opendev/gerrit
Code Issues Proposed changes

Convert gr-auth to class and use new API for auth check

Browse Source 
auth-check API is available since: https://gerrit-review.googlesource.com/c/gerrit/+/185990

Change-Id: Icd5e0183ee42e746c32bfd7929af9796ab752627
This commit is contained in:
Tao Zhou
2020-01-09 13:59:45 +01:00
parent a72096e146
commit 4761e3f3d0
10 changed files with 758 additions and 564 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
polygerrit-ui/app/elements/core/gr-error-manager/gr-error-manager.html
View File

@@ -23,6 +23,9 @@ limitations under the License.
<link rel="import" href="../../shared/gr-alert/gr-alert.html">
<link rel="import" href="../../shared/gr-overlay/gr-overlay.html">
<link rel="import" href="../../shared/gr-rest-api-interface/gr-rest-api-interface.html">
<!-- Import to get Gerrit interface -->
<!-- TODO(taoalpha): decouple gr-gerrit from gr-js-api-interface -->
<link rel="import" href="../../shared/gr-js-api-interface/gr-js-api-interface.html">
<dom-module id="gr-error-manager">
<template>
@@ -33,6 +36,13 @@ limitations under the License.
confirm-label="Dismiss"
confirm-on-enter></gr-error-dialog>
</gr-overlay>
<gr-overlay
id="noInteractionOverlay"
with-backdrop
always-on-top
no-cancel-on-esc-key
no-cancel-on-outside-click>
</gr-overlay>
<gr-rest-api-interface id="restAPI"></gr-rest-api-interface>
<gr-reporting id="reporting"></gr-reporting>
</template>

130
polygerrit-ui/app/elements/core/gr-error-manager/gr-error-manager.js
View File

@@ -64,15 +64,29 @@
};
}
constructor() {
super();
/** @type {!Gerrit.Auth} */
this._authService = Gerrit.Auth;
/** @type {?Function} */
this._authErrorHandlerDeregistrationHook;
}
attached() {
super.attached();
this.listen(document, 'server-error', '_handleServerError');
this.listen(document, 'network-error', '_handleNetworkError');
this.listen(document, 'auth-error', '_handleAuthError');
this.listen(document, 'show-alert', '_handleShowAlert');
this.listen(document, 'show-error', '_handleShowErrorDialog');
this.listen(document, 'visibilitychange', '_handleVisibilityChange');
this.listen(document, 'show-auth-required', '_handleAuthRequired');
this._authErrorHandlerDeregistrationHook = Gerrit.on('auth-error',
event => {
this._handleAuthError(event.message, event.action);
});
}
detached() {
@@ -80,10 +94,11 @@
this._clearHideAlertHandle();
this.unlisten(document, 'server-error', '_handleServerError');
this.unlisten(document, 'network-error', '_handleNetworkError');
this.unlisten(document, 'auth-error', '_handleAuthError');
this.unlisten(document, 'show-auth-required', '_handleAuthRequired');
this.unlisten(document, 'visibilitychange', '_handleVisibilityChange');
this.unlisten(document, 'show-error', '_handleShowErrorDialog');
this._authErrorHandlerDeregistrationHook();
}
_shouldSuppressError(msg) {
@@ -95,32 +110,41 @@
'Log in is required to perform that action.', 'Log in.');
}
_handleAuthError() {
this._showAuthErrorAlert('Auth error', 'Refresh credentials.');
_handleAuthError(msg, action) {
this.$.noInteractionOverlay.open().then(() => {
this._showAuthErrorAlert(msg, action);
});
}
_handleServerError(e) {
const {request, response} = e.detail;
Promise.all([response.text(), this._getLoggedIn()])
.then(([errorText, loggedIn]) => {
const url = request && (request.anonymizedUrl || request.url);
const {status, statusText} = response;
if (response.status === 403 &&
loggedIn &&
errorText === AUTHENTICATION_REQUIRED) {
// The app was logged at one point and is now getting auth errors.
// This indicates the auth token is no longer valid.
this._handleAuthError();
} else if (!this._shouldSuppressError(errorText)) {
this._showErrorDialog(this._constructServerErrorMsg({
status,
statusText,
errorText,
url,
}));
}
console.error(errorText);
});
response.text().then(errorText => {
const url = request && (request.anonymizedUrl || request.url);
const {status, statusText} = response;
if (response.status === 403
&& !this._authService.isAuthed
&& errorText === AUTHENTICATION_REQUIRED) {
// if not authed previously, this is trying to access auth required APIs
// show auth required alert
this._handleAuthRequired();
} else if (response.status === 403
&& this._authService.isAuthed
&& errorText === AUTHENTICATION_REQUIRED) {
// The app was logged at one point and is now getting auth errors.
// This indicates the auth token may no longer valid.
// Re-check on auth
this._authService.clearCache();
this.$.restAPI.getLoggedIn();
} else if (!this._shouldSuppressError(errorText)) {
this._showErrorDialog(this._constructServerErrorMsg({
status,
statusText,
errorText,
url,
}));
}
console.log(`server error: ${errorText}`);
});
}
_constructServerErrorMsg({errorText, status, statusText, url}) {
@@ -142,10 +166,6 @@
console.error(e.detail.error.message);
}
_getLoggedIn() {
return this.$.restAPI.getLoggedIn();
}
/**
* @param {string} text
* @param {?string=} opt_actionText
@@ -222,7 +242,11 @@
this.knownAccountId !== undefined &&
timeSinceLastCheck > STALE_CREDENTIAL_THRESHOLD_MS) {
this._lastCredentialCheck = Date.now();
this.$.restAPI.checkCredentials();
// check auth status in case:
// - user signed out
// - user switched account
this._checkSignedIn();
}
}
@@ -232,22 +256,36 @@
}
_checkSignedIn() {
this.$.restAPI.checkCredentials().then(account => {
const isLoggedIn = !!account;
this._lastCredentialCheck = Date.now();
if (this._refreshingCredentials) {
if (isLoggedIn) {
// If the credentials were refreshed but the account is different
// then reload the page completely.
if (account._account_id !== this.knownAccountId) {
this._reloadPage();
return;
}
this._lastCredentialCheck = Date.now();
this._handleCredentialRefreshed();
} else {
this._requestCheckLoggedIn();
}
// force to refetch account info
this.$.restAPI.invalidateAccountsCache();
this._authService.clearCache();
this.$.restAPI.getLoggedIn().then(isLoggedIn => {
// do nothing if its refreshing
if (!this._refreshingCredentials) return;
if (!isLoggedIn) {
// check later
// 1. guest mode
// 2. or signed out
// in case #2, auth-error is taken care of separately
this._requestCheckLoggedIn();
} else {
// check account
this.$.restAPI.getAccount().then(account => {
if (this._refreshingCredentials) {
// If the credentials were refreshed but the account is different
// then reload the page completely.
if (account._account_id !== this.knownAccountId) {
this._reloadPage();
return;
}
this._handleCredentialRefreshed();
}
});
}
});
}
@@ -277,6 +315,10 @@
this._refreshingCredentials = false;
this._hideAlert();
this._showAlert('Credentials refreshed.');
this.$.noInteractionOverlay.close();
// Clear the cache for auth
this._authService.clearCache();
}
_handleWindowFocus() {

