SAP · FrankEssenberger · Nov 5, 2021 · Nov 5, 2021 · Nov 5, 2021 · Nov 5, 2021
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -27,6 +27,7 @@
 ## Fixed Issues
 
 - [core] Disable destination cache, when the JWT does not contain necessary information. For example, when using `IsolationStrategy.Tenant_User`, the JWT has to contain both tenant id and user id.
+- [core] Provider token used in retrieving destination from cache.
 
 
 # 1.51.0

diff --git a/...c/connectivity/scp-cf/destination/destination-accessor-provider-subscriber-lookup.spec.ts b/...c/connectivity/scp-cf/destination/destination-accessor-provider-subscriber-lookup.spec.ts
@@ -9,7 +9,6 @@ import {
 import {
   onlyIssuerServiceToken,
   providerServiceToken,
-  providerUserJwt,
   subscriberServiceToken,
   subscriberUserJwt
 } from '../../../../test/test-util/mocked-access-tokens';
@@ -25,7 +24,6 @@ import {
   destinationName
 } from '../../../../test/test-util/example-destination-service-responses';
 import { wrapJwtInHeader } from '../jwt';
-import * as destinationService from './destination-service';
 import { DestinationConfiguration, parseDestination } from './destination';
 import {
   alwaysProvider,
@@ -128,90 +126,44 @@ describe('jwtType x selection strategy combinations. Possible values are {subscr
     expect(destination).toBe(null);
   }
 
-  describe('Combinations: subscriberUserToken x {alwaysSubscriber,alwaysProvider,subscriberFirst}', () => {
-    it('subscriberUserToken && alwaysSubscriberToken: should not send a request to retrieve remote provider destination and return subscriber destination.', async () => {
+  describe('userToken x {alwaysSubscriber,alwaysProvider,subscriberFirst}', () => {
+    it('alwaysSubscriber does not call provider', async () => {
       const mocks = mockThingsForCombinations();
 
-      const actual = await fetchDestination(
+      const destination = await fetchDestination(
         subscriberUserJwt,
         alwaysSubscriber
       );
-      expect(actual!.url).toBe(subscriberDestination.URL);
 
       mocks.subscriberMocks.forEach(mock => expect(mock.isDone()).toBe(true));
       mocks.providerMocks.forEach(mock => expect(mock.isDone()).toBe(false));
+      expect(destination!.url).toBe(subscriberDestination.URL);
     });
 
-    it('subscriberUserToken && alwaysProvider: should not sed a request to retrieve remote subscriber destination and return provider destination', async () => {
+    it('alwaysPovider does not call subscriber', async () => {
       const mocks = mockThingsForCombinations();
 
-      const actual = await fetchDestination(subscriberUserJwt, alwaysProvider);
-      assertSubscriberNotCalledAndProviderFound(mocks, actual!);
-    });
-
-    it('subscriberUserToken && subscriberFirst: should try subscriber first (found something), provider not called and return subscriber destination', async () => {
-      mockThingsForCombinations();
-
-      const requestSpy = jest.spyOn(
-        destinationService,
-        'fetchSubaccountDestinations'
-      );
-      const actual = await fetchDestination(subscriberUserJwt, subscriberFirst);
-      expect(requestSpy).toHaveBeenCalledTimes(1);
-      expect(requestSpy).toHaveBeenNthCalledWith(
-        1,
-        'https://destination.example.com',
-        subscriberServiceToken,
-        expect.anything()
-      );
-      expect(actual!.url).toBe(subscriberDestination.URL);
-    });
-
-    it('subscriberUserToken && subscriberFirst: should try subscriber first (found nothing), provider called and return provider destination', async () => {
-      mockThingsForCombinations(true, false);
-
-      const requestSpy = jest.spyOn(
-        destinationService,
-        'fetchSubaccountDestinations'
-      );
-      const actual = await fetchDestination(subscriberUserJwt, subscriberFirst);
-      expect(requestSpy).toHaveBeenCalledTimes(2);
-      expect(requestSpy).toHaveBeenNthCalledWith(
-        1,
-        'https://destination.example.com',
-        subscriberServiceToken,
-        expect.anything()
-      );
-      expect(requestSpy).toHaveBeenNthCalledWith(
-        2,
-        'https://destination.example.com',
-        providerServiceToken,
-        expect.anything()
+      const destination = await fetchDestination(
+        subscriberUserJwt,
+        alwaysProvider
       );
-      expect(actual!.url).toBe(providerDestination.URL);
-    });
-  });
-
-  describe('providerUserToken x {alwaysSubscriber,alwaysProvider,subscriberFirst}', () => {
-    it('providerUserToken && alwaysSubscriber: should return null since the token does not match subscriber', async () => {
-      const mocks = mockThingsForCombinations();
 
