Retry on token expired when token is static token

Author: bigmontz

packages/bolt-connection/src/connection-provider/connection-provider-direct.js

@@ -77,15 +77,7 @@ export default class DirectConnectionProvider extends PooledConnectionProvider {
       `Direct driver ${this._id} will close connection to ${address} for database '${database}' because of an error ${error.code} '${error.message}'`
     )
 
-    this._authenticationProvider.handleError({ connection, code: error.code })
-
-    if (error.code === 'Neo.ClientError.Security.AuthorizationExpired') {
-      this._connectionPool.apply(address, (conn) => { conn.authToken = null })
-    }
-
-    connection.close().catch(() => undefined)
-
-    return error
+    return super._handleAuthorizationExpired(error, address, connection)
   }
 
   async _hasProtocolVersion (versionPredicate) {

packages/bolt-connection/src/connection-provider/connection-provider-pooled.js

@@ -19,7 +19,7 @@
 
 import { createChannelConnection, ConnectionErrorHandler } from '../connection'
 import Pool, { PoolConfig } from '../pool'
-import { error, ConnectionProvider, ServerInfo, newError } from 'neo4j-driver-core'
+import { error, ConnectionProvider, ServerInfo, newError, isStaticAuthTokenManger } from 'neo4j-driver-core'
 import AuthenticationProvider from './authentication-provider'
 import { object } from '../lang'
 
@@ -41,6 +41,7 @@ export default class PooledConnectionProvider extends ConnectionProvider {
     this._id = id
     this._config = config
     this._log = log
+    this._authTokenManager = authTokenManager
     this._authenticationProvider = new AuthenticationProvider({ authTokenManager, userAgent })
     this._createChannelConnection =
       createChannelConnectionHook ||
@@ -227,4 +228,22 @@ export default class PooledConnectionProvider extends ConnectionProvider {
   static _removeIdleObserverOnConnection (conn) {
     conn._updateCurrentObserver()
   }
+
+  _handleAuthorizationExpired (error, address, connection) {
+    this._authenticationProvider.handleError({ connection, code: error.code })
+
+    if (error.code === 'Neo.ClientError.Security.AuthorizationExpired') {
+      this._connectionPool.apply(address, (conn) => { conn.authToken = null })
+    }
+
+    if (connection) {
+      connection.close().catch(() => undefined)
+    }
+
+    if (error.code === 'Neo.ClientError.Security.TokenExpired' && !isStaticAuthTokenManger(this._authTokenManager)) {
+      error.retriable = true
+    }
+
+    return error
+  }
 }

packages/bolt-connection/src/connection-provider/connection-provider-routing.js

@@ -117,17 +117,7 @@ export default class RoutingConnectionProvider extends PooledConnectionProvider
       `Routing driver ${this._id} will close connections to ${address} for database '${database}' because of an error ${error.code} '${error.message}'`
     )
 
-    this._authenticationProvider.handleError({ connection, code: error.code })
-
-    if (error.code === 'Neo.ClientError.Security.AuthorizationExpired') {
-      this._connectionPool.apply(address, (conn) => { conn.authToken = null })
-    }
-
-    if (connection) {
-      connection.close().catch(() => undefined)
-    }
-
-    return error
+    return super._handleAuthorizationExpired(error, address, connection, database)
   }
 
   _handleWriteFailure (error, address, database) {

packages/bolt-connection/test/connection-provider/connection-provider-direct.test.js

@@ -20,7 +20,7 @@
 import DirectConnectionProvider from '../../src/connection-provider/connection-provider-direct'
 import { Pool } from '../../src/pool'
 import { Connection, DelegateConnection } from '../../src/connection'
-import { internal, newError, ServerInfo } from 'neo4j-driver-core'
+import { internal, newError, ServerInfo, staticAuthTokenManager, temporalAuthDataManager } from 'neo4j-driver-core'
 import AuthenticationProvider from '../../src/connection-provider/authentication-provider'
 import { functional } from '../../src/lang'
 
@@ -206,6 +206,46 @@ it('should call authenticationAuthProvider.handleError when TokenExpired happens
   expect(handleError).toBeCalledWith({ connection: conn, code: 'Neo.ClientError.Security.TokenExpired' })
 })
 
+it('should change error to retriable when error when TokenExpired happens and staticAuthTokenManager is not being used', async () => {
+  const address = ServerAddress.fromUrl('localhost:123')
+  const pool = newPool()
+  const connectionProvider = newDirectConnectionProvider(address, pool, temporalAuthDataManager({ getAuthData: () => null }))
+
+  const conn = await connectionProvider.acquireConnection({
+    accessMode: 'READ',
+    database: ''
+  })
+
+  const expectedError = newError(
+    'Message',
+    'Neo.ClientError.Security.TokenExpired'
+  )
+
+  const error = conn.handleAndTransformError(expectedError, address)
+
+  expect(error.retriable).toBe(true)
+})
+
+it('should not change error to retriable when error when TokenExpired happens and staticAuthTokenManager is being used', async () => {
+  const address = ServerAddress.fromUrl('localhost:123')
+  const pool = newPool()
+  const connectionProvider = newDirectConnectionProvider(address, pool, staticAuthTokenManager({ authToken: null }))
+
+  const conn = await connectionProvider.acquireConnection({
+    accessMode: 'READ',
+    database: ''
+  })
+
+  const expectedError = newError(
+    'Message',
+    'Neo.ClientError.Security.TokenExpired'
+  )
+
+  const error = conn.handleAndTransformError(expectedError, address)
+
+  expect(error.retriable).toBe(false)
+})
+
 describe('constructor', () => {
   describe('newPool', () => {
     const server0 = ServerAddress.fromUrl('localhost:123')
@@ -762,12 +802,13 @@ describe('.verifyConnectivityAndGetServerInfo()', () => {
   })
 })
 
