diff --git a/CHANGELOG.md b/CHANGELOG.md index f998ff832..881013c03 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,8 @@ * Provide optional tenant argument to `useOkapiKy` hook. Refs STCOR-747. * Avoid private path when import `validateUser` function. Refs STCOR-749. * Ensure `` is not cut off when app name is long. Refs STCOR-752. +* Use cookies and RTR instead of directly handling the JWT. Refs STCOR-671, FOLIO-3627. +* Shrink the token lifespan so we are less likely to use an expired one. Refs STCOR-754. ## [10.0.0](https://github.com/folio-org/stripes-core/tree/v10.0.0) (2023-10-11) [Full Changelog](https://github.com/folio-org/stripes-core/compare/v9.0.0...v10.0.0) diff --git a/src/service-worker.test.js b/src/service-worker.test.js index 3c0592736..11c70fb18 100644 --- a/src/service-worker.test.js +++ b/src/service-worker.test.js @@ -8,6 +8,7 @@ import { passThrough, passThroughLogout, rtr, + TTL_WINDOW, } from './service-worker'; // reassign console.log to keep things quiet @@ -25,8 +26,12 @@ afterAll(() => { }); describe('isValidAT', () => { - it('returns true for valid ATs', () => { - expect(isValidAT({ atExpires: Date.now() + 1000 })).toBe(true); + it('returns true for ATs with 95% or more of their TTL remaining', () => { + expect(isValidAT({ atExpires: (Date.now() / TTL_WINDOW) + 10000 })).toBe(true); + }); + + it('returns false for ATs 5% or less of their TTL remaining', () => { + expect(isValidAT({ atExpires: Date.now() + 1000 })).toBe(false); }); it('returns false for expired ATs', () => { @@ -39,8 +44,12 @@ describe('isValidAT', () => { }); describe('isValidRT', () => { - it('returns true for valid ATs', () => { - expect(isValidRT({ rtExpires: Date.now() + 1000 })).toBe(true); + it('returns true for valid RTs', () => { + expect(isValidRT({ rtExpires: (Date.now() / TTL_WINDOW) + 1000 })).toBe(true); + }); + + it('returns false for RTs 5% or less of their TTL remaining', () => { + expect(isValidRT({ rtExpires: Date.now() + 1000 })).toBe(false); }); it('returns false for expired RTs', () => { @@ -118,7 +127,7 @@ describe('isPermissibleRequest', () => { describe('when AT is valid', () => { it('when AT is valid, accepts any endpoint', () => { const req = { url: 'monkey' }; - const te = { atExpires: Date.now() + 1000, rtExpires: Date.now() + 1000 }; + const te = { atExpires: (Date.now() / TTL_WINDOW) + 1000, rtExpires: (Date.now() / TTL_WINDOW) + 1000 }; expect(isPermissibleRequest(req, te, '')).toBe(true); }); }); @@ -295,7 +304,7 @@ describe('passThrough', () => { clone: () => req, } }; - const tokenExpiration = { atExpires: Date.now() + 10000 }; + const tokenExpiration = { atExpires: (Date.now() / TTL_WINDOW) + 10000 }; const response = { ok: true }; global.fetch = jest.fn(() => Promise.resolve(response)); @@ -313,7 +322,7 @@ describe('passThrough', () => { clone: () => req, } }; - const tokenExpiration = { atExpires: Date.now() + 10000 }; + const tokenExpiration = { atExpires: (Date.now() / TTL_WINDOW) + 10000 }; const response = { ok: false, @@ -338,8 +347,8 @@ describe('passThrough', () => { } }; const tokenExpiration = { - atExpires: Date.now() + 1000, // at says it's valid, but ok == false - rtExpires: Date.now() + 1000 + atExpires: (Date.now() / TTL_WINDOW) + 1000, // at says it's valid, but ok == false + rtExpires: (Date.now() / TTL_WINDOW) + 1000 }; const response = 'los alamos'; @@ -373,7 +382,7 @@ describe('passThrough', () => { }; const tokenExpiration = { atExpires: Date.now() - 1000, - rtExpires: Date.now() + 1000 + rtExpires: (Date.now() / TTL_WINDOW) + 1000 }; const response = 'los alamos';