feat(ApplicationSession): only allow 1 pending request for a new toke…

…n at a time AFFECTS PACKAGES: @esri/arcgis-rest-auth
Esri · Sep 25, 2017 · 4e6f9e2 · 4e6f9e2
1 parent a6406d4
commit 4e6f9e2
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 1 deletion.
diff --git a/packages/arcgis-rest-auth/src/ApplicationSession.ts b/packages/arcgis-rest-auth/src/ApplicationSession.ts
@@ -40,6 +40,12 @@ export class ApplicationSession implements IAuthenticationManager {
   private portal: string;
   private duration: number;
 
+  /**
+   * Internal object to keep track of pending token requests. Used to prevent
+   *  duplicate token requests.
+   */
+  private _pendingTokenRequest: Promise<string>;
+
   constructor(options: IApplicationSessionOptions) {
     this.clientId = options.clientId;
     this.clientSecret = options.clientSecret;
@@ -54,7 +60,13 @@ export class ApplicationSession implements IAuthenticationManager {
       return Promise.resolve(this.token);
     }
 
-    return this.refreshToken();
+    if (this._pendingTokenRequest) {
+      return this._pendingTokenRequest;
+    }
+
+    this._pendingTokenRequest = this.refreshToken();
+
+    return this._pendingTokenRequest;
   }
 
   refreshToken(): Promise<string> {
@@ -63,6 +75,7 @@ export class ApplicationSession implements IAuthenticationManager {
       client_secret: this.clientSecret,
       grant_type: "client_credentials"
     }).then(response => {
+      this._pendingTokenRequest = null;
       this.token = response.token;
       this.expires = response.expires;
       return response.token;

diff --git a/packages/arcgis-rest-auth/test/ApplicationSession.test.ts b/packages/arcgis-rest-auth/test/ApplicationSession.test.ts
@@ -58,6 +58,41 @@ describe("ApplicationSession", () => {
           fail(e);
         });
     });
+
+    it("should not make multiple refresh requests while a refresh is pending", done => {
+      const session = new ApplicationSession({
+        clientId: "id",
+        clientSecret: "secret",
+        token: "token",
+        expires: YESTERDAY
+      });
+
+      fetchMock.mock(
+        "https://www.arcgis.com/sharing/rest/oauth2/token/",
+        {
+          access_token: "new",
+          expires_in: 1800
+        },
+        { method: "POST", times: 1 }
+      );
+
+      Promise.all([
+        session.getToken("https://www.arcgis.com/sharing/rest/portals/self"),
+        session.getToken("https://www.arcgis.com/sharing/rest/portals/self")
+      ])
+        .then(([token1, token2]) => {
+          expect(token1).toBe("new");
+          expect(token2).toBe("new");
+          expect(
+            fetchMock.calls("https://www.arcgis.com/sharing/rest/oauth2/token/")
+              .length
+          ).toBe(1);
+          done();
+        })
+        .catch(e => {
+          fail(e);
+        });
+    });
   });
 
   it("should provide a method to refresh a session", done => {