node-oauth2-server - npm Package Compare versions

test/error.js

14

Changelog.md

		## Changelog

		### 2.2.0

		- Support custom loggers via `debug` param
		- Make OAuth2Error inherit from Error for fun and profit
		- Don't go crazy when body is `null`
		- Update tests and examples to express 4
		- Fix lockdown pattern for express 4
		- Update dev dependencies (mocha, should and supertest)

		### 2.1.1

		- Allow client to return an array of multiple valid redirect URI's
		- Fix continueAfterResponse when granting

		### 2.1.0
		@@ -4,0 +18,0 @@ - Add support for client_credentials grant type (@lucknerjb)

14

examples/dynamodb/index.js

		var express = require('express'),
		bodyParser = require('body-parser'),
		oauthserver = require('../../'); // Would be: 'node-oauth2-server'
		@@ -6,9 +7,8 @@

		app.configure(function() {
		app.oauth = oauthserver({
		model: require('./model'),
		grants: ['password', 'refresh_token'],
		debug: true
		});
		app.use(express.bodyParser());
		app.use(bodyParser());

		app.oauth = oauthserver({
		model: require('./model'),
		grants: ['password', 'refresh_token'],
		debug: true
		});
		@@ -15,0 +15,0 @@

213

examples/dynamodb/Readme.md

		# DynamoDB Example

		requires
		http://aws.amazon.com/sdkfornodejs/
		requires [`aws-sdk`](http://aws.amazon.com/sdkfornodejs/)

		- - -

		You will need to create the required tables (see below):

		The object exposed in model.js could be directly passed into the model parameter of the config
		object when initiating.
		The object exposed in model.js could be directly passed into the model parameter of the config object when initiating.

		@@ -18,10 +14,6 @@ For example:


		app.configure(function() {
		app.oauth = oauthserver({
		model: require('./model'),
		grants: ['password', 'refresh_token'],
		debug: true
		});
		app.use(express.bodyParser());
		app.oauth = oauthserver({
		model: require('./model'),
		grants: ['password', 'refresh_token'],
		debug: true
		});
		@@ -33,3 +25,3 @@

		####Creating required tables in DynamoDB
		#### Creating required tables in DynamoDB

		@@ -40,115 +32,110 @@ ```js
		//
		var OAuth2AccessToken =
		{
		AttributeDefinitions: [
		{
		AttributeName: "accessToken",
		AttributeType: "S"
		}
		],
		TableName: "oauth2accesstoken",
		KeySchema: [
		{
		AttributeName: "accessToken",
		KeyType: "HASH"
		}
		],
		ProvisionedThroughput: {
		ReadCapacityUnits: 12,
		WriteCapacityUnits: 6
		var OAuth2AccessToken = {
		AttributeDefinitions: [
		{
		AttributeName: "accessToken",
		AttributeType: "S"
		}
		],
		TableName: "oauth2accesstoken",
		KeySchema: [
		{
		AttributeName: "accessToken",
		KeyType: "HASH"
		}
		],
		ProvisionedThroughput: {
		ReadCapacityUnits: 12,
		WriteCapacityUnits: 6
		}
		};

		var OAuth2RefreshToken =
		{
		AttributeDefinitions: [
		{
		AttributeName: "refreshToken",
		AttributeType: "S"
		}
		],
		TableName: "oauth2refreshtoken",
		KeySchema: [
		{
		AttributeName: "refreshToken",
		KeyType: "HASH"
		}
		],
		ProvisionedThroughput: {
		ReadCapacityUnits: 6,
		WriteCapacityUnits: 6
		var OAuth2RefreshToken = {
		AttributeDefinitions: [
		{
		AttributeName: "refreshToken",
		AttributeType: "S"
		}
		],
		TableName: "oauth2refreshtoken",
		KeySchema: [
		{
		AttributeName: "refreshToken",
		KeyType: "HASH"
		}
		],
		ProvisionedThroughput: {
		ReadCapacityUnits: 6,
		WriteCapacityUnits: 6
		}
		};

		var OAuth2AuthCode =
		{
		AttributeDefinitions: [
		{
		AttributeName: "authCode",
		AttributeType: "S"
		}
		],
		TableName: "oauth2authcode",
		KeySchema: [
		{
		AttributeName: "authCode",
		KeyType: "HASH"
		}
		],
		ProvisionedThroughput: {
		ReadCapacityUnits: 6,
		WriteCapacityUnits: 6
		var OAuth2AuthCode = {
		AttributeDefinitions: [
		{
		AttributeName: "authCode",
		AttributeType: "S"
		}
		],
		TableName: "oauth2authcode",
		KeySchema: [
		{
		AttributeName: "authCode",
		KeyType: "HASH"
		}
		],
		ProvisionedThroughput: {
		ReadCapacityUnits: 6,
		WriteCapacityUnits: 6
		}
		};

		var OAuth2Client =
		{
		AttributeDefinitions: [
		{
		AttributeName: "clientId",
		AttributeType: "S"
		}
		],
		TableName: "oauth2client",
		KeySchema: [
		{
		AttributeName: "clientId",
		KeyType: "HASH"
		}
		],
		ProvisionedThroughput: {
		ReadCapacityUnits: 6,
		WriteCapacityUnits: 6
		var OAuth2Client = {
		AttributeDefinitions: [
		{
		AttributeName: "clientId",
		AttributeType: "S"
		}
		],
		TableName: "oauth2client",
		KeySchema: [
		{
		AttributeName: "clientId",
		KeyType: "HASH"
		}
		],
		ProvisionedThroughput: {
		ReadCapacityUnits: 6,
		WriteCapacityUnits: 6
		}
		};


		var OAuth2User =
		{
		AttributeDefinitions: [
		{
		AttributeName: "username",
		AttributeType: "S"
		},
		{
		AttributeName: "password",
		AttributeType: "S"
		}
		],
		TableName: "oauth2user",
		KeySchema: [
		{
		AttributeName: "username",
		KeyType: "HASH"
		},
		{
		AttributeName: "password",
		KeyType: "RANGE"
		}
		],
		ProvisionedThroughput: {
		ReadCapacityUnits: 6,
		WriteCapacityUnits: 6
		var OAuth2User = {
		AttributeDefinitions: [
		{
		AttributeName: "username",
		AttributeType: "S"
		},
		{
		AttributeName: "password",
		AttributeType: "S"
		}
		],
		TableName: "oauth2user",
		KeySchema: [
		{
		AttributeName: "username",
		KeyType: "HASH"
		},
		{
		AttributeName: "password",
		KeyType: "RANGE"
		}
		],
		ProvisionedThroughput: {
		ReadCapacityUnits: 6,
		WriteCapacityUnits: 6
		}
		};
		```

37

examples/memory/Readme.md

		@@ -5,4 +5,3 @@ # In-Memory Example

		The object exposed in model.js could be directly passed into the model paramater of the config
		object when initiating.
		The object exposed in model.js could be directly passed into the model parameter of the config object when initiating.

		@@ -12,33 +11,21 @@ For example:
		```js
		...

		var express = require('express'),
		oauthserver = require('node-oauth2-server'),
		memorystore = require("./model");
		var memorystore = require('model.js');

		var app = express();

		app.configure(function() {
		var oauth = oauthserver({
		model: memorystore,
		grants: ['password','refresh_token'],
		debug: true
		});
		app.use(express.bodyParser()); // REQUIRED
		app.use(oauth.handler());
		app.use(oauth.errorHandler());
		app.oauth = oauthserver({
		model: memorystore,
		grants: ['password','refresh_token'],
		debug: true
		});

		app.get('/', function (req, res) {
		// outputs datastores to the console
		memorystore.dump();
		```

		// respond
		res.end('Secret area');
		});
		# Dump

		app.listen(3000);
		You can also dump the contents of the memory store (for debugging) like so:

		```js

		...
		memorystore.dump();

		```

22

examples/mongodb/Readme.md

		@@ -8,3 +8,2 @@ # MongoDB Example
		```js
		...