-      const actual = await fetchDestination(providerUserJwt, alwaysSubscriber);
-      assertNothingCalledAndNullFound(mocks, actual);
+      mocks.subscriberMocks.forEach(mock => expect(mock.isDone()).toBe(false));
+      mocks.providerMocks.forEach(mock => expect(mock.isDone()).toBe(true));
+      expect(destination!.url).toBe(providerDestination.URL);
     });
 
-    it('providerUserToken && alwaysProvider: should not send a request to retrieve remote subscriber destination and return provider destination.', async () => {
+    it('subscriberFirst does not call provider if subscriber is found', async () => {
       const mocks = mockThingsForCombinations();
 
-      const actual = await fetchDestination(providerUserJwt, alwaysProvider);
-      assertSubscriberNotCalledAndProviderFound(mocks, actual!);
-    });
-
-    it('providerUserToken && subscriberFirst: should not sed a request to retrieve remote subscriber destination and return provider destination.', async () => {
-      const mocks = mockThingsForCombinations();
+      const destination = await fetchDestination(
+        subscriberUserJwt,
+        subscriberFirst
+      );
 
-      const actual = await fetchDestination(providerUserJwt, subscriberFirst);
-      assertSubscriberNotCalledAndProviderFound(mocks, actual!);
+      mocks.subscriberMocks.forEach(mock => expect(mock.isDone()).toBe(true));
+      mocks.providerMocks.forEach(mock => expect(mock.isDone()).toBe(false));
+      expect(destination!.url).toBe(subscriberDestination.URL);
     });
   });
 

diff --git a/packages/core/src/connectivity/scp-cf/destination/destination-cache.spec.ts b/packages/core/src/connectivity/scp-cf/destination/destination-cache.spec.ts
@@ -6,6 +6,7 @@ import {
   providerJwtBearerToken,
   providerServiceToken,
   providerUserJwt,
+  providerUserPayload,
   subscriberServiceToken,
   subscriberUserJwt
 } from '../../../../test/test-util/mocked-access-tokens';
@@ -144,6 +145,24 @@ describe('caching destination integration tests', () => {
       );
     });
 
+    it('cache key contains user also for provider tokens', async () => {
+      await getDestination('ProviderDest', {
+        userJwt: providerUserJwt,
+        useCache: true,
+        isolationStrategy: IsolationStrategy.Tenant_User
+      });
+      const cacheKeys = Object.keys(
+        (destinationCache.getCacheInstance() as any).cache
+      );
+      expect(cacheKeys[0]).toBe(
+        getDestinationCacheKeyStrict(
+          providerUserPayload,
+          'ProviderDest',
+          IsolationStrategy.Tenant_User
+        )
+      );
+    });
+
     it('retrieved subscriber destinations are cached with tenant id using "Tenant" isolation type by default ', async () => {
       await getDestination('SubscriberDest', {
         userJwt: subscriberUserJwt,

diff --git a/packages/core/src/connectivity/scp-cf/destination/destination-from-service.ts b/packages/core/src/connectivity/scp-cf/destination/destination-from-service.ts
@@ -570,10 +570,6 @@ class DestinationFromServiceRetriever {
       return false;
     }
 
-    if (this.isProviderAndSubscriberSameTenant()) {
-      return false;
-    }
-
     return true;
   }
 

diff --git a/packages/core/test/test-util/mocked-access-tokens.ts b/packages/core/test/test-util/mocked-access-tokens.ts
@@ -11,17 +11,15 @@ const iat = Math.floor(Date.now() / 1000);
 const providerServiceTokenPayload = {
   iat,
   iss: providerXsuaaUrl,
-  zid: TestTenants.PROVIDER,
-  user_id: 'service-prov'
+  zid: TestTenants.PROVIDER
 };
 
 export const providerServiceToken = signedJwt(providerServiceTokenPayload);
 
 const subscriberServiceTokenPayload = {
   iat,
   iss: subscriberXsuaaUrl,
-  zid: TestTenants.SUBSCRIBER,
-  user_id: 'service-sub'
+  zid: TestTenants.SUBSCRIBER
 };
 
 export const subscriberServiceToken = signedJwt(subscriberServiceTokenPayload);
@@ -64,7 +62,7 @@ export const userApprovedSubscriberServiceToken = signedJwt(
   userApprovedSubscriberTokenPayload
 );
 
-const providerUserPayload = {
+export const providerUserPayload = {
   iat,
   iss: providerXsuaaUrl,
   zid: TestTenants.PROVIDER,