Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix!: makes changes to the session recipe functions #340

Merged
merged 3 commits into from
Jun 30, 2022
Merged

fix!: makes changes to the session recipe functions #340

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4b99f6f
makes changes to the session recipe
rishabhpoddar Jun 28, 2022
30e47a6
fixes tests
rishabhpoddar Jun 29, 2022
3a02ab9
cleans up error throwing in sessionCLass
rishabhpoddar Jun 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [unreleased]

### Breaking change:

- Changes session function recipe interfaces to not throw an UNAUTHORISED error when the input is a sessionHandle: https://github.com/supertokens/backend/issues/83
- `getSessionInformation` now returns `undefined` is the session does not exist
- `updateSessionData` now returns `false` if the input `sessionHandle` does not exist.
- `updateAccessTokenPayload` now returns `false` if the input `sessionHandle` does not exist.
- `regenerateAccessToken` now returns `undefined` if the input access token's `sessionHandle` does not exist.
- The sessionClass functions have not changed in behaviour and still throw UNAUTHORISED. This works cause the sessionClass works on the current session and not some other session.

## [10.0.1] - 2022-06-28

### Fixes
Expand Down
39 changes: 21 additions & 18 deletions lib/build/recipe/session/index.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,37 +25,40 @@ export default class SessionWrapper {
options?: VerifySessionOptions,
userContext?: any
): Promise<SessionContainer | undefined>;
static getSessionInformation(sessionHandle: string, userContext?: any): Promise<SessionInformation>;
static getSessionInformation(sessionHandle: string, userContext?: any): Promise<SessionInformation | undefined>;
static refreshSession(req: any, res: any, userContext?: any): Promise<SessionContainer>;
static revokeAllSessionsForUser(userId: string, userContext?: any): Promise<string[]>;
static getAllSessionHandlesForUser(userId: string, userContext?: any): Promise<string[]>;
static revokeSession(sessionHandle: string, userContext?: any): Promise<boolean>;
static revokeMultipleSessions(sessionHandles: string[], userContext?: any): Promise<string[]>;
static updateSessionData(sessionHandle: string, newSessionData: any, userContext?: any): Promise<void>;
static updateSessionData(sessionHandle: string, newSessionData: any, userContext?: any): Promise<boolean>;
static regenerateAccessToken(
accessToken: string,
newAccessTokenPayload?: any,
userContext?: any
): Promise<{
status: "OK";
session: {
handle: string;
userId: string;
userDataInJWT: any;
};
accessToken?:
| {
token: string;
expiry: number;
createdTime: number;
}
| undefined;
}>;
): Promise<
| {
status: "OK";
session: {
handle: string;
userId: string;
userDataInJWT: any;
};
accessToken?:
| {
token: string;
expiry: number;
createdTime: number;
}
| undefined;
}
| undefined
>;
static updateAccessTokenPayload(
sessionHandle: string,
newAccessTokenPayload: any,
userContext?: any
): Promise<void>;
): Promise<boolean>;
static createJWT(
payload?: any,
validitySeconds?: number,
Expand Down
5 changes: 1 addition & 4 deletions lib/build/recipe/session/recipeImplementation.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -306,10 +306,7 @@ function getRecipeInterface(querier, config) {
}
);
if (response.status === "UNAUTHORISED") {
throw new error_1.default({
message: response.message,
type: error_1.default.UNAUTHORISED,
});
return undefined;
}
return response;
});
Expand Down
130 changes: 67 additions & 63 deletions lib/build/recipe/session/sessionClass.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,31 +48,33 @@ class Session {
});
this.getSessionData = (userContext) =>
__awaiter(this, void 0, void 0, function* () {
try {
return (yield this.helpers.sessionRecipeImpl.getSessionInformation({
sessionHandle: this.sessionHandle,
userContext: userContext === undefined ? {} : userContext,
})).sessionData;
} catch (err) {
if (err.type === error_1.default.UNAUTHORISED) {
cookieAndHeaders_1.clearSessionFromCookie(this.helpers.config, this.res);
}
throw err;
let sessionInfo = yield this.helpers.sessionRecipeImpl.getSessionInformation({
sessionHandle: this.sessionHandle,
userContext: userContext === undefined ? {} : userContext,
});
if (sessionInfo === undefined) {
cookieAndHeaders_1.clearSessionFromCookie(this.helpers.config, this.res);