		@@ -18,3 +17,3 @@ var mongoose = require('mongoose');
		mongoose.connect(uristring, function (err, res) {
		if (err) {
		if (err) {
		console.log ('ERROR connecting to: ' + uristring + '. ' + err);
		@@ -26,7 +25,5 @@ } else {

		...
		```

		The object exposed in model.js could be directly passed into the model paramater of the config
		object when initiating.
		The object exposed in model.js could be directly passed into the model parameter of the config object when initiating.

		@@ -36,16 +33,9 @@ For example:
		```js
		...

		app.configure(function() {
		var oauth = oauthserver({
		model: require('./model'),
		grants: ['password'],
		debug: true
		});
		app.use(express.bodyParser());
		app.use(oauth.handler());
		app.use(oauth.errorHandler());
		app.oauth = oauthserver({
		model: require('./model'),
		grants: ['password'],
		debug: true
		});

		...
		```

14

examples/postgresql/index.js

		var express = require('express'),
		bodyParser = require('body-parser'),
		oauthserver = require('../../'); // Would be: 'node-oauth2-server'
		@@ -6,9 +7,8 @@

		app.configure(function() {
		app.oauth = oauthserver({
		model: require('./model'),
		grants: ['auth_code', 'password'],
		debug: true
		});
		app.use(express.bodyParser());
		app.use(bodyParser());

		app.oauth = oauthserver({
		model: require('./model'),
		grants: ['auth_code', 'password'],
		debug: true
		});
		@@ -15,0 +15,0 @@

17

examples/postgresql/Readme.md

		@@ -10,16 +10,9 @@ # PostgreSQL Example
		```js
		...

		app.configure(function() {
		var oauth = oauthserver({
		model: require('./model'),
		grants: ['password'],
		debug: true
		});
		app.use(express.bodyParser());
		app.use(oauth.handler());
		app.use(oauth.errorHandler());
		var oauth = oauthserver({
		model: require('./model'),
		grants: ['password'],
		debug: true
		});

