Skip to content
This repository was archived by the owner on Aug 22, 2024. It is now read-only.

Changes on ACCESS_TOKEN and implements REFRESH_TOKEN#7

Open
Craaftx wants to merge 16 commits into
masterfrom
token_support
Open

Changes on ACCESS_TOKEN and implements REFRESH_TOKEN#7
Craaftx wants to merge 16 commits into
masterfrom
token_support

Conversation

@Craaftx

@Craaftx Craaftx commented Feb 28, 2018

Copy link
Copy Markdown
  • Need to manage the expiration time of tokens
  • Need to implements REFRESH_TOKEN for "Password Credential" Grant Type

@Craaftx Craaftx changed the title [WIP] Change on ACCESS_TOKEN and implements REFRESH_TOKEN [WIP] Changes on ACCESS_TOKEN and implements REFRESH_TOKEN Feb 28, 2018
Comment thread src/model/index.js Outdated
access = a;
return true;
}
return false;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This return false; is useless

willdurand
willdurand previously approved these changes Feb 28, 2018
Comment thread src/model/index.js Outdated
access = a;
return true;
const aDate = new Date(a.created);
aDate.setSeconds(aDate.getSeconds() + a.expires_in);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So why are you using Date here? You get unix time value in a.created, so you could simply do an addition (convert expires_in in milliseconds first then add it to created), and compare the result to Date.now().

@Craaftx Craaftx Feb 28, 2018

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I transform TimeStamp into Date for be able to use .setSeconds() and .getSeconds() methods.

But you're right, I can do that to use only TimeStamp:

const aDate = a.created + (a.expires_in*1000);
if(aDate > new Date().getTime()) {
    access = a;
    return true;
}

But if the database don't return TimeStamp it failed.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But if the database don't return TimeStamp it failed.

this should not happen.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and I think new Date().getTime() == Date.now()

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The database stores the "created" attribute in DateTime format, which normally returns the date in ISO format , but we have seen that the database can return TimeStamp in some case. So I decided to turn all the variables in Date to avoid bugs.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It has since been fixed in zoapp-core 0.7.0.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So you're supposed to change this code to only deal with unix time since that's what zoapp-core returns. The database stores the dates correctly, and it also returns them correctly. It is zoapp-core that converts them to unix time values and we should now assume that these values will always be unix time values.

@willdurand willdurand dismissed their stale review February 28, 2018 16:47

wrong review

Comment thread .gitignore Outdated
lib
*.DS_Store
config
test/config

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tests wont pass if you do not provide a configuration.

@Craaftx

Craaftx commented Mar 1, 2018

Copy link
Copy Markdown
Author

Now, we need a config.js file for the test files, we use it to avoid sharing sensitive data by mistake.

Here is an exemple for config.js :

const config = {
  database: {
    datatype: "mysql",
    host: "",
    name: "",
    user: "",
    password: "",
    charset: "utf8mb4",
    version: "2",
  },
  api: {
    endpoint: "/api",
    version: "1",
    port: 8081,
  },
  auth: {
    endpoint: "/auth",
    version: "1",
    port: 8085,
  },
};

export default () => config;

@willdurand

Copy link
Copy Markdown
Contributor

@Craaftx how do you expect Travis CI to run the test suite without a configuration file? Please add a configuration file for the test suite as done here: https://github.com/Zoapp/core/blob/master/tests/test-config.js.

Comment thread test/config.js Outdated
},
};

export default () => config;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You dont need to do that. export the config object on line 1 insteaad:

export const config = {
};

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For this it's requested by EsLint :
[eslint] Prefer default export. (import/prefer-default-export)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can export default { your config object here }; or disable this rule for this file.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I try that

Comment thread test/test2.zoauthServer.js Outdated
datatype: testConfig().database.datatype,
host: testConfig().database.host,
name: testConfig().database.name,
user: testConfig().database.user,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do not use a function here. also, if you have the same config object in the other file, why are you creating a new config object here? can't you just use the same?

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're true, i change that

Comment thread src/model/index.js Outdated
access = a;
return true;
const aDate = new Date(a.created);
aDate.setSeconds(aDate.getSeconds() + a.expires_in);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So you're supposed to change this code to only deal with unix time since that's what zoapp-core returns. The database stores the dates correctly, and it also returns them correctly. It is zoapp-core that converts them to unix time values and we should now assume that these values will always be unix time values.

Comment thread test/config.js Outdated
endpoint: "/auth",
};

export default () => config;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

export the config object directly as default or name your export and ignore the eslint rule, but do not return an anonymous function as a default export.