561
polygerrit-ui/app/elements/core/gr-error-manager/gr-error-manager_test.html
View File

@@ -23,10 +23,10 @@ limitations under the License.
<script src="/bower_components/webcomponentsjs/webcomponents-lite.js"></script>
<script src="/bower_components/web-component-tester/browser.js"></script>
<link rel="import" href="../../../test/common-test-setup.html"/>
<link rel="import" href="../../../test/common-test-setup.html" />
<link rel="import" href="gr-error-manager.html">
<script>void(0);</script>
<script>void (0);</script>
<test-fixture id="basic">
<template>
@@ -41,285 +41,324 @@ limitations under the License.
setup(() => {
sandbox = sinon.sandbox.create();
stub('gr-rest-api-interface', {
getLoggedIn() { return Promise.resolve(true); },
});
element = fixture('basic');
});
teardown(() => {
sandbox.restore();
});
test('does not show auth error on 403 by default', done => {
const showAuthErrorStub = sandbox.stub(element, '_showAuthErrorAlert');
const responseText = Promise.resolve('server says no.');
element.fire('server-error',
{response: {status: 403, text() { return responseText; }}}
);
Promise.all([
element.$.restAPI.getLoggedIn.lastCall.returnValue,
responseText,
]).then(() => {
assert.isFalse(showAuthErrorStub.calledOnce);
done();
suite('when authed', () => {
setup(() => {
sandbox.stub(window, 'fetch')
.returns(Promise.resolve({ok: true, status: 204}));
element = fixture('basic');
});
});
test('shows auth error on 403 and Authentication required', done => {
const showAuthErrorStub = sandbox.stub(element, '_showAuthErrorAlert');
const responseText = Promise.resolve('Authentication required\n');
element.fire('server-error',
{response: {status: 403, text() { return responseText; }}}
);
Promise.all([
element.$.restAPI.getLoggedIn.lastCall.returnValue,
responseText,
]).then(() => {
assert.isTrue(showAuthErrorStub.calledOnce);
done();
});
});
test('show logged in error', () => {
sandbox.stub(element, '_showAuthErrorAlert');
element.fire('show-auth-required');
assert.isTrue(element._showAuthErrorAlert.calledWithExactly(
'Log in is required to perform that action.', 'Log in.'));
});
test('show normal Error', done => {
const showErrorStub = sandbox.stub(element, '_showErrorDialog');
const textSpy = sandbox.spy(() => { return Promise.resolve('ZOMG'); });
element.fire('server-error', {response: {status: 500, text: textSpy}});
assert.isTrue(textSpy.called);
Promise.all([
element.$.restAPI.getLoggedIn.lastCall.returnValue,
textSpy.lastCall.returnValue,
]).then(() => {
assert.isTrue(showErrorStub.calledOnce);
assert.isTrue(showErrorStub.lastCall.calledWithExactly(
'Error 500: ZOMG'));
done();
});
});
test('_constructServerErrorMsg', () => {
const errorText = 'change conflicts';
const status = 409;
const statusText = 'Conflict';
const url = '/my/test/url';
assert.equal(element._constructServerErrorMsg({status}),
'Error 409');
assert.equal(element._constructServerErrorMsg({status, url}),
'Error 409: \nEndpoint: /my/test/url');
assert.equal(element._constructServerErrorMsg({status, statusText, url}),
'Error 409 (Conflict): \nEndpoint: /my/test/url');
assert.equal(element._constructServerErrorMsg({
status,
statusText,
errorText,
url,
}), 'Error 409 (Conflict): change conflicts' +
'\nEndpoint: /my/test/url');
});
test('suppress TOO_MANY_FILES error', done => {
const showAlertStub = sandbox.stub(element, '_showAlert');
const textSpy = sandbox.spy(() => {
return Promise.resolve('too many files to find conflicts');
});
element.fire('server-error', {response: {status: 500, text: textSpy}});
assert.isTrue(textSpy.called);
Promise.all([
element.$.restAPI.getLoggedIn.lastCall.returnValue,
textSpy.lastCall.returnValue,
]).then(() => {
assert.isFalse(showAlertStub.called);
done();
});
});
test('show network error', done => {
const consoleErrorStub = sandbox.stub(console, 'error');
const showAlertStub = sandbox.stub(element, '_showAlert');
element.fire('network-error', {error: new Error('ZOMG')});
flush(() => {
assert.isTrue(showAlertStub.calledOnce);
assert.isTrue(showAlertStub.lastCall.calledWithExactly(
'Server unavailable'));
assert.isTrue(consoleErrorStub.calledOnce);
assert.isTrue(consoleErrorStub.lastCall.calledWithExactly('ZOMG'));
done();
});
});
test('show auth refresh toast', done => {
const refreshStub = sandbox.stub(element.$.restAPI, 'checkCredentials',
() => { return Promise.resolve(true); });
const toastSpy = sandbox.spy(element, '_createToastAlert');
const windowOpen = sandbox.stub(window, 'open');
const responseText = Promise.resolve('Authentication required\n');
element.fire('server-error',
{response: {status: 403, text() { return responseText; }}}
);
Promise.all([
element.$.restAPI.getLoggedIn.lastCall.returnValue,
responseText,
]).then(() => {
assert.isTrue(toastSpy.called);
let toast = toastSpy.lastCall.returnValue;
assert.isOk(toast);
assert.include(
Polymer.dom(toast.root).textContent, 'Auth error');
assert.include(
Polymer.dom(toast.root).textContent, 'Refresh credentials.');
assert.isFalse(windowOpen.called);
MockInteractions.tap(toast.$$('gr-button.action'));
assert.isTrue(windowOpen.called);
// @see Issue 5822: noopener breaks closeAfterLogin
assert.equal(windowOpen.lastCall.args[2].indexOf('noopener=yes'),
-1);
const hideToastSpy = sandbox.spy(toast, 'hide');
element._handleWindowFocus();
assert.isTrue(refreshStub.called);
element.flushDebouncer('checkLoggedIn');
test('does not show auth error on 403 by default', done => {
const showAuthErrorStub = sandbox.stub(element, '_showAuthErrorAlert');
const responseText = Promise.resolve('server says no.');
element.fire('server-error',
{response: {status: 403, text() { return responseText; }}}
);
flush(() => {
assert.isTrue(refreshStub.called);
assert.isTrue(hideToastSpy.called);
assert.isFalse(showAuthErrorStub.calledOnce);
done();
});
});
assert.notStrictEqual(toastSpy.lastCall.returnValue, toast);
toast = toastSpy.lastCall.returnValue;
assert.isOk(toast);
assert.include(
Polymer.dom(toast.root).textContent, 'Credentials refreshed');
test('show auth required for 403 with auth error and not authed before',
done => {
const showAuthErrorStub = sandbox.stub(
element, '_showAuthErrorAlert'
);
