diff --git a/CHANGELOG.md b/CHANGELOG.md index e5cd554d..68e42047 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [4.4.0] - 2020-08-30 ### Changed - Stores Anti CSRF token in cookie that can be shared across sub domains. This value is then read and added to the request header separately. -- Compatible with FDI 1.2 +- Compatible with FDI 1.2 and not with previous versions - Adds ability to get userID and JWT payload (securely) from the frontend ## [4.3.0] - 2020-08-20 diff --git a/frontendDriverInterfaceSupported.json b/frontendDriverInterfaceSupported.json index 6c4222f0..08bd2c75 100644 --- a/frontendDriverInterfaceSupported.json +++ b/frontendDriverInterfaceSupported.json @@ -1,8 +1,6 @@ { "_comment": "contains a list of frontend-backend interface versions that this package supports", "versions": [ - "1.0", - "1.1", "1.2" ] } \ No newline at end of file diff --git a/test/axios.test.js b/test/axios.test.js index 5a99775a..54629b07 100644 --- a/test/axios.test.js +++ b/test/axios.test.js @@ -295,6 +295,49 @@ describe("Axios AuthHttpRequest class tests", function() { } }); + // it("refresh session via reading of frontend info", async function () { + // await startST(); + // const browser = await puppeteer.launch({ + // args: ["--no-sandbox", "--disable-setuid-sandbox"] + // }); + // try { + // const page = await browser.newPage(); + // await page.goto(BASE_URL + "/index.html", { waitUntil: "load" }); + // await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" }); + // await page.evaluate(async () => { + // let BASE_URL = "http://localhost.org:8080"; + // supertokens.axios.makeSuper(axios); + // supertokens.axios.init({ + // refreshTokenUrl: `${BASE_URL}/refresh` + // }); + // let userId = "testing-supertokens-website"; + // let loginResponse = await axios.post(`${BASE_URL}/login`, JSON.stringify({ userId }), { + // headers: { + // Accept: "application/json", + // "Content-Type": "application/json" + // } + // }); + // let userIdFromResponse = loginResponse.data; + // assertEqual(userId, userIdFromResponse); + + // await axios.post(`${BASE_URL}/update-jwt`, { key: "data" }); + + // await delay(3); + + // assertEqual(await getNumberOfTimesRefreshCalled(), 0); + // let data = await supertokens.axios.getJWTPayloadSecurely(); + // assertEqual(await getNumberOfTimesRefreshCalled(), 1); + // assertEqual(data.key === "data", true); + + // let data2 = await supertokens.axios.getJWTPayloadSecurely(); + // assertEqual(data2.key === "data", true); + // assertEqual(await getNumberOfTimesRefreshCalled(), 1); + // }); + // } finally { + // await browser.close(); + // } + // }); + it("update jwt data", async function() { await startST(); const browser = await puppeteer.launch({ @@ -321,10 +364,22 @@ describe("Axios AuthHttpRequest class tests", function() { }); assertEqual(userId, loginResponse.data); + try { + // TODO: remove try catch + let data = await supertokens.axios.getJWTPayloadSecurely(); + assertEqual(Object.keys(data).length, 0); + } catch (ignored) {} + // update jwt data let testResponse1 = await axios.post(`${BASE_URL}/update-jwt`, { key: "data" }); assertEqual(testResponse1.data.key, "data"); + try { + // TODO: remove try catch + data = await supertokens.axios.getJWTPayloadSecurely(); + assertEqual(data.key, "data"); + } catch (ignored) {} + // get jwt data let testResponse2 = await axios.get(`${BASE_URL}/update-jwt`); assertEqual(testResponse2.data.key, "data"); @@ -334,6 +389,13 @@ describe("Axios AuthHttpRequest class tests", function() { assertEqual(testResponse3.data.key1, "data1"); assertEqual(testResponse3.data.key, undefined); + try { + // TODO: remove try catch + data = await supertokens.axios.getJWTPayloadSecurely(); + assertEqual(data.key1, "data1"); + assertEqual(data.key, undefined); + } catch (ignored) {} + // get jwt data let testResponse4 = await axios.get(`${BASE_URL}/update-jwt`); assertEqual(testResponse4.data.key1, "data1"); @@ -483,6 +545,11 @@ describe("Axios AuthHttpRequest class tests", function() { assertEqual(userId, loginResponse.data); assertEqual(await supertokens.axios.doesSessionExist(), true); assertEqual(getAntiCSRFromCookie() !