@allthings/oauth2-server
Advanced tools
Comparing version 3.0.0 to 3.0.1
@@ -10,2 +10,3 @@ 'use strict'; | ||
| var Promise = require('bluebird'); | ||
| var promisify = require('promisify-any').use(Promise); | ||
| var util = require('util'); | ||
@@ -67,3 +68,3 @@ | ||
| this.validateScope(user, client, scope), | ||
| this.generateAccessToken(), | ||
| this.generateAccessToken(client, user, scope), | ||
| this.getAccessTokenExpiresAt() | ||
@@ -81,3 +82,3 @@ ]; | ||
| return this.model.saveToken(token, client, user); | ||
| return promisify(this.model.saveToken, 3).call(this.model, token, client, user); | ||
| }); | ||
@@ -84,0 +85,0 @@ }; |
@@ -66,2 +66,5 @@ 'use strict'; | ||
| // Extend model object with request | ||
| this.model.request = request; | ||
| return Promise.bind(this) | ||
@@ -68,0 +71,0 @@ .then(function() { |
@@ -76,2 +76,5 @@ 'use strict'; | ||
| // Extend model object with request | ||
| this.model.request = request; | ||
| var fns = [ | ||
@@ -87,3 +90,3 @@ this.getClient(request), | ||
| var state; | ||
| var ResponseType; | ||
| var RequestedResponseType; | ||
| var responseType; | ||
@@ -95,7 +98,12 @@ var uri = this.getRedirectUri(request, client); | ||
| .then(function() { | ||
| scope = this.getScope(request); | ||
| var requestedScope = this.getScope(request); | ||
| return this.validateScope(user, client, requestedScope); | ||
| }) | ||
| .then(function(validScope) { | ||
| scope = validScope; | ||
| state = this.getState(request); | ||
| ResponseType = this.getResponseType(request, client); | ||
| responseType = new ResponseType(this.options); | ||
| RequestedResponseType = this.getResponseType(request, client); | ||
| responseType = new RequestedResponseType(this.options); | ||
@@ -171,2 +179,20 @@ return responseType.handle(request, client, user, uri, scope); | ||
| /** | ||
| * Validate requested scope. | ||
| */ | ||
| AuthorizeHandler.prototype.validateScope = function(user, client, scope) { | ||
| if (this.model.validateScope) { | ||
| return promisify(this.model.validateScope, 3).call(this.model, user, client, scope) | ||
| .then(function (scope) { | ||
| if (!scope) { | ||
| throw new InvalidScopeError('Invalid scope: Requested scope is invalid'); | ||
| } | ||
| return scope; | ||
| }); | ||
| } else { | ||
| return Promise.resolve(scope); | ||
| } | ||
| }; | ||
| /** | ||
| * Get scope from the request. | ||
@@ -173,0 +199,0 @@ */ |
@@ -88,2 +88,5 @@ 'use strict'; | ||
| // Extend model object with request | ||
| this.model.request = request; | ||
| return Promise.bind(this) | ||
@@ -90,0 +93,0 @@ .then(function() { |
@@ -36,3 +36,3 @@ 'use strict'; | ||
| for (var field in options.headers) { | ||
| if (options.headers.hasOwnProperty(field)) { | ||
| if (Object.prototype.hasOwnProperty.call(options.headers, field)) { | ||
| this.headers[field.toLowerCase()] = options.headers[field]; | ||
@@ -44,3 +44,3 @@ } | ||
| for (var property in options) { | ||
| if (options.hasOwnProperty(property) && !this[property]) { | ||
| if (Object.prototype.hasOwnProperty.call(options, property) && !this[property]) { | ||
| this[property] = options[property]; | ||
@@ -47,0 +47,0 @@ } |
@@ -16,3 +16,3 @@ 'use strict'; | ||
| for (var field in options.headers) { | ||
| if (options.headers.hasOwnProperty(field)) { | ||
| if (Object.prototype.hasOwnProperty.call(options.headers, field)) { | ||