const responseText = Promise.resolve('Authentication required\n');
sinon.stub(element.$.restAPI, 'getLoggedIn')
.returns(Promise.resolve(true));
element.fire('server-error',
{response: {status: 403, text() { return responseText; }}}
);
flush(() => {
assert.isTrue(showAuthErrorStub.calledOnce);
done();
});
});
test('recheck auth for 403 with auth error if authed before', done => {
// starts with authed state
element.$.restAPI.getLoggedIn();
const responseText = Promise.resolve('Authentication required\n');
sinon.stub(element.$.restAPI, 'getLoggedIn')
.returns(Promise.resolve(true));
element.fire('server-error',
{response: {status: 403, text() { return responseText; }}}
);
flush(() => {
assert.isTrue(element.$.restAPI.getLoggedIn.calledOnce);
done();
});
});
test('show logged in error', () => {
sandbox.stub(element, '_showAuthErrorAlert');
element.fire('show-auth-required');
assert.isTrue(element._showAuthErrorAlert.calledWithExactly(
'Log in is required to perform that action.', 'Log in.'));
});
test('show normal Error', done => {
const showErrorStub = sandbox.stub(element, '_showErrorDialog');
const textSpy = sandbox.spy(() => { return Promise.resolve('ZOMG'); });
element.fire('server-error', {response: {status: 500, text: textSpy}});
assert.isTrue(textSpy.called);
flush(() => {
assert.isTrue(showErrorStub.calledOnce);
assert.isTrue(showErrorStub.lastCall.calledWithExactly(
'Error 500: ZOMG'));
done();
});
});
test('_constructServerErrorMsg', () => {
const errorText = 'change conflicts';
const status = 409;
const statusText = 'Conflict';
const url = '/my/test/url';
assert.equal(element._constructServerErrorMsg({status}),
'Error 409');
assert.equal(element._constructServerErrorMsg({status, url}),
'Error 409: \nEndpoint: /my/test/url');
assert.equal(element._constructServerErrorMsg({status, statusText, url}),
'Error 409 (Conflict): \nEndpoint: /my/test/url');
assert.equal(element._constructServerErrorMsg({
status,
statusText,
errorText,
url,
}), 'Error 409 (Conflict): change conflicts' +
'\nEndpoint: /my/test/url');
});
test('suppress TOO_MANY_FILES error', done => {
const showAlertStub = sandbox.stub(element, '_showAlert');
const textSpy = sandbox.spy(() => {
return Promise.resolve('too many files to find conflicts');
});
element.fire('server-error', {response: {status: 500, text: textSpy}});
assert.isTrue(textSpy.called);
flush(() => {
assert.isFalse(showAlertStub.called);
done();
});
});
test('show network error', done => {
const consoleErrorStub = sandbox.stub(console, 'error');
const showAlertStub = sandbox.stub(element, '_showAlert');
element.fire('network-error', {error: new Error('ZOMG')});
flush(() => {
assert.isTrue(showAlertStub.calledOnce);
assert.isTrue(showAlertStub.lastCall.calledWithExactly(
'Server unavailable'));
assert.isTrue(consoleErrorStub.calledOnce);
assert.isTrue(consoleErrorStub.lastCall.calledWithExactly('ZOMG'));
done();
});
});
test('show auth refresh toast', done => {
// starts with authed state
element.$.restAPI.getLoggedIn();
const refreshStub = sandbox.stub(element.$.restAPI, 'getAccount',
() => { return Promise.resolve({}); });
const toastSpy = sandbox.spy(element, '_createToastAlert');
const windowOpen = sandbox.stub(window, 'open');
const responseText = Promise.resolve('Authentication required\n');
// fake failed auth
window.fetch.returns(Promise.resolve({status: 403}));
element.fire('server-error',
{response: {status: 403, text() { return responseText; }}}
);
assert.equal(window.fetch.callCount, 1);
flush(() => {
// auth check again
assert.equal(window.fetch.callCount, 2);
flush(() => {
// auth-error fired
assert.isTrue(toastSpy.called);
// toast
let toast = toastSpy.lastCall.returnValue;
assert.isOk(toast);
assert.include(
Polymer.dom(toast.root).textContent, 'Credentails expired.');
assert.include(
Polymer.dom(toast.root).textContent, 'Refresh credentials');
// noInteractionOverlay
const noInteractionOverlay = element.$.noInteractionOverlay;
assert.isOk(noInteractionOverlay);
sinon.spy(noInteractionOverlay, 'close');
assert.equal(
noInteractionOverlay.backdropElement.getAttribute('opened'),
'');
assert.isFalse(windowOpen.called);
MockInteractions.tap(toast.$$('gr-button.action'));
assert.isTrue(windowOpen.called);
// @see Issue 5822: noopener breaks closeAfterLogin
assert.equal(windowOpen.lastCall.args[2].indexOf('noopener=yes'),
-1);
const hideToastSpy = sandbox.spy(toast, 'hide');
// now fake authed
window.fetch.returns(Promise.resolve({status: 204}));
element._handleWindowFocus();
element.flushDebouncer('checkLoggedIn');
flush(() => {
assert.isTrue(refreshStub.called);
assert.isTrue(hideToastSpy.called);
// toast update
assert.notStrictEqual(toastSpy.lastCall.returnValue, toast);
toast = toastSpy.lastCall.returnValue;
assert.isOk(toast);
assert.include(
Polymer.dom(toast.root).textContent, 'Credentials refreshed');
// close overlay
assert.isTrue(noInteractionOverlay.close.called);
done();
});
});
});
});
test('show alert', () => {
const alertObj = {message: 'foo'};
sandbox.stub(element, '_showAlert');
element.fire('show-alert', alertObj);
assert.isTrue(element._showAlert.calledOnce);
assert.equal(element._showAlert.lastCall.args[0], 'foo');
assert.isNotOk(element._showAlert.lastCall.args[1]);
assert.isNotOk(element._showAlert.lastCall.args[2]);
});
test('checks stale credentials on visibility change', () => {
const refreshStub = sandbox.stub(element,
'_checkSignedIn');
sandbox.stub(Date, 'now').returns(999999);
element._lastCredentialCheck = 0;
element._handleVisibilityChange();
// Since there is no known account, it should not test credentials.
assert.isFalse(refreshStub.called);
assert.equal(element._lastCredentialCheck, 0);
element.knownAccountId = 123;
element._handleVisibilityChange();
// Should test credentials, since there is a known account.
assert.isTrue(refreshStub.called);
assert.equal(element._lastCredentialCheck, 999999);
});
test('refreshes with same credentials', done => {
const accountPromise = Promise.resolve({_account_id: 1234});
sandbox.stub(element.$.restAPI, 'getAccount')
.returns(accountPromise);
const requestCheckStub = sandbox.stub(element, '_requestCheckLoggedIn');