		...
		```
		@@ -29,3 +22,3 @@

		Postgres connection info is read from the `DATABASE_URL` environment variable which you can set when you run, for example:
		In this example, the postgres connection info is read from the `DATABASE_URL` environment variable which you can set when you run, for example:

		@@ -32,0 +25,0 @@ ```

2

lib/authorise.js

		@@ -59,3 +59,3 @@ /**
		getToken = this.req.query.access_token,
		postToken = this.req.body && this.req.body.access_token;
		postToken = this.req.body ? this.req.body.access_token : undefined;

		@@ -62,0 +62,0 @@ // Check exactly one method was used

17

lib/error.js

		@@ -17,2 +17,4 @@ /**

		var util = require('util');

		module.exports = OAuth2Error;
		@@ -28,6 +30,16 @@
		function OAuth2Error (error, description, err) {

		if (!(this instanceof OAuth2Error))
		return new OAuth2Error(error, description, err);

		Error.call(this);

		this.name = this.constructor.name;
		if (err instanceof Error) {
		this.message = err.message;
		this.stack = err.stack;
		} else {
		this.message = description;
		Error.captureStackTrace(this, this.constructor);
		}

		switch (error) {
		@@ -55,3 +67,4 @@ case 'invalid_client':
		this.error_description = description \|\| error;
		this.stack = (err && err.stack) \|\| err;
		}

		util.inherits(OAuth2Error, Error);

62

lib/oauth2server.js

		@@ -39,3 +39,6 @@ /**
		this.grants = config.grants \|\| [];
		this.debug = config.debug \|\| false;
		this.debug = config.debug \|\| function () {};
		if (typeof this.debug !== 'function') {
		this.debug = console.log;
		}
		this.passthroughErrors = config.passthroughErrors;
		@@ -119,3 +122,6 @@ this.continueAfterResponse = config.continueAfterResponse;

		if (self.debug) console.log(err.stack \|\| err);
		delete err.name;
		delete err.message;

		self.debug(err.stack \|\| err);
		delete err.stack;
		@@ -161,7 +167,7 @@

		var lockdown = function (route) {
		var lockdownExpress3 = function (stack) {
		// Check if it's a grant route
		var pos = route.callbacks.indexOf(self.grant);
		var pos = stack.indexOf(self.grant);
		if (pos !== -1) {
		route.callbacks[pos] = self.grant();
		stack[pos] = self.grant();
		return;
		@@ -171,12 +177,48 @@ }
		// Check it's not been explitly bypassed
		pos = route.callbacks.indexOf(self.bypass);
		pos = stack.indexOf(self.bypass);
		if (pos === -1) {
		route.callbacks.unshift(self.authorise());
		stack.unshift(self.authorise());
		} else {
		route.callbacks.splice(pos, 1);
		stack.splice(pos, 1);
		}
		};

		for (var method in app.routes) {
		app.routes[method].forEach(lockdown);
		var lockdownExpress4 = function (layer) {
		if (!layer.route)
		return;

		var stack = layer.route.stack;
		var handlers = stack.map(function (item) {
		return item.handle;
		});

		// Check if it's a grant route
		var pos = handlers.indexOf(self.grant);
		if (pos !== -1) {
		stack[pos].handle = self.grant();
		return;
		}

		// Check it's not been explitly bypassed
		pos = handlers.indexOf(self.bypass);
		if (pos === -1) {
		// Add authorise another route (could do it properly with express.route?)
		var copy = {};
		var first = stack[0];
		for (var key in first) {
		copy[key] = first[key];
		}
		copy.handle = self.authorise();
		stack.unshift(copy);
		} else {
		stack.splice(pos, 1);
		}
		};

		if (app.routes) {
		for (var method in app.routes) {
		app.routes[method].callbacks.forEach(lockdownExpress3);
		}
		} else {
		app._router.stack.forEach(lockdownExpress4);
		}
		@@ -183,0 +225,0 @@ };

11

package.json

		{
		"name": "node-oauth2-server",
		"description": "Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js",
		"version": "2.1.1",
		"version": "2.2.0",
		"keywords": [
		@@ -24,6 +24,7 @@ "oauth",
		"devDependencies": {
		"express": "3.1.x",
		"mocha": "1.8.x",
		"should": "1.2.x",
		"supertest": "0.5.x"
		"body-parser": "^1.3.1",
		"express": "^4.4.3",
		"mocha": "^1.20.1",
		"should": "^4.0.4",
		"supertest": "^0.13.0"
		},
		@@ -30,0 +31,0 @@ "licenses": [

23

Readme.md

		@@ -17,13 +17,13 @@ # Node OAuth2 Server [![Build Status](https://travis-ci.org/thomseddon/node-oauth2-server.png?branch=2.0)](https://travis-ci.org/thomseddon/node-oauth2-server)
