Make sure authentication methods are retrieved if token is invalid but not expired (DSpace#4663)

Author: ybnd

src/app/core/auth/auth.actions.ts

@@ -69,8 +69,16 @@ export class AuthenticatedAction implements Action {
   public type: string = AuthActionTypes.AUTHENTICATED;
   payload: AuthTokenInfo;
 
-  constructor(token: AuthTokenInfo) {
+  /**
+   * Whether we should consider the given authentication info final.
+   * If the backend restarted we may have a token that hasn't expired yet, but it will be invalid anyway.
+   * In this case we'll have to check twice.
+   */
+  checkAgain: boolean;
+
+  constructor(token: AuthTokenInfo, checkAgain = false) {
     this.payload = token;
+    this.checkAgain = checkAgain;
   }
 }
 

src/app/core/auth/auth.effects.spec.ts

@@ -161,25 +161,37 @@ describe('AuthEffects', () => {
 
     describe('when token is valid', () => {
       it('should return a AUTHENTICATED_SUCCESS action in response to a AUTHENTICATED action', () => {
-        actions = hot('--a-', { a: { type: AuthActionTypes.AUTHENTICATED, payload: token } });
+        actions = hot('--a-', { a: new AuthenticatedAction(token) });
 
         const expected = cold('--b-', { b: new AuthenticatedSuccessAction(true, token, EPersonMock._links.self.href) });
 
         expect(authEffects.authenticated$).toBeObservable(expected);
       });
     });
 
-    describe('when token is not valid', () => {
+    describe('when token is expired', () => {
       it('should return a AUTHENTICATED_ERROR action in response to a AUTHENTICATED action', () => {
         spyOn((authEffects as any).authService, 'authenticatedUser').and.returnValue(observableThrow(new Error('Message Error test')));
 
-        actions = hot('--a-', { a: { type: AuthActionTypes.AUTHENTICATED, payload: token } });
+        actions = hot('--a-', { a: new AuthenticatedAction(token) });
 
         const expected = cold('--b-', { b: new AuthenticatedErrorAction(new Error('Message Error test')) });
 
         expect(authEffects.authenticated$).toBeObservable(expected);
       });
     });
+
+    describe('when token is not valid but also not expired (~ cookie)', () => {
+      it('should return a AUTHENTICATED_ERROR action in response to a AUTHENTICATED action', () => {
+        spyOn((authEffects as any).authService, 'authenticatedUser').and.returnValue(observableThrow(new Error('Message Error test')));
+
+        actions = hot('--a-', { a: new AuthenticatedAction(token, true) });
+
+        const expected = cold('--b-', { b: new CheckAuthenticationTokenCookieAction() });
+
+        expect(authEffects.authenticated$).toBeObservable(expected);
+      });
+    });
   });
 
   describe('authenticatedSuccess$', () => {
@@ -215,7 +227,7 @@ describe('AuthEffects', () => {
 
         actions = hot('--a-', { a: { type: AuthActionTypes.CHECK_AUTHENTICATION_TOKEN } });
 
-        const expected = cold('--b-', { b: new AuthenticatedAction(token) });
+        const expected = cold('--b-', { b: new AuthenticatedAction(token, true) });
 
         expect(authEffects.checkToken$).toBeObservable(expected);
       });

src/app/core/auth/auth.effects.ts

@@ -125,7 +125,13 @@ export class AuthEffects {
     switchMap((action: AuthenticatedAction) => {
       return this.authService.authenticatedUser(action.payload).pipe(
         map((userHref: string) => new AuthenticatedSuccessAction((userHref !== null), action.payload, userHref)),
-        catchError((error: unknown) => errorToAuthAction$(AuthenticatedErrorAction, error)),
+        catchError((error: unknown) => {
+          if (action.checkAgain) {
+            return of(new CheckAuthenticationTokenCookieAction());
+          } else {
+            return errorToAuthAction$(AuthenticatedErrorAction, error);
+          }
+        }),
       );
     }),
   ));
@@ -180,7 +186,7 @@ export class AuthEffects {
   public checkToken$: Observable<Action> = createEffect(() => this.actions$.pipe(ofType(AuthActionTypes.CHECK_AUTHENTICATION_TOKEN),
     switchMap(() => {
       return this.authService.hasValidAuthenticationToken().pipe(
-        map((token: AuthTokenInfo) => new AuthenticatedAction(token)),
+        map((token: AuthTokenInfo) => new AuthenticatedAction(token, true)),
         catchError((error: unknown) => of(new CheckAuthenticationTokenCookieAction())),
       );
     }),