Merge pull request '#6264 - renewToken' (!1824) from 6264-renewToken into dev

Reviewed-on: #1824
Reviewed-by: Javi Gallego <jgallego@verdnatura.es>
Reviewed-by: Alex Moreno <alexm@verdnatura.es>
Reviewed-by: Juan Ferrer <juan@verdnatura.es>

back/methods/vn-user/renew-token.js

@@ -1,5 +1,14 @@
 const UserError = require('vn-loopback/util/user-error');
+const {models} = require('vn-loopback/server/server');
 
+const handlePromiseLogout = (Self, {id}, courtesyTime) => {
+    new Promise(res => {
+        setTimeout(() => {
+            res(Self.logout(id));
+        }
+        , courtesyTime * 1000);
+    });
+};
 module.exports = Self => {
     Self.remoteMethodCtx('renewToken', {
         description: 'Checks if the token has more than renewPeriod seconds to live and if so, renews it',
@@ -16,23 +25,32 @@ module.exports = Self => {
     });
 
     Self.renewToken = async function(ctx) {
-        const models = Self.app.models;
+        const {accessToken: token} = ctx.req;
-        const token = ctx.req.accessToken;
 
-        const now = new Date();
+        // Check if current token is valid
-        const differenceMilliseconds = now - token.created;
+        const isValid = await validateToken(token);
-        const differenceSeconds = Math.floor(differenceMilliseconds / 1000);
+        if (isValid)
+            return token;
 
-        const fields = ['renewPeriod', 'courtesyTime'];
+        const {courtesyTime} = await models.AccessTokenConfig.findOne({fields: ['courtesyTime']});
-        const accessTokenConfig = await models.AccessTokenConfig.findOne({fields});
 
-        if (differenceSeconds < accessTokenConfig.renewPeriod - accessTokenConfig.courtesyTime)
+        // Schedule to remove current token
-            throw new UserError(`The renew period has not been exceeded`, 'periodNotExceeded');
+        handlePromiseLogout(Self, token, courtesyTime);
 
-        await Self.logout(token.id);
+        // Create new accessToken
         const user = await Self.findById(token.userId);
         const accessToken = await user.createAccessToken();
 
         return {id: accessToken.id, ttl: accessToken.ttl};
     };
+
+    async function validateToken(token) {
+        const accessTokenConfig = await models.AccessTokenConfig.findOne({fields: ['renewPeriod', 'courtesyTime']});
+        const now = Date.now();
+        const differenceMilliseconds = now - token.created;
+        const differenceSeconds = Math.floor(differenceMilliseconds / 1000);
+        const isValid = differenceSeconds < accessTokenConfig.renewPeriod - accessTokenConfig.courtesyTime;
+
+        return isValid;
+    }
 };

back/methods/vn-user/specs/renew-token.spec.js

@@ -0,0 +1,49 @@
+const {models} = require('vn-loopback/server/server');
+describe('Renew Token', () => {
+    const startingTime = Date.now();
+    let ctx = null;
+    beforeAll(async() => {
+        const unAuthCtx = {
+            req: {
+                headers: {},
+                connection: {
+                    remoteAddress: '127.0.0.1'
+                },
+                getLocale: () => 'en'
+            },
+            args: {}
+        };
+        let login = await models.VnUser.signIn(unAuthCtx, 'salesAssistant', 'nightmare');
+        let accessToken = await models.AccessToken.findById(login.token);
+        ctx = {req: {accessToken: accessToken}};
+    });
+
+    beforeEach(() => {
+        jasmine.clock().install();
+        jasmine.clock().mockDate(new Date(startingTime));
+    });
+
+    afterEach(() => {
+        jasmine.clock().uninstall();
+    });
+
+    it('should renew process', async() => {
+        jasmine.clock().mockDate(new Date(startingTime + 21600000));
+        const {id} = await models.VnUser.renewToken(ctx);
+
+        expect(id).not.toEqual(ctx.req.accessToken.id);
+    });
+
+    it('NOT should renew', async() => {
+        let error;
+        let response;
+        try {
+            response = await models.VnUser.renewToken(ctx);
+        } catch (e) {
+            error = e;
+        }
+
+        expect(error).toBeUndefined();
+        expect(response.id).toEqual(ctx.req.accessToken.id);
+    });
+});

