commercetools · hisabimbola · Aug 21, 2017 · Aug 14, 2017 · Aug 15, 2017 · Aug 17, 2017
diff --git a/docs/sdk/api/sdkMiddlewareAuth.md b/docs/sdk/api/sdkMiddlewareAuth.md
@@ -49,3 +49,43 @@ const client = createClient({
   ],
 })
 ```
+
+## `createAuthMiddlewareForPasswordFlow(options)`
+
+Creates a [middleware](/sdk/Glossary.md#middleware) to handle authentication for the [Password Flow](http://dev.commercetools.com/http-api-authorization.html#password-flow) of the commercetools platform API.
+
+#### Named arguments (options)
+
+1. `host` *(String)*: the host of the OAuth API service
+2. `projectKey` *(String)*: the key of the project to assign the default scope to
+3. `credentials` *(Object)*: the client credentials for authentication (`clientId`, `clientSecret`)
+4. `scopes` *(Array)*: a list of [scopes](http://dev.commercetools.com/http-api-authorization.html#scopes) to assign to the OAuth token. _No default scope is sent_
+
+
+#### Usage example
+
+```js
+import { createClient } from '@commercetools/sdk-client'
+import { createAuthMiddlewareForPasswordFlow } from '@commercetools/sdk-middleware-auth'
+
+const client = createClient({
+  middlewares: [
+    createAuthMiddlewareForPasswordFlow({
+      host: 'https://auth.commercetools.com',
+      projectKey: 'test',
+      credentials: {
+        clientId: '123',
+        clientSecret: 'secret',
+        user: {
+          username: string;
+          password: string;
+        }
+      },
+      scopes: [
+        'view_products:test',
+        'manage_orders:test',
+      ],
+    }),
+  ],
+})
+```
diff --git a/integration-tests/sdk/customer-login.it.js b/integration-tests/sdk/customer-login.it.js
@@ -0,0 +1,70 @@
+import { createClient } from '@commercetools/sdk-client'
+import { getCredentials } from '@commercetools/get-credentials'
+import {
+  createAuthMiddlewareForPasswordFlow,
+} from '@commercetools/sdk-middleware-auth'
+import {
+  createHttpMiddleware,
+} from '@commercetools/sdk-middleware-http'
+import { clearData, createData } from './../cli/helpers/utils'
+
+let projectKey
+if (process.env.CI === 'true')
+  projectKey = 'customers-login-integration-test'
+else
+  projectKey = process.env.npm_config_projectkey
+
+describe('Customer Login', () => {
+  const httpMiddleware = createHttpMiddleware({
+    host: 'https://api.sphere.io',
+  })
+  let apiConfig
+  const userEmail = `abi${Date.now()}@commercetooler.com`
+  const userPassword = 'asdifficultaspossible'
+  beforeAll(() => getCredentials(projectKey)
+    .then((credentials) => {
+      apiConfig = {
+        host: 'https://auth.sphere.io',
+        apiUrl: 'https://api.sphere.io',
+        projectKey,
+        credentials: {
+          clientId: credentials.clientId,
+          clientSecret: credentials.clientSecret,
+        },
+      }
+    })
+    .then(() => clearData(apiConfig, 'customers'))
+    .then(() => createData(apiConfig, 'customers', [{
+      email: userEmail,
+      password: userPassword,
+    }])),
+  )
+  afterAll(() => clearData(apiConfig, 'customers'))
+  it('should log customer and fetch customer profile', () => {
+    const userConfig = {
+      ...apiConfig,
+      ...{ scopes: [ `manage_project:${projectKey}` ] },
+      ...{ credentials: {
+        clientId: apiConfig.credentials.clientId,
+        clientSecret: apiConfig.credentials.clientSecret,
+        user: {
+          username: userEmail,
+          password: userPassword,
+        },
+      } },
+    }
+    const client = createClient({
+      middlewares: [
+        createAuthMiddlewareForPasswordFlow(userConfig),
+        httpMiddleware,
+      ],
+    })
+    return client.execute({
+      uri: `/${projectKey}/me`,
+      method: 'GET',
+    }).then((response) => {
+      const user = response.body
+      expect(user).toHaveProperty('email', userEmail)
+    })
+  })
+})
diff --git a/packages/sdk-middleware-auth/src/base-auth-flow.js b/packages/sdk-middleware-auth/src/base-auth-flow.js
@@ -0,0 +1,133 @@
+/* @flow */
+import type {
+  MiddlewareRequest,
+  Next,
+  Task,
+  AuthMiddlewareBaseOptions,
+} from 'types/sdk'
+
+/* global fetch */
+import 'isomorphic-fetch'
+
+
+export default function authMiddlewareBase ({
+    request,
+    response,
+    url,
+    basicAuth,
+    body,
+    pendingTasks,
+    requestState,
+    tokenCache,
+  }: AuthMiddlewareBaseOptions,
+  next: Next,
+) {
+  // Check if there is already a `Authorization` header in the request.
+  // If so, then go directly to the next middleware.