throw new error_1.default({
message: "Session does not exist anymore",
type: error_1.default.UNAUTHORISED,
});
}
return sessionInfo.sessionData;
});
this.updateSessionData = (newSessionData, userContext) =>
__awaiter(this, void 0, void 0, function* () {
try {
yield this.helpers.sessionRecipeImpl.updateSessionData({
if (
!(yield this.helpers.sessionRecipeImpl.updateSessionData({
sessionHandle: this.sessionHandle,
newSessionData,
userContext: userContext === undefined ? {} : userContext,
}))
) {
cookieAndHeaders_1.clearSessionFromCookie(this.helpers.config, this.res);
throw new error_1.default({
message: "Session does not exist anymore",
type: error_1.default.UNAUTHORISED,
});
} catch (err) {
if (err.type === error_1.default.UNAUTHORISED) {
cookieAndHeaders_1.clearSessionFromCookie(this.helpers.config, this.res);
}
throw err;
}
});
this.getUserId = () => {
Expand All @@ -89,62 +91,64 @@ class Session {
};
this.updateAccessTokenPayload = (newAccessTokenPayload, userContext) =>
__awaiter(this, void 0, void 0, function* () {
try {
let response = yield this.helpers.sessionRecipeImpl.regenerateAccessToken({
accessToken: this.getAccessToken(),
newAccessTokenPayload,
userContext: userContext === undefined ? {} : userContext,
let response = yield this.helpers.sessionRecipeImpl.regenerateAccessToken({
accessToken: this.getAccessToken(),
newAccessTokenPayload,
userContext: userContext === undefined ? {} : userContext,
});
if (response === undefined) {
cookieAndHeaders_1.clearSessionFromCookie(this.helpers.config, this.res);
throw new error_1.default({
message: "Session does not exist anymore",
type: error_1.default.UNAUTHORISED,
});
this.userDataInAccessToken = response.session.userDataInJWT;
if (response.accessToken !== undefined) {
this.accessToken = response.accessToken.token;
cookieAndHeaders_1.setFrontTokenInHeaders(
this.res,
response.session.userId,
response.accessToken.expiry,
response.session.userDataInJWT
);
cookieAndHeaders_1.attachAccessTokenToCookie(
this.helpers.config,
this.res,
response.accessToken.token,
response.accessToken.expiry
);
}
} catch (err) {
if (err.type === error_1.default.UNAUTHORISED) {
cookieAndHeaders_1.clearSessionFromCookie(this.helpers.config, this.res);
}
throw err;
}
this.userDataInAccessToken = response.session.userDataInJWT;
if (response.accessToken !== undefined) {
this.accessToken = response.accessToken.token;
cookieAndHeaders_1.setFrontTokenInHeaders(
this.res,
response.session.userId,
response.accessToken.expiry,
response.session.userDataInJWT
);
cookieAndHeaders_1.attachAccessTokenToCookie(
this.helpers.config,
this.res,
response.accessToken.token,
response.accessToken.expiry
);
}
});
this.getTimeCreated = (userContext) =>
__awaiter(this, void 0, void 0, function* () {
try {
return (yield this.helpers.sessionRecipeImpl.getSessionInformation({
sessionHandle: this.sessionHandle,
userContext: userContext === undefined ? {} : userContext,
})).timeCreated;
} catch (err) {
if (err.type === error_1.default.UNAUTHORISED) {
cookieAndHeaders_1.clearSessionFromCookie(this.helpers.config, this.res);
}
throw err;
let sessionInfo = yield this.helpers.sessionRecipeImpl.getSessionInformation({
sessionHandle: this.sessionHandle,
userContext: userContext === undefined ? {} : userContext,
});
if (sessionInfo === undefined) {
cookieAndHeaders_1.clearSessionFromCookie(this.helpers.config, this.res);
throw new error_1.default({
message: "Session does not exist anymore",
type: error_1.default.UNAUTHORISED,
});
}
return sessionInfo.timeCreated;
});
this.getExpiry = (userContext) =>
__awaiter(this, void 0, void 0, function* () {
try {
return (yield this.helpers.sessionRecipeImpl.getSessionInformation({
sessionHandle: this.sessionHandle,
userContext: userContext === undefined ? {} : userContext,
})).expiry;
} catch (err) {
if (err.type === error_1.default.UNAUTHORISED) {
cookieAndHeaders_1.clearSessionFromCookie(this.helpers.config, this.res);
}
throw err;
let sessionInfo = yield this.helpers.sessionRecipeImpl.getSessionInformation({
sessionHandle: this.sessionHandle,
userContext: userContext === undefined ? {} : userContext,
});
if (sessionInfo === undefined) {
cookieAndHeaders_1.clearSessionFromCookie(this.helpers.config, this.res);
throw new error_1.default({
message: "Session does not exist anymore",
type: error_1.default.UNAUTHORISED,
});
}
return sessionInfo.expiry;
