refactoring code and improving order of operations for refreshSession

Patrick Brandt · Patrick Brandt · commit ac6b038476d5 · 2016-11-17T15:03:39.000-05:00
diff --git a/lambda_functions/deleteSession/deleteSession.js b/lambda_functions/deleteSession/deleteSession.js
@@ -21,5 +21,5 @@ module.exports = function(event, context, cb) {
     .catch(err => {
         log.error(log);
         cb(null, response.genericError());
-    })
+    });
 };
diff --git a/lambda_functions/deleteSession/deleteSession.test.js b/lambda_functions/deleteSession/deleteSession.test.js
@@ -16,7 +16,7 @@ describe('deleteSession', function() {
         this.deleteSession = proxyquire('./deleteSession', {
             '../../lib/log': testHelper.mockLog,
             '../../lib/db': this.dbMock
-        })
+        });
     });
 
     afterEach(function() {
@@ -30,7 +30,7 @@ describe('deleteSession', function() {
             let body = JSON.parse(data.body);
             testHelper.check(done, () => {
                 assert(this.dbMock.deleteTokens.calledOnce, 'db.deleteTokens must be called');
-                assert(this.dbMock.deleteTokens.calledWith(rt))
+                assert(this.dbMock.deleteTokens.calledWith(rt));
                 expect(err).is.null;
                 expect(data.statusCode).to.equal(200);
                 expect(body.message).to.equal('session ended');
diff --git a/lambda_functions/refreshSession/refreshSession.js b/lambda_functions/refreshSession/refreshSession.js
@@ -9,6 +9,7 @@ var token = require('../../lib/token');
 var authorization = require('../../lib/authorization');
 var constants = require('../../lib/constants');
 var config = require(`../../config/${process.env.NODE_ENV}.json`);
+var bb = require('bluebird');
 
 module.exports = function(event, context, cb) {
     let body = JSON.parse(event.body);
@@ -28,6 +29,82 @@ module.exports = function(event, context, cb) {
         }));
     }
 
+    token.parseAuthorizationHeader(event.headers.Authorization)
+        .then(parsedToken => {
+            bb.join(token.getTimeRemaining(parsedToken, secret), 
+                token.getTimeRemaining(body.refresh_token, secret), 
+                (at_timeRemaining, rt_timeRemaining) => {
+                    return {
+                        at_timeRemaining: at_timeRemaining,
+                        rt_timeRemaining: rt_timeRemaining
+                    }
+                })
+                .then(times => {
+                    db.getTokens(body.refresh_token)
+                        .then(item => {                                            
+                            if (!item) {
+                                return cb(null, response.create(401, {
+                                    message: 'session no longer exists'
+                                }));
+                            }
+
+                            if(!times.rt_timeRemaining) {
+                                log.info(`expired refresh_token: ${body.refresh_token}`);
+                                return cb(null, response.create(401, {
+                                    message: 'refresh_token is expired'
+                                }));
+                            }
+
+                            if(parsedToken !== item.AccessToken) {
+                                return cb(null, response.create(401, {
+                                    message: 'can only refresh most recently expired access token'
+                                }));
+                            }
+
+                            if(times.at_timeRemaining) {
+                                return cb(null, response.create(200,
+                                {   
+                                    access_token: parsedToken,
+                                    refresh_token: body.refresh_token,
+                                    access_token_expires_in: times.at_timeRemaining
+                                }));
+                            }
+
+                            let userId = jwt.decode(body.refresh_token).sub;
+                            let access_token = token.createAccessToken(userId, clientId, event.requestContext.apiId, config.AccessTokenExpiration);
+                            db.saveTokens(body.refresh_token, access_token, userId, clientId)
+                                .then(() => {
+                                    return cb(null, response.create(200,
+                                    {   
+                                        access_token: access_token,
+                                        refresh_token: body.refresh_token,
+                                        access_token_expires_in: jwt.decode(access_token).exp - Math.floor(Date.now() / 1000)
+                                    }));
+                                })
+                                .catch(err => {
+                                    log.error(err);
+                                    return cb(null, response.genericError());
+                                });
+                        })
+                        .catch(err => {
+                            log.error(err);
+                            return cb(null, response.genericError());
+                        });
+                })
+                .catch(err => {
+                    log.error(err);
+                    return cb(null, response.genericError());
+                });
+        })
+        .catch(err => {
+            log.error(err);
+            cb(null, response.create(500,
+            {
+                name: err.name,
+                message: err.message
+            }));
+        });
+/*
     //TODO: nested promises need some cleanup - maybe bluebird:
     //Promise.join(token.getTimeRemaining(parsedToken, secret), token.getTimeRemaining(body.refresh_token, secret),
     //          (at_timeRemaining, rt_timeRemaining) => { })
@@ -109,4 +186,5 @@ module.exports = function(event, context, cb) {
                 message: err.message
             }));
         });
+*/
 };
diff --git a/lambda_functions/refreshSession/refreshSession.test.js b/lambda_functions/refreshSession/refreshSession.test.js
@@ -31,6 +31,26 @@ describe('refreshSession', function() {
             return event;
         };
 
+        this.createDbMock = (event) => {
+            let access_token = event.headers[constants.AUTHORIZATION_HEADER].split(' ')[1];
+            let eventBody = JSON.parse(event.body);  
+            let refresh_token = eventBody.refresh_token;
+            let dbMock = {
+                getTokens: () => Promise.resolve({
+                    AccessToken: access_token,
+                    IssuedAt: jwt.decode(refresh_token).iat,
+                    SessionCreatedAt: jwt.decode(refresh_token).iat,
+                    ExpiresAt: jwt.decode(refresh_token).exp,
+                    ClientId: this.clientId,
+                    RefreshToken: refresh_token,
+                    PrincipalId: this.userId
+                }),
+                saveTokens: () => Promise.resolve()
+            };
+
+            return dbMock;
+        }
+
         this.refreshToken = (dbMock) => { 
             return proxyquire('./refreshSession', {
                 '../../lib/log': testHelper.mockLog,
@@ -47,7 +67,7 @@ describe('refreshSession', function() {
         let event = this.createEvent(true, true);
         let eventBody = JSON.parse(event.body);
         let access_token = event.headers[constants.AUTHORIZATION_HEADER].split(' ')[1];
-        this.refreshToken()(event, {}, (err, data) => {
+        this.refreshToken(this.createDbMock(event))(event, {}, (err, data) => {
             let body = JSON.parse(data.body);
             testHelper.check(done, () => {
                 expect(err).to.be.null;
@@ -61,23 +81,10 @@ describe('refreshSession', function() {
 
     it('should create new access_token if current access_token is expired', function(done) {        
         let event = this.createEvent(false, true);
-        let eventBody = JSON.parse(event.body);        
+        let eventBody = JSON.parse(event.body);
         let access_token = event.headers[constants.AUTHORIZATION_HEADER].split(' ')[1];
-        let refresh_token = eventBody.refresh_token;
-        let dbMock = {
-            getTokens: () => Promise.resolve({
-                AccessToken: access_token,
-                IssuedAt: jwt.decode(refresh_token).iat,
-                SessionCreatedAt: jwt.decode(refresh_token).iat,
-                ExpiresAt: jwt.decode(refresh_token).exp,
-                ClientId: this.clientId,
-                RefreshToken: refresh_token,
-                PrincipalId: this.userId
-            }),
-            saveTokens: () => Promise.resolve()
-        };
 
-        this.refreshToken(dbMock)(event, {}, (err, data) => {
+        this.refreshToken(this.createDbMock(event))(event, {}, (err, data) => {
             let body = JSON.parse(data.body);
             testHelper.check(done, () => {
                 expect(err).to.be.null;
@@ -146,7 +153,7 @@ describe('refreshSession', function() {
 
     it('should return 401 for expired refresh_token', function(done) {
         let event = this.createEvent(false, false);
-        this.refreshToken()(event, {}, (err, data) => {
+        this.refreshToken(this.createDbMock(event))(event, {}, (err, data) => {
             let body = JSON.parse(data.body);
             testHelper.check(done, () => {
                 expect(err).to.be.null;
@@ -168,5 +175,4 @@ describe('refreshSession', function() {
             });
         });
     });
-
 });
diff --git a/lib/db.js b/lib/db.js
@@ -127,8 +127,10 @@ module.exports = {
 
             docClient.get(params, (err, data) => {
                 if (err) return reject(err);
-                let isEmpty = Object.keys(data.Item).length === 0 && data.Item.constructor === Object;
-                resolve(isEmpty ? undefined : data.Item);
+                console.log(`data: ${JSON.stringify(data)}`);
+                //let isEmpty = !data.Item; //Object.keys(data.Item).length === 0 && data.Item.constructor === Object;
+                //resolve(isEmpty ? undefined : data.Item);
+                resolve(data.Item);
             });   
         });   
     },
@@ -140,6 +142,7 @@ module.exports = {
                 };
 
                 docClient.delete(params, (err, data) => {
+                    console.log(`data: ${JSON.stringify(data)}`);
                     if (err) return reject(err);
                     resolve(data);
                 });
diff --git a/package.json b/package.json
@@ -38,6 +38,7 @@
     "yamljs": "^0.2.8"
   },
   "dependencies": {
+    "bluebird": "^3.4.6",
     "bunyan": "^1.8.1",
     "jsonwebtoken": "^7.1.9",
     "node-forge": "^0.6.43",
diff --git a/serverless.yml b/serverless.yml
@@ -79,9 +79,9 @@ functions:
             path: session
             method: DELETE
             authorizer: 
-              name: authorizer
-              resultTtlInSeconds: 3
-              identitySource: method.request.header.Authorization
+              name: clientIdAuthorizer
+              resultTtlInSeconds: 300
+              identitySource: method.request.header.x-koms-clientid
   createUser:
     handler: handler.createUser
     events:
