Skip to content

fix: Prioritize URL hash access tokens over stored tokens and clear s… #3633

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
faizi-7 wants to merge 1 commit into
base: dove
Choose a base branch
from
+40 −6
Open

fix: Prioritize URL hash access tokens over stored tokens and clear s… #3633

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions packages/authentication-client/src/core.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,16 +114,24 @@ export class AuthenticationClient {
}

/**
* Returns the access token from storage or the window location hash.
* Returns the access token from the window location hash or storage.
*
* @returns The access token from storage or location hash
* @returns The access token from location hash or storage
*/
getAccessToken(): Promise<string | null> {
return this.storage.getItem(this.options.storageKey).then((accessToken: string) => {
if (!accessToken && typeof window !== 'undefined' && window.location) {
return this.getFromLocation(window.location)
}
if (typeof window !== 'undefined' && window.location) {
return this.getFromLocation(window.location).then((urlToken) => {
if (urlToken) {
return this.removeAccessToken().then(() => urlToken)
}

return this.storage.getItem(this.options.storageKey).then((storageToken: string) => {
return storageToken || null
})
})
}

return this.storage.getItem(this.options.storageKey).then((accessToken: string) => {
return accessToken || null
})
}
Expand Down
26 changes: 26 additions & 0 deletions packages/authentication-client/test/index.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,32 @@ describe('@feathersjs/authentication-client', () => {
}
})

it('getAccessToken prefers URL token over storage token (#3631)', async () => {
const auth = app.authentication
const storageToken = 'old-storage-token'
const urlToken = 'new-url-token'

await auth.setAccessToken(storageToken)

let stored = await auth.storage.getItem(auth.options.storageKey)
assert.strictEqual(stored, storageToken)

const originalWindow = (global as any).window
; (global as any).window = {
location: { hash: `access_token=${urlToken}` }
}

try {
const token = await auth.getAccessToken()
assert.strictEqual(token, urlToken, 'Should return URL token over storage token')

stored = await auth.storage.getItem(auth.options.storageKey)
assert.strictEqual(stored, undefined, 'Storage should be cleared when URL token is used')
} finally {
; (global as any).window = originalWindow
}
})

it('authenticate, authentication hook, login event', async () => {
const data = {
strategy: 'testing'
Expand Down