oauth - npm Package Compare versions

oauth

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 0.9.9 to 0.9.10

lib/oauth2.js

		@@ -17,2 +17,3 @@ var querystring= require('querystring'),
		this._customHeaders = customHeaders \|\| {};
		this._useAuthorizationHeaderForGET= false;
		}
		@@ -35,2 +36,9 @@


		// If you use the OAuth2 exposed 'get' method (and don't construct your own _request call )
		// this will specify whether to use an 'Authorize' header instead of passing the access_token as a query parameter
		exports.OAuth2.prototype.useAuthorizationHeaderforGET = function(useIt) {
		this._useAuthorizationHeaderForGET= useIt;
		}

		exports.OAuth2.prototype._getAccessTokenUrl= function() {
		@@ -42,3 +50,3 @@ return this._baseSite + this._accessTokenUrl; /* + "?" + querystring.stringify(params); */
		// e.g. Authorization: Bearer <token> # Build "Bearer <token>"
		exports.OAuth2.prototype._buildAuthHeader= function(token) {
		exports.OAuth2.prototype.buildAuthHeader= function(token) {
		return this._authMethod + ' ' + token;
		@@ -61,3 +69,6 @@ };

		var realHeaders= this._customHeaders;
		var realHeaders= {};
		for( var key in this._customHeaders ) {
		realHeaders[key]= this._customHeaders[key];
		}
		if( headers ) {
		@@ -71,3 +82,3 @@ for(var key in headers) {
		realHeaders['Content-Length']= post_body ? Buffer.byteLength(post_body) : 0;
		if( access_token ) {
		if( access_token && !('Authorization' in realHeaders)) {
		if( ! parsedUrl.query ) parsedUrl.query= {};
		@@ -77,3 +88,2 @@ parsedUrl.query[this._accessTokenName]= access_token;

		var result= "";
		var queryStr= querystring.stringify(parsedUrl.query);
		@@ -89,2 +99,6 @@ if( queryStr ) queryStr= "?" + queryStr;

		this._executeRequest( http_library, options, post_body, callback );
		}

		exports.OAuth2.prototype._executeRequest= function( http_library, options, post_body, callback ) {
		// Some hosts cough google appear to close the connection early / send no content-length header
		@@ -105,2 +119,4 @@ // allow this behaviour.

		var result= "";

		var request = http_library.request(options, function (response) {
		@@ -124,9 +140,8 @@ response.on("data", function (chunk) {

		if( method == 'POST' && post_body ) {
		if( options.method == 'POST' && post_body ) {
		request.write(post_body);
		}
		request.end();
		request.end();
		}


		exports.OAuth2.prototype.getAuthorizeUrl= function( params ) {
		@@ -183,6 +198,10 @@ var params= params \|\| {};
		exports.OAuth2.prototype.get= function(url, access_token, callback) {
		var headers= {
		'Authorization': this._buildAuthHeader(access_token)
		};
		if( this._useAuthorizationHeaderForGET ) {
		var headers= {'Authorization': this.buildAuthHeader(access_token) }
		access_token= null;
		}
		else {
		headers= {};
		}
		this._request("GET", url, headers, "", access_token, callback );
		}

package.json

		{ "name" : "oauth"
		, "description" : "Library for interacting with OAuth 1.0, 1.0A, 2 and Echo. Provides simplified client access and allows for construction of more complex apis and OAuth providers."
		, "version" : "0.9.9"
		, "version" : "0.9.10"
		, "directories" : { "lib" : "./lib" }
		@@ -5,0 +5,0 @@ , "main" : "index.js"

Readme.md

		@@ -19,2 +19,4 @@ node-oauth

		* 0.9.10
		- OAuth2: Addresses 2 issues that came in with 0.9.9, #129 & #125 (thank you José F. Romaniello)
		* 0.9.9
		@@ -98,1 +100,2 @@ - OAuth1: Fix the mismatch between the output of querystring.stringify() and this._encodeData(). (thank you rolandboon)
		* Brian Park - http://github.com/yaru22
		* José F. Romaniello - http://github.com/jfromaniello

tests/oauth2.js

		var vows = require('vows'),
		assert = require('assert'),
		https = require('https'),
		OAuth2= require('../lib/oauth2').OAuth2;
		OAuth2= require('../lib/oauth2').OAuth2,
		url = require('url');