const handleRefreshStub = sandbox.stub(element,
'_handleCredentialRefreshed');
const reloadStub = sandbox.stub(element, '_reloadPage');
element.knownAccountId = 1234;
element._refreshingCredentials = true;
element._checkSignedIn();
flush(() => {
assert.isFalse(requestCheckStub.called);
assert.isTrue(handleRefreshStub.called);
assert.isFalse(reloadStub.called);
done();
});
});
test('_showAlert hides existing alerts', () => {
element._alertElement = element._createToastAlert();
const hideStub = sandbox.stub(element, '_hideAlert');
element._showAlert();
assert.isTrue(hideStub.calledOnce);
});
test('show-error', () => {
const openStub = sandbox.stub(element.$.errorOverlay, 'open');
const closeStub = sandbox.stub(element.$.errorOverlay, 'close');
const reportStub = sandbox.stub(element.$.reporting, 'reportErrorDialog');
const message = 'test message';
element.fire('show-error', {message});
flushAsynchronousOperations();
assert.isTrue(openStub.called);
assert.isTrue(reportStub.called);
assert.equal(element.$.errorDialog.text, message);
element.$.errorDialog.fire('dismiss');
flushAsynchronousOperations();
assert.isTrue(closeStub.called);
});
test('reloads when refreshed credentials differ', done => {
const accountPromise = Promise.resolve({_account_id: 1234});
sandbox.stub(element.$.restAPI, 'getAccount')
.returns(accountPromise);
const requestCheckStub = sandbox.stub(element, '_requestCheckLoggedIn');
const handleRefreshStub = sandbox.stub(element,
'_handleCredentialRefreshed');
const reloadStub = sandbox.stub(element, '_reloadPage');
element.knownAccountId = 4321; // Different from 1234
element._refreshingCredentials = true;
element._checkSignedIn();
flush(() => {
assert.isFalse(requestCheckStub.called);
assert.isFalse(handleRefreshStub.called);
assert.isTrue(reloadStub.called);
done();
});
});
});
test('show alert', () => {
const alertObj = {message: 'foo'};
sandbox.stub(element, '_showAlert');
element.fire('show-alert', alertObj);
assert.isTrue(element._showAlert.calledOnce);
assert.equal(element._showAlert.lastCall.args[0], 'foo');
assert.isNotOk(element._showAlert.lastCall.args[1]);
assert.isNotOk(element._showAlert.lastCall.args[2]);
});
test('checks stale credentials on visibility change', () => {
const refreshStub = sandbox.stub(element.$.restAPI,
'checkCredentials');
sandbox.stub(Date, 'now').returns(999999);
element._lastCredentialCheck = 0;
element._handleVisibilityChange();
// Since there is no known account, it should not test credentials.
assert.isFalse(refreshStub.called);
assert.equal(element._lastCredentialCheck, 0);
element.knownAccountId = 123;
element._handleVisibilityChange();
// Should test credentials, since there is a known account.
assert.isTrue(refreshStub.called);
assert.equal(element._lastCredentialCheck, 999999);
});
test('refresh loop continues on credential fail', done => {
const accountPromise = Promise.resolve(null);
sandbox.stub(element.$.restAPI, 'checkCredentials')
.returns(accountPromise);
const requestCheckStub = sandbox.stub(element, '_requestCheckLoggedIn');
const handleRefreshStub = sandbox.stub(element,
'_handleCredentialRefreshed');
const reloadStub = sandbox.stub(element, '_reloadPage');
element._refreshingCredentials = true;
element._checkSignedIn();
accountPromise.then(() => {
assert.isTrue(requestCheckStub.called);
assert.isFalse(handleRefreshStub.called);
assert.isFalse(reloadStub.called);
done();
suite('when not authed', () => {
setup(() => {
stub('gr-rest-api-interface', {
getLoggedIn() { return Promise.resolve(false); },
});
element = fixture('basic');
});
});
test('refreshes with same credentials', done => {
const accountPromise = Promise.resolve({_account_id: 1234});
sandbox.stub(element.$.restAPI, 'checkCredentials')
.returns(accountPromise);
const requestCheckStub = sandbox.stub(element, '_requestCheckLoggedIn');
const handleRefreshStub = sandbox.stub(element,
'_handleCredentialRefreshed');
const reloadStub = sandbox.stub(element, '_reloadPage');
test('refresh loop continues on credential fail', done => {
const requestCheckStub = sandbox.stub(element, '_requestCheckLoggedIn');
const handleRefreshStub = sandbox.stub(element,
'_handleCredentialRefreshed');
const reloadStub = sandbox.stub(element, '_reloadPage');
element.knownAccountId = 1234;
element._refreshingCredentials = true;
element._checkSignedIn();
element._refreshingCredentials = true;
element._checkSignedIn();
accountPromise.then(() => {
assert.isFalse(requestCheckStub.called);
assert.isTrue(handleRefreshStub.called);
assert.isFalse(reloadStub.called);
done();
flush(() => {
assert.isTrue(requestCheckStub.called);
assert.isFalse(handleRefreshStub.called);
assert.isFalse(reloadStub.called);
done();
});
});
});
test('reloads when refreshed credentials differ', done => {
const accountPromise = Promise.resolve({_account_id: 1234});
sandbox.stub(element.$.restAPI, 'checkCredentials')
.returns(accountPromise);
const requestCheckStub = sandbox.stub(element, '_requestCheckLoggedIn');
const handleRefreshStub = sandbox.stub(element,
'_handleCredentialRefreshed');
const reloadStub = sandbox.stub(element, '_reloadPage');
element.knownAccountId = 4321; // Different from 1234
element._refreshingCredentials = true;
element._checkSignedIn();
accountPromise.then(() => {
assert.isFalse(requestCheckStub.called);
assert.isFalse(handleRefreshStub.called);
assert.isTrue(reloadStub.called);
done();
});
});
test('_showAlert hides existing alerts', () => {
element._alertElement = element._createToastAlert();
const hideStub = sandbox.stub(element, '_hideAlert');
element._showAlert();
assert.isTrue(hideStub.calledOnce);
});
test('show-error', () => {
const openStub = sandbox.stub(element.$.errorOverlay, 'open');
const closeStub = sandbox.stub(element.$.errorOverlay, 'close');
const reportStub = sandbox.stub(element.$.reporting, 'reportErrorDialog');
const message = 'test message';
element.fire('show-error', {message});
flushAsynchronousOperations();
assert.isTrue(openStub.called);
assert.isTrue(reportStub.called);
assert.equal(element.$.errorDialog.text, message);
element.$.errorDialog.fire('dismiss');
flushAsynchronousOperations();
assert.isTrue(closeStub.called);
});
});
</script>

