From 8373b9b6c719d3e5ee976dfc5f48172c770beacd Mon Sep 17 00:00:00 2001 From: Alec Fenichel Date: Tue, 12 Mar 2019 16:47:07 -0400 Subject: [PATCH 1/3] Add note about installing ember fetch for fastboot --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 432ba77..bdb3116 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Ember Simple Auth Token can be installed with [Ember CLI][ember-cli] by running: ember install ember-simple-auth-token ``` -If using FastBoot, `node-fetch` must be added to your `fastbootDependencies`. If using FastBoot and the JWT authenticator, `node-fetch` and `buffer` must be added to you `fastbootDependencies`. +If using FastBoot, `ember-fetch` must be installed as a direct dependency and `node-fetch` must be added to your `fastbootDependencies`. If using FastBoot and the JWT authenticator, `node-fetch` and `buffer` must be added to you `fastbootDependencies`. ## Setup From 349752606169f380c922c769dcc76fa08b7f1706 Mon Sep 17 00:00:00 2001 From: Alec Fenichel Date: Tue, 12 Mar 2019 17:01:39 -0400 Subject: [PATCH 2/3] Clean up comments --- addon/authenticators/jwt.js | 87 +++++++++++--------------------- addon/authenticators/token.js | 26 ++++------ addon/mixins/token-authorizer.js | 7 +-- server/index.js | 10 ---- 4 files changed, 41 insertions(+), 89 deletions(-) diff --git a/addon/authenticators/jwt.js b/addon/authenticators/jwt.js index d3bad19..febfa7d 100644 --- a/addon/authenticators/jwt.js +++ b/addon/authenticators/jwt.js @@ -28,8 +28,7 @@ const decode = str => { Inspired by [ember-simple-auth-oauth2](https://github.com/simplabs/ember-simple-auth/tree/master/packages/ember-simple-auth-oauth2) - The factory for this authenticator is registered as - 'authenticator:jwt` in Ember's container. + The factory for this authenticator is registered as 'authenticator:jwt` in Ember's container. @class JWT @namespace SimpleAuth.Authenticators @@ -39,7 +38,6 @@ const decode = str => { export default TokenAuthenticator.extend({ /** @method init - @private */ init() { this._super(...arguments); @@ -58,18 +56,14 @@ export default TokenAuthenticator.extend({ It will return a resolving promise if one of two conditions is met: - 1) Both `data.token` and `data.expiresAt` are non-empty and `expiresAt` - is greater than the calculated `now`. - 2) If `data.token` is non-empty and the decoded token has a key for - `tokenExpireName`. + 1) Both `data.token` and `data.expiresAt` are non-empty and `expiresAt` is greater than the calculated `now`. + 2) If `data.token` is non-empty and the decoded token has a key for `tokenExpireName`. - If `refreshAccessTokens` is true, `scheduleAccessTokenRefresh` will - be called and an automatic token refresh will be initiated. + If `refreshAccessTokens` is true, `scheduleAccessTokenRefresh` will be called and an automatic token refresh will be initiated. @method restore @param {Object} data The data to restore the session from - @return {Promise} A promise that when it resolves results - in the session being authenticated + @return {Promise} A promise that when it resolves results in the session being authenticated */ restore(data) { const dataObject = EmberObject.create(data); @@ -85,8 +79,7 @@ export default TokenAuthenticator.extend({ } if (isEmpty(expiresAt)) { - // Fetch the expire time from the token data since `expiresAt` - // wasn't included in the data object that was passed in. + // Fetch the expire time from the token data since `expiresAt` wasn't included in the data object that was passed in. const tokenData = this.getTokenData(token); expiresAt = tokenData[this.tokenExpireName]; if (isEmpty(expiresAt)) { @@ -112,9 +105,7 @@ export default TokenAuthenticator.extend({ return reject(new Error('unable to refresh token')); } } else { - // the refresh token might not be expired, - // we can't test this on the client so attempt to refresh the token. - // If the server rejects the token the user session will be invalidated + // The refresh token might not be expired, we can't test this on the client so attempt to refresh the token. If the server rejects the token the user session will be invalidated if (this.refreshAccessTokens) { return resolve(this.refreshAccessToken(refreshToken)); } else { @@ -127,35 +118,27 @@ export default TokenAuthenticator.extend({ /** Authenticates the session with the specified `credentials`. - It will return a resolving promise if it successfully posts a request - to the `JWT.serverTokenEndpoint` with the valid credentials. + It will return a resolving promise if it successfully posts a request to the `JWT.serverTokenEndpoint` with the valid credentials. - An automatic token refresh will be scheduled with the new expiration date - from the returned refresh token. That expiration will be merged with the - response and the promise resolved. + An automatic token refresh will be scheduled with the new expiration date from the returned refresh token. That expiration will be merged with the response and the promise resolved. @method authenticate @param {Object} credentials The credentials to authenticate the session with @param {Object} headers Optional headers to send with the authentication request - @return {Promise} A promise that resolves when an auth token is - successfully acquired from the