2 changes: 0 additions & 2 deletions frontendDriverInterfaceSupported.json
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
{
"_comment": "contains a list of frontend-backend interface versions that this package supports",
"versions": [
"1.0",
"1.1",
"1.2"
]
}
81 changes: 81 additions & 0 deletions test/axios.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -295,6 +295,49 @@ describe("Axios AuthHttpRequest class tests", function() {
}
});

// it("refresh session via reading of frontend info", async function () {
// await startST();
// const browser = await puppeteer.launch({
// args: ["--no-sandbox", "--disable-setuid-sandbox"]
// });
// try {
// const page = await browser.newPage();
// await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
// await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
// await page.evaluate(async () => {
// let BASE_URL = "http://localhost.org:8080";
// supertokens.axios.makeSuper(axios);
// supertokens.axios.init({
// refreshTokenUrl: `${BASE_URL}/refresh`
// });
// let userId = "testing-supertokens-website";
// let loginResponse = await axios.post(`${BASE_URL}/login`, JSON.stringify({ userId }), {
// headers: {
// Accept: "application/json",
// "Content-Type": "application/json"
// }
// });
// let userIdFromResponse = loginResponse.data;
// assertEqual(userId, userIdFromResponse);

// await axios.post(`${BASE_URL}/update-jwt`, { key: "data" });

// await delay(3);

// assertEqual(await getNumberOfTimesRefreshCalled(), 0);
// let data = await supertokens.axios.getJWTPayloadSecurely();
// assertEqual(await getNumberOfTimesRefreshCalled(), 1);
// assertEqual(data.key === "data", true);

// let data2 = await supertokens.axios.getJWTPayloadSecurely();
// assertEqual(data2.key === "data", true);
// assertEqual(await getNumberOfTimesRefreshCalled(), 1);
// });
// } finally {
// await browser.close();
// }
// });

it("update jwt data", async function() {
await startST();
const browser = await puppeteer.launch({
Expand All @@ -321,10 +364,22 @@ describe("Axios AuthHttpRequest class tests", function() {
});
assertEqual(userId, loginResponse.data);

try {
// TODO: remove try catch
let data = await supertokens.axios.getJWTPayloadSecurely();
assertEqual(Object.keys(data).length, 0);
} catch (ignored) {}

// update jwt data
let testResponse1 = await axios.post(`${BASE_URL}/update-jwt`, { key: "data" });
assertEqual(testResponse1.data.key, "data");

try {
// TODO: remove try catch
data = await supertokens.axios.getJWTPayloadSecurely();
assertEqual(data.key, "data");
} catch (ignored) {}

// get jwt data
let testResponse2 = await axios.get(`${BASE_URL}/update-jwt`);
assertEqual(testResponse2.data.key, "data");
Expand All @@ -334,6 +389,13 @@ describe("Axios AuthHttpRequest class tests", function() {
assertEqual(testResponse3.data.key1, "data1");
assertEqual(testResponse3.data.key, undefined);

try {
// TODO: remove try catch
data = await supertokens.axios.getJWTPayloadSecurely();
assertEqual(data.key1, "data1");
assertEqual(data.key, undefined);
} catch (ignored) {}

// get jwt data
let testResponse4 = await axios.get(`${BASE_URL}/update-jwt`);
assertEqual(testResponse4.data.key1, "data1");
Expand Down Expand Up @@ -483,6 +545,11 @@ describe("Axios AuthHttpRequest class tests", function() {
assertEqual(userId, loginResponse.data);
assertEqual(await supertokens.axios.doesSessionExist(), true);
assertEqual(getAntiCSRFromCookie() !== null, true);
try {
// TODO: remove this try catch after all drivers have implemented front-token
let userIdFromToken = supertokens.axios.getUserId();
assertEqual(userIdFromToken, userId);
} catch (ignored) {}

// send api request to logout
let logoutResponse = await axios.post(`${BASE_URL}/logout`, JSON.stringify({ userId }), {
Expand All @@ -496,6 +563,20 @@ describe("Axios AuthHttpRequest class tests", function() {
assertEqual(logoutResponse.data, "success");
assertEqual(sessionExists, false);
assertEqual(getAntiCSRFromCookie() === null, true);

try {
supertokens.axios.getUserId();
throw new Error("test failed");
} catch (err) {
assertEqual(err.message, "No session exists");
}

try {
await supertokens.axios.getJWTPayloadSecurely();
throw new Error("test failed");
} catch (err) {
assertEqual(err.message, "No session exists");
}
});
} finally {
await browser.close();
Expand Down
88 changes: 88 additions & 0 deletions test/fetch.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,56 @@ describe("Fetch AuthHttpRequest class tests", function() {
}
});

