212 password flow

docs/sdk/api/sdkMiddlewareAuth.md

@@ -49,3 +49,43 @@ const client = createClient({
   ],
 })
 ```
+
+## `createAuthMiddlewareForPasswordFlow(options)`
+
+Creates a [middleware](/sdk/Glossary.md#middleware) to handle authentication for the [Password Flow](http://dev.commercetools.com/http-api-authorization.html#password-flow) of the commercetools platform API.
+
+#### Named arguments (options)
+
+1. `host` *(String)*: the host of the OAuth API service
+2. `projectKey` *(String)*: the key of the project to assign the default scope to
+3. `credentials` *(Object)*: the client credentials for authentication (`clientId`, `clientSecret`)
+4. `scopes` *(Array)*: a list of [scopes](http://dev.commercetools.com/http-api-authorization.html#scopes) (default `manage_project:{projectKey}`) to assign to the OAuth token
+
+
+#### Usage example
+
+```js
+import { createClient } from '@commercetools/sdk-client'
+import { createAuthMiddlewareForPasswordFlow } from '@commercetools/sdk-middleware-auth'
+
+const client = createClient({
+  middlewares: [
+    createAuthMiddlewareForPasswordFlow({
+      host: 'https://auth.commercetools.com',
+      projectKey: 'test',
+      credentials: {
+        clientId: '123',
+        clientSecret: 'secret',
+        user: {
+          username: string;
+          password: string;
+        }
+      },
+      scopes: [
+        'view_products:test',
+        'manage_orders:test',
+      ],
+    }),
+  ],
+})
+```

packages/sdk-middleware-auth/src/base-auth-flow.js

@@ -0,0 +1,154 @@
+/* @flow */
+import type {
+  MiddlewareRequest,
+  MiddlewareResponse,
+  Next,
+  Task,
+} from 'types/sdk'
+
+/* global fetch */
+import 'isomorphic-fetch'
+
+type RequestState = boolean
+type TokenStore = {
+  token: string;
+  expirationTime: number;
+}
+type AuthMiddlewareBaseOptions = {
+  request: MiddlewareRequest;
+  response: MiddlewareResponse;
+  url: string;
+  body: string;
+  basicAuth: string;
+  pendingTasks: Array<Task>;
+  requestState: {
+    get: () => RequestState;
+    set: (requestState: RequestState) => RequestState;
+  };
+  tokenCache: {
+    get: () => TokenStore;
+    set: (cache: TokenStore) => TokenStore;
+  }
+}
+
+export default function authMiddlewareBase ({
+    request,
+    response,
+    url,
+    basicAuth,
+    body,
+    pendingTasks,
+    requestState,
+    tokenCache,
+  }: AuthMiddlewareBaseOptions,
+  next: Next,
+) {
+  // Check if there is already a `Authorization` header in the request.
+  // If so, then go directly to the next middleware.
+  if (
+    (request.headers && request.headers['authorization']) ||
+    (request.headers && request.headers['Authorization'])
+  ) {
+    next(request, response)
+    return
+  }
+
+  // If there was a token in the tokenCache, and it's not expired, append
+  // the token in the `Authorization` header.
+  const tokenObj = tokenCache.get()
+  if (tokenObj && tokenObj.token && Date.now() < tokenObj.expirationTime) {
+    const requestWithAuth = mergeAuthHeader(tokenObj.token, request)
+    next(requestWithAuth, response)
+    return
+  }
+  // Token is not present or is invalid. Request a new token...