6
polygerrit-ui/app/elements/shared/gr-js-api-interface/gr-js-api-interface_test.html
View File

@@ -324,7 +324,11 @@ limitations under the License.
element.handleEvent(element.EventType.HIGHLIGHTJS_LOADED, {hljs: testHljs});
});
test('getAccount', done => {
test('getLoggedIn', done => {
// fake fetch for authCheck
sandbox.stub(window, 'fetch', () => {
return Promise.resolve({status: 204});
});
plugin.restApi().getLoggedIn().then(loggedIn => {
assert.isTrue(loggedIn);
done();

120
polygerrit-ui/app/elements/shared/gr-rest-api-interface/gr-auth.js
View File

@@ -20,22 +20,86 @@
// Prevent redefinition.
if (window.Gerrit.Auth) { return; }
const MAX_AUTH_CHECK_WAIT_TIME_MS = 1000 * 30; // 30s
const MAX_GET_TOKEN_RETRIES = 2;
Gerrit.Auth = {
TYPE: {
XSRF_TOKEN: 'xsrf_token',
ACCESS_TOKEN: 'access_token',
},
/**
* Auth class.
*
* Gerrit.Auth is an instance of this class.
*/
class Auth {
constructor() {
this._type = null;
this._cachedTokenPromise = null;
this._defaultOptions = {};
this._retriesLeft = MAX_GET_TOKEN_RETRIES;
this._status = Auth.STATUS.UNDETERMINED;
this._authCheckPromise = null;
this._last_auth_check_time = Date.now();
}
_type: null,
_cachedTokenPromise: null,
_defaultOptions: {},
_retriesLeft: MAX_GET_TOKEN_RETRIES,
/**
* Returns if user is authed or not.
*
* @returns {!Promise<boolean>}
*/
authCheck() {
if (!this._authCheckPromise ||
(Date.now() - this._last_auth_check_time > MAX_AUTH_CHECK_WAIT_TIME_MS)
) {
// Refetch after last check expired
this._authCheckPromise = fetch('/auth-check');
this._last_auth_check_time = Date.now();
}
return this._authCheckPromise.then(res => {
// auth-check will return 204 if authed
// treat the rest as unauthed
if (res.status === 204) {
this._setStatus(Auth.STATUS.AUTHED);
return true;
} else {
this._setStatus(Auth.STATUS.NOT_AUTHED);
return false;
}
}).catch(e => {
this._setStatus(Auth.STATUS.ERROR);
// Reset _authCheckPromise to avoid caching the failed promise
this._authCheckPromise = null;
return false;
});
}
clearCache() {
this._authCheckPromise = null;
}
/**
* @param {string} status
*/
_setStatus(status) {
if (this._status === status) return;
if (this._status === Auth.STATUS.AUTHED) {
Gerrit.emit('auth-error', {
message: Auth.CREDS_EXPIRED_MSG, action: 'Refresh credentials',
});
}
this._status = status;
}
get status() {
return this._status;
}
get isAuthed() {
return this._status === Auth.STATUS.AUTHED;
}
_getToken() {
return Promise.resolve(this._cachedTokenPromise);
},
}
/**
* Enable cross-domain authentication using OAuth access token.
@@ -51,7 +115,7 @@
setup(getToken, defaultOptions) {
this._retriesLeft = MAX_GET_TOKEN_RETRIES;
if (getToken) {
this._type = Gerrit.Auth.TYPE.ACCESS_TOKEN;
this._type = Auth.TYPE.ACCESS_TOKEN;
this._cachedTokenPromise = null;
this._getToken = getToken;
}
@@ -61,7 +125,7 @@
this._defaultOptions[p] = defaultOptions[p];
}
}
},
}
/**
* Perform network fetch with authentication.
@@ -74,7 +138,7 @@
const options = Object.assign({
headers: new Headers(),
}, this._defaultOptions, opt_options);
if (this._type === Gerrit.Auth.TYPE.ACCESS_TOKEN) {
if (this._type === Auth.TYPE.ACCESS_TOKEN) {
return this._getAccessToken().then(
accessToken =>
this._fetchWithAccessToken(url, options, accessToken)
@@ -82,7 +146,7 @@
} else {
return this._fetchWithXsrfToken(url, options);
}
},
}
_getCookie(name) {
const key = name + '=';
@@ -95,7 +159,7 @@
}
});
return result;
},
}
_isTokenValid(token) {
if (!token) { return false; }
@@ -105,7 +169,7 @@
if (Date.now() >= expiration.getTime()) { return false; }
return true;
},
}
_fetchWithXsrfToken(url, options) {
if (options.method && options.method !== 'GET') {
@@ -116,7 +180,7 @@
}
options.credentials = 'same-origin';
return fetch(url, options);
},
}
/**
* @return {!Promise<string>}
@@ -138,7 +202,7 @@
// Fall back to anonymous access.
return null;
});
},
}
_fetchWithAccessToken(url, options, accessToken) {
const params = [];
@@ -180,8 +244,24 @@
url = url + (url.indexOf('?') === -1 ? '?' : '&') + params.join('&');
}
return fetch(url, options);
},
}
}
Auth.TYPE = {
XSRF_TOKEN: 'xsrf_token',
ACCESS_TOKEN: 'access_token',
};
window.Gerrit.Auth = Gerrit.Auth;
Auth.STATUS = {
UNDETERMINED: 0,
AUTHED: 1,
NOT_AUTHED: 2,
ERROR: 3,
};
Auth.CREDS_EXPIRED_MSG = 'Credentails expired.';
// TODO(taoalpha): this whole thing should be moved to a service
window.Auth = Auth;
Gerrit.Auth = new Auth();
})(window);

250
polygerrit-ui/app/elements/shared/gr-rest-api-interface/gr-auth_test.html
View File