		var express = require('express'),
		oauthserver = require('node-oauth2-server');
		bodyParser = require('body-parser'),
		oauthserver = require('node-oauth2-server');

		var app = express();

		app.configure(function() {
		app.oauth = oauthserver({
		model: {}, // See below for specification
		grants: ['password'],
		debug: true
		});
		app.use(express.bodyParser()); // REQUIRED
		app.use(bodyParser()); // REQUIRED

		app.oauth = oauthserver({
		model: {}, // See below for specification
		grants: ['password'],
		debug: true
		});
		@@ -59,5 +59,4 @@
		- Default: `[]`
		- boolean debug
		- If true, errors are logged to console
		- Default: `false`
		- function\|boolean debug
		- If `true` errors will be logged to console. You may also pass a custom function, in which case that function will be called with the error as it's first argument
		- Default: `false`
		@@ -296,3 +295,3 @@ - number accessTokenLifetime

		See: https://github.com/thomseddon/node-oauth2-server/releases
		See: https://github.com/thomseddon/node-oauth2-server/blob/master/Changelog.md

		@@ -299,0 +298,0 @@ ## Credits

3

test/authCodeGrant.js

		@@ -18,2 +18,3 @@ /**
		var express = require('express'),
		bodyParser = require('body-parser'),
		request = require('supertest'),
		@@ -32,3 +33,3 @@ should = require('should');

		app.use(express.bodyParser());
		app.use(bodyParser());

		@@ -35,0 +36,0 @@ app.post('/authorise', app.oauth.authCodeGrant(function (req, next) {

30

test/authorise.js

		@@ -18,2 +18,3 @@ /**
		var express = require('express'),
		bodyParser = require('body-parser'),
		request = require('supertest'),
		@@ -41,3 +42,3 @@ should = require('should');

		app.use(express.bodyParser());
		app.use(bodyParser());
		app.all('/', app.oauth.authorise());
		@@ -70,3 +71,3 @@
		.get('/?access_token=thom')
		.expect(/nightworld/, 200, done);
		.expect(200, /nightworld/, done);
		});
		@@ -102,3 +103,3 @@
		.send({ access_token: 'thom' })
		.expect(/nightworld/, 200, done);
		.expect(200, /nightworld/, done);
		});
		@@ -121,3 +122,3 @@
		.set('Authorization', 'Bearer thom')
		.expect(/nightworld/, 200, done);
		.expect(200, /nightworld/, done);
		});
		@@ -139,6 +140,19 @@
		.post('/?access_token=thom')
		.set('Authorization', 'Invalid')
		.send({
		access_token: 'thom'
		})
		.expect(400, /only one method may be used/i, done);
		});

		it('should allow exactly one method (post: query + empty body)', function (done) {
		var app = bootstrap('mockValid');

		request(app)
		.post('/?access_token=thom')
		.send({
		access_token: ''
		})
		.expect(400, /only one method may be used/i, done);
		});

		it('should detect expired token', function (done){
		@@ -177,3 +191,3 @@ var app = bootstrap({
		.get('/?access_token=thom')
		.expect(/nightworld/, 200, done);
		.expect(200, /nightworld/, done);
		});
		@@ -203,3 +217,3 @@
		.get('/?access_token=thom')
		.expect(/nightworld/, 200, done);
		.expect(200, /nightworld/, done);
		});
		@@ -231,5 +245,5 @@
		.get('/?access_token=thom')
		.expect(/nightworld/, 200, done);
		.expect(200, /nightworld/, done);
		});

		});

9

test/errorHandler.js

		@@ -18,2 +18,3 @@ /**
		var express = require('express'),
		bodyParser = require('body-parser'),
		request = require('supertest'),
		@@ -28,3 +29,3 @@ should = require('should');

		app.use(express.bodyParser());
		app.use(bodyParser());

		@@ -58,8 +59,8 @@ app.all('/oauth/token', oauth.grant());

		res.body.code.should.be.a('number');
		res.body.code.should.be.instanceOf(Number);
		res.body.code.should.equal(res.statusCode);

		res.body.error.should.be.a('string');
		res.body.error.should.be.instanceOf(String);

		res.body.error_description.should.be.a('string');
		res.body.error_description.should.be.instanceOf(String);

		@@ -66,0 +67,0 @@ done();

3

test/grant.authorization_code.js

		@@ -18,2 +18,3 @@ /**
		var express = require('express'),
		bodyParser = require('body-parser'),
		request = require('supertest'),
		@@ -32,3 +33,3 @@ should = require('should');
		app.set('json spaces', 0);
		app.use(express.bodyParser());