});
this.sessionHandle = sessionHandle;
this.userId = userId;
Expand Down
20 changes: 11 additions & 9 deletions lib/build/recipe/session/sessionFunctions.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,12 @@ export declare function getSession(
}>;
/**
* @description Retrieves session information from storage for a given session handle
* @returns session data stored in the database, including userData and access token payload
* @returns session data stored in the database, including userData and access token payload, or undefined if sessionHandle is invalid
*/
export declare function getSessionInformation(helpers: Helpers, sessionHandle: string): Promise<SessionInformation>;
export declare function getSessionInformation(
helpers: Helpers,
sessionHandle: string
): Promise<SessionInformation | undefined>;
/**
* @description generates new access and refresh tokens for a given refresh token. Called when client's access token has expired.
* @sideEffects calls onTokenTheftDetection if token theft is detected.
Expand Down Expand Up @@ -68,14 +71,13 @@ export declare function revokeMultipleSessions(helpers: Helpers, sessionHandles:
/**
* @description: It provides no locking mechanism in case other processes are updating session data for this session as well.
*/
export declare function updateSessionData(helpers: Helpers, sessionHandle: string, newSessionData: any): Promise<void>;
/**
* @deprecated use getSessionInformation() instead
* @returns access token payload as provided by the user earlier
*/
export declare function getAccessTokenPayload(helpers: Helpers, sessionHandle: string): Promise<any>;
export declare function updateSessionData(
helpers: Helpers,
sessionHandle: string,
newSessionData: any
): Promise<boolean>;
export declare function updateAccessTokenPayload(
helpers: Helpers,
sessionHandle: string,
newAccessTokenPayload: any
): Promise<void>;
): Promise<boolean>;
39 changes: 6 additions & 33 deletions lib/build/recipe/session/sessionFunctions.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -272,7 +272,7 @@ function getSession(helpers, accessToken, antiCsrfToken, doAntiCsrfCheck, contai
exports.getSession = getSession;
/**
* @description Retrieves session information from storage for a given session handle
* @returns session data stored in the database, including userData and access token payload
* @returns session data stored in the database, including userData and access token payload, or undefined if sessionHandle is invalid
*/
function getSessionInformation(helpers, sessionHandle) {
return __awaiter(this, void 0, void 0, function* () {
Expand All @@ -291,10 +291,7 @@ function getSessionInformation(helpers, sessionHandle) {
delete response.userDataInJWT;
return response;
} else {
throw new error_1.default({
message: response.message,
type: error_1.default.UNAUTHORISED,
});
return undefined;
}
});
}
Expand Down Expand Up @@ -423,34 +420,12 @@ function updateSessionData(helpers, sessionHandle, newSessionData) {
userDataInDatabase: newSessionData,
});
if (response.status === "UNAUTHORISED") {
throw new error_1.default({
message: response.message,
type: error_1.default.UNAUTHORISED,
});
return false;
}
return true;
});
}
exports.updateSessionData = updateSessionData;
/**
* @deprecated use getSessionInformation() instead
* @returns access token payload as provided by the user earlier
*/
function getAccessTokenPayload(helpers, sessionHandle) {
return __awaiter(this, void 0, void 0, function* () {
let response = yield helpers.querier.sendGetRequest(new normalisedURLPath_1.default("/recipe/jwt/data"), {
sessionHandle,
});
if (response.status === "OK") {
return response.userDataInJWT;
} else {
throw new error_1.default({
message: response.message,
type: error_1.default.UNAUTHORISED,
});
}
});
}
exports.getAccessTokenPayload = getAccessTokenPayload;
function updateAccessTokenPayload(helpers, sessionHandle, newAccessTokenPayload) {
return __awaiter(this, void 0, void 0, function* () {
newAccessTokenPayload =
Expand All @@ -460,11 +435,9 @@ function updateAccessTokenPayload(helpers, sessionHandle, newAccessTokenPayload)
userDataInJWT: newAccessTokenPayload,
});
if (response.status === "UNAUTHORISED") {
throw new error_1.default({
message: response.message,
type: error_1.default.UNAUTHORISED,
});
return false;
}
return true;
});
}
exports.updateAccessTokenPayload = updateAccessTokenPayload;
Loading