| this.headers[field.toLowerCase()] = options.headers[field]; | ||
@@ -24,3 +24,3 @@ } | ||
| for (var property in options) { | ||
| if (options.hasOwnProperty(property) && !this[property]) { | ||
| if (Object.prototype.hasOwnProperty.call(options, property) && !this[property]) { | ||
| this[property] = options[property]; | ||
@@ -27,0 +27,0 @@ } |
| { | ||
| "name": "@allthings/oauth2-server", | ||
| "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", | ||
| "version": "3.0.0", | ||
| "version": "3.0.1", | ||
| "keywords": [ | ||
@@ -10,9 +10,32 @@ "oauth", | ||
| "contributors": [ | ||
| { "name": "Thom Seddon", "email": "thom@seddonmedia.co.uk" }, | ||
| { "name": "Lars F. Karlström" , "email": "lars@lfk.io" }, | ||
| { "name": "Rui Marinho", "email": "ruipmarinho@gmail.com" }, | ||
| { "name" : "Tiago Ribeiro", "email": "tiago.ribeiro@gmail.com" }, | ||
| { "name": "Michael Salinger", "email": "mjsalinger@gmail.com" }, | ||
| { "name": "Nuno Sousa" }, | ||
| { "name": "Max Truxa" } | ||
| { | ||
| "name": "Thom Seddon", | ||
| "email": "thom@seddonmedia.co.uk" | ||
| }, | ||
| { | ||
| "name": "Lars F. Karlström", | ||
| "email": "lars@lfk.io" | ||
| }, | ||
| { | ||
| "name": "Marco Lüthy", | ||
| "email": "marco.luethy@gmail.com" | ||
| }, | ||
| { | ||
| "name": "Rui Marinho", | ||
| "email": "ruipmarinho@gmail.com" | ||
| }, | ||
| { | ||
| "name": "Tiago Ribeiro", | ||
| "email": "tiago.ribeiro@gmail.com" | ||
| }, | ||
| { | ||
| "name": "Michael Salinger", | ||
| "email": "mjsalinger@gmail.com" | ||
| }, | ||
| { | ||
| "name": "Nuno Sousa" | ||
| }, | ||
| { | ||
| "name": "Max Truxa" | ||
| } | ||
| ], | ||
@@ -23,3 +46,3 @@ "main": "index.js", | ||
| "bluebird": "3.5.0", | ||
| "lodash": "4.17.4", | ||
| "lodash": "^4.17.10", | ||
| "promisify-any": "2.0.1", | ||
@@ -26,0 +49,0 @@ "statuses": "1.3.1", |
@@ -171,3 +171,3 @@ 'use strict'; | ||
| it('should return an access token', function() { | ||
| it('should return an access token with extend model obj with request', function() { | ||
| var accessToken = { | ||
@@ -196,2 +196,3 @@ user: {}, | ||
| .then(function(data) { | ||
| model.request.should.equal(request); | ||
| data.should.equal(accessToken); | ||
@@ -198,0 +199,0 @@ }) |
@@ -291,2 +291,90 @@ 'use strict'; | ||
| it('should redirect to a successful response if `model.validateScope` is not defined', function() { | ||
| var client = { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; | ||
| var model = { | ||
| getAccessToken: function() { | ||
| return { | ||
| client: client, | ||
| user: {}, | ||
| accessTokenExpiresAt: new Date(new Date().getTime() + 10000) | ||
| }; | ||
| }, | ||
| getClient: function() { | ||
| return client; | ||
| }, | ||
| saveAuthorizationCode: function() { | ||
| return { authorizationCode: 12345, client: client }; | ||
| } | ||
| }; | ||
| var handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); | ||
| var request = new Request({ | ||
| body: { | ||
| client_id: 12345, | ||
| response_type: 'code' | ||
| }, | ||
| headers: { | ||
| 'Authorization': 'Bearer foo' | ||
| }, | ||
| method: {}, | ||
| query: { | ||
| scope: 'read', | ||
| state: 'foobar' | ||
| } | ||
| }); | ||
| var response = new Response({ body: {}, headers: {} }); | ||
| return handler.handle(request, response) | ||
| .then(function(data) { | ||
| data.should.eql({ | ||
| authorizationCode: 12345, | ||
