cordova-spotify-oauth - npm Package Compare versions

Comparing version 0.1.4 to 0.1.5

package.json

 {
   "name": "cordova-spotify-oauth",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "description": "Cordova plugin for authenticating with Spotify",
@@ -5,0 +5,0 @@ "main": "www/build/spotify-oauth.min.js",

www/spotify-oauth.ts

@@ -6,3 +6,3 @@ import 'whatwg-fetch';
  * The local storage key where the auth data is cached.
- * 
+ *
  * The data is stored as stringified JSON object.
@@ -36,11 +36,11 @@ */
 
-    /** 
-     * Safety margin time (in milliseconds) for the token refresh. 
-     * 
+    /**
+     * Safety margin time (in milliseconds) for the token refresh.
+     *
      * The plugin applies a safety margin to the token lifetime in order
      * to give the token user enough time to perform all operations needed.
-     * 
+     *
      * Otherwise the plugin might hand out a token that is already expired
      * before it could ever be used.
-     * 
+     *
      * The safety margin defaults to 30s.
@@ -62,3 +62,3 @@ */
  * Obtains valid authorization data.
- * 
+ *
  * This method performs the necessary steps in order to obtain a valid
@@ -68,10 +68,11 @@ * access token. It performs the OAuth dance prompting the user to log in,
  * token, caches those, and returns both to the developer.
- * 
+ *
  * When it is invoked again, it will first check whether the cached access
- * token is still valid (including a configurable safety margin), and return it
- * directly if that is the case. Otherwise, the method will transparently
- * refresh the token and return that.
- * 
+ * token is still valid (including a configurable safety margin) and the
+ * scopes equal, and return the token directly if that is the case. Otherwise,
+ * the method will transparently refresh the token (or obtain a new one if
+ * the scopes changed) and return that.
+ *
  * Bottom line - always call this if you need a valid access token in your code.
- * 
+ *
  * @param cfg OAuth configuration
@@ -101,17 +102,17 @@ */
 
-    if (lsData) {
-        const authData = JSON.parse(lsData) as AuthorizationData;
+    if (!lsData) {
+        return saveAndHandleErrors(oauth(cfg), cfg.scopes, "auth_failed");
+    }
 
-        const margin = (cfg.refreshSafetyMargin != undefined) 
-            ? cfg.refreshSafetyMargin
-            : 30000;
-        const expiry = Date.now() + margin;
-        if (authData.expiresAt > expiry) {
-            return Promise.resolve(authData);
-        } else {
-            return saveAndHandleErrors(refresh(cfg, authData), "refresh_failed");
-        }
-    } else {
-        return saveAndHandleErrors(oauth(cfg), "auth_failed");
-    }
+    const authData: (AuthorizationData & { scopes: string[] }) = JSON.parse(lsData);
+    const margin = (cfg.refreshSafetyMargin != undefined)
+        ? cfg.refreshSafetyMargin
+        : 30000;
+    const expiry = Date.now() + margin;
+
+    return arraysEqual(authData.scopes, cfg.scopes)
+        ? (authData.expiresAt > expiry)
+            ? Promise.resolve(authData)
+            : saveAndHandleErrors(refresh(cfg, authData), cfg.scopes, "refresh_failed")
+        : saveAndHandleErrors(oauth(cfg), cfg.scopes, "auth_failed");
 }
@@ -122,3 +123,3 @@
  * oauth dance again.
- * 
+ *
  * This is akin to a "logout".
@@ -132,3 +133,3 @@ */
  * Performs the OAuth dance.
- * 
+ *
  * @param cfg OAuth2 config
@@ -163,3 +164,3 @@ * @hidden
  * Refreshes the given access token.
- * 
+ *
  * @param cfg OAuth2 config
@@ -178,3 +179,3 @@ * @param data The auth data to refresh
         .then(handleHttpErrors)
-        .then(resp => resp.json())  
+        .then(resp => resp.json())
         .then(({ access_token, expires_in }) => ({
@@ -188,5 +189,27 @@ accessToken: access_token,
 /**
+ * Performs a deep equality check on two string arrays.
+ *
+ * @param a the first array
+ * @param b the second array
+ */
+function arraysEqual(a: string[], b: string[]): boolean {
+    if (a == b) {
+        return true;
+    }
+    if (!a || !b || a.length !== b.length) {
+        return false;
+    }
+
+    for (let i = 0; i < a.length; i++) {
+        if (a[i] != b[i]) {
+            return false;
+        }
+    }
+    return true;
+}
+
+/**
  * Handles HTTP erros gracefully and returns the response
  * if everything is okay.
- * 
+ *
  * @param resp the HTTP response to handle
@@ -204,11 +227,16 @@ * @hidden
  * appropriately handles errors.
- * 
+ *
  * @param pr the Promise with the AuthorizationData
+ * @param scopes the auth scopes the developer has requested
  * @param errorName the error name to assign in case of failure
  * @hidden
  */
-function saveAndHandleErrors(pr: Promise<AuthorizationData>, errorName: string): Promise<AuthorizationData> {
+function saveAndHandleErrors(
+    pr: Promise<AuthorizationData>,
+    scopes: string[],
+    errorName: string
+): Promise<AuthorizationData> {
     return pr
         .then(data => {
-            localStorage.setItem(LOCAL_STORAGE_KEY, JSON.stringify(data));
+            localStorage.setItem(LOCAL_STORAGE_KEY, JSON.stringify({ ...data, scopes }));
             return data;
@@ -215,0 +243,0 @@ })

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

145917

increased by0.48%

Lines of code

431

increased by6.16%

No dependency changes