back/methods/vn-user/validate-token.js

@@ -1,17 +0,0 @@
-module.exports = Self => {
-    Self.remoteMethod('validateToken', {
-        description: 'Validates the current logged user token',
-        returns: {
-            type: 'Boolean',
-            root: true
-        },
-        http: {
-            path: `/validateToken`,
-            verb: 'GET'
-        }
-    });
-
-    Self.validateToken = async function() {
-        return true;
-    };
-};

back/models/vn-user.js

@@ -10,7 +10,6 @@ module.exports = function(Self) {
     require('../methods/vn-user/sign-in')(Self);
     require('../methods/vn-user/acl')(Self);
     require('../methods/vn-user/recover-password')(Self);
-    require('../methods/vn-user/validate-token')(Self);
     require('../methods/vn-user/privileges')(Self);
     require('../methods/vn-user/validate-auth')(Self);
     require('../methods/vn-user/renew-token')(Self);

back/models/vn-user.json

@@ -102,13 +102,6 @@
             "principalType": "ROLE",
             "principalId": "$everyone",
             "permission": "ALLOW"
-        },
-		{
-            "property": "validateToken",
-			"accessType": "EXECUTE",
-			"principalType": "ROLE",
-			"principalId": "$authenticated",
-			"permission": "ALLOW"
         },
 		{
             "property": "validateAuth",

db/changes/234601/00-updateCourtesyTime.sql

@@ -0,0 +1,4 @@
+--  Auto-generated SQL script #202311061003
+UPDATE salix.accessTokenConfig
+	SET courtesyTime=60
+	WHERE id=1;

db/dump/fixtures.sql

@@ -2967,9 +2967,9 @@ INSERT INTO `vn`.`wagonTypeTray` (`id`, `typeFk`, `height`, `colorFk`)
         (2, 1, 50, 2),
         (3, 1, 0, 3);
 
-INSERT INTO `salix`.`accessTokenConfig` (`id`, `renewPeriod`, `renewInterval`)
+INSERT INTO `salix`.`accessTokenConfig` (`id`, `renewPeriod`, `courtesyTime`, `renewInterval`)
     VALUES
-        (1, 21600, 300);
+        (1, 21600, 60, 300);
 
 INSERT INTO `vn`.`travelConfig` (`id`, `warehouseInFk`, `warehouseOutFk`, `agencyFk`, `companyFk`)
     VALUES

front/core/services/token.js

@@ -82,7 +82,7 @@ export default class Token {
             if (!data) return;
             this.renewPeriod = data.renewPeriod;
             this.stopRenewer();
-            this.inservalId = setInterval(() => this.checkValidity(), data.renewInterval * 1000);
+            this.intervalId = setInterval(() => this.checkValidity(), data.renewInterval * 1000);
         });
     }
 
@@ -103,17 +103,13 @@ export default class Token {
                 const token = res.data;
                 this.set(token.id, now, token.ttl, this.remember);
             })
-            .catch(res => {
-                if (res.data?.error?.code !== 'periodNotExceeded')
-                    throw res;
-            })
             .finally(() => {
                 this.checking = false;
             });
     }
 
     stopRenewer() {
-        clearInterval(this.inservalId);
+        clearInterval(this.intervalId);
     }
 }
 Token.$inject = ['vnInterceptor', '$http', '$rootScope'];

loopback/server/boot/date.js

@@ -1,6 +1,5 @@
 module.exports = () => {
-    Date.vnUTC = () => {
+    Date.vnUTC = (env = process.env.NODE_ENV) => {
-        const env = process.env.NODE_ENV;
         if (!env || env === 'development')
             return new Date(Date.UTC(2001, 0, 1, 11));
 

modules/account/back/methods/account/specs/change-password.spec.js

@@ -2,7 +2,7 @@ const {models} = require('vn-loopback/server/server');
 
 describe('account changePassword()', () => {
     const userId = 70;
-    const unauthCtx = {
+    const unAuthCtx = {
         req: {
             headers: {},
             connection: {
@@ -79,7 +79,7 @@ describe('account changePassword()', () => {
                         passExpired: yesterday
                     }
                     , options);
-                await models.VnUser.signIn(unauthCtx, 'trainee', 'nightmare', options);
+                await models.VnUser.signIn(unAuthCtx, 'trainee', 'nightmare', options);
             } catch (e) {
                 if (e.message != 'Pass expired')
                     throw e;