From e9c3a0c3e81b48ed7c1bcd061ef2b92ff29594f8 Mon Sep 17 00:00:00 2001
From: Milan Perera <milan@wso2.com>
Date: Wed, 18 Jan 2017 18:14:55 +0530
Subject: [PATCH] Fixed token expiration issue

---
 .../oauth/token-protected-service-invokers.js | 41 ++++++++++++++++---
 1 file changed, 35 insertions(+), 6 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-protected-service-invokers.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-protected-service-invokers.js
index d29498a318..ed40ee7de8 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-protected-service-invokers.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-protected-service-invokers.js
@@ -117,15 +117,44 @@ var invokers = function () {
         log.debug("Response status : " + xmlHttpRequest.status);
         log.debug("Response payload if any : " + xmlHttpRequest.responseText);
 
-        if (xmlHttpRequest.status == 401 && (xmlHttpRequest.responseText == TOKEN_EXPIRED ||
-                                             xmlHttpRequest.responseText == TOKEN_INVALID ) && count < 5) {
-            tokenUtil.refreshTokenPair();
-            return privateMethods.execute(httpMethod, requestPayload, endpoint, responseCallback, ++count, headers);
-        } else {
+        if (xmlHttpRequest.status == 401) {
+            if ((xmlHttpRequest.responseText == TOKEN_EXPIRED ||
+                xmlHttpRequest.responseText == TOKEN_INVALID ) && count < 5) {
+                tokenUtil.refreshTokenPair();
+                return privateMethods.execute(httpMethod, requestPayload, endpoint, responseCallback, ++count, headers);
+            } else if (privateMethods.isInvalidCredential(xmlHttpRequest.responseText)) {
+                tokenUtil.refreshTokenPair();
+                return privateMethods.execute(httpMethod, requestPayload, endpoint, responseCallback, ++count, headers);
+            }
+         } else {
             return responseCallback(xmlHttpRequest);
-        }
+         }
     };
 
+
+    /**
+     * This method verify whether the access token is expired using response payload.
+     * This is required when using API gateway.
+     * @param responsePayload response payload.
+     * return true if it is invalid otherwise false.
+     */
+    privateMethods["isInvalidCredential"] =
+        function (responsePayload) {
+            if (responsePayload) {
+                try {
+                    payload = parse(responsePayload);
+                    if (payload["fault"]["code"] == 900901) {
+                        log.debug("Access token is invalid: " + payload["fault"]["code"]);
+                        log.debug(payload["fault"]["description"]);
+                        return true;
+                    }
+                } catch (err) {
+                    // do nothing
+                }
+            }
+            return false;
+        };
+
     /**
      * This method add Oauth authentication header to outgoing XML-HTTP Requests if Oauth authentication is enabled.
      * @param httpMethod HTTP request type.