Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

5187 jwt refresh token Feature #5589

Merged
merged 1 commit into from
Aug 27, 2020

Conversation

madaky
Copy link
Contributor

@madaky madaky commented May 28, 2020

feature refresh token implemented through i̶n̶t̶e̶r̶c̶e̶p̶t̶o̶r̶s̶ service

Implements #5187
See also #5046

Checklist

👉 Read and sign the CLA (Contributor License Agreement) 👈

  • npm test passes on your machine
  • New tests added or existing tests modified to cover all changes
  • Code conforms with the style guide
  • API Documentation in code was updated
  • Documentation in /docs/site was updated
  • Affected artifact templates in packages/cli were updated
  • Affected example projects in examples/* were updated

👉 Check out how to submit a PR 👈

Copy link
Member

@dhmlau dhmlau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@madaky, thanks for the PR. I've reviewed the docs portion of the PR and provided some comments. I'll leave the implementation review to @jannyHou and other team members. Thanks.

extensions/authentication-jwt/README.md Outdated Show resolved Hide resolved
extensions/authentication-jwt/README.md Outdated Show resolved Hide resolved
extensions/authentication-jwt/README.md Outdated Show resolved Hide resolved
extensions/authentication-jwt/README.md Outdated Show resolved Hide resolved
extensions/authentication-jwt/README.md Outdated Show resolved Hide resolved
extensions/authentication-jwt/README.md Outdated Show resolved Hide resolved
@madaky
Copy link
Contributor Author

madaky commented May 29, 2020

@madaky, thanks for the PR. I've reviewed the docs portion of the PR and provided some comments. I'll leave the implementation review to @jannyHou and other team members. Thanks.

Thanks for review :)

@dhmlau dhmlau added this to the Jun 2020 milestone Jun 5, 2020
Copy link
Contributor

@jannyHou jannyHou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@madaky Thank you so much for adding the refresh feature 👍
I left a comment regarding the interceptors in #5589 (comment)

@madaky madaky force-pushed the 5187-jwt-refresh-token branch from e5c5df7 to 0fe795f Compare June 23, 2020 10:29
@madaky madaky force-pushed the 5187-jwt-refresh-token branch 2 times, most recently from 6e27c66 to a575d11 Compare July 1, 2020 23:02
@dhmlau dhmlau modified the milestones: Jun 2020, Jul 2020 Jul 2, 2020
Copy link
Contributor

@jannyHou jannyHou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@madaky Thank you for the update, the structure looks much better now 👍 I left a few comments. Especially #5589 (comment)

@madaky madaky force-pushed the 5187-jwt-refresh-token branch 5 times, most recently from 1da2847 to d05307b Compare July 27, 2020 19:39
@madaky madaky force-pushed the 5187-jwt-refresh-token branch 5 times, most recently from c652b0f to c5be3f2 Compare July 29, 2020 13:06
@madaky madaky requested a review from jannyHou July 29, 2020 17:26
Copy link
Contributor

@jannyHou jannyHou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@madaky Awesome! The code and test part LGTM.
Could you also update the old docs before merging? Almost there.

@madaky madaky force-pushed the 5187-jwt-refresh-token branch 2 times, most recently from 1d99caf to cdcb04a Compare August 15, 2020 06:59
@dhmlau
Copy link
Member

dhmlau commented Aug 19, 2020

We just switch the contribution method from CLA to DCO, making your contribution easier in the future. Please sign the commits with DCO by amending your commit messages with -s flag and push the changes again. If you're using the command line, you can:

git commit --amend -s
git push --force-with-lease

Please refer to this docs page for details. Thanks!

@madaky madaky force-pushed the 5187-jwt-refresh-token branch 2 times, most recently from a768352 to 8f7cd14 Compare August 20, 2020 15:44
Copy link
Contributor

@jannyHou jannyHou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit: LGTM!

