Client: Add authHttp service that authentificates the http request and

optionally refresh the access token if needed

8 files changed, 253 insertions, 66 deletions

diff --git a/client/src/app/shared/auth/auth-http.service.ts b/client/src/app/shared/auth/auth-http.service.ts
new file mode 100644
index 000000000..ff8099a46
--- /dev/null
+++ b/client/src/app/shared/auth/auth-http.service.ts
@@ -0,0 +1,77 @@
+import { Injectable } from '@angular/core';
+import {
+  ConnectionBackend,
+  Headers,
+  Http,
+  Request,
+  RequestMethod,
+  RequestOptions,
+  RequestOptionsArgs,
+  Response
+} from '@angular/http';
+import { Observable } from 'rxjs/Observable';
+
+import { AuthService } from './auth.service';
+
+@Injectable()
+export class AuthHttp extends Http {
+  constructor(backend: ConnectionBackend, defaultOptions: RequestOptions, private authService: AuthService) {
+    super(backend, defaultOptions);
+  }
+
+  request(url: string | Request, options?: RequestOptionsArgs): Observable<Response> {
+    if (!options) options = {};
+
+    options.headers = new Headers();
+    this.setAuthorizationHeader(options.headers);
+
+    return super.request(url, options)
+                .catch((err) => {
+                  if (err.status === 401) {
+                    return this.handleTokenExpired(err, url, options);
+                  }
+
+                  return Observable.throw(err);
+                });
+  }
+
+  delete(url: string, options?: RequestOptionsArgs): Observable<Response> {
+    if (!options) options = {};
+    options.method = RequestMethod.Delete;
+
+    return this.request(url, options);
+  }
+
+  get(url: string, options?: RequestOptionsArgs): Observable<Response> {
+    if (!options) options = {};
+    options.method = RequestMethod.Get;
+
+    return this.request(url, options);
+  }
+
+  post(url: string, options?: RequestOptionsArgs): Observable<Response> {
+    if (!options) options = {};
+    options.method = RequestMethod.Post;
+
+    return this.request(url, options);
+  }
+
+  put(url: string, options?: RequestOptionsArgs): Observable<Response> {
+    if (!options) options = {};
+    options.method = RequestMethod.Put;
+
+    return this.request(url, options);
+  }
+
+  private handleTokenExpired(err: Response, url: string | Request, options: RequestOptionsArgs) {
+    return this.authService.refreshAccessToken().flatMap(() => {
+      this.setAuthorizationHeader(options.headers);
+
+      return super.request(url, options);
+    });
+  }
+
+  private setAuthorizationHeader(headers: Headers) {
+    headers.set('Authorization', `${this.authService.getTokenType()} ${this.authService.getToken()}`);
+  }
+}
diff --git a/client/src/app/shared/users/auth-status.model.ts b/client/src/app/shared/auth/auth-status.model.ts
index f646bd4cf..f646bd4cf 100644
--- a/client/src/app/shared/users/auth-status.model.ts
+++ b/client/src/app/shared/auth/auth-status.model.ts
diff --git a/client/src/app/shared/users/auth.service.ts b/client/src/app/shared/auth/auth.service.ts
index 1c822c1e1..47f7e1368 100644
--- a/client/src/app/shared/users/auth.service.ts
+++ b/client/src/app/shared/auth/auth.service.ts
@@ -9,13 +9,14 @@ import { User } from './user.model';
 @Injectable()
 export class AuthService {
   private static BASE_CLIENT_URL = '/api/v1/users/client';
-  private static BASE_LOGIN_URL = '/api/v1/users/token';
+  private static BASE_TOKEN_URL = '/api/v1/users/token';
 
   loginChangedSource: Observable<AuthStatus>;
 
   private clientId: string;
   private clientSecret: string;
   private loginChanged: Subject<AuthStatus>;
+  private user: User = null;
 
   constructor(private http: Http) {
     this.loginChanged = new Subject<AuthStatus>();
@@ -36,12 +37,21 @@ export class AuthService {
           alert(error);
         }
       );
+
+    // Return null if there is nothing to load
+    this.user = User.load();
   }
 
   getAuthRequestOptions(): RequestOptions {
     return new RequestOptions({ headers: this.getRequestHeader() });
   }
 