Comment thread test/test3.zoauthRouter.js Outdated
const mysqlConfig = testConfig();

if (Object.prototype.hasOwnProperty.call(testConfig().database, "password")) {
mysqlConfig.database.password = testConfig().database.password;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are you trying to achieve here?

Comment thread src/model/index.js Outdated
if (a.access_token === accessToken) {
access = a;
return true;
const aDate = a.created + (a.expires_in * 1000);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aDate could be name differently

@willdurand

Copy link
Copy Markdown
Contributor

@Craaftx good job, now you should squash your commits.

@Craaftx Craaftx force-pushed the token_support branch 4 times, most recently from 5c5a9a8 to 1834661 Compare March 2, 2018 10:05
willdurand
willdurand previously approved these changes Mar 2, 2018
mikbry
mikbry previously approved these changes Mar 2, 2018
Comment thread src/zoauthServer.js
async requestGrantTypeClientCredential(clientId, clientSecret) {
const response = {};
response.result = { error: "Function Empty" };
return response;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

return {
  result: {
    error: "error message",
  },
};

@Craaftx

Craaftx commented Mar 3, 2018

Copy link
Copy Markdown
Author

But i don't know why continuous-integration/travis-ci/pr don't pass. Locally all test works

Comment thread src/zoauthServer.js Outdated
response.result = {
access_token: session.access_token,
expires_in: session.expires_in,
refresh_token: refreshToken,

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just see my mistake..
This result in that :

{ 
access_token: 'kYh57bSsGATo5IVyrba00SsRlozJa1sNfPSi1XsRHm9O5aad',
expires_in: 3600,
refresh_token: 
Promise {
     { refresh_token: 'xjj50ueS7FpG41OTXVnkSkofEEqNHG1T',
     refresh_expires_in: 'U2PkE8w8k2gtYF6i8yVAIElD2QTZFwsq',
     refresh_created: 1520525458550 } },
scope: 'default'
}

@Craaftx

Craaftx commented Mar 16, 2018

Copy link
Copy Markdown
Author

We plan to put aside the client_credentials Grant type, and focus on the password and refresh_token Grant type.

@Craaftx

Craaftx commented Mar 22, 2018

Copy link
Copy Markdown
Author

Grant_Type refresh_token supported

@willdurand willdurand dismissed stale reviews from mikbry and themself March 23, 2018 10:43

code has changed

Craaftx added 6 commits March 23, 2018 12:09
Add access_token expiration support

Squash commit

Fix Trailing spaces on src/model/index.js

Delete "return false;" on src/model/index.js

Add a config file for testing and add generateRefreshToken()

generateRefreshToken() return a base(32) token

Add default test/config.js

Add "No Password" Support

Re-Add test/config.js

Change config.js and use of config.js

Change on validateAccessToken() and improve config.js use

change aDate var name to expirationDate and add refreshTokenExpiration var
@willdurand willdurand self-requested a review March 29, 2018 20:46
@willdurand

Copy link
Copy Markdown
Contributor

Is it still WIP?

@willdurand willdurand left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks quite OK, I dont know much about what should be done here but if it works as intended, I'd say let's merge it.

@Craaftx

Craaftx commented Apr 9, 2018

Copy link
Copy Markdown
Author

This used to add refresh_token support on ZoAuth server. I just needed your review so if you are Ok we can merge.

@Craaftx Craaftx changed the title [WIP] Changes on ACCESS_TOKEN and implements REFRESH_TOKEN Changes on ACCESS_TOKEN and implements REFRESH_TOKEN Apr 9, 2018
@willdurand

Copy link
Copy Markdown
Contributor

go ahead. ping @mikbry

@mikbry mikbry left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Create a constants.js and put in GRANT_TYPE_PASSWORD and GRANT_TYPE_REFRESH_TOKEN and modify according zoauthServer.js and index.js

Comment thread src/zoauthServer.js Outdated
const GRANT_TYPE_PASSWORD = "password";
const GRANT_TYPE_REFRESH_TOKEN = "refresh_token";
const GRANT_TYPE_PASSWORD = constants.grant_type.password;
const GRANT_TYPE_REFRESH_TOKEN = constants.grant_type.refresh_token;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I dont think that's what @mikbry asked. Your constants were OK, just put them as is in the constants.js file.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like this ?

export const constants = {
  GRANT_TYPE_PASSWORD: "password",
  GRANT_TYPE_REFRESH_TOKEN: "refresh_token",
};

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no, lik:

export const GRANT_TYPE_PASSWORD = "password";

@mikbry

mikbry commented Apr 30, 2018

Copy link
Copy Markdown

What is the status of this PR ?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants