Merge pull request #339 from pixtron/fix/issue-334

fix: resolve & reset deferred upon refresh error

Author: alaister

src/GoTrueClient.ts

@@ -44,6 +44,7 @@ import type {
   SignInWithPasswordlessCredentials,
   AuthResponse,
   OAuthResponse,
+  CallRefreshTokenResult,
 } from './lib/types'
 
 polyfillGlobalThis() // Make "globalThis" available
@@ -82,10 +83,7 @@ export default class GoTrueClient {
   protected refreshTokenTimer?: ReturnType<typeof setTimeout>
   // eslint-disable-next-line @typescript-eslint/no-inferrable-types
   protected networkRetries: number = 0
-  protected refreshingDeferred: Deferred<{
-    session: Session
-    error: null
-  }> | null = null
+  protected refreshingDeferred: Deferred<CallRefreshTokenResult> | null = null
 
   /**
    * Create a new client for use in the browser.
@@ -779,17 +777,14 @@ export default class GoTrueClient {
     }
   }
 
-  private async _callRefreshToken(refreshToken: string) {
-    try {
-      // refreshing is already in progress
-      if (this.refreshingDeferred) {
-        return await this.refreshingDeferred.promise
-      }
+  private async _callRefreshToken(refreshToken: string): Promise<CallRefreshTokenResult> {
+    // refreshing is already in progress
+    if (this.refreshingDeferred) {
+      return this.refreshingDeferred.promise
+    }
 
-      this.refreshingDeferred = new Deferred<{
-        session: Session
-        error: null
-      }>()
+    try {
+      this.refreshingDeferred = new Deferred<CallRefreshTokenResult>()
 
       if (!refreshToken) {
         throw new AuthSessionMissingError()
@@ -804,15 +799,21 @@ export default class GoTrueClient {
       const result = { session, error: null }
 
       this.refreshingDeferred.resolve(result)
-      this.refreshingDeferred = null
 
       return result
     } catch (error) {
       if (isAuthError(error)) {
-        return { session: null, error }
+        const result = { session: null, error }
+
+        this.refreshingDeferred?.resolve(result)
+
+        return result
       }
 
+      this.refreshingDeferred?.reject(error)
       throw error
+    } finally {
+      this.refreshingDeferred = null
     }
   }
 

src/lib/types.ts

@@ -272,3 +272,13 @@ type PromisifyMethods<T> = {
 }
 
 export type SupportedStorage = PromisifyMethods<Pick<Storage, 'getItem' | 'setItem' | 'removeItem'>>
+
+export type CallRefreshTokenResult =
+  | {
+      session: Session
+      error: null
+    }
+  | {
+      session: null
+      error: AuthError
+    }

test/GoTrueClient.test.ts

@@ -1,3 +1,4 @@
+import { AuthError } from '../src/lib/errors'
 import {
   authClient as auth,
   authClientWithSession as authWithSession,
@@ -114,6 +115,89 @@ describe('GoTrueClient', () => {
       expect(refreshAccessTokenSpy).toBeCalledTimes(1)
     })
 
+    test('_callRefreshToken() should resolve all pending refresh requests and reset deferred upon AuthError', async () => {
+      const { email, password } = mockUserCredentials()
+      refreshAccessTokenSpy.mockImplementationOnce(() =>
+        Promise.resolve({
+          session: null,
+          error: new AuthError('Something did not work as expected'),
+        })
+      )
+
+      const { error, session } = await authWithSession.signUp({
+        email,
+        password,
+      })
+
+      expect(error).toBeNull()
+      expect(session).not.toBeNull()
+
+      const [{ session: session1, error: error1 }, { session: session2, error: error2 }] =
+        await Promise.all([
+          // @ts-expect-error 'Allow access to private _callRefreshToken()'
+          authWithSession._callRefreshToken(session?.refresh_token),
+          // @ts-expect-error 'Allow access to private _callRefreshToken()'
+          authWithSession._callRefreshToken(session?.refresh_token),
+        ])
+
+      expect(error1).toHaveProperty('message')
+      expect(error2).toHaveProperty('message')
+      expect(session1).toBeNull()
+      expect(session2).toBeNull()
+
+      expect(refreshAccessTokenSpy).toBeCalledTimes(1)
+
+      // verify the deferred has been reset and successive calls can be made
+      // @ts-expect-error 'Allow access to private _callRefreshToken()'
+      const { session: session3, error: error3 } = await authWithSession._callRefreshToken(
+        session!.refresh_token
+      )
+
+      expect(error3).toBeNull()
+      expect(session3).toHaveProperty('access_token')
+    })
+
+    test('_callRefreshToken() should reject all pending refresh requests and reset deferred upon any non AuthError', async () => {
+      const mockError = new Error('Something did not work as expected')
+
+      const { email, password } = mockUserCredentials()
+      refreshAccessTokenSpy.mockImplementationOnce(() => Promise.reject(mockError))
+
+      const { error, session } = await authWithSession.signUp({
+        email,
+        password,
+      })
+
+      expect(error).toBeNull()
+      expect(session).not.toBeNull()
+
+      const [error1, error2] =
+        await Promise.allSettled([
+          // @ts-expect-error 'Allow access to private _callRefreshToken()'
+          authWithSession._callRefreshToken(session?.refresh_token),
+          // @ts-expect-error 'Allow access to private _callRefreshToken()'
+          authWithSession._callRefreshToken(session?.refresh_token),
+        ])
+
+      expect(error1.status).toEqual('rejected')
+      expect(error2.status).toEqual('rejected')
+
+      // status === 'rejected' above makes sure it is a PromiseRejectedResult
+      expect((error1 as PromiseRejectedResult).reason).toEqual(mockError)
+      expect((error1 as PromiseRejectedResult).reason).toEqual(mockError)
+
+      expect(refreshAccessTokenSpy).toBeCalledTimes(1)
+
+      // vreify the deferred has been reset and successive calls can be made
+      // @ts-expect-error 'Allow access to private _callRefreshToken()'
+      const { session: session3, error: error3 } = await authWithSession._callRefreshToken(
+        session!.refresh_token
+      )
+
+      expect(error3).toBeNull()
+      expect(session3).toHaveProperty('access_token')
+    })
+
     test('getSessionFromUrl() can only be called from a browser', async () => {
       const { error, session } = await authWithSession.getSessionFromUrl()