@@ -28,7 +28,8 @@
"@loopback/service-proxy": "^2.3.7",
"@types/bcryptjs": "2.4.2",
"bcryptjs": "^2.4.3",
"jsonwebtoken": "^8.5.1"
"jsonwebtoken": "^8.5.1",
"@loopback/context": "^3.8.1"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's use @loopback/core instead.

@@ -142,4 +153,68 @@ export class UserController {
async whoAmI(): Promise<string> {
return this.user[securityId];
}
// Routes using refreshtoken
@post('/users/refresh/login', {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/users/refresh-token?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ya can it be like /user/refresh-token/login?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@madaky I think Raymond means remove the login part, just use users/refresh-token, cuz it doesn't do login, it returns tokens.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@raymondfeng I renamed it back to /users/refresh-login, it's essentially a login function. I added doc to explain what it does.

Comment on lines 61 to 83
export type RefreshGrant = {
refreshToken: string;
};

export const RefreshGrantSchema = {
type: 'object',
required: ['refreshToken'],
properties: {
refreshToken: {
type: 'string',
},
},
};
export const RefreshGrantRequestBody = {
description: 'Reissuing Acess Token',
required: true,
content: {
'application/json': {schema: RefreshGrantSchema},
},
};

export type TokenObject = {
accessToken: string;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we refactor types/interfaces to types.ts?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK @raymondfeng Thank you for your suggestion and guidance. I will fix it.

@jannyHou jannyHou force-pushed the 5187-jwt-refresh-token branch from b26e888 to 79a3b40 Compare August 26, 2020 18:11
*
*/
refreshToken(refreshToken: string): Promise<TokenObject>;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: I would like to see descriptive tsdocs for exported types/interfaces/constants.


/* eslint-disable*/
import {User, UserRelations} from '../models';
/* eslint-enable */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For single-line disable, we can use // eslint-disable-next-line no-unused-vars

);
export const DATASOURCE_NAME = 'refreshdb';
export const REFRESH_REPOSITORY = 'repositories.RefreshTokenRepository';
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More tsdocs are welcome.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@raymondfeng I added the docs in the 3rd commit. PTAL

@jannyHou jannyHou force-pushed the 5187-jwt-refresh-token branch from 3f8e2e1 to 446d693 Compare August 26, 2020 22:33
Copy link
Contributor

@raymondfeng raymondfeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, @madaky and @jannyHou 🥇

@jannyHou jannyHou force-pushed the 5187-jwt-refresh-token branch from 446d693 to 49a1d1b Compare August 27, 2020 01:55
Copy link
Contributor

@dougal83 dougal83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Just spotted a few typos. Nice job. 👍

'authentication.jwt.refresh.secret',
);
export const REFRESH_EXPIRES_IN = BindingKey.create<string>(
'authentication.jwt.referesh.expires.in.seconds',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo? Are instances of 'referesh' meant to be 'refresh'?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @dougal83 for spoting out typos.

/**
* The default issure used when generating refresh token.
*/
export const REFRESH_ISSURE_VALUE = 'loopback4';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo? 'ISSURE' > 'ISSUER'

*/
export const REFRESH_EXPIRES_IN_VALUE = '216000';
/**
* The default issure used when generating refresh token.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo? issure > Issuer

feature refresh token implementation through Service

chore(authentication-jwt): readme updated

readme.md to use refresh token and extra configurations

chore(context): readmemd refactor

Apply suggestions from code review

Co-authored-by: Diana Lau <[email protected]>

feat: implemented awthentication-jwt refreshtoken services

Signed-off-by: Madaky <[email protected]>
@jannyHou jannyHou force-pushed the 5187-jwt-refresh-token branch from 49a1d1b to fa8bf5d Compare August 27, 2020 14:11
@jannyHou
Copy link
Contributor

Thank you @dougal83 Good catches! fixed.

@jannyHou jannyHou merged commit 7074182 into loopbackio:master Aug 27, 2020
@jannyHou
Copy link
Contributor

Merged 🎉 appreciate @madaky 's contribution and all the feedback again!

@dhmlau dhmlau mentioned this pull request Aug 28, 2020
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants