Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
node-oauth2-server
Advanced tools
node-oauth2-server - npm Package Compare versions
Comparing version 2.0.2 to 2.1.0
| ## Changelog | ||
| This is currently a backup, see: https://github.com/nightworld/node-oauth2-server/releases | ||
| ### 2.1.0 | ||
| - Add support for client_credentials grant type (@lucknerjb) | ||
| - Support Authorization grant via GET request (@mjsalinger) | ||
| ### 3.0 (in progress) | ||
| - Huge refactor | ||
| - Switch from internal router to exposing explit middleware to be added to individual routes | ||
| - Switch all model save* functions to take two params, data and callback | ||
| ### 2.0.2 | ||
| - Fix continueAfterResponse option | ||
| ### 2.0.1 | ||
| - Add "WWW-Authenticate" header for invalid_client | ||
| ### 2.0 | ||
| - Huge intrenal refactor | ||
| - Switch from internal router ("allow" property) to exposing explit authorisation middleware to be added to individual routes | ||
| - Expose grant middleware to be attached to a route of your choosing | ||
| - Switch all model variables to camelCasing | ||
| - Add support for `authorization_code` grant type (i.e. traditional "allow", "deny" with redirects etc.) | ||
| - Some, previously wrong, error codes fixed | ||
| ### 1.5.3 | ||
| - Fix tests for daylight saving | ||
| ### 1.5.2 | ||
| - Fix expiration token checking (previously expires was wrongly checked against boot time) | ||
| ### 1.5.1 | ||
| - Add repository field to package | ||
| ### 1.5.0 | ||
@@ -11,0 +31,0 @@ - Add support for non-expiring tokens (set accessTokenLifetime/refreshTokenLifetime = null) |
@@ -5,4 +5,3 @@ # PostgreSQL Example | ||
| The object exposed in model.js could be directly passed into the model parameter of the config | ||
| object when initiating. | ||
| The object exposed in model.js could be directly passed into the model parameter of the config object when initiating. | ||
@@ -27,1 +26,9 @@ For example: | ||
| ``` | ||
| ## Note | ||
| Postgres connection info is read from the `DATABASE_URL` environment variable which you can set when you run, for example: | ||
| ``` | ||
| $ DATABASE_URL=postgres://postgres:1234@localhost/postgres node index.js | ||
| ``` |
@@ -73,6 +73,8 @@ /** | ||
| function checkParams (done) { | ||
| if (!this.req.body) return done(error('invalid_request')); | ||
| var body = this.req.body; | ||
| var query = this.req.query; | ||
| if (!body && !query) return done(error('invalid_request')); | ||
| // Response type | ||
| this.responseType = this.req.body.response_type; | ||
| this.responseType = body.response_type || query.response_type; | ||
| if (this.responseType !== 'code') { | ||
@@ -84,3 +86,3 @@ return done(error('invalid_request', | ||
| // Client | ||
| this.clientId = this.req.body.client_id; | ||
| this.clientId = body.client_id || query.client_id; | ||
| if (!this.clientId) { | ||
@@ -92,3 +94,3 @@ return done(error('invalid_request', | ||
| // Redirect URI | ||
| this.redirectUri = this.req.body.redirect_uri; | ||
| this.redirectUri = body.redirect_uri || query.redirect_uri; | ||
| if (!this.redirectUri) { | ||
@@ -95,0 +97,0 @@ return done(error('invalid_request', |
@@ -164,2 +164,4 @@ /** | ||
| return useRefreshTokenGrant.call(this, done); | ||
| case 'client_credentials': | ||
| return useClientCredentialsGrant.call(this, done); | ||
| default: | ||
@@ -271,2 +273,30 @@ done(error('invalid_request', | ||
| /** | ||
| * Grant for client_credentials grant type | ||
| * | ||
| * @param {Function} done | ||
| */ | ||
| function useClientCredentialsGrant (done) { | ||
| // Client credentials | ||
| var clientId = this.client.clientId, | ||
| clientSecret = this.client.clientSecret; | ||
| if (!clientId || !clientSecret) { | ||
| return done(error('invalid_client', | ||
| 'Missing parameters. "client_id" and "client_secret" are required')); | ||
| } | ||
| var self = this; | ||
| return this.model.getUserFromClient(clientId, clientSecret, | ||
| function (err, user) { | ||
| if (err) return done(error('server_error', false, err)); | ||
| if (!user) { | ||
| return done(error('invalid_grant', 'Client credentials are invalid')); | ||
| } | ||
| self.user = user; | ||
| done(); | ||
| }); | ||
| } | ||
| /** | ||
| * Grant for extended (http://*) grant type | ||
@@ -425,4 +455,4 @@ * | ||
| if (this.config.continueAfterResponse) | ||
| if (this.continueAfterResponse) | ||
| done(); | ||
| } |
| { | ||
| "name": "node-oauth2-server", | ||
| "description": "Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js", | ||
