:recycle: Started refactor by breaking out validateSession into helper funcs

backend/lib/auth/strategies/jwt.js

@@ -7,14 +7,13 @@ module.exports = options => {
         verifyOptions: {
             algorithms: ['HS256'],
         },
-        // check the h object to see if the activeSessions is accessible from it
-        //
+        // TODO: check the h object to see if the activeSessions is accessible from it
         // check useronlinestatus branch request.server.app
+        // Always check rawAccessToken, if it fails, we check the session, if session
+        // is valid, then we reissue it
+        // if session is NOT valid, DELETE the session (and kick user back to login)
+        // TODO: set up cron job to occassionaly clean up activeSessions
         validate: (decoded, request, h) => {
-            // QUESTION: How can we authenticate both Session and Access Tokens here?
-            // Always check rawAccessToken, if it fails, we check the session, if session is valid, then we reissue
-            // if session is NOT valid, DELETE the session (and kick user back to login)
-            // TODO: set up cron job to occassionaly clean up activeSessions
             const token = request.headers.authorization
             try {
                 const validatedJwt = JWT.verify(token, process.env.APP_SECRET)

backend/lib/services/user.js

@@ -248,51 +248,65 @@ module.exports = class UserService extends Schmervice.Service {
             return { payload: null, message: err.message }
         }
     }
-
+    /*
+     * Grabs the sessionToken and accessToken from the
+     * this.activeSessions object based off of provided hashedToken
+     * @params {UserSession}
+     * @returns {grabTokensFromActiveSession}
+     */
+    _grabTokensFromActiveSessions(userSession) {
+        const rawSessionToken = userSession.sessionToken
+        const accessToken = userSession.accessToken
+        return { rawSessionToken: rawSessionToken, accessToken: accessToken }
+    }
+    /**
+     * Helper function to validate both tokens grabbed from this.activeSessions
+     * @params {Tokens}
+     * @returns {ValidatedTokens}
+     */
+    _validateTokens(tokens) {
+        const sessionTokenIsValid = this.validateToken(tokens.rawSessionToken)
+        const accessTokenIsValid = this.validateToken(tokens.accessToken)
+        return {
+            sessionTokenIsValid: sessionTokenIsValid,
+            accessTokenIsValid: accessTokenIsValid,
+        }
+    }
+    /**
+     * Checks to see if the activeSession accessToken is expired
+     * If it is, it creates a new one and stores it in activeSession
+     * @ params {UserSession} {ValidatedTokens}
+     * @returns Void
+     */
+    _createAccessTokenIfExpired(userSession, validatedTokens) {
+        if (!validatedTokens.accessTokenIsValid.payload) {
+            const accessToken = this.createToken({
+                payload: validatedTokens.sessionTokenIsValid.payload,
+            })
+            userSession.accessToken = accessToken
+        }
+    }
     /**
      * Uses this.validateToken() to verify hashedSessionToken's
      * existence, expiry, and also valdiates accessToken
-     * @param {User} user
-     * @returns {Token}
+     * @param {HashedSessionToken} hashedSessionToken
+     * @returns {PayloadFromActiveSessions}
      */
-    // TODO: remove testing console.log() messages once onboarding auth is working
-    // REFACTOR: Have this function only do one thing (UNIX philsophy)
     validateSession(hashedSessionToken) {
+        // TODO: Remove this console.log() prior to release to production,
+        // (useful for testing application state)
         console.log('this.activeSessions :=>', this.activeSessions)
-        if (!this.activeSessions[hashedSessionToken]) {
+        const userSession = this.activeSessions[hashedSessionToken]
+        if (!userSession) {
             throw new Error(
                 'hashedSessionToken not in activeSessions registry!',
             )
         }
-        // BREAK OUT INTO ANOTHER FUNC
-        const rawSessionToken =
-            this.activeSessions[hashedSessionToken].sessionToken
-        const accessToken = this.activeSessions[hashedSessionToken].accessToken
-
-        // Weird Edge case...
-        if (!rawSessionToken) {
-            throw new Error(
-                'hashedSessionToken is in activeSessions registry, but rawSessionToken does not exist',
-            )
-        }
-        // ANOTHER FUNC HERE
-        const sessionTokenIsValid = this.validateToken(rawSessionToken)
-        const accessTokenIsValid = this.validateToken(accessToken)
-
-        // Both sessionToken and accessToken are expired
-        // createAccessToken()
-        //
-        if (!accessTokenIsValid.payload) {
-            console.log(
-                'sessionToken is valid, but accessToken is null or is expired :=>',
-            )
-            const accessToken = this.createToken({
-                payload: sessionTokenIsValid.payload,
-            })
-            this.activeSessions[hashedSessionToken].accessToken = accessToken
-        }
+        const tokens = this._grabTokensFromActiveSessions(userSession)
+        const validatedTokens = this._validateTokens(tokens)
+        this._createAccessTokenIfExpired(userSession, validatedTokens)
         return {
-            ...sessionTokenIsValid.payload,
+            ...validatedTokens.sessionTokenIsValid.payload,
             sessionToken: this.activeSessions[hashedSessionToken].sessionToken,
         }
     }