Introducing Bearer tokens and SSO support (#783)

This change provides a utility function for easy create auth token object for `bearer` tokens.

The error handling related with this kind of token usage is also implemented. When a `Neo.ClientError.Security.TokenExpired` error happens, the address should be purged from the pool and the caller should be notified - no retry should be performed.

Author: bigmontz

packages/bolt-connection/src/bolt/bolt-protocol-v1.js

@@ -296,6 +296,10 @@ export default class BoltProtocol {
     return observer
   }
 
+  get currentFailure () {
+    return this._responseHandler.currentFailure
+  }
+
   /**
    * Send a RESET through the underlying connection.
    * @param {Object} param

packages/bolt-connection/src/bolt/response-handler.js

@@ -86,6 +86,10 @@ export default class ResponseHandler {
     )
   }
 
+  get currentFailure () {
+    return this._currentFailure
+  }
+
   handleResponse (msg) {
     const payload = msg.fields[0]
 
@@ -186,4 +190,5 @@ export default class ResponseHandler {
   _resetFailure () {
     this._currentFailure = null
   }
+
 }

packages/bolt-connection/src/connection/connection-channel.js

@@ -270,7 +270,7 @@ export default class ChannelConnection extends Connection {
    */
   _handleFatalError (error) {
     this._isBroken = true
-    this._error = this.handleAndTransformError(error, this._address)
+    this._error = this.handleAndTransformError(this._protocol.currentFailure || error, this._address)
 
     if (this._log.isErrorEnabled()) {
       this._log.error(

packages/bolt-connection/src/connection/connection-error-handler.js

@@ -77,7 +77,10 @@ export default class ConnectionErrorHandler {
 }
 
 function isAutorizationExpiredError (error) {
-  return error && error.code === 'Neo.ClientError.Security.AuthorizationExpired'
+  return error && ( 
+      error.code === 'Neo.ClientError.Security.AuthorizationExpired' ||
+      error.code === 'Neo.ClientError.Security.TokenExpired'
+  )
 }
 
 function isAvailabilityError (error) {

packages/bolt-connection/test/connection-provider/connection-provider-direct.test.js

@@ -98,6 +98,47 @@ describe('#unit DirectConnectionProvider', () => {
   })
 })
 
+it('should purge connections for address when TokenExpired happens', async () => {
+  const address = ServerAddress.fromUrl('localhost:123')
+  const pool = newPool()
+  jest.spyOn(pool, 'purge')
+  const connectionProvider = newDirectConnectionProvider(address, pool)
+
+  const conn = await connectionProvider.acquireConnection({
+    accessMode: 'READ',
+    database: ''
+  })
+
+  const error = newError(
+    'Message',
+    'Neo.ClientError.Security.TokenExpired'
+  )
+
+  conn.handleAndTransformError(error, address)
+
+  expect(pool.purge).toHaveBeenCalledWith(address)
+})
+
+it('should not change error when TokenExpired happens', async () => {
+  const address = ServerAddress.fromUrl('localhost:123')
+  const pool = newPool()
+  const connectionProvider = newDirectConnectionProvider(address, pool)
+
+  const conn = await connectionProvider.acquireConnection({
+    accessMode: 'READ',
+    database: ''
+  })
+
+  const expectedError = newError(
+    'Message',
+    'Neo.ClientError.Security.TokenExpired'
+  )
+
+  const error = conn.handleAndTransformError(expectedError, address)
+
+  expect(error).toBe(expectedError)
+})
+
 function newDirectConnectionProvider (address, pool) {
   const connectionProvider = new DirectConnectionProvider({
     id: 0,

packages/bolt-connection/test/connection-provider/connection-provider-routing.test.js

@@ -1493,6 +1493,80 @@ describe('#unit RoutingConnectionProvider', () => {
     expect(error).toBe(expectedError)
   })
 
+  it('should purge connections for address when TokenExpired happens', async () => {
+    const pool = newPool()
+
+    jest.spyOn(pool, 'purge')
+
+    const connectionProvider = newRoutingConnectionProvider(
+      [
+        newRoutingTable(
+          null,
+          [server1, server2],
+          [server3, server2],
+          [server2, server4]
+        )
+      ],
+      pool
+    )
+
+    const error = newError(
+      'Message',
+      'Neo.ClientError.Security.TokenExpired'
+    )
+
+    const server2Connection = await connectionProvider.acquireConnection({
+      accessMode: 'WRITE',
+      database: null
+    })
+
+    const server3Connection = await connectionProvider.acquireConnection({
+      accessMode: 'READ',
+      database: null
+    })
+
+    server3Connection.handleAndTransformError(error, server3)
+    server2Connection.handleAndTransformError(error, server2)
+
+    expect(pool.purge).toHaveBeenCalledWith(server3)
+    expect(pool.purge).toHaveBeenCalledWith(server2)
+  })
+
+  it('should not change error when TokenExpired happens', async () => {
+    const pool = newPool()
+
+    jest.spyOn(pool, 'purge')
+
+    const connectionProvider = newRoutingConnectionProvider(
+      [
+        newRoutingTable(
+          null,
+          [server1, server2],
+          [server3, server2],
+          [server2, server4]
+        )
+      ],
+      pool
+    )
+
+    const expectedError = newError(
+      'Message',
+      'Neo.ClientError.Security.TokenExpired'
+    )
+
+    const server2Connection = await connectionProvider.acquireConnection({
+      accessMode: 'WRITE',
+      database: null
+    })
+
+    const error = server2Connection.handleAndTransformError(
+      expectedError,
+      server2
+    )
+
+    expect(error).toBe(expectedError)
+  })
+
   it('should use resolved seed router after accepting table with no writers', done => {
     const routingTable1 = newRoutingTable(
       null,
@@ -1674,6 +1748,80 @@ describe('#unit RoutingConnectionProvider', () => {
       expect(error).toBe(expectedError)
     })
 