| "version": "2.0.2", | ||
| "version": "2.1.0", | ||
| "keywords": [ | ||
@@ -6,0 +6,0 @@ "oauth", |
@@ -47,3 +47,3 @@ # Node OAuth2 Server [](https://travis-ci.org/thomseddon/node-oauth2-server) | ||
| - Supports authorization_code, password, refresh_token and extension (custom) grant types | ||
| - Supports authorization_code, password, refresh_token, client_credentials and extension (custom) grant types | ||
| - Implicitly supports any form of storage e.g. PostgreSQL, MySQL, Mongo, Redis... | ||
@@ -50,0 +50,0 @@ - Full test suite |
@@ -37,2 +37,6 @@ /** | ||
| app.get('/authorise', app.oauth.authCodeGrant(function (req, next) { | ||
| next.apply(null, params || []); | ||
| })); | ||
| app.use(app.oauth.errorHandler()); | ||
@@ -169,3 +173,3 @@ | ||
| it('should accept valid request and return code', function (done) { | ||
| it('should accept valid request and return code using POST', function (done) { | ||
| var code; | ||
@@ -200,2 +204,32 @@ | ||
| it('should accept valid request and return code using GET', function (done) { | ||
| var code; | ||
| var app = bootstrap({ | ||
| getClient: function (clientId, clientSecret, callback) { | ||
| callback(false, { | ||
| clientId: 'thom', | ||
| redirectUri: 'http://nightworld.com' | ||
| }); | ||
| }, | ||
| saveAuthCode: function (authCode, clientId, expires, user, callback) { | ||
| should.exist(authCode); | ||
| code = authCode; | ||
| callback(); | ||
| } | ||
| }, [false, true]); | ||
| request(app) | ||
| .get('/authorise') | ||
| .query({ | ||
| response_type: 'code', | ||
| client_id: 'thom', | ||
| redirect_uri: 'http://nightworld.com' | ||
| }) | ||
| .expect(302, function (err, res) { | ||
| res.header.location.should.equal('http://nightworld.com?code=' + code); | ||
| done(); | ||
| }); | ||
| }); | ||
| it('should continue after success response if continueAfterResponse = true', function (done) { | ||
@@ -202,0 +236,0 @@ var code; |
@@ -95,3 +95,2 @@ /** | ||
| .send({ grant_type: 'password' }) | ||
| .expect('WWW-Authenticate', 'Basic realm="Service"') | ||
| .expect(400, /invalid or missing client_id parameter/i, done); | ||
@@ -111,3 +110,2 @@ }); | ||
| .send({ grant_type: 'password', client_id: 'thom' }) | ||
| .expect('WWW-Authenticate', 'Basic realm="Service"') | ||
| .expect(400, /invalid or missing client_id parameter/i, done); | ||
@@ -123,3 +121,2 @@ }); | ||
| .send({ grant_type: 'password', client_id: 'thom' }) | ||
| .expect('WWW-Authenticate', 'Basic realm="Service"') | ||
| .expect(400, /missing client_secret parameter/i, done); | ||
@@ -163,3 +160,2 @@ }); | ||
| .set('Authorization', 'Basic dGhvbTpuaWdodHdvcmxk') | ||
| .expect('WWW-Authenticate', 'Basic realm="Service"') | ||
| .expect(400, done); | ||
@@ -204,3 +200,2 @@ }); | ||
| .send({ grant_type: 'password', client_id: 'thom', client_secret: 'nightworld' }) | ||
| .expect('WWW-Authenticate', 'Basic realm="Service"') | ||
| .expect(400, /client credentials are invalid/i, done); | ||
@@ -228,3 +223,2 @@ }); | ||
| .send({ grant_type: 'password', client_id: 'thom', client_secret: 'nightworld' }) | ||
| .expect('WWW-Authenticate', 'Basic realm="Service"') | ||
| .expect(400, /grant type is unauthorised for this client_id/i, done); | ||
@@ -494,42 +488,4 @@ }); | ||
| }); | ||
| it('should continue after response if continueAfterResponse = true', function (done) { | ||
| var app = bootstrap({ | ||
| model: { | ||
| getClient: function (id, secret, callback) { | ||
| callback(false, { clientId: 'thom' }); | ||
| }, | ||
| grantTypeAllowed: function (clientId, grantType, callback) { | ||
| callback(false, true); | ||
| }, | ||
| getUser: function (uname, pword, callback) { | ||
| callback(false, { id: 1 }); | ||
| }, | ||
| saveAccessToken: function (token, clientId, expires, user, cb) { | ||
| cb(); | ||
| } | ||
| }, | ||
| grants: ['password'], | ||
| continueAfterResponse: true | ||
| }); | ||
| var hit = false; | ||
| app.all('*', function (req, res, next) { | ||
| hit = true; | ||
| }); | ||
| request(app) | ||
| .post('/oauth/token') | ||
| .set('Content-Type', 'application/x-www-form-urlencoded') | ||
| .send(validBody) | ||
| .expect(200) | ||
| .end(function (err, res) { | ||
| if (err) return done(err); | ||
| hit.should.equal(true); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
| }); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.35%
142114
- Number of package files
- increased by2.78%
37
- Lines of code
- increased by2.34%
3362
No dependency changes