@@ -35,7 +35,6 @@ limitations under the License.
setup(() => {
sandbox = sinon.sandbox.create();
sandbox.stub(window, 'fetch').returns(Promise.resolve({ok: true}));
auth = Gerrit.Auth;
});
@@ -43,29 +42,222 @@ limitations under the License.
sandbox.restore();
});
suite('default (xsrf token header)', () => {
test('GET', () => {
return auth.fetch('/url', {bar: 'bar'}).then(() => {
const [url, options] = fetch.lastCall.args;
assert.equal(url, '/url');
assert.equal(options.credentials, 'same-origin');
suite('Auth class methods', () => {
let fakeFetch;
setup(() => {
auth = new Auth();
fakeFetch = sandbox.stub(window, 'fetch');
});
test('auth-check returns 403', done => {
fakeFetch.returns(Promise.resolve({status: 403}));
auth.authCheck().then(authed => {
assert.isFalse(authed);
assert.equal(auth.status, Auth.STATUS.NOT_AUTHED);
done();
});
});
test('POST', () => {
test('auth-check returns 204', done => {
fakeFetch.returns(Promise.resolve({status: 204}));
auth.authCheck().then(authed => {
assert.isTrue(authed);
assert.equal(auth.status, Auth.STATUS.AUTHED);
done();
});
});
test('auth-check returns 502', done => {
fakeFetch.returns(Promise.resolve({status: 502}));
auth.authCheck().then(authed => {
assert.isFalse(authed);
assert.equal(auth.status, Auth.STATUS.NOT_AUTHED);
done();
});
});
test('auth-check failed', done => {
fakeFetch.returns(Promise.reject(new Error('random error')));
auth.authCheck().then(authed => {
assert.isFalse(authed);
assert.equal(auth.status, Auth.STATUS.ERROR);
done();
});
});
});
suite('cache and events behaivor', () => {
let fakeFetch;
let clock;
setup(() => {
auth = new Auth();
clock = sinon.useFakeTimers();
fakeFetch = sandbox.stub(window, 'fetch');
});
test('cache auth-check result', done => {
fakeFetch.returns(Promise.resolve({status: 403}));
auth.authCheck().then(authed => {
assert.isFalse(authed);
assert.equal(auth.status, Auth.STATUS.NOT_AUTHED);
fakeFetch.returns(Promise.resolve({status: 204}));
auth.authCheck().then(authed2 => {
assert.isFalse(authed);
assert.equal(auth.status, Auth.STATUS.NOT_AUTHED);
done();
});
});
});
test('clearCache should refetch auth-check result', done => {
fakeFetch.returns(Promise.resolve({status: 403}));
auth.authCheck().then(authed => {
assert.isFalse(authed);
assert.equal(auth.status, Auth.STATUS.NOT_AUTHED);
fakeFetch.returns(Promise.resolve({status: 204}));
auth.clearCache();
auth.authCheck().then(authed2 => {
assert.isTrue(authed2);
assert.equal(auth.status, Auth.STATUS.AUTHED);
done();
});
});
});
test('cache expired on auth-check after certain time', done => {
fakeFetch.returns(Promise.resolve({status: 403}));
auth.authCheck().then(authed => {
assert.isFalse(authed);
assert.equal(auth.status, Auth.STATUS.NOT_AUTHED);
clock.tick(1000 * 10000);
fakeFetch.returns(Promise.resolve({status: 204}));
auth.authCheck().then(authed2 => {
assert.isTrue(authed2);
assert.equal(auth.status, Auth.STATUS.AUTHED);
done();
});
});
});
test('no cache if auth-check failed', done => {
fakeFetch.returns(Promise.reject(new Error('random error')));
auth.authCheck().then(authed => {
assert.isFalse(authed);
assert.equal(auth.status, Auth.STATUS.ERROR);
assert.equal(fakeFetch.callCount, 1);
auth.authCheck().then(() => {
assert.equal(fakeFetch.callCount, 2);
done();
});
});
});
test('fire event when switch from authed to unauthed', done => {
fakeFetch.returns(Promise.resolve({status: 204}));
auth.authCheck().then(authed => {
assert.isTrue(authed);
assert.equal(auth.status, Auth.STATUS.AUTHED);
clock.tick(1000 * 10000);
fakeFetch.returns(Promise.resolve({status: 403}));
const emitStub = sinon.stub();
Gerrit.emit = emitStub;
auth.authCheck().then(authed2 => {
assert.isFalse(authed2);
assert.equal(auth.status, Auth.STATUS.NOT_AUTHED);
assert.isTrue(emitStub.called);
done();
});
});
});
test('fire event when switch from authed to error', done => {
fakeFetch.returns(Promise.resolve({status: 204}));
auth.authCheck().then(authed => {
assert.isTrue(authed);
assert.equal(auth.status, Auth.STATUS.AUTHED);
clock.tick(1000 * 10000);
fakeFetch.returns(Promise.reject(new Error('random error')));
const emitStub = sinon.stub();
Gerrit.emit = emitStub;
auth.authCheck().then(authed2 => {
assert.isFalse(authed2);
assert.isTrue(emitStub.called);
assert.equal(auth.status, Auth.STATUS.ERROR);
done();
});
});
});
test('no event from non-authed to other status', done => {
fakeFetch.returns(Promise.resolve({status: 403}));
auth.authCheck().then(authed => {
assert.isFalse(authed);
assert.equal(auth.status, Auth.STATUS.NOT_AUTHED);
clock.tick(1000 * 10000);
fakeFetch.returns(Promise.resolve({status: 204}));
const emitStub = sinon.stub();
Gerrit.emit = emitStub;
auth.authCheck().then(authed2 => {
assert.isTrue(authed2);
assert.isFalse(emitStub.called);
assert.equal(auth.status, Auth.STATUS.AUTHED);
done();
});
});
});
test('no event from non-authed to other status', done => {
fakeFetch.returns(Promise.resolve({status: 403}));
auth.authCheck().then(authed => {
assert.isFalse(authed);
assert.equal(auth.status, Auth.STATUS.NOT_AUTHED);
clock.tick(1000 * 10000);
fakeFetch.returns(Promise.reject(new Error('random error')));
const emitStub = sinon.stub();
Gerrit.emit = emitStub;
auth.authCheck().then(authed2 => {
assert.isFalse(authed2);
assert.isFalse(emitStub.called);
assert.equal(auth.status, Auth.STATUS.ERROR);
done();
});
});
});
});
suite('default (xsrf token header)', () => {
setup(() => {
sandbox.stub(window, 'fetch').returns(Promise.resolve({ok: true}));
});
test('GET', done => {
auth.fetch('/url', {bar: 'bar'}).then(() => {
const [url, options] = fetch.lastCall.args;
assert.equal(url, '/url');
assert.equal(options.credentials, 'same-origin');
done();
});
});
test('POST', done => {
sandbox.stub(auth, '_getCookie')
.withArgs('XSRF_TOKEN')
.returns('foobar');
return auth.fetch('/url', {method: 'POST'}).then(() => {
auth.fetch('/url', {method: 'POST'}).then(() => {
const [url, options] = fetch.lastCall.args;
assert.equal(url, '/url');
assert.equal(options.credentials, 'same-origin');
assert.equal(options.headers.get('X-Gerrit-Auth'), 'foobar');
done();
});
});
});
suite('cors (access token)', () => {
setup(() => {
sandbox.stub(window, 'fetch').returns(Promise.resolve({ok: true}));
});
let getToken;
const makeToken = opt_accessToken => {
@@ -81,62 +273,68 @@ limitations under the License.
auth.setup(getToken);
});
test('base url support', () => {
test('base url support', done => {
const baseUrl = 'http://foo';
sandbox.stub(Gerrit.BaseUrlBehavior, 'getBaseUrl').returns(baseUrl);
return auth.fetch(baseUrl + '/url', {bar: 'bar'}).then(() => {
auth.fetch(baseUrl + '/url', {bar: 'bar'}).then(() => {
const [url] = fetch.lastCall.args;
assert.equal(url, 'http://foo/a/url?access_token=zbaz');
done();
});
});
test('fetch not signed in', () => {
test('fetch not signed in', done => {
getToken.returns(Promise.resolve());
return auth.fetch('/url', {bar: 'bar'}).then(() => {
auth.fetch('/url', {bar: 'bar'}).then(() => {
const [url, options] = fetch.lastCall.args;
assert.equal(url, '/url');
assert.equal(options.bar, 'bar');
assert.equal(Object.keys(options.headers).length, 0);
done();
});
});
test('fetch signed in', () => {
return auth.fetch('/url', {bar: 'bar'}).then(() => {
test('fetch signed in', done => {
auth.fetch('/url', {bar: 'bar'}).then(() => {
const [url, options] = fetch.lastCall.args;
assert.equal(url, '/a/url?access_token=zbaz');
assert.equal(options.bar, 'bar');
done();
});
});
test('getToken calls are cached', () => {
return Promise.all([
test('getToken calls are cached', done => {
Promise.all([
auth.fetch('/url-one'), auth.fetch('/url-two')]).then(() => {
assert.equal(getToken.callCount, 1);
done();
});
});
test('getToken refreshes token', () => {
test('getToken refreshes token', done => {
sandbox.stub(auth, '_isTokenValid');
auth._isTokenValid
.onFirstCall().returns(true)
.onSecondCall().returns(false)
.onThirdCall().returns(true);
return auth.fetch('/url-one').then(() => {
auth.fetch('/url-one').then(() => {
getToken.returns(Promise.resolve(makeToken('bzzbb')));
return auth.fetch('/url-two');
}).then(() => {
const [[firstUrl], [secondUrl]] = fetch.args;
assert.equal(firstUrl, '/a/url-one?access_token=zbaz');
assert.equal(secondUrl, '/a/url-two?access_token=bzzbb');
done();
});
});
test('signed in token error falls back to anonymous', () => {
test('signed in token error falls back to anonymous', done => {
getToken.returns(Promise.resolve('rubbish'));
return auth.fetch('/url', {bar: 'bar'}).then(() => {
auth.fetch('/url', {bar: 'bar'}).then(() => {
const [url, options] = fetch.lastCall.args;
assert.equal(url, '/url');
assert.equal(options.bar, 'bar');
done();
});
});
@@ -154,12 +352,12 @@ limitations under the License.
}));
});
test('HTTP PUT with content type', () => {
test('HTTP PUT with content type', done => {
const originalOptions = {
method: 'PUT',
headers: new Headers({'Content-Type': 'mail/pigeon'}),
};
return auth.fetch('/url', originalOptions).then(() => {
auth.fetch('/url', originalOptions).then(() => {
assert.isTrue(getToken.called);
const [url, options] = fetch.lastCall.args;
assert.include(url, '$ct=mail%2Fpigeon');
@@ -167,14 +365,15 @@ limitations under the License.
assert.include(url, 'access_token=zbaz');
assert.equal(options.method, 'POST');
assert.equal(options.headers.get('Content-Type'), 'text/plain');
done();
});
});
test('HTTP PUT without content type', () => {
test('HTTP PUT without content type', done => {
const originalOptions = {
method: 'PUT',
};
return auth.fetch('/url', originalOptions).then(() => {
auth.fetch('/url', originalOptions).then(() => {
assert.isTrue(getToken.called);
const [url, options] = fetch.lastCall.args;
assert.include(url, '$ct=text%2Fplain');
@@ -182,6 +381,7 @@ limitations under the License.
assert.include(url, 'access_token=zbaz');
assert.equal(options.method, 'POST');
assert.equal(options.headers.get('Content-Type'), 'text/plain');
done();
});
});
});

59
polygerrit-ui/app/elements/shared/gr-rest-api-interface/gr-rest-api-interface.js
View File

@@ -66,12 +66,6 @@
* @event network-error
*/
/**
* Fired when credentials were rejected by server (e.g. expired).
*
* @event auth-error
*/
/**
* Fired after an RPC completes.
*
@@ -89,10 +83,6 @@
type: Object,
value: new SiteBasedCache(), // Shared across instances.
},
_credentialCheck: {
type: Object,
value: {checking: false}, // Shared across instances.
},
_sharedFetchPromises: {
type: Object,
value: new FetchPromisesCache(), // Shared across instances.
@@ -112,40 +102,12 @@
type: Object,
value: {}, // Intentional to share the object across instances.
},
_auth: {
type: Object,
value: Gerrit.Auth, // Share across instances.
},
};
}
created() {
super.created();
/* Polymer 1 and Polymer 2 have slightly different lifecycle.
* Differences are not very well documented (see
* https://github.com/Polymer/old-docs-site/issues/2322).
* In Polymer 1, created() is called when properties values is not set
* and ready() is always called later, even if element is not added
* to a DOM. I.e. in Polymer 1 _cache and other properties are undefined,
* while in Polymer 2 they are set to default values.
* In Polymer 2, created() is called after properties values set and
* ready() is called only after element is attached to a DOM.
* There are several places in the code, where element is created with
* document.createElement('gr-rest-api-interface') and is not added
* to a DOM.
* In such cases, Polymer 1 calls both created() and ready() methods,
* but Polymer 2 calls only created() method.
* To workaround these differences, we should try to create _restApiHelper
* in both methods.
*/
//
this._initRestApiHelper();
}
ready() {
super.ready();
// See comments in created()
this._auth = Gerrit.Auth;
this._initRestApiHelper();
}
@@ -153,10 +115,9 @@
if (this._restApiHelper) {
return;
}
if (this._cache && this._auth && this._sharedFetchPromises &&
this._credentialCheck) {
if (this._cache && this._auth && this._sharedFetchPromises) {
this._restApiHelper = new GrRestApiHelper(this._cache, this._auth,
this._sharedFetchPromises, this._credentialCheck, this);
this._sharedFetchPromises, this);
}
}
@@ -850,11 +811,7 @@
}
getLoggedIn() {
return this.getAccount().then(account => {
return account != null;
}).catch(() => {
return false;
});
return this._auth.authCheck();
}
getIsAdmin() {
@@ -869,10 +826,6 @@
});
}
checkCredentials() {
return this._restApiHelper.checkCredentials();
}
getDefaultPreferences() {
return this._fetchSharedCacheURL({
url: '/config/server/preferences',
@@ -1347,6 +1300,10 @@
this._restApiHelper.invalidateFetchPromisesPrefix('/projects/?');
}
invalidateAccountsCache() {
this._restApiHelper.invalidateFetchPromisesPrefix('/accounts/');
}
/**
* @param {string} filter
* @param {number} groupsPerPage

129
polygerrit-ui/app/elements/shared/gr-rest-api-interface/gr-rest-api-interface_test.html
View File

