folio-org · ncovercash · Sep 18, 2024 · Sep 18, 2024 · Sep 18, 2024 · Sep 20, 2024
@@ -42,7 +42,7 @@
  */
 
 import ms from 'ms';
-import { okapi } from 'stripes-config';
+import { okapi, config } from 'stripes-config';
 import {
   setRtrTimeout
 } from '../../okapiActions';
@@ -60,8 +60,8 @@ import {
 } from './Errors';
 import {
   RTR_AT_EXPIRY_IF_UNKNOWN,
-  RTR_AT_TTL_FRACTION,
   RTR_ERROR_EVENT,
+  RTR_FORCE_REFRESH_EVENT,
 } from './constants';
 import FXHR from './FXHR';
 
@@ -76,6 +76,24 @@ export class FFetch {
     this.store = store;
   }
 
+  /**
+   * registers a listener for the RTR_FORCE_REFRESH_EVENT
+   */
+  registerEventListener = () => {
+    this.globalEventCallback = () => {
+      this.logger.log('rtr', 'forcing rotation due to RTR_FORCE_REFRESH_EVENT');
+      rtr(this.nativeFetch, this.logger, this.rotateCallback);
+    };
+    window.addEventListener(RTR_FORCE_REFRESH_EVENT, this.globalEventCallback);
+  }
+
+  /**
+   * unregister the listener for the RTR_FORCE_REFRESH_EVENT
+   */
+  unregisterEventListener = () => {
+    window.removeEventListener(RTR_FORCE_REFRESH_EVENT, this.globalEventCallback);
+  }
+
   /**
    * save a reference to fetch, and then reassign the global :scream:
    */
@@ -110,7 +128,6 @@ export class FFetch {
 
     const scheduleRotation = (rotationP) => {
       rotationP.then((rotationInterval) => {
-        this.logger.log('rtr', `rotation fired from rotateCallback; next callback in ${ms(rotationInterval)}`);
         this.store.dispatch(setRtrTimeout(setTimeout(() => {
           rtr(this.nativeFetch, this.logger, this.rotateCallback);
         }, rotationInterval)));
@@ -127,14 +144,14 @@ export class FFetch {
     // the response, otherwise the session. Default to 10 seconds.
     if (res?.accessTokenExpiration) {
       this.logger.log('rtr', 'rotation scheduled with login response data');
-      const rotationPromise = Promise.resolve((new Date(res.accessTokenExpiration).getTime() - Date.now()) * RTR_AT_TTL_FRACTION);
+      const rotationPromise = Promise.resolve((new Date(res.accessTokenExpiration).getTime() - Date.now()) * config.rtr.rotationIntervalFraction);
 
       scheduleRotation(rotationPromise);
     } else {
       const rotationPromise = getTokenExpiry().then((expiry) => {
         if (expiry.atExpires) {
           this.logger.log('rtr', 'rotation scheduled with cached session data');
-          return (new Date(expiry.atExpires).getTime() - Date.now()) * RTR_AT_TTL_FRACTION;
+          return (new Date(expiry.atExpires).getTime() - Date.now()) * config.rtr.rotationIntervalFraction;
         }
 
         // default: 10 seconds

@@ -3,13 +3,14 @@
 /* eslint-disable no-unused-vars */
 
 import ms from 'ms';
+import { waitFor } from '@testing-library/react';
 
 import { getTokenExpiry } from '../../loginServices';
 import { FFetch } from './FFetch';
 import { RTRError, UnexpectedResourceError } from './Errors';
 import {
   RTR_AT_EXPIRY_IF_UNKNOWN,
-  RTR_AT_TTL_FRACTION,
+  RTR_FORCE_REFRESH_EVENT,
 } from './constants';
 
 jest.mock('../../loginServices', () => ({
@@ -24,6 +25,11 @@ jest.mock('stripes-config', () => ({
   okapi: {
     url: 'okapiUrl',
     tenant: 'okapiTenant'
+  },
+  config: {
+    rtr: {
+      rotationIntervalFraction: 0.5,
+    }
   }
 }),
 { virtual: true });
@@ -32,13 +38,18 @@ const log = jest.fn();
 
 const mockFetch = jest.fn();
 
