Merge pull request #227 from authts/fix-225

fix 225
authts · Nov 30, 2021 · 72a8baf · 72a8baf
2 parents 8766545 + f15ba9e
commit 72a8baf
Show file tree

Hide file tree

Showing 11 changed files with 345 additions and 151 deletions.
diff --git a/docs/oidc-client-ts.api.md b/docs/oidc-client-ts.api.md
@@ -186,7 +186,7 @@ export class MetadataService {
     // (undocumented)
     protected _getMetadataProperty(name: keyof OidcMetadata, optional?: boolean): Promise<string | boolean | string[] | undefined>;
     // (undocumented)
-    getRevocationEndpoint(): Promise<string | undefined>;
+    getRevocationEndpoint(optional?: boolean): Promise<string | undefined>;
     // (undocumented)
     getSigningKeys(): Promise<SigningKey[] | null>;
     // (undocumented)
@@ -699,15 +699,6 @@ export interface StateStore {
     set(key: string, value: string): Promise<void>;
 }
 
-// @public (undocumented)
-export class TokenRevocationClient {
-    constructor(settings: OidcClientSettingsStore, metadataService: MetadataService);
-    // (undocumented)
-    revoke(token: string, required: boolean, type?: string): Promise<void>;
-    // (undocumented)
-    protected _revoke(url: string, client_id: string, client_secret: string | undefined, token: string, type: string): Promise<void>;
-}
-
 // @public (undocumented)
 export class User {
     constructor(args: {
@@ -775,11 +766,7 @@ export class UserManager {
     // (undocumented)
     revokeAccessToken(): Promise<void>;
     // (undocumented)
-    protected _revokeAccessTokenInternal(access_token: string, required: boolean): Promise<boolean>;
-    // (undocumented)
-    protected _revokeInternal(user: User | null, required?: boolean): Promise<boolean>;
-    // (undocumented)
-    protected _revokeRefreshTokenInternal(refresh_token: string | undefined, required: boolean): Promise<boolean>;
+    protected _revokeInternal(user: User | null, optional: boolean): Promise<boolean>;
     // (undocumented)
     protected readonly _sessionMonitor: SessionMonitor | null;
     readonly settings: UserManagerSettingsStore;
@@ -826,8 +813,6 @@ export class UserManager {
     // (undocumented)
     protected readonly _tokenClient: TokenClient;
     // (undocumented)
-    protected readonly _tokenRevocationClient: TokenRevocationClient;
-    // (undocumented)
     protected _useRefreshToken(user: User): Promise<User>;
     // (undocumented)
     protected get _userStoreKey(): string;

diff --git a/samples/Parcel/src/code-flow-identityserver/sample.html b/samples/Parcel/src/code-flow-identityserver/sample.html
@@ -14,6 +14,7 @@
             <button id="getUser">get user</button>
             <button id="removeUser">remove user</button>
             <button id="querySessionStatus">query user status at token server</button>
+            <button id="revokeAccessToken">revoke access token</button>
         </div>
         <div>
             <button id="startSigninMainWindow">start signin main window</button>

diff --git a/samples/Parcel/src/code-flow-identityserver/sample.js b/samples/Parcel/src/code-flow-identityserver/sample.js
@@ -10,6 +10,7 @@ document.getElementById("clearState").addEventListener("click", clearState, fals
 document.getElementById("getUser").addEventListener("click", getUser, false);
 document.getElementById("removeUser").addEventListener("click", removeUser, false);
 document.getElementById("querySessionStatus").addEventListener("click", querySessionStatus, false);
+document.getElementById("revokeAccessToken").addEventListener("click", revokeAccessToken, false);
 
 document.getElementById("startSigninMainWindow").addEventListener("click", startSigninMainWindow, false);
 document.getElementById("endSigninMainWindow").addEventListener("click", endSigninMainWindow, false);
@@ -114,6 +115,22 @@ function removeUser() {
     });
 }
 
+function querySessionStatus() {
+    mgr.querySessionStatus().then(function(status) {
+        log("user's session status", status);
+    }).catch(function(err) {
+        log(err);
+    });
+}
+
+function revokeAccessToken() {
+    mgr.revokeAccessToken().then(function() {
+        log("access token revoked");
+    }).catch(function(err) {
+        log(err);
+    });
+}
+
 function startSigninMainWindow() {
     mgr.signinRedirect(/*{useReplaceToNavigate:true}*/).then(function() {
         log("signinRedirect done");
@@ -158,14 +175,6 @@ function iframeSignin() {
     });
 }
 