+  if (
+    (request.headers && request.headers['authorization']) ||
+    (request.headers && request.headers['Authorization'])
+  ) {
+    next(request, response)
+    return
+  }
+
+  // If there was a token in the tokenCache, and it's not expired, append
+  // the token in the `Authorization` header.
+  const tokenObj = tokenCache.get()
+  if (tokenObj && tokenObj.token && Date.now() < tokenObj.expirationTime) {
+    const requestWithAuth = mergeAuthHeader(tokenObj.token, request)
+    next(requestWithAuth, response)
+    return
+  }
+  // Token is not present or is invalid. Request a new token...
+
+  // Keep pending tasks until a token is fetched
+  pendingTasks.push({ request, response })
+
+  // If a token is currently being fetched, just wait ;)
+  if (requestState.get()) return
+
+  // Mark that a token is being fetched
+  requestState.set(true)
+
+  fetch(
+    url,
+    {
+      method: 'POST',
+      headers: {
+        Authorization: `Basic ${basicAuth}`,
+        'Content-Length': Buffer.byteLength(body).toString(),
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body,
+    },
+  )
+  .then((res: Response): Promise<*> => {
+    if (res.ok)
+      return res.json()
+        .then((result: Object) => {
+          const token = result.access_token
+          const expiresIn = result.expires_in
+          const expirationTime = calculateExpirationTime(expiresIn)
+
+          // Cache new token
+          tokenCache.set({ token, expirationTime })
+
+          // Dispatch all pending requests
+          requestState.set(false)
+
+          // Freeze and copy pending queue, reset original one for accepting
+          // new pending tasks
+          const executionQueue = pendingTasks.slice()
+          // eslint-disable-next-line no-param-reassign
+          pendingTasks = []
+          executionQueue.forEach((task: Task) => {
+            // Assign the new token in the request header
+            const requestWithAuth = mergeAuthHeader(token, task.request)
+            // console.log('test', cache, pendingTasks)
+            next(requestWithAuth, task.response)
+          })
+        })
+
+    // Handle error response
+    return res.text()
+    .then((text: any) => {
+      let parsed
+      try {
+        parsed = JSON.parse(text)
+      } catch (error) {
+        /* noop */
+      }
+      const error: Object = new Error(parsed ? parsed.message : text)
+      if (parsed) error.body = parsed
+      response.reject(error)
+    })
+  })
+  .catch((error: Error) => {
+    response.reject(error)
+  })
+}
+
+function mergeAuthHeader (
+  token: string,
+  req: MiddlewareRequest,
+): MiddlewareRequest {
+  return {
+    ...req,
+    headers: {
+      ...req.headers,
+      Authorization: `Bearer ${token}`,
+    },
+  }
+}
+
+function calculateExpirationTime (expiresIn: number): number {
+  return (
+    Date.now() +
+    (expiresIn * 1000)
+  ) - (
+    // Add a gap of 2 hours before expiration time.
+    2 * 60 * 60 * 1000
+  )
+}
diff --git a/packages/sdk-middleware-auth/src/build-requests.js b/packages/sdk-middleware-auth/src/build-requests.js
@@ -1,5 +1,8 @@
 /* @flow */
-import type { AuthMiddlewareOptions } from 'types/sdk'
+import type {
+  AuthMiddlewareOptions,
+  PasswordAuthMiddlewareOptions,
+} from 'types/sdk'
 import * as authScopes from './scopes'
 
 type BuiltRequestParams = {
@@ -43,8 +46,48 @@ export function buildRequestForClientCredentialsFlow (
   return { basicAuth, url, body }
 }
 
-export function buildRequestForPasswordFlow () {
-  // TODO
+export function buildRequestForPasswordFlow (
+  options: PasswordAuthMiddlewareOptions,
+): BuiltRequestParams {
+  if (!options)
+    throw new Error('Missing required options')
+
+  if (!options.host)
+    throw new Error('Missing required option (host)')
+
+  if (!options.projectKey)
+    throw new Error('Missing required option (projectKey)')
+
+  if (!options.credentials)
+    throw new Error('Missing required option (credentials)')
+
+  const {
+    clientId,
+    clientSecret,
+    user,
+  } = options.credentials
+  const pKey = options.projectKey
+  if (!(clientId && clientSecret && user))
+    throw new Error(
+      'Missing required credentials (clientId, clientSecret, user)',
+    )
+  const { username, password } = user
+  if (!(username && password))
+    throw new Error('Missing required user credentials (username, password)')
+
+  const scope = (options.scopes || []).join(' ')
+  const scopeStr = scope ? `&scope=${scope}` : ''
+
+
+  const basicAuth = new Buffer(`${clientId}:${clientSecret}`).toString('base64')
+  // This is mostly useful for internal testing purposes to be able to check
+  // other oauth endpoints.
+  const oauthUri = options.oauthUri || `/oauth/${pKey}/customers/token`
+  const url = options.host.replace(/\/$/, '') + oauthUri
+  // eslint-disable-next-line max-len
+  const body = `grant_type=password&username=${username}&password=${password}${scopeStr}`
+
+  return { basicAuth, url, body }
 }
 
 export function buildRequestForRefreshTokenFlow () {