fix unreliable refresh failure handling

after creating a new fallback for missing statusText, the failure handling should have been updated to `["401", "Unauthorized"].includes`. at this point it's better to just finish standardizing on "401" and discard the "Unauthorized" option.
keratin · Jun 9, 2021 · 9ee051b · 9ee051b
1 parent 816a0af
commit 9ee051b
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,10 @@ Based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## HEAD
 
+### Fixed
+
+* fix unreliable "401 Unauthorized" handling
+
 ## 1.3.1
 
 ### Fixed

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "keratin-authn",
-  "version": "1.3.1",
+  "version": "1.3.2",
   "description": "Browser integration library for Keratin AuthN service.",
   "main": "./dist/keratin-authn.js",
   "module": "./dist/keratin-authn.module.js",

diff --git a/src/SessionManager.ts b/src/SessionManager.ts
@@ -100,7 +100,7 @@ export default class SessionManager {
     return refreshAPI().then(
       (id_token) => this.update(id_token),
       (errors) => {
-        if (errors[0] && errors[0].message === 'Unauthorized') {
+        if (errors[0] && errors[0].message === '401') {
           this.endSession();
         }
         throw errors;
@@ -119,7 +119,7 @@ export default class SessionManager {
             // these errors have already been handled and are only propagating from `refresh` to
             // keep its contract with restoreSession, which depends on rejecting to indicate there
             // is no session.
-            if (errors[0] && errors[0].message === 'Unauthorized') {
+            if (errors[0] && errors[0].message === '401') {
               return;
             }
             throw errors;

diff --git a/src/index.test.ts b/src/index.test.ts
@@ -179,7 +179,7 @@ describe("restoreSession", () => {
     );
 
     await expect(AuthN.restoreSession()).rejects.toEqual([
-      { message: "Unauthorized" },
+      { message: "401" },
     ]);
     expect(AuthN.session()).toBeFalsy();
   });
@@ -209,7 +209,7 @@ describe("restoreSession", () => {
     );
 
     await expect(AuthN.restoreSession()).rejects.toEqual([
-      { message: "Unauthorized" },
+      { message: "401" },
     ]);
     expect(AuthN.session()).toBeFalsy();
   });

diff --git a/src/verbs.ts b/src/verbs.ts
@@ -38,8 +38,8 @@ function jhr<T>(sender: (xhr: XMLHttpRequest) => void): Promise<T> {
         if ('errors' in data) {
           reject(data.errors)
         } else if (xhr.status > 400) {
-          // statusText may be missing in HTTP/2
-          reject([{message: xhr.statusText || xhr.status.toString()}])
+          // statusText may be missing in HTTP/2. only the status number is reliable.
+          reject([{message: xhr.status.toString()}])
         } else {
           fulfill(data.result)
         }