server and rejects - otherwise + @return {Promise} A promise that resolves when an auth token is successfully acquired from the server and rejects otherwise */ authenticate(credentials, headers) { - return this.makeRequest(this.serverTokenEndpoint, credentials, assign({}, this.headers, headers)) - .then(response => this.handleAuthResponse(response.json)); + return this.makeRequest(this.serverTokenEndpoint, credentials, assign({}, this.headers, headers)).then(response => { + return this.handleAuthResponse(response.json); + }); }, /** - Schedules a token refresh request to be sent to the backend after a calculated - `wait` time has passed. + Schedules a token refresh request to be sent to the backend after a calculated `wait` time has passed. - If both `token` and `expiresAt` are non-empty, and `expiresAt` minus the optional - refres leeway is greater than the calculated `now`, the token refresh will be scheduled - through later. + If both `token` and `expiresAt` are non-empty, and `expiresAt` minus the optional refres leeway is greater than the calculated `now`, the token refresh will be scheduled through later. @method scheduleAccessTokenRefresh - @private */ scheduleAccessTokenRefresh(expiresAt, refreshToken) { if (this.refreshAccessTokens) { @@ -178,30 +161,25 @@ export default TokenAuthenticator.extend({ /** Makes a refresh token request to grab a new authenticated JWT token from the server. - It will return a resolving promise if a successful POST is made to the - `JWT.serverTokenRefreshEndpoint`. + It will return a resolving promise if a successful POST is made to the `JWT.serverTokenRefreshEndpoint`. - After the new token is obtained it will schedule the next automatic token refresh - based on the new `expiresAt` time. + After the new token is obtained it will schedule the next automatic token refresh based on the new `expiresAt` time. The session will be updated via the trigger `sessionDataUpdated`. @method refreshAccessToken - @private */ refreshAccessToken(token) { const data = this.makeRefreshData(token); - return this.makeRequest(this.serverTokenRefreshEndpoint, data, this.headers) - .then(response => { - const sessionData = this.handleAuthResponse(response.json); - this.trigger('sessionDataUpdated', sessionData); - return sessionData; - }) - .catch(error => { - this.handleTokenRefreshFail(error.status); - return Promise.reject(error); - }); + return this.makeRequest(this.serverTokenRefreshEndpoint, data, this.headers).then(response => { + const sessionData = this.handleAuthResponse(response.json); + this.trigger('sessionDataUpdated', sessionData); + return sessionData; + }).catch(error => { + this.handleTokenRefreshFail(error.status); + return Promise.reject(error); + }); }, /** @@ -246,8 +224,8 @@ export default TokenAuthenticator.extend({ }, /** - Cancels any outstanding automatic token refreshes and returns a resolving - promise. + Cancels any outstanding automatic token refreshes and returns a resolving promise. + @method invalidate @param {Object} data The data of the session to be invalidated @return {Promise} A resolving promise @@ -262,6 +240,7 @@ export default TokenAuthenticator.extend({ /** Returns the current time as a timestamp in seconds + @method getCurrentTime @return {Integer} timestamp */ @@ -273,8 +252,7 @@ export default TokenAuthenticator.extend({ Handles authentication response from server, and returns session data @method handleAuthResponse - @private - */ + */ handleAuthResponse(response) { const token = get(response, this.tokenPropertyName); @@ -306,13 +284,10 @@ export default TokenAuthenticator.extend({ }, /** - Handles token refresh fail status. If the server response to a token refresh has a - status of 401 or 403 then the token in the session will be invalidated and - the sessionInvalidated provided by ember-simple-auth will be triggered. + Handles token refresh fail status. If the server response to a token refresh has a status of 401 or 403 then the token in the session will be invalidated and the sessionInvalidated provided by ember-simple-auth will be triggered. @method handleTokenRefreshFail */ - handleTokenRefreshFail(refreshStatus) { if (refreshStatus === 401 || refreshStatus === 403) { return this.invalidate().then(() => { @@ -325,7 +300,6 @@ export default TokenAuthenticator.extend({ Schedules session invalidation at the time token expires. @method scheduleAccessTokenExpiration - @private */ scheduleAccessTokenExpiration(expiresAt) { const now = this.getCurrentTime(); @@ -342,7 +316,6 @@ export default TokenAuthenticator.extend({ Handles access token expiration @method handleAccessTokenExpiration - @private */ handleAccessTokenExpiration() { return this.invalidate().then(() => { diff --git a/addon/authenticators/token.js b/addon/authenticators/token.js index e4e9a32..b6e66ad 100644 --- a/addon/authenticators/token.js +++ b/addon/authenticators/token.js @@ -9,8 +9,7 @@ import config from 'ember-get-config'; /** Authenticator that works with token-based authentication like JWT. - _The factory for this authenticator is registered as - `'authenticator:token'` in Ember's container._ + _The factory for this authenticator is registered as `'authenticator:token'` in Ember's container._ @class Token @namespace SimpleAuth.Authenticators @@ -20,7 +19,6 @@ import config from 'ember-get-config'; export default Base.extend({ /** @method init - @private */ init() { this._super(...arguments); @@ -31,9 +29,7 @@ export default Base.extend({ }, /** - Restores the session from a set of session properties; __will return a - resolving promise when there's a non-empty `token` in the - `properties`__ and a rejecting promise otherwise. + Restores the session from a set of session properties; __will return a resolving promise when there's a non-empty `token` in the `properties`__ and a rejecting promise otherwise. @method restore @param {Object} properties The properties to restore the session from @@ -52,13 +48,7 @@ export default Base.extend({ }, /** - Authenticates the session with the specified `credentials`; the credentials - are `POST`ed to the - [`Authenticators.Token#serverTokenEndpoint`](#SimpleAuth-Authenticators-Token-serverTokenEndpoint) - and if they are valid the server returns an auth token in - response. __If the credentials are valid and authentication succeeds, a - promise that resolves with the server's response is returned__, otherwise a - promise that rejects with the server error is returned. + Authenticates the session with the specified `credentials`; the credentials are `POST`ed to the [`Authenticators.Token#serverTokenEndpoint`](#SimpleAuth-Authenticators-Token-serverTokenEndpoint) and if they are valid the server returns an auth token in response. __If the credentials are valid and authentication succeeds, a promise that resolves with the server's response is returned__, otherwise a promise that rejects with the server error is returned. @method authenticate @param {Object} credentials The credentials to authenticate the session with @@ -66,8 +56,9 @@ export default Base.extend({ @return {Promise} A promise that resolves when an auth token is successfully acquired from the server and rejects otherwise */ authenticate(credentials, headers) { - return this.makeRequest(this.serverTokenEndpoint, credentials, assign({}, this.headers, headers)) - .then(response => response.json); + return this.makeRequest(this.serverTokenEndpoint, credentials, assign({}, this.headers, headers)).then(response => { + return response.json; + }); }, /** @@ -85,7 +76,6 @@ export default Base.extend({ @param {Object} url Server endpoint @param {Object} data Object that will be sent to server @param {Object} headers Additional headers that will be sent to server - @private */ makeRequest(url, data, headers) { return fetch(url, { @@ -115,7 +105,9 @@ export default Base.extend({ } else { return reject(res); } - }).catch(() => reject(res)); + }).catch(() => { + return reject(res); + }); }); } }); diff --git a/addon/mixins/token-authorizer.js b/addon/mixins/token-authorizer.js index 2193872..92c060c 100644 --- a/addon/mixins/token-authorizer.js +++ b/addon/mixins/token-authorizer.js @@ -6,8 +6,7 @@ import DataAdapterMixin from 'ember-simple-auth/mixins/data-adapter-mixin'; import config from 'ember-get-config'; /** - Authorizer Mixin that works with token-based authentication like JWT - by sending the `token` properties from the session in the `Authorization` header. + Authorizer Mixin that works with token-based authentication like JWT by sending the `token` properties from the session in the `Authorization` header. @class TokenAuthorizer @module ember-simple-auth-token/mixins/token-authorizer @@ -18,7 +17,6 @@ export default Mixin.create(DataAdapterMixin, { /** @method init - @private */ init() { this._super(...arguments); @@ -29,8 +27,7 @@ export default Mixin.create(DataAdapterMixin, { }, /** - Authorizes an XHR request by sending the `token` - properties from the session in the `Authorization` header: + Authorizes an XHR request by sending the `token` properties from the session in the `Authorization` header: ``` Authorization: Bearer diff --git a/server/index.js b/server/index.js index d1b91be..342c935 100644 --- a/server/index.js +++ b/server/index.js @@ -1,12 +1,3 @@ -// To use it create some files under `mocks/` -// e.g. `server/mocks/ember-hamsters.js` -// -// module.exports = function(app) { -// app.get('/ember-hamsters', function(req, res) { -// res.send('hello'); -// }); -// }; - module.exports = function(app) { var globSync = require('glob').sync; var mocks = globSync('./mocks/**/*.js', { cwd: __dirname }).map(require); @@ -18,5 +9,4 @@ module.exports = function(app) { mocks.forEach(function(route) { route(app); }); proxies.forEach(function(route) { route(app); }); - }; From 011743f507bbddcc7b6780c3f851d082dd0861b2 Mon Sep 17 00:00:00 2001 From: Alec Fenichel Date: Fri, 19 Apr 2019 10:52:41 -0400 Subject: [PATCH 3/3] v4.0.7 --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index c5f2f74..1adacda 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "ember-simple-auth-token", - "version": "4.0.6", + "version": "4.0.7", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 849a29c..c9e6e42 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ember-simple-auth-token", - "version": "4.0.6", + "version": "4.0.7", "description": "An authenticator and authorizer for Ember Simple Auth that is compatible with token-based authentication like JWT in Ember CLI applications.", "directories": { "doc": "doc",