wiki-cafe/node-oauth
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes Issue #125 - Abusing externally passed in data structure

Browse Source 
Also had to re-jig the test, as it turns out the contributor-supplied test
for this work didn't *actually* test anything :(
This commit is contained in:
ciaranj
2013-03-05 16:58:40 +00:00
parent 08fcb6881a
commit ba81ad43bd
2 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/oauth2.js
View File

@ -55,7 +55,10 @@ exports.OAuth2.prototype._request= function(method, url, headers, post_body, acc
http_library= http; http_library= http;
} }
var realHeaders= this._customHeaders; var realHeaders= {};
for( var key in this._customHeaders ) {
realHeaders[key]= this._customHeaders[key];
}
if( headers ) { if( headers ) {
for(var key in headers) { for(var key in headers) {
realHeaders[key] = headers[key]; realHeaders[key] = headers[key];
@ -69,7 +72,6 @@ exports.OAuth2.prototype._request= function(method, url, headers, post_body, acc
parsedUrl.query[this._accessTokenName]= access_token; parsedUrl.query[this._accessTokenName]= access_token;
} }
var result= "";
var queryStr= querystring.stringify(parsedUrl.query); var queryStr= querystring.stringify(parsedUrl.query);
if( queryStr ) queryStr= "?" + queryStr; if( queryStr ) queryStr= "?" + queryStr;
var options = { var options = {
@ -80,6 +82,10 @@ exports.OAuth2.prototype._request= function(method, url, headers, post_body, acc
headers: realHeaders headers: realHeaders
}; };
this._executeRequest( http_library, options, post_body, callback );
}
exports.OAuth2.prototype._executeRequest= function( http_library, options, post_body, callback ) {
// Some hosts *cough* google appear to close the connection early / send no content-length header // Some hosts *cough* google appear to close the connection early / send no content-length header
// allow this behaviour. // allow this behaviour.
var allowEarlyClose= OAuthUtils.isAnEarlyCloseHost(options.host); var allowEarlyClose= OAuthUtils.isAnEarlyCloseHost(options.host);
@ -95,6 +101,8 @@ exports.OAuth2.prototype._request= function(method, url, headers, post_body, acc
} }
} }
var result= "";
var request = http_library.request(options, function (response) { var request = http_library.request(options, function (response) {
response.on("data", function (chunk) { response.on("data", function (chunk) {
result+= chunk result+= chunk
@ -113,13 +121,12 @@ exports.OAuth2.prototype._request= function(method, url, headers, post_body, acc
callback(e); callback(e);
}); });
if( method == 'POST' && post_body ) { if( options.method == 'POST' && post_body ) {
request.write(post_body); request.write(post_body);
} }
request.end(); request.end();
} }
exports.OAuth2.prototype.getAuthorizeUrl= function( params ) { exports.OAuth2.prototype.getAuthorizeUrl= function( params ) {
var params= params || {}; var params= params || {};
params['client_id'] = this._clientId; params['client_id'] = this._clientId;

4
tests/oauth2.js
View File

@ -87,8 +87,8 @@ vows.describe('OAuth2').addBatch({
{ 'SomeHeader': '123' }), { 'SomeHeader': '123' }),
'When calling get': { 'When calling get': {
'we should see the custom headers mixed into headers property in options passed to http-library' : function(oa) { 'we should see the custom headers mixed into headers property in options passed to http-library' : function(oa) {
https.request = function(options, callback) { oa._executeRequest= function( http_library, options, callback ) {
assert.equal(headers["SomeHeader"], "123"); assert.equal(options.headers["SomeHeader"], "123");
}; };
oa.get("", {}); oa.get("", {});
} }