Add authenticated property on Kuzzle object #390
Conversation
Codecov Report
@@ Coverage Diff @@
## 6-dev #390 +/- ##
==========================================
- Coverage 96.44% 96.31% -0.13%
==========================================
Files 31 32 +1
Lines 1489 1519 +30
==========================================
+ Hits 1436 1463 +27
- Misses 53 56 +3
Continue to review full report at Codecov.
|
src/Kuzzle.js
Outdated
|
|
||
| this.protocol.addListener('tokenExpired', () => { | ||
| this.jwt = undefined; | ||
| this.jwtExpiresAt = undefined; |
There was a problem hiding this comment.
It's just question from a JS noob, what is the difference between:
this.jwtExpiresAt = undefined;and
delete this.jwtExpiresAt;There was a problem hiding this comment.
With this.jwt = undefined the function hasOwnProperty('jwt') will still return true but in this case it's change nothing
There was a problem hiding this comment.
👍
- I like the handling the token's expiration time. But I think you need to go further, and add a timeout handler triggering a
tokenExpiredevent whence the token expires
👎
isLoggedis a bad name, preferisAuthenticated, or perhapsisLoggedIn- I don't see the point of the
isLoggedfunction, since it's specified that thejwtproperty holds a value if a not-expired token is set. Note that I didn't say anything about the token being valid: the SDK doesn't know if the token is still valid unless a call to the API is made, ifauth:checkTokenis invoked, or if a realtime subscription is active. So, unfortunately, that new function doesn't bring added value to the already existingjwtgetter.
src/Kuzzle.js
Outdated
| return false; | ||
| } | ||
|
|
||
| return this.jwtExpiresAt > Date.now(); |
There was a problem hiding this comment.
This falls short as soon as the jwt property is set with a custom token (i.e. saved from an earlier connection), which is a very, very common situation.
For this to work, you must also update the jwt setter, decode the token's payload and retrieve its timeout value.
src/Kuzzle.js
Outdated
| } | ||
|
|
||
| get authenticated () { | ||
| return this.jwt !== null && this.jwt !== undefined; |
There was a problem hiding this comment.
(nitpicking) according to the jwt setter code, that property can never be null
Aschen
requested review from
Yoann-Abbes,
alexandrebouthinon and
scottinet
and removed request for
scottinet
src/controllers/auth.js
Outdated
| * @return {Promise|*|PromiseLike<T>|Promise<T>} | ||
| */ | ||
| checkToken (token) { | ||
| checkToken (token = undefined) { |
There was a problem hiding this comment.
The default parameter is useless: it'll set token to undefined only if it is... undefined.
| */ | ||
| checkToken (token) { | ||
| checkToken (token = undefined) { | ||
| if (token === undefined && this.authenticationToken) { |
There was a problem hiding this comment.
(to be discussed) Personnally, I would throw if no token is defined or, perhaps better, I would let Kuzzle respond that it needs a token to be verified (like it was done before your changes)
And if users want to verify the stored token, they only need to use it like this: kuzzle.auth.checkToken(kuzzle.jwt)
Don't forget that the SDK automatically does an auth:checkToken on the stored jwt when a network connection is (re-)established.
There was a problem hiding this comment.
I know this was the original behaviour but most of the time users want to check if the token stored by the SDK is still valid so IMHO they will understand that if you call this method without a specific token, it will check the SDK internal token.
Also it's more simpler to get ride of the kuzzle.jwt argument.
But maybe I can throw an error if checkToken is called without a token and if there is no internal token
There was a problem hiding this comment.
The token is already automatically checked by the SDK, but... why not In that case, you have to document it properly in the checkToken SDK documentation
Co-Authored-By: Sébastien Cottinet <scottinet@protonmail.com>
| */ | ||
| checkToken (token) { | ||
| checkToken (token = undefined) { | ||
| if (token === undefined && this.authenticationToken) { |
There was a problem hiding this comment.
The token is already automatically checked by the SDK, but... why not In that case, you have to document it properly in the checkToken SDK documentation
|
@Yoann-Abbes and @alexandrebouthinon You might want to review this PR again since I extracted the JWT from Kuzzle object |
## What does this PR do? Document kuzzleio/sdk-javascript#390 Based on #315 Original PR on v2: #297
Release 6.1.2
Bug fixes
[ #398 ] Fix bulk return (Aschen)
[ #394 ] Add default values for from/size to document:search (Aschen)
[ #384 ] Fix search API: "sort" and "search_after" must be in the requests body (scottinet)
Enhancements
[ #390 ] Add authenticated property on Kuzzle object (Aschen)
[ #395 ] Proxify kuzzle to avoid mistyping error (thomasarbona)
[ #389 ] Remove usage of _meta (Aschen)
[ #391 ] Add isConnected (Aschen)
[ #388 ] Use BaseController class for controllers (Aschen)
[ #385 ] Add Security.createRestrictedUser method (Aschen)
Others
[ #400 ] Fix large document search using scroll (stafyniaksacha)
[ #387 ] SearchResult.next returns a new instance (Aschen)
What does this PR do?
authenticatedproperty on the Kuzzle objectHow should this be manually tested?
Other changes
Boyscout