AAE-24139 test all auth items are removed from the storage when acces…

…sToken is set and token is not valid
Alfresco · Sep 4, 2024 · 3907745 · 3907745
1 parent 33150a6
commit 3907745
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/lib/core/src/lib/auth/oidc/redirect-auth.service.spec.ts b/lib/core/src/lib/auth/oidc/redirect-auth.service.spec.ts
@@ -34,6 +34,7 @@ describe('RedirectAuthService', () => {
         events: oauthEvents$,
         configure: () => {},
         hasValidAccessToken: jasmine.createSpy().and.returnValue(true),
+        hasValidIdToken: jasmine.createSpy().and.returnValue(true),
         setupAutomaticSilentRefresh: () => {
             mockOauthService.silentRefresh();
             mockOauthService.refreshToken();
@@ -53,6 +54,7 @@ describe('RedirectAuthService', () => {
 
         TestBed.inject(OAuthService);
         service = TestBed.inject(RedirectAuthService);
+        spyOn(service, 'reloadPage').and.callFake(() => {});
         spyOn(service, 'ensureDiscoveryDocument').and.resolveTo(true);
         mockOauthService.getAccessToken = () => 'access-token';
     });
@@ -93,4 +95,25 @@ describe('RedirectAuthService', () => {
         expect(refreshTokenCalled).toBe(true);
         expect(silentRefreshCalled).toBe(true);
     });
+
+    it('should remove all auth items from the storage if access token is set and is not authenticated', () => {
+        mockOauthService.getAccessToken = () => 'access-token';
+        spyOnProperty(service, 'authenticated', 'get').and.returnValue(false);
+        (mockOauthService.events as Subject<OAuthEvent>).next({ type: 'discovery_document_loaded' } as OAuthEvent);
+
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('access_token');
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('access_token_stored_at');
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('expires_at');
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('granted_scopes');
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('id_token');
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('id_token_claims_obj');
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('id_token_expires_at');
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('id_token_stored_at');
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('nonce');
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('PKCE_verifier');
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('refresh_token');
+        expect(mockOAuthStorage.removeItem).toHaveBeenCalledWith('session_state');
+        expect(service.reloadPage).toHaveBeenCalledOnceWith();
+    });
+
 });
diff --git a/lib/core/src/lib/auth/oidc/redirect-auth.service.ts b/lib/core/src/lib/auth/oidc/redirect-auth.service.ts
@@ -87,7 +87,7 @@ export class RedirectAuthService extends AuthService {
     this.oauthService.events.pipe(take(1)).subscribe(() => {
         if(this.oauthService.getAccessToken() && !this.authenticated){
             this.AUTH_STORAGE_ITEMS.map((item: string) => { this._oauthStorage.removeItem(item); });
-            window.location.reload();
+            this.reloadPage();
         }
     });
 
@@ -245,4 +245,9 @@ export class RedirectAuthService extends AuthService {
   updateIDPConfiguration(config: AuthConfig) {
     this.oauthService.configure(config);
   }
+
+  reloadPage() {
+    window.location.reload();
+  }
+
 }