TokenHandler.js Implement token validator; move OAuthTransferToken de…

…f to top. TokenHandler.test.js Minimal testing of token handler
ORNL · Jan 21, 2025 · ab4b222 · ab4b222
1 parent 5405b66
commit ab4b222
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 10 deletions.
diff --git a/web/services/auth/TokenHandler.js b/web/services/auth/TokenHandler.js
@@ -17,18 +17,58 @@ export default class OAuthTokenHandler {
     #other_tokens_exist = false;
     #token_type;
 
+    /**
+     * @typedef {object} OAuthTransferToken
+     * @property {string} access_token - Access token
+     * @property {string} [refresh_token] - Refresh token
+     * @property {number} expires_in - Integer time in ms until expiration
+     * @property {string} scope - Scope of token
+     */
     /**
      * @param {object} client_token - OAuth token object from which to extract relevant information
-     * @param {object} client_token.data - Raw data object for OAuth token
+     * @param {OAuthTransferToken} client_token.data - Raw data object for OAuth token
      * @param {array} client_token.data.other_tokens - Other OAuth tokens passed with parent, can be empty
      * @param {string} client_token.data.resource_server - Resource server on which OAuth token functions
      */
     constructor(client_token) {
-        // TODO: build validator - confirm existence of required token properties
         this.#client_token = Object.freeze(client_token);
         this.#other_tokens_exist = client_token.data.other_tokens.length > 0;
         this.#token_type = this.#resolveTokenType();
+        this.#validateToken();
+    }
+
+    /**
+     * Validates client token is supported and has required properties
+     */
+    #validateToken() {
+        // TODO: build capability for currently unsupported token types
+        switch (this.#token_type) {
+            case AccessTokenType.GENERIC: {
+                throw new Error("Unsupported token");
+            }
+            case AccessTokenType.GLOBUS: {
+                throw new Error("Unsupported token");
+            }
+            case AccessTokenType.GLOBUS_AUTH: {
+                throw new Error("Unsupported token");
+            }
+            case AccessTokenType.GLOBUS_TRANSFER: {
+                // TODO: confirm existence of required token properties
+                break;
+            }
+            case AccessTokenType.GLOBUS_DEFAULT: {
+                // TODO: confirm existence of required token properties
+                if (!this.#other_tokens_exist) {
+                    throw new Error("Default token handling requires additional transfer tokens in other_tokens field")
+                }
+                break;
+            }
+            case AccessTokenType.ACCESS_SENTINEL: {
+                throw new Error("Invalid state");
+            }
+        }
     }
+
     /** Resolves token type based on a provided resource server
      *
      * @returns {AccessTokenType | number}
@@ -50,7 +90,7 @@ export default class OAuthTokenHandler {
                 break;
             }
             default: {
-                token_type = AccessTokenType.GLOBUS_DEFAULT;
+                token_type = AccessTokenType.GENERIC;
             }
         }
         return token_type;
@@ -68,6 +108,7 @@ export default class OAuthTokenHandler {
         }
         return return_value;
     }
+
     /** OptionalData object
      * @typedef {object} OptionalData
      * @property {AccessTokenType | number} type - The type of token being stored
@@ -111,13 +152,6 @@ export default class OAuthTokenHandler {
         return optional_data;
     }
 
-    /**
-     * @typedef {object} OAuthTransferToken
-     * @property {string} access_token - Access token
-     * @property {string} [refresh_token] - Refresh token
-     * @property {number} expires_in - Integer time in ms until expiration
-     * @property {string} scope - Scope of token
-     */
     /**
      * @returns {OAuthTransferToken} - Appropriate OAuth transfer token depending upon token configuration
      */

diff --git a/web/test/TokenHandler.test.js b/web/test/TokenHandler.test.js
@@ -0,0 +1,23 @@
+import { expect } from "chai";
+import OAuthTokenHandler, { AccessTokenType } from "../services/auth/TokenHandler.js";
+
+describe("OAuthTokenHandler provided unsupported resource server", () => {
+    let test_token;
+    beforeEach(() => {
+        test_token = {
+            data: {
+                resource_server: "test.resource.server",
+                other_tokens: [],
+                access_token: "test.access_token",
+                refresh_token: "test.refresh_token",
+                expires_in: 123456789,
+                scope: "test email",
+            },
+        };
+    });
+    it("should throw an error during construction", () => {
+        expect(() => {
+            const token_handler = new OAuthTokenHandler(test_token);
+        }).to.throw("Unsupported token");
+    });
+});