+// to ensure we cleanup after each test
+const instancesWithEventListeners = [];
+
 describe('FFetch class', () => {
   beforeEach(() => {
     global.fetch = mockFetch;
     getTokenExpiry.mockResolvedValue({
       atExpires: Date.now() + (10 * 60 * 1000),
       rtExpires: Date.now() + (10 * 60 * 1000),
     });
+    instancesWithEventListeners.forEach(instance => instance.unregisterEventListener());
+    instancesWithEventListeners.length = 0;
   });
 
   afterEach(() => {
@@ -151,6 +162,23 @@ describe('FFetch class', () => {
     });
   });
 
+  describe('force refresh event', () => {
+    it('Invokes a refresh on RTR_FORCE_REFRESH_EVENT...', async () => {
+      mockFetch.mockResolvedValueOnce('okapi success');
+
+      const instance = new FFetch({ logger: { log } });
+      instance.replaceFetch();
+      instance.replaceXMLHttpRequest();
+
+      instance.registerEventListener();
+      instancesWithEventListeners.push(instance);
+
+      window.dispatchEvent(new Event(RTR_FORCE_REFRESH_EVENT));
+
+      await waitFor(() => expect(mockFetch.mock.calls).toHaveLength(1));
+    });
+  });
+
   describe('calling authentication resources', () => {
     it('handles RTR data in the response', async () => {
       // a static timestamp representing "now"
@@ -193,7 +221,7 @@ describe('FFetch class', () => {
       // gross, but on the other, since we're deliberately pushing rotation
       // into a separate thread, I'm note sure of a better way to handle this.
       await setTimeout(Promise.resolve(), 2000);
-      expect(st).toHaveBeenCalledWith(expect.any(Function), (accessTokenExpiration - whatTimeIsItMrFox) * RTR_AT_TTL_FRACTION);
+      expect(st).toHaveBeenCalledWith(expect.any(Function), (accessTokenExpiration - whatTimeIsItMrFox) * 0.5);
     });
 
     it('handles RTR data in the session', async () => {
@@ -237,7 +265,7 @@ describe('FFetch class', () => {
       // gross, but on the other, since we're deliberately pushing rotation
       // into a separate thread, I'm note sure of a better way to handle this.
       await setTimeout(Promise.resolve(), 2000);
-      expect(st).toHaveBeenCalledWith(expect.any(Function), (atExpires - whatTimeIsItMrFox) * RTR_AT_TTL_FRACTION);
+      expect(st).toHaveBeenCalledWith(expect.any(Function), (atExpires - whatTimeIsItMrFox) * 0.5);
     });
 
     it('handles missing RTR data', async () => {

diff --git a/src/components/Root/Root.js b/src/components/Root/Root.js
@@ -67,10 +67,15 @@ class Root extends Component {
     // * configure fetch and xhr interceptors to conduct RTR
     // * see SessionEventContainer for RTR handling
     if (this.props.config.useSecureTokens) {
+      // FFetch relies on some of these properties, so we must ensure
+      // they are filled before initialization
+      this.props.config.rtr = configureRtr(this.props.config.rtr);
+
       this.ffetch = new FFetch({
         logger: this.props.logger,
         store,
       });
+      this.ffetch.registerEventListener();
       this.ffetch.replaceFetch();
       this.ffetch.replaceXMLHttpRequest();
     }
@@ -125,8 +130,6 @@ class Root extends Component {
     }
 
     // make sure RTR is configured
-    config.rtr = configureRtr(this.props.config.rtr);
-
     const stripes = new Stripes({
       logger,
       store,

@@ -4,6 +4,9 @@ export const RTR_SUCCESS_EVENT = '@folio/stripes/core::RTRSuccess';
 /** dispatched during RTR if RTR itself fails */
 export const RTR_ERROR_EVENT = '@folio/stripes/core::RTRError';
 