-function querySessionStatus() {
-    mgr.querySessionStatus().then(function(status) {
-        log("user's session status", status);
-    }).catch(function(err) {
-        log(err);
-    });
-}
-
 function startSignoutMainWindow() {
     mgr.signoutRedirect().then(function(resp) {
         log("signed out", resp);

diff --git a/src/JsonService.test.ts b/src/JsonService.test.ts
@@ -233,7 +233,7 @@ describe("JsonService", () => {
                     Accept: "application/json",
                     "Content-Type": "application/json"
                 }),
-                json: () => Promise.resolve(json)
+                text: () => Promise.resolve(JSON.stringify(json))
             } as Response);
 
             // act
@@ -263,7 +263,7 @@ describe("JsonService", () => {
                     Accept: "application/json",
                     "Content-Type": "application/json"
                 }),
-                json: () => Promise.reject(error)
+                text: () => Promise.reject(error)
             } as Response);
 
             // act
@@ -282,7 +282,7 @@ describe("JsonService", () => {
                     Accept: "application/json",
                     "Content-Type": "text/html"
                 }),
-                json: () => Promise.resolve(json)
+                text: () => Promise.resolve(JSON.stringify(json))
             } as Response);
 
             // act
@@ -301,7 +301,7 @@ describe("JsonService", () => {
                     Accept: "application/json",
                     "Content-Type": "application/json"
                 }),
-                json: () => Promise.resolve(json)
+                text: () => Promise.resolve(JSON.stringify(json))
             } as Response);
 
             // act
@@ -320,7 +320,7 @@ describe("JsonService", () => {
                     Accept: "application/json",
                     "Content-Type": "application/json"
                 }),
-                json: () => Promise.resolve(json)
+                text: () => Promise.resolve(JSON.stringify(json))
             } as Response);
 
             // act
@@ -339,7 +339,7 @@ describe("JsonService", () => {
                     Accept: "application/json",
                     "Content-Type": "application/json"
                 }),
-                json: () => Promise.reject(new SyntaxError("Unexpected token a in JSON"))
+                text: () => Promise.resolve("not_json_data")
             } as Response);
 
             // act
@@ -358,7 +358,7 @@ describe("JsonService", () => {
                     Accept: "application/json",
                     "Content-Type": "text/html"
                 }),
-                json: () => Promise.resolve(json)
+                text: () => Promise.resolve(JSON.stringify(json))
             } as Response);
 
             // act
@@ -369,11 +369,13 @@ describe("JsonService", () => {
 
         it("should reject promise when http response is not 200", async () => {
             // arrange
+            const json = {};
             mocked(fetch).mockResolvedValue({
                 status: 500,
                 statusText: "server error",
                 ok: false,
                 headers: new Headers(),
+                text: () => Promise.resolve(JSON.stringify(json))
             } as Response);
 
             // act
@@ -393,7 +395,7 @@ describe("JsonService", () => {
                     Accept: "application/json",
                     "Content-Type": "foo/bar"
                 }),
-                json: () => Promise.resolve(json)
+                text: () => Promise.resolve(JSON.stringify(json))
             } as Response);
 
             // act

diff --git a/src/JsonService.ts b/src/JsonService.ts
@@ -99,22 +99,27 @@ export class JsonService {
         if (contentType && !this._contentTypes.find(item => contentType.startsWith(item))) {
             throw new Error(`Invalid response Content-Type: ${(contentType ?? "undefined")}, from URL: ${url}`);
         }
-        let json: Record<string, unknown>;
+
+        const responseText = await response.text();
+
+        let json: Record<string, unknown> = {};
         try {
-            json = await response.json();
+            json = JSON.parse(responseText);
         }
         catch (err) {
             this._logger.error("postForm: Error parsing JSON response", err);
             if (response.ok) throw err;
             throw new Error(`${response.statusText} (${response.status})`);
         }
+
         if (!response.ok) {
             this._logger.error("postForm: Error from server:", json);
             if (json.error) {
                 throw new ErrorResponse(json);
             }
             throw new Error(`${response.statusText} (${response.status}): ${JSON.stringify(json)}`);
         }
+
         return json;
     }
 }
diff --git a/src/MetadataService.ts b/src/MetadataService.ts
@@ -100,8 +100,8 @@ export class MetadataService {
         return this._getMetadataProperty("end_session_endpoint", true) as Promise<string | undefined>;
     }
 
-    public getRevocationEndpoint(): Promise<string | undefined> {
-        return this._getMetadataProperty("revocation_endpoint", true) as Promise<string | undefined>;
+    public getRevocationEndpoint(optional = true): Promise<string | undefined> {
+        return this._getMetadataProperty("revocation_endpoint", optional) as Promise<string | undefined>;
     }
 
     public getKeysEndpoint(optional?: true): Promise<string | undefined>