-function newDirectConnectionProvider (address, pool) {
+function newDirectConnectionProvider (address, pool, authTokenManager) {
   const connectionProvider = new DirectConnectionProvider({
     id: 0,
     config: {},
     log: Logger.noOp(),
-    address: address
+    address: address,
+    authTokenManager
   })
   connectionProvider._connectionPool = pool
   return connectionProvider

packages/bolt-connection/test/connection-provider/connection-provider-routing.test.js

@@ -24,7 +24,9 @@ import {
   Integer,
   int,
   internal,
-  ServerInfo
+  ServerInfo,
+  staticAuthTokenManager,
+  temporalAuthDataManager
 } from 'neo4j-driver-core'
 import { RoutingTable } from '../../src/rediscovery/'
 import { Pool } from '../../src/pool'
@@ -1703,6 +1705,84 @@ describe.each([
     expect(error).toBe(expectedError)
   })
 
+  it.each(usersDataSet)('should change error to retriable when error when TokenExpired happens and staticAuthTokenManager is not being used [user=%s]', async (user) => {
+    const pool = newPool()
+    const connectionProvider = newRoutingConnectionProvider(
+      [
+        newRoutingTable(
+          null,
+          [server1, server2],
+          [server3, server2],
+          [server2, server4]
+        )
+      ],
+      pool
+    )
+    connectionProvider._authTokenManager = temporalAuthDataManager({ getAuthData: () => null })
+
+    const error = newError(
+      'Message',
+      'Neo.ClientError.Security.TokenExpired'
+    )
+
+    const server2Connection = await connectionProvider.acquireConnection({
+      accessMode: 'WRITE',
+      database: null,
+      impersonatedUser: user
+    })
+
+    const server3Connection = await connectionProvider.acquireConnection({
+      accessMode: 'READ',
+      database: null,
+      impersonatedUser: user
+    })
+
+    const error1 = server3Connection.handleAndTransformError(error, server3)
+    const error2 = server2Connection.handleAndTransformError(error, server2)
+
+    expect(error1.retriable).toBe(true)
+    expect(error2.retriable).toBe(true)
+  })
+
+  it.each(usersDataSet)('should not change error to retriable when error when TokenExpired happens and staticAuthTokenManager is being used [user=%s]', async (user) => {
+    const pool = newPool()
+    const connectionProvider = newRoutingConnectionProvider(
+      [
+        newRoutingTable(
+          null,
+          [server1, server2],
+          [server3, server2],
+          [server2, server4]
+        )
+      ],
+      pool
+    )
+    connectionProvider._authTokenManager = staticAuthTokenManager({ authToken: null })
+
+    const error = newError(
+      'Message',
+      'Neo.ClientError.Security.TokenExpired'
+    )
+
+    const server2Connection = await connectionProvider.acquireConnection({
+      accessMode: 'WRITE',
+      database: null,
+      impersonatedUser: user
+    })
+
+    const server3Connection = await connectionProvider.acquireConnection({
+      accessMode: 'READ',
+      database: null,
+      impersonatedUser: user
+    })
+
+    const error1 = server3Connection.handleAndTransformError(error, server3)
+    const error2 = server2Connection.handleAndTransformError(error, server2)
+
+    expect(error1.retriable).toBe(false)
+    expect(error2.retriable).toBe(false)
+  })
+
   it.each(usersDataSet)('should use resolved seed router after accepting table with no writers [user=%s]', (user, done) => {
     const routingTable1 = newRoutingTable(
       null,

packages/core/src/auth-token-manager.ts

@@ -90,6 +90,30 @@ export function temporalAuthDataManager ({ getAuthData }: { getAuthData: () => P
   return new TemporalAuthDataManager(getAuthData)
 }
 