+  getRefreshToken() {
+    if (this.user === null) return null;
+
+    return this.user.getRefreshToken();
+  }
+
   getRequestHeader() {
     return new Headers({ 'Authorization': this.getRequestHeaderValue() });
   }
@@ -51,21 +61,19 @@ export class AuthService {
   }
 
   getToken() {
-    return localStorage.getItem('access_token');
+    if (this.user === null) return null;
+
+    return this.user.getAccessToken();
   }
 
   getTokenType() {
-    return localStorage.getItem('token_type');
+    if (this.user === null) return null;
+
+    return this.user.getTokenType();
   }
 
   getUser(): User {
-    if (this.isLoggedIn() === false) {
-      return null;
-    }
-
-    const user = User.load();
-
-    return user;
+    return this.user;
   }
 
   isLoggedIn() {
@@ -93,21 +101,72 @@ export class AuthService {
       headers: headers
     };
 
-    return this.http.post(AuthService.BASE_LOGIN_URL, body.toString(), options)
+    return this.http.post(AuthService.BASE_TOKEN_URL, body.toString(), options)
                     .map(res => res.json())
+                    .map(res => {
+                      res.username = username;
+                      return res;
+                    })
+                    .map(res => this.handleLogin(res))
                     .catch(this.handleError);
   }
 
   logout() {
-    // TODO make HTTP request
+    // TODO: make an HTTP request to revoke the tokens
+    this.user = null;
+    User.flush();
+  }
+
+  refreshAccessToken() {
+    console.log('Refreshing token...');
+
+    const refreshToken = this.getRefreshToken();
+
+    let body = new URLSearchParams();
+    body.set('refresh_token', refreshToken);
+    body.set('client_id', this.clientId);
+    body.set('client_secret', this.clientSecret);
+    body.set('response_type', 'code');
+    body.set('grant_type', 'refresh_token');
+
+    let headers = new Headers();
+    headers.append('Content-Type', 'application/x-www-form-urlencoded');
+
+    let options = {
+      headers: headers
+    };
+
+    return this.http.post(AuthService.BASE_TOKEN_URL, body.toString(), options)
+                    .map(res => res.json())
+                    .map(res => this.handleRefreshToken(res))
+                    .catch(this.handleError);
   }
 
   setStatus(status: AuthStatus) {
     this.loginChanged.next(status);
   }
 
+  private handleLogin (obj: any) {
+    const username = obj.username;
+    const hash_tokens = {
+      access_token: obj.access_token,
+      token_type: obj.token_type,
+      refresh_token: obj.refresh_token
+    };
+
+    this.user = new User(username, hash_tokens);
+    this.user.save();
+
+    this.setStatus(AuthStatus.LoggedIn);
+  }
+
   private handleError (error: Response) {
     console.error(error);
     return Observable.throw(error.json() || { error: 'Server error' });
   }
+
+  private handleRefreshToken (obj: any) {
+    this.user.refreshTokens(obj.access_token, obj.refresh_token);
+    this.user.save();
+  }
 }
diff --git a/client/src/app/shared/users/index.ts b/client/src/app/shared/auth/index.ts
index c6816b3c6..aafaacbf1 100644
--- a/client/src/app/shared/users/index.ts
+++ b/client/src/app/shared/auth/index.ts
@@ -1,4 +1,4 @@
+export * from './auth-http.service';
 export * from './auth-status.model';
 export * from './auth.service';
-export * from './token.model';
 export * from './user.model';
diff --git a/client/src/app/shared/auth/user.model.ts b/client/src/app/shared/auth/user.model.ts
new file mode 100644
index 000000000..98852f835
--- /dev/null
+++ b/client/src/app/shared/auth/user.model.ts
@@ -0,0 +1,103 @@
+export class User {
+  private static KEYS = {
+    USERNAME: 'username'
+  };
+
+  username: string;
+  tokens: Tokens;
+
+  static load() {
+    const usernameLocalStorage = localStorage.getItem(this.KEYS.USERNAME);
+    if (usernameLocalStorage) {
+      return new User(localStorage.getItem(this.KEYS.USERNAME), Tokens.load());
+    }
+
+    return null;
+  }
+
+  static flush() {
+    localStorage.removeItem(this.KEYS.USERNAME);
+    Tokens.flush();
+  }
+
+  constructor(username: string, hash_tokens: any) {
+    this.username = username;
+    this.tokens = new Tokens(hash_tokens);
+  }
+
+  getAccessToken() {
+    return this.tokens.access_token;
+  }
+
+  getRefreshToken() {
+    return this.tokens.refresh_token;
+  }
+
+  getTokenType() {
+    return this.tokens.token_type;
+  }
+
+  refreshTokens(access_token: string, refresh_token: string) {
+    this.tokens.access_token = access_token;
+    this.tokens.refresh_token = refresh_token;
+  }
+
+  save() {
+    localStorage.setItem('username', this.username);
+    this.tokens.save();
+  }
+}
+
+// Private class used only by User
+class Tokens {
+  private static KEYS = {
+    ACCESS_TOKEN: 'access_token',
+    REFRESH_TOKEN: 'refresh_token',
+    TOKEN_TYPE: 'token_type',
+  };
+
+  access_token: string;
+  refresh_token: string;
+  token_type: string;
+
+  static load() {
+    const accessTokenLocalStorage = localStorage.getItem(this.KEYS.ACCESS_TOKEN);
+    const refreshTokenLocalStorage = localStorage.getItem(this.KEYS.REFRESH_TOKEN);
+    const tokenTypeLocalStorage = localStorage.getItem(this.KEYS.TOKEN_TYPE);
+
+    if (accessTokenLocalStorage && refreshTokenLocalStorage && tokenTypeLocalStorage) {
+      return new Tokens({
+        access_token: accessTokenLocalStorage,
+        refresh_token: refreshTokenLocalStorage,
+        token_type: tokenTypeLocalStorage
+      });
+    }
+
+    return null;
+  }
+
+  static flush() {
+    localStorage.removeItem(this.KEYS.ACCESS_TOKEN);
+    localStorage.removeItem(this.KEYS.REFRESH_TOKEN);
+    localStorage.removeItem(this.KEYS.TOKEN_TYPE);
+  }
+
+  constructor(hash?: any) {
+    if (hash) {
+      this.access_token = hash.access_token;
+      this.refresh_token = hash.refresh_token;
+
+      if (hash.token_type === 'bearer') {
+        this.token_type = 'Bearer';
+      } else {
+        this.token_type = hash.token_type;
+      }
+    }
+  }
+
+  save() {
+    localStorage.setItem('access_token', this.access_token);
+    localStorage.setItem('refresh_token', this.refresh_token);
+    localStorage.setItem('token_type', this.token_type);
+  }
+}
diff --git a/client/src/app/shared/index.ts b/client/src/app/shared/index.ts
index 0cab7dad0..dfea4c67c 100644
--- a/client/src/app/shared/index.ts
+++ b/client/src/app/shared/index.ts
@@ -1,2 +1,2 @@
+export * from './auth';
 export * from './search';
-export * from './users'
diff --git a/client/src/app/shared/users/token.model.ts b/client/src/app/shared/users/token.model.ts
deleted file mode 100644
index 021c83fad..000000000
--- a/client/src/app/shared/users/token.model.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-export class Token {
-  access_token: string;
-  refresh_token: string;
-  token_type: string;
-
-  static load() {
-    return new Token({
-      access_token: localStorage.getItem('access_token'),
-      refresh_token: localStorage.getItem('refresh_token'),
-      token_type: localStorage.getItem('token_type')
-    });
-  }
-
-  constructor(hash?: any) {
-    if (hash) {
-      this.access_token = hash.access_token;
-      this.refresh_token = hash.refresh_token;
-
-      if (hash.token_type === 'bearer') {
-        this.token_type = 'Bearer';
-      } else {
-        this.token_type = hash.token_type;
-      }
-    }
-  }
-
-  save() {
-    localStorage.setItem('access_token', this.access_token);
-    localStorage.setItem('refresh_token', this.refresh_token);
-    localStorage.setItem('token_type', this.token_type);
-  }
-}
diff --git a/client/src/app/shared/users/user.model.ts b/client/src/app/shared/users/user.model.ts
deleted file mode 100644
index ca0a5f26c..000000000
--- a/client/src/app/shared/users/user.model.ts
+++ /dev/null
@@ -1,20 +0,0 @@
-import { Token } from './token.model';
-
-export class User {
-  username: string;
-  token: Token;
-
-  static load() {
-    return new User(localStorage.getItem('username'), Token.load());
-  }
-
-  constructor(username: string, hash_token: any) {
-    this.username = username;
-    this.token = new Token(hash_token);
-  }
-
-  save() {
-    localStorage.setItem('username', this.username);
-    this.token.save();
-  }
-}