@paypal/sdk-client - npm Package Compare versions

Comparing version 4.0.185 to 4.0.186

package.json

 {
   "name": "@paypal/sdk-client",
-  "version": "4.0.185",
+  "version": "4.0.186",
   "description": "Shared config between PayPal/Braintree.",
@@ -79,2 +79,3 @@ "main": "index.js",
     "jsdom": "^20.0.3",
+    "jsonwebtoken": "^9.0.2",
     "lint-staged": "^13.0.3",
@@ -81,0 +82,0 @@ "prettier": "2.8.8",

src/script.js

@@ -238,6 +238,2 @@ /* @flow */
 
-export function getUserIDToken(): ?string {
-  return getSDKAttribute(SDK_SETTINGS.USER_ID_TOKEN);
-}
-
 export function getClientAccessToken(): ?string {
@@ -334,6 +330,43 @@ const clientToken = getClientToken();
 
+export function getUserIDToken(): ?string {
+  if (
+    getSDKAttribute(SDK_SETTINGS.SDK_TOKEN) &&
+    !getSDKAttribute(SDK_SETTINGS.USER_ID_TOKEN)
+  ) {
+    return getSDKAttribute(SDK_SETTINGS.SDK_TOKEN);
+  }
+
+  return getSDKAttribute(SDK_SETTINGS.USER_ID_TOKEN);
+}
+
 export function getSDKToken(): ?string {
+  if (
+    getSDKAttribute(SDK_SETTINGS.SDK_TOKEN) &&
+    getSDKAttribute(SDK_SETTINGS.USER_ID_TOKEN)
+  ) {
+    throw new Error("Do not pass SDK token and ID token");
+  }
+
   return getSDKAttribute(SDK_SETTINGS.SDK_TOKEN);
 }
 
+type decodedCustomerId = (string) => string;
+export const decodeCustomerIdFromToken: decodedCustomerId = memoize((token) => {
+  try {
+    if (token && typeof atob === "function") {
+      const { options = {} } = JSON.parse(window.atob(token.split(".")[1]));
+      return options.customer_id || "";
+    }
+
+    return "";
+  } catch {
+    throw new Error("Error decoding SDK token");
+  }
+});
+
+export function getCustomerId(): string {
+  const sdkToken = getSDKAttribute(SDK_SETTINGS.SDK_TOKEN) || "";
+  return decodeCustomerIdFromToken(sdkToken);
+}
+
 /* v8 ignore next 3 */
@@ -340,0 +373,0 @@ export function isChildWindow(): boolean {

src/script.test.js

 /* @flow */
 /* eslint max-lines: off */
 import { describe, it, afterEach, beforeEach, expect, vi } from "vitest";
+import jwt from "jsonwebtoken";
 import { base64encode, getCurrentScript, memoize } from "@krakenjs/belter/src";
@@ -31,2 +32,4 @@ import { SDK_SETTINGS } from "@paypal/sdk-constants/src";
   getUserIDToken,
+  getSDKToken,
+  getCustomerId,
   getCSPNonce,
@@ -539,3 +542,3 @@ getEnableThreeDomainSecure,
 
-  it("getUserIDToken return a token string", () => {
+  it("getUserIDToken returns a token string", () => {
     const inputToken = "some-token";
@@ -551,2 +554,85 @@ const mockElement = makeMockScriptElement(mockScriptSrc);
 
+  it("getUserIDToken is set as SDK token if SDK token is passed only", () => {
+    const sdkToken = "some-token";
+    const mockElement = makeMockScriptElement(mockScriptSrc);
+    mockElement.setAttribute("data-sdk-client-token", sdkToken);
+    // $FlowIgnore
+    getCurrentScript.mockReturnValue(mockElement);
+
+    const result = getUserIDToken();
+    expect(result).toEqual(sdkToken);
+  });
+
+  it("getSDKToken returns a token string", () => {
+    const inputToken = "some-token";
+    const mockElement = makeMockScriptElement(mockScriptSrc);
+    mockElement.setAttribute("data-sdk-client-token", inputToken);
+    // $FlowIgnore
+    getCurrentScript.mockReturnValue(mockElement);
+
+    const result = getSDKToken();
+    expect(result).toEqual(inputToken);
+  });
+
+  it("getSDKToken errors if ID token is also passed", () => {
+    const inputToken = "some-token";
+    const mockElement = makeMockScriptElement(mockScriptSrc);
+    mockElement.setAttribute("data-sdk-client-token", inputToken);
+    mockElement.setAttribute("data-user-id-token", inputToken);
+    // $FlowIgnore
+    getCurrentScript.mockReturnValue(mockElement);
+
+    expect(getSDKToken).toThrow("Do not pass SDK token and ID token");
+  });
+
+  it("getCustomerId returns a string of the decoded customer_id from the SDK token", () => {
+    const encodedCustomerId = "test123";
+    const mockToken = jwt.sign(
+      {
+        options: {
+          customer_id: encodedCustomerId,
+        },
+      },
+      "test"
+    );
+    const mockElement = makeMockScriptElement(mockScriptSrc);
+    mockElement.setAttribute("data-sdk-client-token", mockToken);
+    // $FlowIgnore
+    getCurrentScript.mockReturnValue(mockElement);
+
+    const result = getCustomerId();
+    expect(result).toEqual(encodedCustomerId);
+  });
+
+  it("getCustomerId returns an empty string there is no encoded customer ID", () => {
+    const mockToken = jwt.sign(
+      {
+        options: {},
+      },
+      "test"
+    );
+    const mockElement = makeMockScriptElement(mockScriptSrc);
+    mockElement.setAttribute("data-sdk-client-token", mockToken);
+    // $FlowIgnore
+    getCurrentScript.mockReturnValue(mockElement);
+
+    const result = getCustomerId();
+    expect(result).toEqual("");
+  });
+
+  it("getCustomerId returns an empty string there is no token passed", () => {
+    const result = getCustomerId();
+    expect(result).toEqual("");
+  });
+
+  it("getCustomerId throws an error if there is a bad token passed", () => {
+    const inputToken = "-123";
+    const mockElement = makeMockScriptElement(mockScriptSrc);
+    mockElement.setAttribute("data-sdk-client-token", inputToken);
+    // $FlowIgnore
+    getCurrentScript.mockReturnValue(mockElement);
+
+    expect(getCustomerId).toThrow("Error decoding SDK token");
+  });
+
   it("getCSPNonce should return a data-csp-nonce string", () => {
@@ -553,0 +639,0 @@ const inputCspNonce = "some-csp-nonce";

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

181468

increased by2.1%

Lines of code

4805

increased by2.15%

Worsened metrics

Dev dependency count

21

increased by5%

No dependency changes