wiki-cafe/node-oauth
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added an extra test, and checked realHeaders to catch any dodgy custom ones

Browse Source
This commit is contained in:
ciaranj 2013-03-05 18:07:40 +00:00
parent 8be23c309c
commit 301ebab90c
2 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/oauth2.js
View File

@ -75,7 +75,7 @@ exports.OAuth2.prototype._request= function(method, url, headers, post_body, acc
realHeaders['Host']= parsedUrl.host; realHeaders['Host']= parsedUrl.host;
realHeaders['Content-Length']= post_body ? Buffer.byteLength(post_body) : 0; realHeaders['Content-Length']= post_body ? Buffer.byteLength(post_body) : 0;
if( access_token && !('Authorization' in headers)) { if( access_token && !('Authorization' in realHeaders)) {
if( ! parsedUrl.query ) parsedUrl.query= {}; if( ! parsedUrl.query ) parsedUrl.query= {};
parsedUrl.query[this._accessTokenName]= access_token; parsedUrl.query[this._accessTokenName]= access_token;
} }

19
tests/oauth2.js
View File

@ -17,14 +17,25 @@ vows.describe('OAuth2').addBatch({
assert.equal( refresh_token, "refresh"); assert.equal( refresh_token, "refresh");
}); });
}, },
'we should not include access token in both querystring and headers': function (oa) { 'we should not include access token in both querystring and headers (favours headers if specified)': function (oa) {
oa._request = new OAuth2("clientId", "clientSecret")._request.bind(oa); oa._request = new OAuth2("clientId", "clientSecret")._request.bind(oa);
oa._executeRequest= function( http_library, options, post_body, callback) { oa._executeRequest= function( http_library, options, post_body, callback) {
callback(null, url.parse(options.path, true).query, options.headers); callback(null, url.parse(options.path, true).query, options.headers);
}; };
oa.get("/userinfo", 'access', function(error, query, headers) {
assert.ok( !('access_token' in query), "access_token not in query"); oa._request("GET", "http://foo/", {"Authorization":"Bearer BadNews"}, null, "accessx", function(error, query, headers) {
assert.ok( 'Authorization' in headers, "Authorization in headers"); assert.ok( !('access_token' in query), "access_token also in query");
assert.ok( 'Authorization' in headers, "Authorization not in headers");
});
},
'we should include access token in the querystring if no Authorization header present to override it': function (oa) {
oa._request = new OAuth2("clientId", "clientSecret")._request.bind(oa);
oa._executeRequest= function( http_library, options, post_body, callback) {
callback(null, url.parse(options.path, true).query, options.headers);
};
oa._request("GET", "http://foo/", {}, null, "access", function(error, query, headers) {
assert.ok( 'access_token' in query, "access_token not present in query");
assert.ok( !('Authorization' in headers), "Authorization in headers");
}); });
}, },
'we should correctly extract the token if received as a JSON literal': function (oa) { 'we should correctly extract the token if received as a JSON literal': function (oa) {