212 password flow #281
212 password flow #281
Conversation
affects: @commercetools/sdk-middleware-auth
affects: @commercetools/sdk-middleware-auth ISSUES CLOSED: #212
affects: @commercetools/sdk-middleware-auth
affects: @commercetools/sdk-middleware-auth
affects: @commercetools/sdk-middleware-auth
Codecov Report
@@ Coverage Diff @@
## master #281 +/- ##
==========================================
+ Coverage 97.74% 97.92% +0.17%
==========================================
Files 70 72 +2
Lines 1555 1590 +35
Branches 341 350 +9
==========================================
+ Hits 1520 1557 +37
+ Misses 29 27 -2
Partials 6 6
Continue to review full report at Codecov.
|
affects: @commercetools/sdk-middleware-auth
| }, | ||
| scopes: allScopes, | ||
| ...options, | ||
| } | ||
| } | ||
|
|
||
| describe('buildRequestForPasswordFlow', () => { | ||
| const body = `grant_type=password&scope=${allScopes.join(' ')}\ |
| expect(request).toEqual(actualParams.request) | ||
| expect(response).toEqual(actualParams.response) | ||
| expect(response).toEqual(actualParams.response) | ||
| expect([]).toEqual(actualParams.pendingTasks) |
There was a problem hiding this comment.
turn this around.
expect(pendingTasks).toEqual([])
There was a problem hiding this comment.
Yeah, my bad...wondering what I was thinking... 😃
| expect(response).toEqual(actualParams.response) | ||
| expect([]).toEqual(actualParams.pendingTasks) | ||
| expect( | ||
| 'https://auth.commercetools.co/oauth/foo/token/customers/token', |
There was a problem hiding this comment.
No need for oneLineTrim here. Could not see how it will make this better.
| expect(request).toEqual(actualParams.request) | ||
| expect(response).toEqual(actualParams.response) | ||
| expect(response).toEqual(actualParams.response) | ||
| expect([]).toEqual(actualParams.pendingTasks) |
There was a problem hiding this comment.
same here... you should turn it around
| expect( | ||
| 'https://auth.commercetools.co/oauth/token', | ||
| ).toBe(actualParams.url) | ||
| expect('MTIzOnNlY3JldA==').toBe(actualParams.basicAuth) |
| const middlewareOptions = createTestMiddlewareOptions() | ||
| let requestCount = 0 | ||
| nock(middlewareOptions.host) | ||
| .persist() // <-- use the same interceptor for all requests |
affects: @commercetools/sdk-middleware-auth
affects: @commercetools/sdk-middleware-auth
| token: string; | ||
| expirationTime: number; | ||
| } | ||
| type AuthMiddlewareBaseOptions = { |
There was a problem hiding this comment.
Would it not be better to add the type-declarations in the types folder and import?
There was a problem hiding this comment.
It's only used here, hence the reason but yeah can be refactored to the types folder
| user, | ||
| } = options.credentials | ||
| const pKey = options.projectKey | ||
| if (!(clientId && clientSecret && user)) |
There was a problem hiding this comment.
For better handling, this could be checked one after the other
There was a problem hiding this comment.
Can you explain what you mean by "better handling"?
There was a problem hiding this comment.
"Better usability"
If I have the clientIdand clientSecret but no user, it still throws with the same error:
Missing required credentials (clientId, clientSecret, user)
There was a problem hiding this comment.
Yeah, all is at the same level else we can as well begin to validate each field, and that won't make too much sense.
That's why I am validating clientId and clientSecret and user on a level, and user.username and user.password on another level.
That's my thinking
| } | ||
| const next = (actualParams) => { | ||
| expect(actualParams.request).toEqual(actualParams.request) | ||
| expect(actualParams.response).toEqual(actualParams.response) |
| ) | ||
| expect('MTIzOnNlY3JldA==').toBe(actualParams.basicAuth) |
| 'This function should never be called, the response was rejected', | ||
| const next = (actualParams) => { | ||
| expect(actualParams.request).toEqual(actualParams.request) | ||
| expect(actualParams.response).toEqual(actualParams.response) |
| clientSecret, | ||
| user, | ||
| } = options.credentials | ||
| const pKey = options.projectKey |
There was a problem hiding this comment.
shorter var names to avoid eslint error and unnecessary multiline
I think it's a good trade off 🤷♂️
affects: @commercetools/sdk-middleware-auth
affects: @commercetools/sdk-middleware-auth
| // If so, then go directly to the next middleware. | ||
| if ( | ||
| (request.headers && request.headers['authorization']) || | ||
| (request.headers && request.headers['Authorization']) |
There was a problem hiding this comment.
why are you covering both?
isn't it better to go for one of them and allow the other to fail?
There was a problem hiding this comment.
Because it's can be an issue that occurred from the http module used when fetching OAuth token from the API
| const request = createTestRequest() | ||
| const next = (req /* , res */) => { | ||
| expect(req).toEqual({ | ||
| ...request, |
There was a problem hiding this comment.
Why are you setting this up via createTestRequest?
const request = createTestRequest({
headers: {
Authorizaton: 'Bearer xxx'
}
})There was a problem hiding this comment.
to make the code more DRY
| const oauthUri = options.oauthUri || `/oauth/${pKey}/customers/token` | ||
| const url = options.host.replace(/\/$/, '') + oauthUri | ||
| // eslint-disable-next-line max-len | ||
| const body = `grant_type=password&username=${username}&password=${password}${scopeStr}` |
There was a problem hiding this comment.
I thought we were moving towards using oneLineTrim,
one good thing about it is that it increases readability which this line doesn't offer. please change that
There was a problem hiding this comment.
Since this is in the main code (that is being used in the browser also), I don't think it make sense to add a new module to the build just to trim new line.
Not a valid trade off from my point of view.
| const request = createTestRequest() | ||
| const next = (req /* , res */) => { | ||
| expect(req).toEqual({ | ||
| ...request, |
affects: @commercetools/sdk-middleware-auth
affects: @commercetools/sdk-middleware-auth ISSUES CLOSED: #212
Summary
Fixes #212
Description
Todo