// it("refresh session via reading of frontend info using fetch", async function () {
// await startST();
// const browser = await puppeteer.launch({
// args: ["--no-sandbox", "--disable-setuid-sandbox"]
// });
// try {
// const page = await browser.newPage();
// await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
// await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
// await page.evaluate(async () => {
// let BASE_URL = "http://localhost.org:8080";
// supertokens.fetch.init({
// refreshTokenUrl: `${BASE_URL}/refresh`
// });
// let userId = "testing-supertokens-website";
// let loginResponse = await fetch(`${BASE_URL}/login`, {
// method: "post",
// headers: {
// Accept: "application/json",
// "Content-Type": "application/json"
// },
// body: JSON.stringify({ userId })
// });
// assertEqual(await loginResponse.text(), userId);

// let testResponse1 = await fetch(`${BASE_URL}/update-jwt`, {
// method: "post",
// headers: {
// Accept: "application/json",
// "Content-Type": "application/json"
// },
// body: JSON.stringify({ key: "data" })
// });

// await delay(3);

// assertEqual(await getNumberOfTimesRefreshCalled(), 0);
// let data = await supertokens.fetch.getJWTPayloadSecurely();
// assertEqual(await getNumberOfTimesRefreshCalled(), 1);
// assertEqual(data.key === "data", true);

// let data2 = await supertokens.fetch.getJWTPayloadSecurely();
// assertEqual(data2.key === "data", true);
// assertEqual(await getNumberOfTimesRefreshCalled(), 1);
// });
// } finally {
// await browser.close();
// }
// });

it("test update jwt data with fetch", async function() {
await startST();
const browser = await puppeteer.launch({
Expand Down Expand Up @@ -294,6 +344,12 @@ describe("Fetch AuthHttpRequest class tests", function() {

assertEqual(await loginResponse.text(), userId);

try {
// TODO: remove try catch
let data = await supertokens.fetch.getJWTPayloadSecurely();
assertEqual(Object.keys(data).length, 0);
} catch (ignored) {}

// update jwt data
let testResponse1 = await fetch(`${BASE_URL}/update-jwt`, {
method: "post",
Expand All @@ -306,6 +362,12 @@ describe("Fetch AuthHttpRequest class tests", function() {
let data1 = await testResponse1.json();
assertEqual(data1.key, "data");

try {
// TODO: remove try catch
data = await supertokens.fetch.getJWTPayloadSecurely();
assertEqual(data.key, "data");
} catch (ignored) {}

// get jwt data
let testResponse2 = await fetch(`${BASE_URL}/update-jwt`, { method: "get" });
let data2 = await testResponse2.json();
Expand All @@ -324,6 +386,13 @@ describe("Fetch AuthHttpRequest class tests", function() {
assertEqual(data3.key1, "data1");
assertEqual(data3.key, undefined);

try {
// TODO: remove try catch
data = await supertokens.fetch.getJWTPayloadSecurely();
assertEqual(data.key1, "data1");
assertEqual(data.key, undefined);
} catch (ignored) {}

// get jwt data
let testResponse4 = await fetch(`${BASE_URL}/update-jwt`, { method: "get" });
let data4 = await testResponse4.json();
Expand Down Expand Up @@ -485,6 +554,11 @@ describe("Fetch AuthHttpRequest class tests", function() {

assertEqual(await supertokens.fetch.doesSessionExist(), true);
assertEqual(getAntiCSRFromCookie() !== null, true);
try {
// TODO: remove this try catch after all drivers have implemented front-token
let userIdFromToken = supertokens.fetch.getUserId();
assertEqual(userIdFromToken, userId);
} catch (ignored) {}

// send api request to logout
let logoutResponse = await fetch(`${BASE_URL}/logout`, {
Expand All @@ -499,6 +573,20 @@ describe("Fetch AuthHttpRequest class tests", function() {
assertEqual(await logoutResponse.text(), "success");
assertEqual(await supertokens.fetch.doesSessionExist(), false);
assertEqual(getAntiCSRFromCookie() === null, true);

try {
supertokens.fetch.getUserId();
throw new Error("test failed");
} catch (err) {
assertEqual(err.message, "No session exists");
}

try {
await supertokens.fetch.getJWTPayloadSecurely();
throw new Error("test failed");
} catch (err) {
assertEqual(err.message, "No session exists");
}
});
} finally {
await browser.close();
Expand Down
2 changes: 1 addition & 1 deletion test/server/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,4 @@
"cookie-parser": "1.4.4",
"express": "4.17.1"
}
}
}

0 comments on commit 7dec48f

Please sign in to comment.