fix: adfs login when iframe doesn't work by storing tokens (#864)

* fix: adfs login when iframe doesn't work by storing tokens * test: update tests for adfs login flow
cognitedata · Aug 31, 2022 · c9e1860 · c9e1860
1 parent 8764d79
commit c9e1860
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 5 deletions.
diff --git a/packages/core/src/authFlows/__tests__/adfs.unit.spec.ts b/packages/core/src/authFlows/__tests__/adfs.unit.spec.ts
@@ -21,6 +21,7 @@ describe('ADFS', () => {
   beforeEach(() => {
     window.history.pushState({}, '', '');
     nock.cleanAll();
+    sessionStorage.clear();
   });
 
   describe('login', () => {
@@ -123,6 +124,7 @@ describe('ADFS', () => {
         });
 
       const cdfTokenAfterLogin = await adfsClient.login();
+      sessionStorage.clear(); // force silent login
       const updatedCdfToken = await adfsClient.getCDFToken();
 
       expect(silentLogin).toHaveBeenCalledTimes(2);
@@ -143,6 +145,7 @@ describe('ADFS', () => {
         );
 
       const cdfTokenAfterLogin = await adfsClient.login();
+      sessionStorage.clear();
       const updatedCdfToken = await adfsClient.getCDFToken();
 
       expect(silentLogin).toHaveBeenCalledTimes(2);

diff --git a/packages/core/src/authFlows/adfs.ts b/packages/core/src/authFlows/adfs.ts
@@ -99,7 +99,7 @@ export class ADFS {
         SCOPE,
         TOKEN_TYPE
       );
-      this.token = token;
+      this.setToken(token);
 
       return token;
     } catch (e) {
@@ -132,12 +132,15 @@ export class ADFS {
    * (using implicit grant flow)
    */
   private async acquireTokenSilently(): Promise<ADFSToken | null> {
+    let token = this.getToken();
+    if (token) {
+      return token;
+    }
+
     const url = `${this.authority}?prompt=none&${this.getADFSQueryParamString(
       this.queryParams
     )}`;
 
-    let token: ADFSToken | null = null;
-
     try {
       token = await silentLoginViaIframe<ADFSToken | null>(
         url,
@@ -149,7 +152,7 @@ export class ADFS {
     }
 
     if (token) {
-      this.token = token;
+      this.setToken(token);
     }
 
     return token;
@@ -189,6 +192,39 @@ export class ADFS {
       return `${result}${result.length > 1 ? '&' : ''}${key}=${value}`;
     }, '');
   }
+
+  private getSessionKey(): string {
+    return this.authority + JSON.stringify(this.queryParams);
+  }
+
+  private setToken(token: ADFSToken | null) {
+    this.token = token;
+    const sessionKey = this.getSessionKey();
+    if (token) {
+      sessionStorage.setItem(sessionKey, JSON.stringify(token));
+    } else {
+      sessionStorage.removeItem(sessionKey);
+    }
+  }
+
+  private getToken(): ADFSToken | null {
+    const sessionKey = this.getSessionKey();
+    const value = sessionStorage.getItem(sessionKey);
+    if (!value) {
+      return null;
+    }
+    try {
+      const token = JSON.parse(value) as ADFSToken;
+      if (token.expiresIn >= Date.now()) {
+        throw new Error(`token expired ${token.expiresIn}`);
+      }
+      return token;
+    } catch (err) {
+      console.error(err);
+      sessionStorage.removeItem(sessionKey);
+      return null;
+    }
+  }
 }
 
 export function extractADFSToken(query: string): ADFSToken | null {
@@ -202,7 +238,7 @@ export function extractADFSToken(query: string): ADFSToken | null {
     return {
       accessToken,
       idToken,
-      expiresIn: Date.now() + Number(expiresIn),
+      expiresIn: Date.now() + Number(expiresIn) * 1000,
     };
   }