+/**
+ * Create a {@link AuthTokenManager} for handle static {@link AuthToken}
+ *
+ * @private
+ * @param {param} args - The args
+ * @param {AuthToken} args.authToken - The static auth token which will always used in the driver.
+ * @returns {AuthTokenManager} The temporal auth data manager.
+ */
+export function staticAuthTokenManager ({ authToken }: { authToken: AuthToken }): AuthTokenManager {
+  return new StaticAuthTokenManager(authToken)
+}
+
+/**
+ * Checks if the manager is a StaticAuthTokenManager
+ *
+ * @private
+ * @experimental
+ * @param {AuthTokenManager} manager The auth token manager to be checked.
+ * @returns {boolean} Manager is StaticAuthTokenManager
+ */
+export function isStaticAuthTokenManger (manager: AuthTokenManager): manager is StaticAuthTokenManager {
+  return manager instanceof StaticAuthTokenManager
+}
+
 interface TokenRefreshObserver {
   onCompleted: (data: TemporalAuthData) => void
   onError: (error: Error) => void
@@ -171,3 +195,19 @@ class TemporalAuthDataManager implements AuthTokenManager {
     })
   }
 }
+
+class StaticAuthTokenManager implements AuthTokenManager {
+  constructor (
+    private readonly _authToken: AuthToken
+  ) {
+
+  }
+
+  getToken (): AuthToken {
+    return this._authToken
+  }
+
+  onTokenExpired (_: AuthToken): void {
+    // nothing to do here
+  }
+}

packages/core/src/index.ts

@@ -87,7 +87,7 @@ import Session, { TransactionConfig } from './session'
 import Driver, * as driver from './driver'
 import auth from './auth'
 import BookmarkManager, { BookmarkManagerConfig, bookmarkManager } from './bookmark-manager'
-import AuthTokenManager, { temporalAuthDataManager, TemporalAuthData } from './auth-token-manager'
+import AuthTokenManager, { temporalAuthDataManager, staticAuthTokenManager, isStaticAuthTokenManger, TemporalAuthData } from './auth-token-manager'
 import { SessionConfig, QueryConfig, RoutingControl, routing } from './driver'
 import * as types from './types'
 import * as json from './json'
@@ -233,6 +233,8 @@ export {
   auth,
   bookmarkManager,
   temporalAuthDataManager,
+  staticAuthTokenManager,
+  isStaticAuthTokenManger,
   routing,
   resultTransformers,
   notificationCategory,

packages/neo4j-driver-deno/lib/bolt-connection/connection-provider/connection-provider-direct.js

@@ -77,15 +77,7 @@ export default class DirectConnectionProvider extends PooledConnectionProvider {
       `Direct driver ${this._id} will close connection to ${address} for database '${database}' because of an error ${error.code} '${error.message}'`
     )
 
-    this._authenticationProvider.handleError({ connection, code: error.code })
-
-    if (error.code === 'Neo.ClientError.Security.AuthorizationExpired') {
-      this._connectionPool.apply(address, (conn) => { conn.authToken = null })
-    }
-
-    connection.close().catch(() => undefined)
-
-    return error
+    return super._handleAuthorizationExpired(error, address, connection)
   }
 
   async _hasProtocolVersion (versionPredicate) {

packages/neo4j-driver-deno/lib/bolt-connection/connection-provider/connection-provider-pooled.js

@@ -19,7 +19,7 @@
 
 import { createChannelConnection, ConnectionErrorHandler } from '../connection/index.js'
 import Pool, { PoolConfig } from '../pool/index.js'
-import { error, ConnectionProvider, ServerInfo, newError } from '../../core/index.ts'
+import { error, ConnectionProvider, ServerInfo, newError, isStaticAuthTokenManger } from '../../core/index.ts'
 import AuthenticationProvider from './authentication-provider.js'
 import { object } from '../lang/index.js'
 
@@ -41,6 +41,7 @@ export default class PooledConnectionProvider extends ConnectionProvider {
     this._id = id
     this._config = config
     this._log = log
+    this._authTokenManager = authTokenManager
     this._authenticationProvider = new AuthenticationProvider({ authTokenManager, userAgent })
     this._createChannelConnection =
       createChannelConnectionHook ||
@@ -227,4 +228,22 @@ export default class PooledConnectionProvider extends ConnectionProvider {
   static _removeIdleObserverOnConnection (conn) {
     conn._updateCurrentObserver()
   }
+
+  _handleAuthorizationExpired (error, address, connection) {
+    this._authenticationProvider.handleError({ connection, code: error.code })
+
+    if (error.code === 'Neo.ClientError.Security.AuthorizationExpired') {
+      this._connectionPool.apply(address, (conn) => { conn.authToken = null })
+    }
+
+    if (connection) {
+      connection.close().catch(() => undefined)
+    }
+
+    if (error.code === 'Neo.ClientError.Security.TokenExpired' && !isStaticAuthTokenManger(this._authTokenManager)) {
+      error.retriable = true
+    }
+
+    return error
+  }
 }

packages/neo4j-driver-deno/lib/bolt-connection/connection-provider/connection-provider-routing.js

@@ -117,17 +117,7 @@ export default class RoutingConnectionProvider extends PooledConnectionProvider
       `Routing driver ${this._id} will close connections to ${address} for database '${database}' because of an error ${error.code} '${error.message}'`
     )
 
-    this._authenticationProvider.handleError({ connection, code: error.code })
-
-    if (error.code === 'Neo.ClientError.Security.AuthorizationExpired') {
-      this._connectionPool.apply(address, (conn) => { conn.authToken = null })
-    }
-
-    if (connection) {
-      connection.close().catch(() => undefined)
-    }
-
-    return error
+    return super._handleAuthorizationExpired(error, address, connection, database)
   }
 
   _handleWriteFailure (error, address, database) {