| client: client | ||
| }); | ||
| }) | ||
| .catch(should.fail); | ||
| }); | ||
| it('should redirect to an error response if `scope` is insufficient', function() { | ||
| var client = { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; | ||
| var model = { | ||
| getAccessToken: function() { | ||
| return { | ||
| client: client, | ||
| user: {}, | ||
| accessTokenExpiresAt: new Date(new Date().getTime() + 10000) | ||
| }; | ||
| }, | ||
| getClient: function() { | ||
| return client; | ||
| }, | ||
| saveAuthorizationCode: function() { | ||
| return { authorizationCode: 12345, client: client }; | ||
| }, | ||
| validateScope: function() { | ||
| return false; | ||
| } | ||
| }; | ||
| var handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); | ||
| var request = new Request({ | ||
| body: { | ||
| client_id: 12345, | ||
| response_type: 'code' | ||
| }, | ||
| headers: { | ||
| 'Authorization': 'Bearer foo' | ||
| }, | ||
| method: {}, | ||
| query: { | ||
| scope: 'read', | ||
| state: 'foobar' | ||
| } | ||
| }); | ||
| var response = new Response({ body: {}, headers: {} }); | ||
| return handler.handle(request, response) | ||
| .then(should.fail) | ||
| .catch(function() { | ||
| response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20scope%3A%20Requested%20scope%20is%20invalid'); | ||
| }); | ||
| }); | ||
| it('should redirect to an error response if `state` is missing', function() { | ||
@@ -404,3 +492,3 @@ var model = { | ||
| it('should return the `code` if successful', function() { | ||
| it('should return the `code` if successful with extend model obj with request', function() { | ||
| var client = { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; | ||
@@ -440,2 +528,3 @@ var model = { | ||
| .then(function(data) { | ||
| model.request.should.equal(request); | ||
| data.should.eql({ | ||
@@ -442,0 +531,0 @@ authorizationCode: 12345, |
@@ -300,3 +300,3 @@ 'use strict'; | ||
| it('should return a bearer token if successful', function() { | ||
| it('should return a bearer token if successful with extend model obj with request', function() { | ||
| var token = { accessToken: 'foo', client: {}, refreshToken: 'bar', scope: 'foobar', user: {} }; | ||
@@ -327,2 +327,3 @@ var model = { | ||
| .then(function(data) { | ||
| model.request.should.equal(request); | ||
| data.should.eql(token); | ||
@@ -329,0 +330,0 @@ }) |
@@ -9,2 +9,3 @@ 'use strict'; | ||
| var Request = require('../../../lib/request'); | ||
| var Response = require('../../../lib/response'); | ||
| var sinon = require('sinon'); | ||
@@ -19,2 +20,35 @@ var should = require('should'); | ||
| describe('AuthenticateHandler', function() { | ||
| describe('handle()', function() { | ||
| it('should extend model object with request context', function() { | ||
| var model = { | ||
| getAccessToken: sinon.stub().returns({ | ||
| user: 'foo', | ||
| accessTokenExpiresAt: new Date(new Date().getTime() + 10000) | ||
| }), | ||
| verifyScope: sinon.stub().returns(true) | ||
| }; | ||
| var handler = new AuthenticateHandler({ | ||
| addAcceptedScopesHeader: true, | ||
| addAuthorizedScopesHeader: true, | ||
| model: model, | ||
| scope: 'bar' | ||
| }); | ||
| var request = new Request({ | ||
| body: {}, | ||
| headers: { 'Authorization': 'Bearer foo' }, | ||
| method: {}, | ||
| query: {} | ||
| }); | ||
| var response = new Response({}); | ||
