Handle SecurtyError instead of Auth errors

bigmontz · bigmontz · commit f35e44c366a3 · 2023-08-22T15:09:08.000+02:00
diff --git a/packages/bolt-connection/src/connection-provider/connection-provider-direct.js b/packages/bolt-connection/src/connection-provider/connection-provider-direct.js
@@ -50,8 +50,8 @@ export default class DirectConnectionProvider extends PooledConnectionProvider {
   async acquireConnection ({ accessMode, database, bookmarks, auth, forceReAuth } = {}) {
     const databaseSpecificErrorHandler = ConnectionErrorHandler.create({
       errorCode: SERVICE_UNAVAILABLE,
-      handleAuthorizationExpired: (error, address, conn) =>
-        this._handleAuthorizationExpired(error, address, conn, database)
+      handleSecurityError: (error, address, conn) =>
+        this._handleSecurityError(error, address, conn, database)
     })
 
     const connection = await this._connectionPool.acquire({ auth, forceReAuth }, this._address)
@@ -68,12 +68,12 @@ export default class DirectConnectionProvider extends PooledConnectionProvider {
     return new DelegateConnection(connection, databaseSpecificErrorHandler)
   }
 
-  _handleAuthorizationExpired (error, address, connection, database) {
+  _handleSecurityError (error, address, connection, database) {
     this._log.warn(
       `Direct driver ${this._id} will close connection to ${address} for database '${database}' because of an error ${error.code} '${error.message}'`
     )
 
-    return super._handleAuthorizationExpired(error, address, connection)
+    return super._handleSecurityError(error, address, connection)
   }
 
   async _hasProtocolVersion (versionPredicate) {
diff --git a/packages/bolt-connection/src/connection-provider/connection-provider-pooled.js b/packages/bolt-connection/src/connection-provider/connection-provider-pooled.js
@@ -223,7 +223,7 @@ export default class PooledConnectionProvider extends ConnectionProvider {
     conn._updateCurrentObserver()
   }
 
-  _handleAuthorizationExpired (error, address, connection) {
+  _handleSecurityError (error, address, connection) {
     const handled = this._authenticationProvider.handleError({ connection, code: error.code })
 
     if (handled) {
diff --git a/packages/bolt-connection/src/connection-provider/connection-provider-routing.js b/packages/bolt-connection/src/connection-provider/connection-provider-routing.js
@@ -116,12 +116,12 @@ export default class RoutingConnectionProvider extends PooledConnectionProvider
     return error
   }
 
-  _handleAuthorizationExpired (error, address, connection, database) {
+  _handleSecurityError (error, address, connection, database) {
     this._log.warn(
       `Routing driver ${this._id} will close connections to ${address} for database '${database}' because of an error ${error.code} '${error.message}'`
     )
 
-    return super._handleAuthorizationExpired(error, address, connection, database)
+    return super._handleSecurityError(error, address, connection, database)
   }
 
   _handleWriteFailure (error, address, database) {
@@ -150,7 +150,7 @@ export default class RoutingConnectionProvider extends PooledConnectionProvider
       (error, address) => this._handleUnavailability(error, address, context.database),
       (error, address) => this._handleWriteFailure(error, address, context.database),
       (error, address, conn) =>
-        this._handleAuthorizationExpired(error, address, conn, context.database)
+        this._handleSecurityError(error, address, conn, context.database)
     )
 
     const routingTable = await this._freshRoutingTable({
@@ -584,7 +584,7 @@ export default class RoutingConnectionProvider extends PooledConnectionProvider
 
       const databaseSpecificErrorHandler = ConnectionErrorHandler.create({
         errorCode: SESSION_EXPIRED,
-        handleAuthorizationExpired: (error, address, conn) => this._handleAuthorizationExpired(error, address, conn)
+        handleSecurityError: (error, address, conn) => this._handleSecurityError(error, address, conn)
       })
 
       const delegateConnection = !connection._sticky
diff --git a/packages/bolt-connection/src/connection/connection-error-handler.js b/packages/bolt-connection/src/connection/connection-error-handler.js
@@ -26,25 +26,25 @@ export default class ConnectionErrorHandler {
     errorCode,
     handleUnavailability,
     handleWriteFailure,
-    handleAuthorizationExpired
+    handleSecurityError
   ) {
     this._errorCode = errorCode
     this._handleUnavailability = handleUnavailability || noOpHandler
     this._handleWriteFailure = handleWriteFailure || noOpHandler
-    this._handleAuthorizationExpired = handleAuthorizationExpired || noOpHandler
+    this._handleSecurityError = handleSecurityError || noOpHandler
   }
 
   static create ({
     errorCode,
     handleUnavailability,
     handleWriteFailure,
-    handleAuthorizationExpired
+    handleSecurityError
   }) {
     return new ConnectionErrorHandler(
       errorCode,
       handleUnavailability,
       handleWriteFailure,
-      handleAuthorizationExpired
+      handleSecurityError
     )
   }
 
