wiki-cafe/node-oauth
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add in Authorization Header and support extra headers by default.

Browse Source
This commit is contained in:
Brian Park 2012-11-20 13:24:35 -05:00
parent a846c282a9
commit efbce5bd68
2 changed files with 61 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/oauth2.js
View File

@ -5,13 +5,15 @@ var querystring= require('querystring'),
URL= require('url'), URL= require('url'),
OAuthUtils= require('./_utils'); OAuthUtils= require('./_utils');
exports.OAuth2= function(clientId, clientSecret, baseSite, authorizePath, accessTokenPath) { exports.OAuth2= function(clientId, clientSecret, baseSite, authorizePath, accessTokenPath, customHeaders) {
this._clientId= clientId; this._clientId= clientId;
this._clientSecret= clientSecret; this._clientSecret= clientSecret;
this._baseSite= baseSite; this._baseSite= baseSite;
this._authorizeUrl= authorizePath || "/oauth/authorize"; this._authorizeUrl= authorizePath || "/oauth/authorize";
this._accessTokenUrl= accessTokenPath || "/oauth/access_token"; this._accessTokenUrl= accessTokenPath || "/oauth/access_token";
this._accessTokenName= "access_token"; this._accessTokenName= "access_token";
this._authMethod= "Bearer";
this._customHeaders = customHeaders || {};
} }
// This 'hack' method is required for sites that don't use // This 'hack' method is required for sites that don't use
@ -23,10 +25,22 @@ exports.OAuth2.prototype.setAccessTokenName= function ( name ) {
this._accessTokenName= name; this._accessTokenName= name;
} }
// Sets the authorization method for Authorization header.
// e.g. Authorization: Bearer <token> # "Bearer" is the authorization method.
exports.OAuth2.prototype.setAuthMethod = function ( authMethod ) {
this._authMethod = authMethod;
};
exports.OAuth2.prototype._getAccessTokenUrl= function() { exports.OAuth2.prototype._getAccessTokenUrl= function() {
return this._baseSite + this._accessTokenUrl; /* + "?" + querystring.stringify(params); */ return this._baseSite + this._accessTokenUrl; /* + "?" + querystring.stringify(params); */
} }
// Build the authorization header. In particular, build the part after the colon.
// e.g. Authorization: Bearer <token> # Build "Bearer <token>"
exports.OAuth2.prototype._buildAuthHeader= function(token) {
return this._authMethod + ' ' + token;
};
exports.OAuth2.prototype._request= function(method, url, headers, post_body, access_token, callback) { exports.OAuth2.prototype._request= function(method, url, headers, post_body, access_token, callback) {
var http_library= https; var http_library= https;
@ -41,7 +55,7 @@ exports.OAuth2.prototype._request= function(method, url, headers, post_body, acc
http_library= http; http_library= http;
} }
var realHeaders= {}; var realHeaders= this._customHeaders;
if( headers ) { if( headers ) {
for(var key in headers) { for(var key in headers) {
realHeaders[key] = headers[key]; realHeaders[key] = headers[key];
@ -157,5 +171,8 @@ exports.OAuth2.prototype.getProtectedResource= function(url, access_token, callb
} }
exports.OAuth2.prototype.get= function(url, access_token, callback) { exports.OAuth2.prototype.get= function(url, access_token, callback) {
this._request("GET", url, {}, "", access_token, callback ); var headers= {
'Authorization': this._buildAuthHeader(access_token)
};
this._request("GET", url, headers, "", access_token, callback );
} }

50
tests/oauth2.js
View File

@ -1,10 +1,11 @@
var vows = require('vows'), var vows = require('vows'),
assert = require('assert'), assert = require('assert'),
https = require('https'),
OAuth2= require('../lib/oauth2').OAuth2; OAuth2= require('../lib/oauth2').OAuth2;
vows.describe('OAuth2').addBatch({ vows.describe('OAuth2').addBatch({
'Given an OAuth2 instance, ': { 'Given an OAuth2 instance with clientId and clientSecret, ': {
topic: new OAuth2(), topic: new OAuth2("clientId", "clientSecret"),
'When handling the access token response': { 'When handling the access token response': {
'we should correctly extract the token if received as form-data': function (oa) { 'we should correctly extract the token if received as form-data': function (oa) {
oa._request= function( method, url, fo, bar, bleh, callback) { oa._request= function( method, url, fo, bar, bleh, callback) {
@ -40,28 +41,57 @@ vows.describe('OAuth2').addBatch({
'When no grant_type parameter is specified': { 'When no grant_type parameter is specified': {
'we should pass the value of the code argument as the code parameter': function(oa) { 'we should pass the value of the code argument as the code parameter': function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) { oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.isTrue( post_body.indexOf("code=xsds23") != -1 ) assert.isTrue( post_body.indexOf("code=xsds23") != -1 );
} };
oa.getOAuthAccessToken("xsds23", {} ); oa.getOAuthAccessToken("xsds23", {} );
} }
}, },
'When an invalid grant_type parameter is specified': { 'When an invalid grant_type parameter is specified': {
'we should pass the value of the code argument as the code parameter': function(oa) { 'we should pass the value of the code argument as the code parameter': function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) { oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.isTrue( post_body.indexOf("code=xsds23") != -1 ) assert.isTrue( post_body.indexOf("code=xsds23") != -1 );
} };
oa.getOAuthAccessToken("xsds23", {grant_type:"refresh_toucan"} ); oa.getOAuthAccessToken("xsds23", {grant_type:"refresh_toucan"} );
} }
}, },
'When a grant_type parameter of value "refresh_token" is specified': { 'When a grant_type parameter of value "refresh_token" is specified': {
'we should pass the value of the code argument as the refresh_token parameter, should pass a grant_type parameter, but shouldn\'t pass a code parameter' : function(oa) { 'we should pass the value of the code argument as the refresh_token parameter, should pass a grant_type parameter, but shouldn\'t pass a code parameter' : function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) { oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.isTrue( post_body.indexOf("refresh_token=sdsds2") != -1 ) assert.isTrue( post_body.indexOf("refresh_token=sdsds2") != -1 );
assert.isTrue( post_body.indexOf("grant_type=refresh_token") != -1 ) assert.isTrue( post_body.indexOf("grant_type=refresh_token") != -1 );
assert.isTrue( post_body.indexOf("code=") == -1 ) assert.isTrue( post_body.indexOf("code=") == -1 );
} };
oa.getOAuthAccessToken("sdsds2", {grant_type:"refresh_token"} ); oa.getOAuthAccessToken("sdsds2", {grant_type:"refresh_token"} );
} }
},
'When calling get with the default authorization method': {
'we should pass the authorization header with Bearer method and value of the access_token' : function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.equal(headers["Authorization"], "Bearer abcd5");
};
oa.get("", "abcd5");
}
},
'When calling get with the authorization method set to Basic': {
'we should pass the authorization header with Basic method and value of the access_token' : function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.equal(headers["Authorization"], "Basic cdg2");
};
oa.setAuthMethod("Basic");
oa.get("", "cdg2");
}
}
},
'Given an OAuth2 instance with clientId, clientSecret and customHeaders': {
topic: new OAuth2("clientId", "clientSecret", undefined, undefined, undefined,
{ 'SomeHeader': '123' }),
'When calling get': {
'we should see the custom headers mixed into headers property in options passed to http-library' : function(oa) {
https.request = function(options, callback) {
assert.equal(headers["SomeHeader"], "123");
};
oa.get("", {});
}
} }
} }
}).export(module); }).export(module);