+
+  // Keep pending tasks until a token is fetched
+  pendingTasks.push({ request, response })
+
+  // If a token is currently being fetched, just wait ;)
+  if (requestState.get()) return
+
+  // Mark that a token is being fetched
+  requestState.set(true)
+
+  fetch(
+    url,
+    {
+      method: 'POST',
+      headers: {
+        Authorization: `Basic ${basicAuth}`,
+        'Content-Length': Buffer.byteLength(body).toString(),
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body,
+    },
+  )
+  .then((res: Response): Promise<*> => {
+    if (res.ok)
+      return res.json()
+      .then((result: Object) => {
+        const token = result.access_token
+        const expiresIn = result.expires_in
+        const expirationTime = calculateExpirationTime(expiresIn)
+
+        // Cache new token
+        tokenCache.set({ token, expirationTime })
+
+        // Dispatch all pending requests
+        requestState.set(false)
+
+        // Freeze and copy pending queue, reset original one for accepting
+        // new pending tasks
+        const executionQueue = pendingTasks.slice()
+        // eslint-disable-next-line no-param-reassign
+        pendingTasks = []
+        executionQueue.forEach((task: Task) => {
+          // Assign the new token in the request header
+          const requestWithAuth = mergeAuthHeader(token, task.request)
+          // console.log('test', cache, pendingTasks)
+          next(requestWithAuth, task.response)
+        })
+      })
+
+    // Handle error response
+    return res.text()
+    .then((text: any) => {
+      let parsed
+      try {
+        parsed = JSON.parse(text)
+      } catch (error) {
+        /* noop */
+      }
+      const error: Object = new Error(parsed ? parsed.message : text)
+      if (parsed) error.body = parsed
+      response.reject(error)
+    })
+  })
+  .catch((error: Error) => {
+    response.reject(error)
+  })
+}
+
+function mergeAuthHeader (
+  token: string,
+  req: MiddlewareRequest,
+): MiddlewareRequest {
+  return {
+    ...req,
+    headers: {
+      ...req.headers,
+      Authorization: `Bearer ${token}`,
+    },
+  }
+}
+
+function calculateExpirationTime (expiresIn: number): number {
+  return (
+    Date.now() +
+    (expiresIn * 1000)
+  ) - (
+    // Add a gap of 2 hours before expiration time.
+    2 * 60 * 60 * 1000
+  )
+}

packages/sdk-middleware-auth/src/build-requests.js

@@ -1,5 +1,8 @@
 /* @flow */
-import type { AuthMiddlewareOptions } from 'types/sdk'
+import type {
+  AuthMiddlewareOptions,
+  PasswordAuthMiddlewareOptions,
+} from 'types/sdk'
 import * as authScopes from './scopes'
 
 type BuiltRequestParams = {
@@ -43,8 +46,47 @@ export function buildRequestForClientCredentialsFlow (
   return { basicAuth, url, body }
 }
 
-export function buildRequestForPasswordFlow () {
-  // TODO
+export function buildRequestForPasswordFlow (
+  options: PasswordAuthMiddlewareOptions,
+): BuiltRequestParams {
+  if (!options)
+    throw new Error('Missing required options')
+
+  if (!options.host)
+    throw new Error('Missing required option (host)')
+
+  if (!options.projectKey)
+    throw new Error('Missing required option (projectKey)')
+
+  if (!options.credentials)
+    throw new Error('Missing required option (credentials)')
+
+  const {
+    clientId,
+    clientSecret,
+    user,
+  } = options.credentials
+  const pKey = options.projectKey
+  if (!(clientId && clientSecret && user))
+    throw new Error(
+      'Missing required credentials (clientId, clientSecret, user)',
+    )
+  const { username, password } = user
+  if (!(username && password))
+    throw new Error('Missing required user credentials (username, password)')
+
+  const defaultScope = `${authScopes.MANAGE_PROJECT}:${pKey}`
+  const scope = (options.scopes || [defaultScope]).join(' ')
+
+  const basicAuth = new Buffer(`${clientId}:${clientSecret}`).toString('base64')
+  // This is mostly useful for internal testing purposes to be able to check
+  // other oauth endpoints.
+  const oauthUri = options.oauthUri || `/oauth/${pKey}/token/customers/token`
+  const url = options.host.replace(/\/$/, '') + oauthUri
+  // eslint-disable-next-line max-len
+  const body = `grant_type=password&scope=${scope}&username=${username}&password=${password}`
+
+  return { basicAuth, url, body }
 }
 
 export function buildRequestForRefreshTokenFlow () {