+/** dispatched by ui-developer to force a token rotation */
+export const RTR_FORCE_REFRESH_EVENT = '@folio/stripes/core::RTRForceRefresh';
+
 /**
  * dispatched if the session is idle (without activity) for too long
  */
@@ -12,7 +15,10 @@ export const RTR_TIMEOUT_EVENT = '@folio/stripes/core::RTRIdleSessionTimeout';
 /** BroadcastChannel for cross-window activity pings */
 export const RTR_ACTIVITY_CHANNEL = '@folio/stripes/core::RTRActivityChannel';
 
-/** how much of an AT's lifespan can elapse before it is considered expired */
+/**
+ * how much of an AT's lifespan can elapse before it is considered expired.
+ * overridden in stripes.config.js::config.rtr.rotationIntervalFraction.
+ */
 export const RTR_AT_TTL_FRACTION = 0.8;
 
 /**

@@ -5,6 +5,7 @@ import { getTokenExpiry, setTokenExpiry } from '../../loginServices';
 import { RTRError, UnexpectedResourceError } from './Errors';
 import {
   RTR_ACTIVITY_EVENTS,
+  RTR_AT_TTL_FRACTION,
   RTR_ERROR_EVENT,
   RTR_IDLE_MODAL_TTL,
   RTR_IDLE_SESSION_TTL,
@@ -319,6 +320,11 @@ export const configureRtr = (config = {}) => {
     conf.idleModalTTL = RTR_IDLE_MODAL_TTL;
   }
 
+  // what fraction of the way through the session should we rotate?
+  if (!conf.rotationIntervalFraction) {
+    conf.rotationIntervalFraction = RTR_AT_TTL_FRACTION;
+  }
+
   // what events constitute activity?
   if (isEmpty(conf.activityEvents)) {
     conf.activityEvents = RTR_ACTIVITY_EVENTS;

@@ -337,19 +337,21 @@ describe('getPromise', () => {
 });
 
 describe('configureRtr', () => {
-  it('sets idleSessionTTL and idleModalTTL', () => {
-    const res = configureRtr({});
-    expect(res.idleSessionTTL).toBe('60m');
-    expect(res.idleModalTTL).toBe('1m');
-  });
-
-  it('leaves existing settings in place', () => {
-    const res = configureRtr({
-      idleSessionTTL: '5m',
-      idleModalTTL: '5m',
-    });
-
-    expect(res.idleSessionTTL).toBe('5m');
-    expect(res.idleModalTTL).toBe('5m');
+  it.each([
+    [
+      {},
+      { idleSessionTTL: '60m', idleModalTTL: '1m', rotationIntervalFraction: 0.8, activityEvents: ['keydown', 'mousedown'] }
+    ],
+    [
+      { idleSessionTTL: '1s', idleModalTTL: '2m' },
+      { idleSessionTTL: '1s', idleModalTTL: '2m', rotationIntervalFraction: 0.8, activityEvents: ['keydown', 'mousedown'] }
+    ],
+    [
+      { idleSessionTTL: '1s', idleModalTTL: '2m', rotationIntervalFraction: -1, activityEvents: ['cha-cha-slide'] },
+      { idleSessionTTL: '1s', idleModalTTL: '2m', rotationIntervalFraction: -1, activityEvents: ['cha-cha-slide'] }
+    ],
+  ])('sets default values as applicable', (config, expected) => {
+    const res = configureRtr(config);
+    expect(res).toMatchObject(expected);
   });
 });
diff --git a/src/components/SessionEventContainer/SessionEventContainer.js b/src/components/SessionEventContainer/SessionEventContainer.js
@@ -250,6 +250,7 @@ const SessionEventContainer = ({ history, queryClient }) => {
     // We only want to configure the event listeners once, not every time
     // there is a change to stripes or history. Hence, an empty dependency
     // array.
+    // should `stripes.rtr` go here?
   }, []); // eslint-disable-line react-hooks/exhaustive-deps
 
   // show the idle-session warning modal if necessary;