force logout if refresh token is not valid

Author: massimozappino

CHANGELOG.md

@@ -4,8 +4,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
-## Unreleased
-
+## [1.3.1] - (2020-07-26)
+### Fixed
+- force logout if refresh token is not valid
 
 ## [1.3.0] - (2020-07-19)
 ### Added
@@ -54,6 +55,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ### Added
 - added methods to manage TagMyCode API
 
+[1.3.1]: https://github.com/massimozappino/tagmycode-java-sdk/compare/v1.3.0...v1.3.1
 [1.3.0]: https://github.com/massimozappino/tagmycode-java-sdk/compare/v1.2.1...v1.3.0
 [1.2.1]: https://github.com/massimozappino/tagmycode-java-sdk/compare/v1.2.0...v1.2.1
 [1.2.0]: https://github.com/massimozappino/tagmycode-java-sdk/compare/v1.1.1...v1.2.0

pom.xml

@@ -4,7 +4,7 @@
     <groupId>com.tagmycode</groupId>
     <artifactId>tagmycode-sdk</artifactId>
     <packaging>jar</packaging>
-    <version>1.3.1-SNAPSHOT</version>
+    <version>1.3.1</version>
     <name>TagMyCode Java SDK</name>
     <description>Java SDK for TagMyCode REST API</description>
     <url>http://tagmycode.com</url>
@@ -151,6 +151,9 @@
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
                         <version>2.9.1</version>
+                        <configuration>
+                            <source>8</source>
+                        </configuration>
                         <executions>
                             <execution>
                                 <id>attach-javadocs</id>

src/main/java/com/tagmycode/sdk/Client.java

@@ -13,6 +13,7 @@
 import org.scribe.model.Verifier;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+
 import java.util.Map;
 
 public class Client {
@@ -62,8 +63,9 @@ public void refreshOauthToken() throws TagMyCodeException {
         try {
             fetchAndSetRefreshToken(service.getAccessTokenFromRefreshToken(oauthToken.getRefreshToken()));
         } catch (OAuthException e) {
-            String message = "Error fetching refresh token: " + e.getMessage();
-            if (e.getMessage().contains("refresh_token")) {
+            String exceptionMessage = e.getMessage();
+            String message = "Error fetching refresh token: " + exceptionMessage;
+            if (responseIsUnauthorized(exceptionMessage)) {
                 throw new TagMyCodeUnauthorizedException(message);
             } else {
                 throw new TagMyCodeException(message);
@@ -190,6 +192,10 @@ public void revokeAccess() throws TagMyCodeException {
         wallet.deleteOauthToken();
     }
 
+    public boolean responseIsUnauthorized(String responseMessage) {
+        return responseMessage.contains("refresh_token") || responseMessage.contains("invalid_grant");
+    }
+
     private void logRequest(OAuthRequest request) {
         logger.debug(request.getVerb() + " " + request.getUrl() + "?" + request.getQueryStringParams().asFormUrlEncodedString());
         logger.debug("\tHEADERS: " + request.getHeaders().entrySet());

src/main/java/com/tagmycode/sdk/DateParser.java

@@ -12,7 +12,7 @@
 public class DateParser {
 
     private TimeZone timezone;
-    private Date date;
+    private final Date date;
 
     public DateParser(Date date) {
         this.date = date;

src/test/java/com/tagmycode/sdk/ClientTest.java

@@ -154,7 +154,6 @@ public void fetchTokensShouldWorkCorrectly() throws TagMyCodeException {
     @Test
     public void refreshOauthTokenReceiveNewAccessToken() throws Exception {
         stubFor(post(urlMatching("/oauth2/token.*"))
-                .withRequestBody((matching(".*refresh_token.*")))
                 .willReturn(aResponse()
                         .withStatus(200)
                         .withHeader("Content-Type", "text/plain")
@@ -168,22 +167,24 @@ public void refreshOauthTokenReceiveNewAccessToken() throws Exception {
     }
 
     @Test
-    public void refreshOauthTokenWithInvalidTokenThrowsException() throws Exception {
+    public void failedRefreshTokenThrownTagMyCodeUnauthorizedException() {
         stubFor(post(urlMatching("/oauth2/token.*"))
-                .withRequestBody((matching(".*refresh_token.*")))
                 .willReturn(aResponse()
                         .withStatus(401)
                         .withHeader("Content-Type", "text/plain")
                         .withBody("{\"error\":\"invalid_grant\",\"error_description\":\"Invalid refresh token\"}"
                         )));
-        assertEquals(new OauthToken("xxx", "yyy"), client.getOauthToken());
+        Client spyClient = spy(client);
+        assertEquals(new OauthToken("xxx", "yyy"), spyClient.getOauthToken());
 
         try {
-            client.refreshOauthToken();
+            spyClient.refreshOauthToken();
             fail("Expected exception");
-        } catch (TagMyCodeException ignore) {
+        } catch (TagMyCodeException e) {
+            assertTrue(e instanceof TagMyCodeUnauthorizedException);
         }
-        assertEquals(new OauthToken("xxx", "yyy"), client.getOauthToken());
+        assertEquals(new OauthToken("xxx", "yyy"), spyClient.getOauthToken());
+        verify(spyClient, times(1)).responseIsUnauthorized(anyString());
     }
 
     @Test
@@ -196,7 +197,6 @@ public void expiredAccessTokenShouldBeRefreshed() throws Exception {
                         )));
 
         stubFor(post(urlMatching("/oauth2/token.*"))
-                .withRequestBody((matching(".*refresh_token.*")))
                 .willReturn(aResponse()
                         .withStatus(200)
                         .withHeader("Content-Type", "text/plain")
@@ -213,26 +213,12 @@ public void expiredAccessTokenShouldBeRefreshed() throws Exception {
     }
 
     @Test
-    public void failedRefreshTokenThrownTagMyCodeUnauthorizedException() throws TagMyCodeException {
-        stubFor(get(urlMatching("/account.*"))
-                .willReturn(aResponse()
-                        .withStatus(401)
-                        .withHeader("Content-Type", "text/plain")
-                        .withBody(""
-                        )));
+    public void testResponseIsUnauthorized() {
+        assertTrue(client.responseIsUnauthorized("{\"error\":\"invalid_grant\",\"error_description\":\"Invalid refresh token\"}"));
+        assertTrue(client.responseIsUnauthorized("message contains refresh_token "));
 
-        stubFor(post(urlMatching("/oauth2/token.*"))
-                .withRequestBody((matching(".*refresh_token.*")))
-                .willReturn(aResponse()
-                        .withStatus(401)
-                        .withHeader("Content-Type", "text/plain")
-                        .withBody("{}"
-                        )));
-        try {
-            new TagMyCode(client).fetchAccount();
-            fail("Expected exception");
-        } catch (TagMyCodeException ignored) {
-        }
+        assertFalse(client.responseIsUnauthorized(""));
+        assertFalse(client.responseIsUnauthorized("{}"));
     }
 
     @Test