		app.use(bodyParser());

		@@ -35,0 +36,0 @@ app.all('/oauth/token', oauth.grant());

3

test/grant.client_credentials.js

		@@ -18,2 +18,3 @@ /**
		var express = require('express'),
		bodyParser = require('body-parser'),
		request = require('supertest'),
		@@ -32,3 +33,3 @@ should = require('should');
		app.set('json spaces', 0);
		app.use(express.bodyParser());
		app.use(bodyParser());

		@@ -35,0 +36,0 @@ app.all('/oauth/token', oauth.grant());

3

test/grant.extended.js

		@@ -18,2 +18,3 @@ /**
		var express = require('express'),
		bodyParser = require('body-parser'),
		request = require('supertest'),
		@@ -32,3 +33,3 @@ should = require('should');
		app.set('json spaces', 0);
		app.use(express.bodyParser());
		app.use(bodyParser());

		@@ -35,0 +36,0 @@ app.all('/oauth/token', oauth.grant());

21

test/grant.js

		@@ -18,2 +18,3 @@ /**
		var express = require('express'),
		bodyParser = require('body-parser'),
		request = require('supertest'),
		@@ -32,3 +33,3 @@ should = require('should');
		app.set('json spaces', 0);
		app.use(express.bodyParser());
		app.use(bodyParser());

		@@ -252,3 +253,3 @@ app.all('/oauth/token', oauth.grant());
		.send(validBody)
		.expect(/thommy/, 200, done);
		.expect(200, /thommy/, done);

		@@ -283,3 +284,3 @@ });
		.send(validBody)
		.expect(/"access_token":"thommy"/, 200, done);
		.expect(200, /"access_token":"thommy"/, done);

		@@ -303,3 +304,3 @@ });
		saveAccessToken: function (token, clientId, expires, user, cb) {
		token.should.be.a('string');
		token.should.be.instanceOf(String);
		token.should.have.length(40);
		@@ -339,3 +340,3 @@ clientId.should.equal('thom');
		saveRefreshToken: function (token, clientId, expires, user, cb) {
		token.should.be.a('string');
		token.should.be.instanceOf(String);
		token.should.have.length(40);
		@@ -389,3 +390,3 @@ clientId.should.equal('thom');
		res.body.should.have.keys(['access_token', 'token_type', 'expires_in']);
		res.body.access_token.should.be.a('string');
		res.body.access_token.should.be.instanceOf(String);
		res.body.access_token.should.have.length(40);
		@@ -432,5 +433,5 @@ res.body.token_type.should.equal('bearer');
		'refresh_token']);
		res.body.access_token.should.be.a('string');
		res.body.access_token.should.be.instanceOf(String);
		res.body.access_token.should.have.length(40);
		res.body.refresh_token.should.be.a('string');
		res.body.refresh_token.should.be.instanceOf(String);
		res.body.refresh_token.should.have.length(40);
		@@ -480,5 +481,5 @@ res.body.token_type.should.equal('bearer');
		res.body.should.have.keys(['access_token', 'refresh_token', 'token_type']);
		res.body.access_token.should.be.a('string');
		res.body.access_token.should.be.instanceOf(String);
		res.body.access_token.should.have.length(40);
		res.body.refresh_token.should.be.a('string');
		res.body.refresh_token.should.be.instanceOf(String);
		res.body.refresh_token.should.have.length(40);
		@@ -485,0 +486,0 @@ res.body.token_type.should.equal('bearer');

3

test/grant.password.js

		@@ -18,2 +18,3 @@ /**
		var express = require('express'),
		bodyParser = require('body-parser'),
		request = require('supertest'),
		@@ -32,3 +33,3 @@ should = require('should');
		app.set('json spaces', 0);
		app.use(express.bodyParser());
		app.use(bodyParser());

		@@ -35,0 +36,0 @@ app.all('/oauth/token', oauth.grant());

3

test/grant.refresh_token.js

		@@ -18,2 +18,3 @@ /**
		var express = require('express'),
		bodyParser = require('body-parser'),
		request = require('supertest'),
		@@ -32,3 +33,3 @@ should = require('should');
		app.set('json spaces', 0);
		app.use(express.bodyParser());
		app.use(bodyParser());

		@@ -35,0 +36,0 @@ app.all('/oauth/token', oauth.grant());

3

test/lockdown.js

		@@ -18,2 +18,3 @@ /**
		var express = require('express'),
		bodyParser = require('body-parser'),
		request = require('supertest'),
		@@ -30,3 +31,3 @@ should = require('should');

		app.use(express.bodyParser());
		app.use(bodyParser());

		@@ -33,0 +34,0 @@ app.all('/oauth/token', app.oauth.grant);

node-oauth2-server - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics