fix(next-drupal): allow clientId/Secret in getAccessToken() params

Author: JohnAlbin

packages/next-drupal/src/client.ts

@@ -12,6 +12,7 @@ import type {
 import type {
   AccessToken,
   BaseUrl,
+  DrupalClientAuth,
   DrupalClientAuthAccessToken,
   DrupalClientAuthClientIdSecret,
   DrupalClientAuthUsernamePassword,
@@ -53,25 +54,28 @@ const DEFAULT_HEADERS = {
 }
 
 function isBasicAuth(
-  auth: DrupalClientOptions["auth"]
+  auth: DrupalClientAuth
 ): auth is DrupalClientAuthUsernamePassword {
   return (
-    (auth as DrupalClientAuthUsernamePassword)?.username !== undefined ||
+    (auth as DrupalClientAuthUsernamePassword)?.username !== undefined &&
     (auth as DrupalClientAuthUsernamePassword)?.password !== undefined
   )
 }
 
 function isAccessTokenAuth(
-  auth: DrupalClientOptions["auth"]
+  auth: DrupalClientAuth
 ): auth is DrupalClientAuthAccessToken {
-  return (auth as DrupalClientAuthAccessToken)?.access_token !== undefined
+  return (
+    (auth as DrupalClientAuthAccessToken)?.access_token !== undefined &&
+    (auth as DrupalClientAuthAccessToken)?.token_type !== undefined
+  )
 }
 
 function isClientIdSecretAuth(
-  auth: DrupalClient["auth"]
+  auth: DrupalClientAuth
 ): auth is DrupalClientAuthClientIdSecret {
   return (
-    (auth as DrupalClientAuthClientIdSecret)?.clientId !== undefined ||
+    (auth as DrupalClientAuthClientIdSecret)?.clientId !== undefined &&
     (auth as DrupalClientAuthClientIdSecret)?.clientSecret !== undefined
   )
 }
@@ -177,31 +181,47 @@ export class DrupalClient {
 
   set auth(auth: DrupalClientOptions["auth"]) {
     if (typeof auth === "object") {
-      if (isBasicAuth(auth)) {
-        if (!auth.username || !auth.password) {
+      const checkUsernamePassword = auth as DrupalClientAuthUsernamePassword
+      const checkAccessToken = auth as DrupalClientAuthAccessToken
+      const checkClientIdSecret = auth as DrupalClientAuthClientIdSecret
+
+      if (
+        checkUsernamePassword.username !== undefined ||
+        checkUsernamePassword.password !== undefined
+      ) {
+        if (
+          !checkUsernamePassword.username ||
+          !checkUsernamePassword.password
+        ) {
           throw new Error(
             `'username' and 'password' are required for auth. See https://next-drupal.org/docs/client/auth`
           )
         }
-      } else if (isAccessTokenAuth(auth)) {
-        if (!auth.access_token || !auth.token_type) {
+      } else if (
+        checkAccessToken.access_token !== undefined ||
+        checkAccessToken.token_type !== undefined
+      ) {
+        if (!checkAccessToken.access_token || !checkAccessToken.token_type) {
           throw new Error(
             `'access_token' and 'token_type' are required for auth. See https://next-drupal.org/docs/client/auth`
           )
         }
-      } else if (!auth.clientId || !auth.clientSecret) {
+      } else if (
+        !checkClientIdSecret.clientId ||
+        !checkClientIdSecret.clientSecret
+      ) {
         throw new Error(
           `'clientId' and 'clientSecret' are required for auth. See https://next-drupal.org/docs/client/auth`
         )
       }
 
-      auth = {
-        url: DEFAULT_AUTH_URL,
+      this._auth = {
+        ...(isClientIdSecretAuth(auth) ? { url: DEFAULT_AUTH_URL } : {}),
         ...auth,
       }
+    } else {
+      this._auth = auth
     }
-
-    this._auth = auth
   }
 
   set headers(value: DrupalClientOptions["headers"]) {
@@ -1356,26 +1376,25 @@ export class DrupalClient {
       return this.accessToken
     }
 
-    if (!opts?.clientId || !opts?.clientSecret) {
-      if (typeof this._auth === "undefined") {
-        throw new Error(
-          "auth is not configured. See https://next-drupal.org/docs/client/auth"
-        )
+    let auth: DrupalClientAuthClientIdSecret
+    if (isClientIdSecretAuth(opts)) {
+      auth = {
+        url: DEFAULT_AUTH_URL,
+        ...opts,
       }
-    }
-
-    if (
-      !isClientIdSecretAuth(this._auth) ||
-      (opts && !isClientIdSecretAuth(opts))
-    ) {
+    } else if (isClientIdSecretAuth(this._auth)) {
+      auth = this._auth
+    } else if (typeof this._auth === "undefined") {
+      throw new Error(
+        "auth is not configured. See https://next-drupal.org/docs/client/auth"
+      )
+    } else {
       throw new Error(
         `'clientId' and 'clientSecret' required. See https://next-drupal.org/docs/client/auth`
       )
     }
 
-    const clientId = opts?.clientId || this._auth.clientId
-    const clientSecret = opts?.clientSecret || this._auth.clientSecret
-    const url = this.buildUrl(opts?.url || this._auth.url)
+    const url = this.buildUrl(auth.url)
 
     if (
       this.accessTokenScope === opts?.scope &&
@@ -1388,7 +1407,9 @@ export class DrupalClient {
 
     this.debug(`Fetching new access token.`)
 
-    const basic = Buffer.from(`${clientId}:${clientSecret}`).toString("base64")
+    const basic = Buffer.from(`${auth.clientId}:${auth.clientSecret}`).toString(
+      "base64"
+    )
 
     let body = `grant_type=client_credentials`
 

packages/next-drupal/tests/DrupalClient/constructor.test.ts

@@ -3,7 +3,7 @@ import { Jsona } from "jsona"
 import { DrupalClient } from "../../src"
 import { DEBUG_MESSAGE_PREFIX, logger as defaultLogger } from "../../src/logger"
 import { BASE_URL } from "../utils"
-import type { Logger } from "../../src"
+import type { DrupalClientAuth, Logger } from "../../src"
 
 afterEach(() => {
   jest.restoreAllMocks()
@@ -106,7 +106,7 @@ describe("options parameter", () => {
     })
 
     test("sets the auth credentials", () => {
-      const auth: DrupalClient["auth"] = {
+      const auth: DrupalClientAuth = {
         username: "example",
         password: "pw",
       }
@@ -115,7 +115,6 @@ describe("options parameter", () => {
       })
       expect(client._auth).toMatchObject({
         ...auth,
-        url: "/oauth/token",
       })
     })
   })

packages/next-drupal/tests/DrupalClient/fetch-related-methods.test.ts

@@ -278,19 +278,19 @@ describe("getAccessToken()", () => {
     expect(fetchSpy).toHaveBeenCalledTimes(0)
   })
 
-  test("BUG: throws if auth is ClientIdSecret and not given as opts", async () => {
+  test("throws if auth is not ClientIdSecret", async () => {
     const fetchSpy = spyOnFetch({
       responseBody: accessToken,
     })
 
     const client = new DrupalClient(BASE_URL, {
-      auth: clientIdSecret,
+      auth: mocks.auth.basicAuth,
       withAuth: true,
     })
 
     await expect(
       // @ts-ignore
-      client.getAccessToken({ scope: "irrelevant" })
+      client.getAccessToken()
     ).rejects.toThrow(
       "'clientId' and 'clientSecret' required. See https://next-drupal.org/docs/client/auth"
     )

packages/next-drupal/tests/DrupalClient/getters-setters.test.ts

@@ -57,13 +57,12 @@ describe("auth", () => {
   })
 
   describe("throws an error if invalid Access Token", () => {
-    // TODO: The wrong error is thrown.
-    test.skip("missing access_token", () => {
+    test("missing access_token", () => {
       expect(() => {
         const client = new DrupalClient(BASE_URL)
         // @ts-ignore
         client.auth = {
-          token_type: "bearer",
+          token_type: mocks.auth.accessToken.token_type,
         }
       }).toThrow(
         "'access_token' and 'token_type' are required for auth. See https://next-drupal.org/docs/client/auth"
@@ -151,21 +150,21 @@ describe("auth", () => {
   })
 
   test("sets a default access token url", () => {
-    const accessToken = {
-      ...mocks.auth.accessToken,
+    const clientIdSecret = {
+      ...mocks.auth.clientIdSecret,
     }
     const client = new DrupalClient(BASE_URL)
-    client.auth = accessToken
+    client.auth = clientIdSecret
     expect(client._auth.url).toBe("/oauth/token")
   })
 
   test("can override the default access token url", () => {
-    const accessToken = {
-      ...mocks.auth.accessToken,
+    const clientIdSecret = {
+      ...mocks.auth.clientIdSecret,
       url: "/custom/oauth/token",
     }
     const client = new DrupalClient(BASE_URL)
-    client.auth = accessToken
+    client.auth = clientIdSecret
     expect(client._auth.url).toBe("/custom/oauth/token")
   })
 })