| return handler.handle(request, response) | ||
| .then(function() { | ||
| model.request.should.equal(request); | ||
| }) | ||
| .catch(should.fail); | ||
| }); | ||
| }); | ||
| describe('getTokenFromRequest()', function() { | ||
@@ -21,0 +55,0 @@ describe('with bearer token in the request authorization header', function() { |
@@ -19,2 +19,36 @@ 'use strict'; | ||
| describe('AuthorizeHandler', function() { | ||
| describe('handle()', function() { | ||
| it('should extend model object with request context', function() { | ||
| var model = { | ||
| getClient: sinon.stub().returns({ | ||
| grants: ['authorization_code'], | ||
| redirectUris: ['/abc'] | ||
| }), | ||
| saveAuthorizationCode: sinon.stub().returns({ authorizationCode: 'code_abc' }) | ||
| }; | ||
| var handler = new AuthorizeHandler({ | ||
| authenticateHandler: { | ||
| handle: sinon.stub().returns({ name: 'xyz' }) | ||
| }, | ||
| authorizationCodeLifetime: 123, | ||
| allowEmptyState: true, | ||
| model: model | ||
| }); | ||
| var request = new Request({ | ||
| body: { client_id: '123', response_type: 'code' }, | ||
| headers: {}, | ||
| method: {}, | ||
| query: {} | ||
| }); | ||
| var response = new Response({}); | ||
| return handler.handle(request, response) | ||
| .then(function() { | ||
| model.request.should.equal(request); | ||
| }) | ||
| .catch(should.fail); | ||
| }); | ||
| }); | ||
| describe('getClient()', function() { | ||
@@ -21,0 +55,0 @@ it('should call `model.getClient()`', function() { |
@@ -8,2 +8,3 @@ 'use strict'; | ||
| var Request = require('../../../lib/request'); | ||
| var Response = require('../../../lib/response'); | ||
| var TokenHandler = require('../../../lib/handlers/token-handler'); | ||
@@ -18,2 +19,38 @@ var sinon = require('sinon'); | ||
| describe('TokenHandler', function() { | ||
| describe('handle()', function() { | ||
| it('should extend model object with request context', function() { | ||
| var model = { | ||
| getClient: sinon.stub().returns({ grants: ['client_credentials'] }), | ||
| getUserFromClient: sinon.stub().returns({}), | ||
| saveToken: sinon.stub().returns({ | ||
| accessToken: '123', | ||
| client: {}, | ||
| user: {}, | ||
| accessTokenExpiresAt: new Date(new Date().getTime() + 10000), | ||
| refreshTokenExpiresAt: new Date(new Date().getTime() + 10000) | ||
| }), | ||
| }; | ||
| var handler = new TokenHandler({ | ||
| accessTokenLifetime: 123, | ||
| refreshTokenLifetime: 123, | ||
| model: model, | ||
| }); | ||
| var request = new Request({ | ||
| method: 'POST', | ||
| body: { 'grant_type': 'client_credentials', 'client_id': 'abc', 'client_secret': 'xyz' }, | ||
| headers: { 'content-type': 'application/x-www-form-urlencoded', 'transfer-encoding': 'chunked' }, | ||
| query: {} | ||
| }); | ||
| var response = new Response({}); | ||
| return handler.handle(request, response) | ||
| .then(function() { | ||
| model.request.should.equal(request); | ||
| }) | ||
| .catch(should.fail); | ||
| }); | ||
| }); | ||
| describe('getClient()', function() { | ||
@@ -20,0 +57,0 @@ it('should call `model.getClient()`', function() { |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by4.03%
497492
- Number of package files
- increased by2.97%
104
- Lines of code
- increased by6.88%
8526
Dependency changes
+ Addedlodash@4.17.21(transitive)
- Removedlodash@4.17.4(transitive)
Updatedlodash@^4.17.10