@@ -63,8 +63,8 @@ export default class ConnectionErrorHandler {
    * @return {Neo4jError} new error that should be propagated to the user.
    */
   handleAndTransformError (error, address, connection) {
-    if (isAutorizationExpiredError(error)) {
-      return this._handleAuthorizationExpired(error, address, connection)
+    if (isSecurityError(error)) {
+      return this._handleSecurityError(error, address, connection)
     }
     if (isAvailabilityError(error)) {
       return this._handleUnavailability(error, address, connection)
@@ -76,11 +76,10 @@ export default class ConnectionErrorHandler {
   }
 }
 
-function isAutorizationExpiredError (error) {
-  return error && (
-    error.code === 'Neo.ClientError.Security.AuthorizationExpired' ||
-      error.code === 'Neo.ClientError.Security.TokenExpired'
-  )
+function isSecurityError (error) {
+  return error != null &&
+    error.code != null &&
+    error.code.startsWith('Neo.ClientError.Security.')
 }
 
 function isAvailabilityError (error) {
diff --git a/packages/bolt-connection/test/connection/connection-error-handler.test.js b/packages/bolt-connection/test/connection/connection-error-handler.test.js
@@ -79,35 +79,7 @@ describe('#unit ConnectionErrorHandler', () => {
     ])
   })
 
-  it('should handle and transform authorization expired error', () => {
-    const errors = []
-    const addresses = []
-    const transformedError = newError('Message', 'Code')
-    const handler = ConnectionErrorHandler.create({
-      errorCode: SERVICE_UNAVAILABLE,
-      handleAuthorizationExpired: (error, address) => {
-        errors.push(error)
-        addresses.push(address)
-        return transformedError
-      }
-    })
-
-    const error1 = newError(
-      'C',
-      'Neo.ClientError.Security.AuthorizationExpired'
-    )
-
-    const errorTransformed1 = handler.handleAndTransformError(
-      error1,
-      ServerAddress.fromUrl('localhost:0')
-    )
-
-    expect(errorTransformed1).toEqual(transformedError)
-
-    expect(addresses).toEqual([ServerAddress.fromUrl('localhost:0')])
-  })
-
-  it('should return original erro if authorization expired handler is not informed', () => {
+  it('should return original error if authorization expired handler is not informed', () => {
     const errors = []
     const addresses = []
     const transformedError = newError('Message', 'Code')
@@ -140,13 +112,18 @@ describe('#unit ConnectionErrorHandler', () => {
     expect(addresses).toEqual([])
   })
 
-  it('should handle and transform token expired error', () => {
+  it.each([
+    'Neo.ClientError.Security.TokenExpired',
+    'Neo.ClientError.Security.AuthorizationExpired',
+    'Neo.ClientError.Security.Unauthorized',
+    'Neo.ClientError.Security.MadeUp'
+  ])('should handle and transform "%s"', (code) => {
     const errors = []
     const addresses = []
     const transformedError = newError('Message', 'Code')
     const handler = ConnectionErrorHandler.create({
       errorCode: SERVICE_UNAVAILABLE,
-      handleAuthorizationExpired: (error, address) => {
+      handleSecurityError: (error, address) => {
         errors.push(error)
         addresses.push(address)
         return transformedError
@@ -155,7 +132,7 @@ describe('#unit ConnectionErrorHandler', () => {
 
     const error1 = newError(
       'C',
-      'Neo.ClientError.Security.TokenExpired'
+      code
     )
 
     const errorTransformed1 = handler.handleAndTransformError(
@@ -168,7 +145,12 @@ describe('#unit ConnectionErrorHandler', () => {
     expect(addresses).toEqual([ServerAddress.fromUrl('localhost:0')])
   })
 
-  it('should return original erro if token expired handler is not informed', () => {
+  it.each([
+    'Neo.ClientError.Security.TokenExpired',
+    'Neo.ClientError.Security.AuthorizationExpired',
+    'Neo.ClientError.Security.Unauthorized',
+    'Neo.ClientError.Security.MadeUp'
+  ])('should return original error code equals "%s" if security error handler is not informed', (code) => {
     const errors = []
     const addresses = []
     const transformedError = newError('Message', 'Code')
@@ -188,7 +170,7 @@ describe('#unit ConnectionErrorHandler', () => {
 
     const error1 = newError(
       'C',
-      'Neo.ClientError.Security.TokenExpired'
+      code
     )
 
     const errorTransformed1 = handler.handleAndTransformError(

Original file line number	Diff line number	Diff line change
`@@ -223,7 +223,7 @@ export default class PooledConnectionProvider extends ConnectionProvider {`
`223`	`223`	`conn._updateCurrentObserver()`
`224`	`224`	`}`
`225`	`225`
`226`		`- _handleAuthorizationExpired (error, address, connection) {`
	`226`	`+ _handleSecurityError (error, address, connection) {`
`227`	`227`	`const handled = this._authenticationProvider.handleError({ connection, code: error.code })`
`228`	`228`
`229`	`229`	`if (handled) {`