== null, true); + try { + // TODO: remove this try catch after all drivers have implemented front-token + let userIdFromToken = supertokens.axios.getUserId(); + assertEqual(userIdFromToken, userId); + } catch (ignored) {} // send api request to logout let logoutResponse = await axios.post(`${BASE_URL}/logout`, JSON.stringify({ userId }), { @@ -496,6 +563,20 @@ describe("Axios AuthHttpRequest class tests", function() { assertEqual(logoutResponse.data, "success"); assertEqual(sessionExists, false); assertEqual(getAntiCSRFromCookie() === null, true); + + try { + supertokens.axios.getUserId(); + throw new Error("test failed"); + } catch (err) { + assertEqual(err.message, "No session exists"); + } + + try { + await supertokens.axios.getJWTPayloadSecurely(); + throw new Error("test failed"); + } catch (err) { + assertEqual(err.message, "No session exists"); + } }); } finally { await browser.close(); diff --git a/test/fetch.test.js b/test/fetch.test.js index 2f596f29..6101c1e0 100644 --- a/test/fetch.test.js +++ b/test/fetch.test.js @@ -266,6 +266,56 @@ describe("Fetch AuthHttpRequest class tests", function() { } }); + // it("refresh session via reading of frontend info using fetch", async function () { + // await startST(); + // const browser = await puppeteer.launch({ + // args: ["--no-sandbox", "--disable-setuid-sandbox"] + // }); + // try { + // const page = await browser.newPage(); + // await page.goto(BASE_URL + "/index.html", { waitUntil: "load" }); + // await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" }); + // await page.evaluate(async () => { + // let BASE_URL = "http://localhost.org:8080"; + // supertokens.fetch.init({ + // refreshTokenUrl: `${BASE_URL}/refresh` + // }); + // let userId = "testing-supertokens-website"; + // let loginResponse = await fetch(`${BASE_URL}/login`, { + // method: "post", + // headers: { + // Accept: "application/json", + // "Content-Type": "application/json" + // }, + // body: JSON.stringify({ userId }) + // }); + // assertEqual(await loginResponse.text(), userId); + + // let testResponse1 = await fetch(`${BASE_URL}/update-jwt`, { + // method: "post", + // headers: { + // Accept: "application/json", + // "Content-Type": "application/json" + // }, + // body: JSON.stringify({ key: "data" }) + // }); + + // await delay(3); + + // assertEqual(await getNumberOfTimesRefreshCalled(), 0); + // let data = await supertokens.fetch.getJWTPayloadSecurely(); + // assertEqual(await getNumberOfTimesRefreshCalled(), 1); + // assertEqual(data.key === "data", true); + + // let data2 = await supertokens.fetch.getJWTPayloadSecurely(); + // assertEqual(data2.key === "data", true); + // assertEqual(await getNumberOfTimesRefreshCalled(), 1); + // }); + // } finally { + // await browser.close(); + // } + // }); + it("test update jwt data with fetch", async function() { await startST(); const browser = await puppeteer.launch({ @@ -294,6 +344,12 @@ describe("Fetch AuthHttpRequest class tests", function() { assertEqual(await loginResponse.text(), userId); + try { + // TODO: remove try catch + let data = await supertokens.fetch.getJWTPayloadSecurely(); + assertEqual(Object.keys(data).length, 0); + } catch (ignored) {} + // update jwt data let testResponse1 = await fetch(`${BASE_URL}/update-jwt`, { method: "post", @@ -306,6 +362,12 @@ describe("Fetch AuthHttpRequest class tests", function() { let data1 = await testResponse1.json(); assertEqual(data1.key, "data"); + try { + // TODO: remove try catch + data = await supertokens.fetch.getJWTPayloadSecurely(); + assertEqual(data.key, "data"); + } catch (ignored) {} + // get jwt data let testResponse2 = await fetch(`${BASE_URL}/update-jwt`, { method: "get" }); let data2 = await testResponse2.json(); @@ -324,6 +386,13 @@ describe("Fetch AuthHttpRequest class tests", function() { assertEqual(data3.key1, "data1"); assertEqual(data3.key, undefined); + try { + // TODO: remove try catch + data = await supertokens.fetch.getJWTPayloadSecurely(); + assertEqual(data.key1, "data1"); + assertEqual(data.key, undefined); + } catch (ignored) {} + // get jwt data let testResponse4 = await fetch(`${BASE_URL}/update-jwt`, { method: "get" }); let data4 = await testResponse4.json(); @@ -485,6 +554,11 @@ describe("Fetch AuthHttpRequest class tests", function() { assertEqual(await supertokens.fetch.doesSessionExist(), true); assertEqual(getAntiCSRFromCookie() !== null, true); + try { + // TODO: remove this try catch after all drivers have implemented front-token + let userIdFromToken = supertokens.fetch.getUserId(); + assertEqual(userIdFromToken, userId); + } catch (ignored) {} // send api request to logout let logoutResponse = await fetch(`${BASE_URL}/logout`, { @@ -499,6 +573,20 @@ describe("Fetch AuthHttpRequest class tests", function() { assertEqual(await logoutResponse.text(), "success"); assertEqual(await supertokens.fetch.doesSessionExist(), false); assertEqual(getAntiCSRFromCookie() === null, true); + + try { + supertokens.fetch.getUserId(); + throw new Error("test failed"); + } catch (err) { + assertEqual(err.message, "No session exists"); + } + + try { + await supertokens.fetch.getJWTPayloadSecurely(); + throw new Error("test failed"); + } catch (err) { + assertEqual(err.message, "No session exists"); + } }); } finally { await browser.close(); diff --git a/test/server/package.json b/test/server/package.json index e488efbf..7bb97d9a 100644 --- a/test/server/package.json +++ b/test/server/package.json @@ -12,4 +12,4 @@ "cookie-parser": "1.4.4", "express": "4.17.1" } -} +} \ No newline at end of file