Skip to content

JWT Handler Add missing TokenRejectionException #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lanechase34 wants to merge 1 commit into
base: development
Choose a base branch
from
+18 −25
Open

JWT Handler Add missing TokenRejectionException #58

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 7 additions & 24 deletions handlers/Jwt.cfc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,7 @@ component extends="coldbox.system.RestHandler" {
function refreshToken( event, rc, prc ){
// If endpoint not enabled, just 404 it
if ( !variables.jwtService.getSettings().jwt.enableRefreshEndpoint ) {
event
.getResponse()
.setErrorMessage(
"Refresh Token Endpoint Disabled",
404,
"Disabled"
);
event.getResponse().setErrorMessage( "Refresh Token Endpoint Disabled", 404 );
return;
}

Expand All @@ -33,31 +27,20 @@ component extends="coldbox.system.RestHandler" {
.setData( prc.newTokens )
.addMessage( "Tokens refreshed! The passed in refresh token has been invalidated" );
} catch ( RefreshTokensNotActive e ) {
event.getResponse().setErrorMessage( "Refresh Tokens Not Active", 404, "Disabled" );
event.getResponse().setErrorMessage( "Refresh Tokens Not Active", 404 );
} catch ( TokenNotFoundException e ) {
event
.getResponse()
.setErrorMessage(
"The refresh token was not passed via the header or the rc. Cannot refresh the unrefreshable!",
400,
"Missing refresh token"
400
);
} catch ( TokenInvalidException e ) {
event
.getResponse()
.setErrorMessage(
"Invalid Token - #e.message#",
401,
"Invalid Token"
);
event.getResponse().setErrorMessage( "Invalid Token", 401 );
} catch ( TokenExpiredException e ) {
event
.getResponse()
.setErrorMessage(
"Token Expired - #e.message#",
400,
"Token Expired"
);
event.getResponse().setErrorMessage( "Token Expired", 400 );
} catch ( TokenRejectionException e ) {
event.getResponse().setErrorMessage( "Invalid Token", 401 );
}
}

Expand Down
12 changes: 11 additions & 1 deletion test-harness/tests/specs/integration/JWTSpec.cfc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,11 +188,21 @@ component extends="coldbox.system.testing.BaseTestCase" appMapping="/root" {
} );
given( "An activated endpoint and an invalid refresh token", function(){
then( "it should kick me out", function(){
var oUser = variables.userService.retrieveUserByUsername( "test" );
var tokens = variables.jwtService.fromUser( oUser );
variables.jwtService.getSettings().jwt.enableRefreshEndpoint = true;

// Force invalidate the refresh token
variables.jwtService.invalidate( tokens.refresh_token );

var event = this.post(
"/cbsecurity/refreshtoken",
{ "x-refresh-token" : variables.invalid_token }
{ "x-refresh-token" : tokens.refresh_token }
);

var jsonResponse = deserializeJSON( event.getRenderedContent() );
expect( jsonResponse.messages[ 1 ] ).toBe( event.getResponse().getMessagesString() );

expect( event.getResponse().getStatusCode() ).toBe(
401,
event.getResponse().getMessagesString()
Expand Down
Loading