From f26d810767ce210bc8b773efab431f46991a8d72 Mon Sep 17 00:00:00 2001
From: Jim O'Donnell <jim@zooniverse.org>
Date: Tue, 27 Feb 2018 16:17:35 +0000
Subject: [PATCH 1/4] Replace _checkPanoptesSession with _getNewToken Replaces
 _checkPanoptesSession() with _getNewToken(), which attempts to get a new
 token from Panoptes via an iframe. Stored tokens are not returned, since we
 should only be calling this method when the stored token is about to expire.

---
 lib/oauth.js | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/lib/oauth.js b/lib/oauth.js
index 8b1a0c0..c831254 100644
--- a/lib/oauth.js
+++ b/lib/oauth.js
@@ -174,14 +174,10 @@ module.exports = new Model({
     }
   },
 
-  _checkForPanoptesSession: function() {
-    var sessionTokenDetails = JSON.parse(SESSION_STORAGE.getItem(LOCAL_STORAGE_PREFIX + 'tokenDetails'));
+  _getNewToken: function() {
     var redirectUri = ls.get(LOCAL_STORAGE_PREFIX + 'redirectUri');
     this.update({
       _currentSessionCheckPromise: new Promise(function(resolve, reject) {
-        if (sessionTokenDetails) {
-          resolve(sessionTokenDetails);
-        }
 
         if (!redirectUri) {
           reject(Error('No redirect URI found'));
@@ -272,7 +268,7 @@ module.exports = new Model({
   },
 
   _refreshBearerToken: function() {
-    return this._checkForPanoptesSession()
+    return this._getNewToken()
       .then(function(tokenDetails) {
         return this._handleNewBearerToken(tokenDetails);
       }.bind(this))

From 9e2f32b5e63525f2fd4a90d35d19c9454e98812a Mon Sep 17 00:00:00 2001
From: Jim O'Donnell <jim@zooniverse.org>
Date: Fri, 2 Mar 2018 11:12:14 +0000
Subject: [PATCH 2/4] Fix this._deleteBearerToken is undefined error This
 context wasn't properly set in the catch block for refresh errors, so the
 token was never deleted.

---
 lib/oauth.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/oauth.js b/lib/oauth.js
index c831254..840cedd 100644
--- a/lib/oauth.js
+++ b/lib/oauth.js
@@ -277,7 +277,7 @@ module.exports = new Model({
         console.log(error);
         this._deleteBearerToken();
         return null;
-      });
+      }.bind(this));
   },
 
   _saveRedirectUri: function(redirectUri) {

From 1a2a80b0d02719905eed48c56784186d040524b7 Mon Sep 17 00:00:00 2001
From: Jim O'Donnell <jim@zooniverse.org>
Date: Mon, 5 Mar 2018 16:18:15 +0000
Subject: [PATCH 3/4] Better handling for token expiration Add
 _handleExpiredToken, which only clears your session if it has actually
 expired. This should allow you to continue to use the Panoptes API, if
 refresh fails but you still have a few minutes left on your old token.

---
 lib/oauth.js | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/oauth.js b/lib/oauth.js
index 840cedd..2063273 100644
--- a/lib/oauth.js
+++ b/lib/oauth.js
@@ -252,6 +252,18 @@ module.exports = new Model({
       });
   },
 
+  _handleExpiredToken: function() {
+    var tokenDetails = JSON.parse(SESSION_STORAGE.getItem(LOCAL_STORAGE_PREFIX + 'tokenDetails'));
+    var tokenHasExpired = false;
+    if (tokenDetails && tokenDetails.expires_at) {
+      tokenHasExpired = Date.now() > tokenDetails.expires_at;
+    }
+    if (tokenHasExpired) {
+      console.info('Panoptes session has expired');
+      this._deleteBearerToken();
+    }
+  },
+
   _handleNewBearerToken: function(tokenDetails) {
     if (tokenDetails && tokenDetails.access_token) {
       console.log('Got new bearer token', tokenDetails.access_token.slice(-6));
@@ -273,9 +285,8 @@ module.exports = new Model({
         return this._handleNewBearerToken(tokenDetails);
       }.bind(this))
       .catch(function (error) {
-        console.info('Panoptes session has expired');
         console.log(error);
-        this._deleteBearerToken();
+        this._handleExpiredToken();
         return null;
       }.bind(this));
   },

From 8bc2017290f177e01dcf4157b549b997c2fc5f8b Mon Sep 17 00:00:00 2001
From: Jim O'Donnell <jim@zooniverse.org>
Date: Mon, 5 Mar 2018 16:21:39 +0000
Subject: [PATCH 4/4] Rename token check to _bearerTokenWillExpire Seems like a
 better name, since it returns true slightly before the token actually
 expires.

---
 lib/oauth.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/oauth.js b/lib/oauth.js
index 2063273..8b2e586 100644
--- a/lib/oauth.js
+++ b/lib/oauth.js
@@ -31,7 +31,7 @@ module.exports = new Model({
 
   checkBearerToken: function() {
     var awaitBearerToken;
-    if (this._bearerTokenIsExpired()) {
+    if (this._bearerTokenWillExpire()) {
       awaitBearerToken = this._refreshBearerToken();
     } else {
       var tokenDetails = JSON.parse(SESSION_STORAGE.getItem(LOCAL_STORAGE_PREFIX + 'tokenDetails'));
@@ -165,7 +165,7 @@ module.exports = new Model({
     ].join('');
   },
 
-  _bearerTokenIsExpired: function() {
+  _bearerTokenWillExpire: function() {
     var tokenDetails = JSON.parse(SESSION_STORAGE.getItem(LOCAL_STORAGE_PREFIX + 'tokenDetails'));
     if (tokenDetails) {
       return Date.now() >= tokenDetails.expires_at - TOKEN_EXPIRATION_ALLOWANCE;