@@ -48,8 +48,6 @@ limitations under the License.
window.CANONICAL_PATH = `test${ctr}`;
sandbox = sinon.sandbox.create();
element = fixture('basic');
element._projectLookup = {};
const testJSON = ')]}\'\n{"hello": "bonjour"}';
sandbox.stub(window, 'fetch').returns(Promise.resolve({
ok: true,
@@ -57,6 +55,10 @@ limitations under the License.
return Promise.resolve(testJSON);
},
}));
// fake auth
sandbox.stub(Gerrit.Auth, 'authCheck').returns(Promise.resolve(true));
element = fixture('basic');
element._projectLookup = {};
});
teardown(() => {
@@ -365,117 +367,6 @@ limitations under the License.
});
});
test('auth failure', done => {
const fakeAuthResponse = {
ok: false,
status: 403,
};
window.fetch.onFirstCall().returns(
Promise.reject(new Error('Failed to fetch')));
window.fetch.onSecondCall().returns(Promise.resolve(fakeAuthResponse));
// Emulate logged in.
element._restApiHelper._cache.set('/accounts/self/detail', {});
const serverErrorStub = sandbox.stub();
element.addEventListener('server-error', serverErrorStub);
const authErrorStub = sandbox.stub();
element.addEventListener('auth-error', authErrorStub);
element._restApiHelper.fetchJSON({url: '/bar'}).finally(r => {
flush(() => {
assert.isTrue(authErrorStub.called);
assert.isFalse(serverErrorStub.called);
assert.isFalse(element._cache.has('/accounts/self/detail'));
done();
});
});
});
test('auth failure - test all failed to fetch', done => {
window.fetch.returns(
Promise.reject(new Error('Failed to fetch')));
// Emulate logged in.
element._cache.set('/accounts/self/detail', {});
const serverErrorStub = sandbox.stub();
element.addEventListener('server-error', serverErrorStub);
const authErrorStub = sandbox.stub();
element.addEventListener('auth-error', authErrorStub);
element._restApiHelper.fetchJSON({url: '/bar'}).finally(r => {
flush(() => {
assert.isTrue(authErrorStub.called);
assert.isFalse(serverErrorStub.called);
assert.isFalse(element._cache.has('/accounts/self/detail'));
done();
});
});
});
test('getLoggedIn returns false when network/auth failure', done => {
window.fetch.returns(
Promise.reject(new Error('Failed to fetch')));
element.getLoggedIn().then(isLoggedIn => {
assert.isFalse(isLoggedIn);
done();
});
});
test('checkCredentials', done => {
const responses = [
{
ok: false,
status: 403,
text() { return Promise.resolve(); },
},
{
ok: true,
status: 200,
text() { return Promise.resolve(')]}\'{}'); },
},
];
window.fetch.restore();
sandbox.stub(window, 'fetch', url => {
if (url === window.CANONICAL_PATH + '/accounts/self/detail') {
return Promise.resolve(responses.shift());
}
});
element.getLoggedIn().then(account => {
assert.isNotOk(account);
element.checkCredentials().then(account => {
assert.isOk(account);
done();
});
});
});
test('checkCredentials promise rejection', () => {
window.fetch.restore();
element._cache.set('/accounts/self/detail', true);
const checkCredentialsSpy =
sandbox.spy(element._restApiHelper, 'checkCredentials');
sandbox.stub(window, 'fetch', url => {
return Promise.reject(new Error('Failed to fetch'));
});
return element.getConfig(true)
.catch(err => undefined)
.then(() => {
// When the top-level fetch call throws an error, it invokes
// checkCredentials, which in turn makes another fetch call.
// The second fetch call also fails, which leads to a second
// invocation of checkCredentials, which should immediately
// return instead of making further fetch calls.
assert.isTrue(checkCredentialsSpy .calledTwice);
assert.isTrue(window.fetch.calledTwice);
});
});
test('checkCredentials accepts only json', () => {
const authFetchStub = sandbox.stub(element._auth, 'fetch')
.returns(Promise.resolve());
element.checkCredentials();
assert.isTrue(authFetchStub.called);
assert.equal(authFetchStub.lastCall.args[1].headers.get('Accept'),
'application/json');
});
test('legacy n,z key in change url is replaced', () => {
const stub = sandbox.stub(element._restApiHelper, 'fetchJSON')
.returns(Promise.resolve([]));
@@ -922,6 +813,18 @@ limitations under the License.
assert.isFalse(element._cache.has(url));
});
test('invalidateAccountsCache', () => {
const url = '/accounts/self/detail';
element._cache.set(url, {});
element.invalidateAccountsCache();
assert.isUndefined(element._sharedFetchPromises[url]);
assert.isFalse(element._cache.has(url));
});
suite('getRepos', () => {
const defaultQuery = 'state%3Aactive%20OR%20state%3Aread-only';
let fetchCacheURLStub;

48
polygerrit-ui/app/elements/shared/gr-rest-api-interface/gr-rest-apis/gr-rest-api-helper.js
View File

@@ -18,7 +18,6 @@
'use strict';
const JSON_PREFIX = ')]}\'';
const FAILED_TO_FETCH_ERROR = 'Failed to fetch';
/**
* Wrapper around Map for caching server responses. Site-based so that
@@ -107,15 +106,13 @@
* @param {SiteBasedCache} cache
* @param {object} auth
* @param {FetchPromisesCache} fetchPromisesCache
* @param {object} credentialCheck
* @param {object} restApiInterface
*/
constructor(cache, auth, fetchPromisesCache, credentialCheck,
constructor(cache, auth, fetchPromisesCache,
restApiInterface) {
this._cache = cache;// TODO: make it public
this._auth = auth;
this._fetchPromisesCache = fetchPromisesCache;
this._credentialCheck = credentialCheck;
this._restApiInterface = restApiInterface;
}
@@ -190,15 +187,10 @@
}
return res;
}).catch(err => {
const isLoggedIn = !!this._cache.get('/accounts/self/detail');
if (isLoggedIn && err && err.message === FAILED_TO_FETCH_ERROR) {
this.checkCredentials();
if (req.errFn) {
req.errFn.call(undefined, null, err);
} else {
if (req.errFn) {
req.errFn.call(undefined, null, err);
} else {
this.fire('network-error', {error: err});
}
this.fire('network-error', {error: err});
}
throw err;
});
@@ -384,37 +376,6 @@
return xhr;
}
checkCredentials() {
if (this._credentialCheck.checking) {
return;
}
this._credentialCheck.checking = true;
let req = {url: '/accounts/self/detail', reportUrlAsIs: true};
req = this.addAcceptJsonHeader(req);
// Skip the REST response cache.
return this.fetchRawJSON(req).then(res => {
if (!res) { return; }
if (res.status === 403) {
this.fire('auth-error');
this._cache.delete('/accounts/self/detail');
} else if (res.ok) {
return this.getResponseObject(res);
}
}).then(res => {
this._credentialCheck.checking = false;
if (res) {
this._cache.set('/accounts/self/detail', res);
}
return res;
}).catch(err => {
this._credentialCheck.checking = false;
if (err && err.message === FAILED_TO_FETCH_ERROR) {
this.fire('auth-error');
this._cache.delete('/accounts/self/detail');
}
});
}
/**
* @param {string} prefix
*/
@@ -428,4 +389,3 @@
window.FetchPromisesCache = FetchPromisesCache;
window.GrRestApiHelper = GrRestApiHelper;
})(window);

3
polygerrit-ui/app/elements/shared/gr-rest-api-interface/gr-rest-apis/gr-rest-api-helper_test.html
View File

@@ -41,7 +41,6 @@ limitations under the License.
sandbox = sinon.sandbox.create();
cache = new SiteBasedCache();
fetchPromisesCache = new FetchPromisesCache();
const credentialCheck = {checking: false};
window.CANONICAL_PATH = 'testhelper';
@@ -59,7 +58,7 @@ limitations under the License.
}));
helper = new GrRestApiHelper(cache, Gerrit.Auth, fetchPromisesCache,
credentialCheck, mockRestApiInterface);
mockRestApiInterface);
});
teardown(() => {