		@@ -19,2 +20,23 @@ vows.describe('OAuth2').addBatch({
		},
		'we should not include access token in both querystring and headers (favours headers if specified)': function (oa) {
		oa._request = new OAuth2("clientId", "clientSecret")._request.bind(oa);
		oa._executeRequest= function( http_library, options, post_body, callback) {
		callback(null, url.parse(options.path, true).query, options.headers);
		};

		oa._request("GET", "http://foo/", {"Authorization":"Bearer BadNews"}, null, "accessx", function(error, query, headers) {
		assert.ok( !('access_token' in query), "access_token also in query");
		assert.ok( 'Authorization' in headers, "Authorization not in headers");
		});
		},
		'we should include access token in the querystring if no Authorization header present to override it': function (oa) {
		oa._request = new OAuth2("clientId", "clientSecret")._request.bind(oa);
		oa._executeRequest= function( http_library, options, post_body, callback) {
		callback(null, url.parse(options.path, true).query, options.headers);
		};
		oa._request("GET", "http://foo/", {}, null, "access", function(error, query, headers) {
		assert.ok( 'access_token' in query, "access_token not present in query");
		assert.ok( !('Authorization' in headers), "Authorization in headers");
		});
		},
		'we should correctly extract the token if received as a JSON literal': function (oa) {
		@@ -68,17 +90,35 @@ oa._request= function(method, url, headers, post_body, access_token, callback) {
		},
		'When calling get with the default authorization method': {
		'we should pass the authorization header with Bearer method and value of the access_token' : function(oa) {
		oa._request= function(method, url, headers, post_body, access_token, callback) {
		assert.equal(headers["Authorization"], "Bearer abcd5");
		};
		oa.get("", "abcd5");
		'When we use the authorization header': {
		'and call get with the default authorization method': {
		'we should pass the authorization header with Bearer method and value of the access_token, _request should be passed a null access_token' : function(oa) {
		oa._request= function(method, url, headers, post_body, access_token, callback) {
		assert.equal(headers["Authorization"], "Bearer abcd5");
		assert.isNull( access_token );
		};
		oa.useAuthorizationHeaderforGET(true);
		oa.get("", "abcd5");
		}
		},
		'and call get with the authorization method set to Basic': {
		'we should pass the authorization header with Basic method and value of the access_token, _request should be passed a null access_token' : function(oa) {
		oa._request= function(method, url, headers, post_body, access_token, callback) {
		assert.equal(headers["Authorization"], "Basic cdg2");
		assert.isNull( access_token );
		};
		oa.useAuthorizationHeaderforGET(true);
		oa.setAuthMethod("Basic");
		oa.get("", "cdg2");
		}
		}
		},
		'When calling get with the authorization method set to Basic': {
		'we should pass the authorization header with Basic method and value of the access_token' : function(oa) {
		oa._request= function(method, url, headers, post_body, access_token, callback) {
		assert.equal(headers["Authorization"], "Basic cdg2");
		};
		oa.setAuthMethod("Basic");
		oa.get("", "cdg2");
		'When we do not use the authorization header': {
		'and call get': {
		'we should pass NOT provide an authorization header and the access_token should be being passed to _request' : function(oa) {
		oa._request= function(method, url, headers, post_body, access_token, callback) {
		assert.isUndefined(headers["Authorization"]);
		assert.equal( access_token, "abcd5" );
		};
		oa.useAuthorizationHeaderforGET(false);
		oa.get("", "abcd5");
		}
		}
		@@ -92,4 +132,4 @@ }
		'we should see the custom headers mixed into headers property in options passed to http-library' : function(oa) {
		https.request = function(options, callback) {
		assert.equal(headers["SomeHeader"], "123");
		oa._executeRequest= function( http_library, options, callback ) {
		assert.equal(options.headers["SomeHeader"], "123");
		};
		@@ -96,0 +136,0 @@ oa.get("", {});

Improved metrics