+    it('should purge connections for address when TokenExpired happens', async () => {
+      const pool = newPool()
+
+      jest.spyOn(pool, 'purge')
+
+      const connectionProvider = newRoutingConnectionProvider(
+        [
+          newRoutingTable(
+            'databaseA',
+            [server1, server2],
+            [server1],
+            [server2]
+          ),
+          newRoutingTable('databaseB', [serverA, serverB], [serverA], [serverB])
+        ],
+        pool
+      )
+
+      const error = newError(
+        'Message',
+        'Neo.ClientError.Security.TokenExpired'
+      )
+
+      const server2Connection = await connectionProvider.acquireConnection({
+        accessMode: 'WRITE',
+        database: 'databaseA'
+      })
+
+      const serverAConnection = await connectionProvider.acquireConnection({
+        accessMode: 'READ',
+        database: 'databaseB'
+      })
+
+      serverAConnection.handleAndTransformError(error, serverA)
+      server2Connection.handleAndTransformError(error, server2)
+
+      expect(pool.purge).toHaveBeenCalledWith(serverA)
+      expect(pool.purge).toHaveBeenCalledWith(server2)
+    })
+
+    it('should not change error when TokenExpired happens', async () => {
+      const pool = newPool()
+
+      const connectionProvider = newRoutingConnectionProvider(
+        [
+          newRoutingTable(
+            'databaseA',
+            [server1, server2],
+            [server1],
+            [server2]
+          ),
+          newRoutingTable('databaseB', [serverA, serverB], [serverA], [serverB])
+        ],
+        pool
+      )
+
+      const expectedError = newError(
+        'Message',
+        'Neo.ClientError.Security.TokenExpired'
+      )
+
+      const server2Connection = await connectionProvider.acquireConnection({
+        accessMode: 'WRITE',
+        database: 'databaseA'
+      })
+
+      const error = server2Connection.handleAndTransformError(
+        expectedError,
+        server2
+      )
+
+      expect(error).toBe(expectedError)
+    })
+
     it('should acquire write connection from correct routing table', async () => {
       const pool = newPool()
       const connectionProvider = newRoutingConnectionProvider(

packages/bolt-connection/test/connection/connection-channel.test.js

@@ -18,7 +18,7 @@
  */
 
 import ChannelConnection from '../../src/connection/connection-channel'
-import { int, internal } from 'neo4j-driver-core'
+import { int, internal, newError } from 'neo4j-driver-core'
 import { add } from 'lodash'
 
 const {
@@ -127,6 +127,80 @@ describe('ChannelConnection', () => {
     )
   })
 
+  describe('._handleFatalError()', () => {
+    describe('when there is not current failure on going', () => {
+      const thrownError = newError('some error', 'C')
+      let notifyFatalError;
+      let connection;
+
+      beforeEach(() => {
+        notifyFatalError = jest.fn()
+        const protocol = {
+          notifyFatalError,
+          currentFailure: null
+        }
+        
+        const protocolSupplier = () => protocol
+        connection = spyOnConnectionChannel({ protocolSupplier })
+      })
+
+      it('should set connection state to broken', () => {
+        connection._handleFatalError(thrownError)
+
+        expect(connection._isBroken).toBe(true)
+      })
+
+      it('should set internal erro to the thrownError', () => {
+        connection._handleFatalError(thrownError)
+
+        expect(connection._error).toBe(thrownError)
+      })
+
+      it('should call notifyFatalError with the thrownError', () => {
+        connection._handleFatalError(thrownError)
+
+        expect(notifyFatalError).toHaveBeenCalledWith(thrownError)
+      })
+    })
+
+    describe('when there is current failure on going', () => {
+      const thrownError = newError('some error', 'C')
+      const currentFailure = newError('current failure', 'ongoing')
+      let notifyFatalError;
+      let connection;
+
+      beforeEach(() => {
+        notifyFatalError = jest.fn()
+        const protocol = {
+          notifyFatalError,
+          currentFailure
+        }
+        
+        const protocolSupplier = () => protocol
+        connection = spyOnConnectionChannel({ protocolSupplier })
+      })
+
+      it('should set connection state to broken', () => {
+        connection._handleFatalError(thrownError)
+
+        expect(connection._isBroken).toBe(true)
+      })
+
+      it('should set internal erro to the currentFailure', () => {
+        connection._handleFatalError(thrownError)
+
+        expect(connection._error).toBe(currentFailure)
+      })
+
+      it('should call notifyFatalError with the currentFailure', () => {
+        connection._handleFatalError(thrownError)
+
+        expect(notifyFatalError).toHaveBeenCalledWith(currentFailure)
+      })
+    })
+
+  })
+
   function spyOnConnectionChannel ({
     channel,
     errorHandler,