wiki-cafe/node-oauth
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
node-oauth/tests/oauth2.js
ciaranj 03d713be9a Fixes Issue #129 
Not ideal, but effectively reverts the default behaviour of the library to how 0.9.8 worked,
that is it passes the access_token as a query parameter to the server.

To allow the utility 'get' method to use an Authorization header *instead* then you need to
explicitly enable this behaviour by using the method :

  var oa= new Oauth(...);
  oa.useAuthorizationHeaderforGET(true)

Note this can/should be used in conjunction with the other utility method:

  oa.setAuthMethod(...)

The default value for the Authorization header is 'Bearer'

If you're building your own requests using oa._request then there is a new exported
method:

  oa.buildAuthHeader(token)
2013-03-05 17:34:20 +00:00

116 lines
5.7 KiB
JavaScript
Raw Blame History

var vows = require('vows'),
assert = require('assert'),
https = require('https'),
OAuth2= require('../lib/oauth2').OAuth2;
vows.describe('OAuth2').addBatch({
'Given an OAuth2 instance with clientId and clientSecret, ': {
topic: new OAuth2("clientId", "clientSecret"),
'When handling the access token response': {
'we should correctly extract the token if received as form-data': function (oa) {
oa._request= function( method, url, fo, bar, bleh, callback) {
callback(null, "access_token=access&refresh_token=refresh");
};
oa.getOAuthAccessToken("", {}, function(error, access_token, refresh_token) {
assert.equal( access_token, "access");
assert.equal( refresh_token, "refresh");
});
},
'we should correctly extract the token if received as a JSON literal': function (oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
callback(null, '{"access_token":"access","refresh_token":"refresh"}');
};
oa.getOAuthAccessToken("", {}, function(error, access_token, refresh_token) {
assert.equal( access_token, "access");
assert.equal( refresh_token, "refresh");
});
},
'we should return the received data to the calling method': function (oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
callback(null, '{"access_token":"access","refresh_token":"refresh","extra_1":1, "extra_2":"foo"}');
};
oa.getOAuthAccessToken("", {}, function(error, access_token, refresh_token, results) {
assert.equal( access_token, "access");
assert.equal( refresh_token, "refresh");
assert.isNotNull( results );
assert.equal( results.extra_1, 1);
assert.equal( results.extra_2, "foo");
});
}
},
'When no grant_type parameter is specified': {
'we should pass the value of the code argument as the code parameter': function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.isTrue( post_body.indexOf("code=xsds23") != -1 );
};
oa.getOAuthAccessToken("xsds23", {} );
}
},
'When an invalid grant_type parameter is specified': {
'we should pass the value of the code argument as the code parameter': function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.isTrue( post_body.indexOf("code=xsds23") != -1 );
};
oa.getOAuthAccessToken("xsds23", {grant_type:"refresh_toucan"} );
}
},
'When a grant_type parameter of value "refresh_token" is specified': {
'we should pass the value of the code argument as the refresh_token parameter, should pass a grant_type parameter, but shouldn\'t pass a code parameter' : function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.isTrue( post_body.indexOf("refresh_token=sdsds2") != -1 );
assert.isTrue( post_body.indexOf("grant_type=refresh_token") != -1 );
assert.isTrue( post_body.indexOf("code=") == -1 );
};
oa.getOAuthAccessToken("sdsds2", {grant_type:"refresh_token"} );
}
},
'When we use the authorization header': {
'and call get with the default authorization method': {
'we should pass the authorization header with Bearer method and value of the access_token, _request should be passed a null access_token' : function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.equal(headers["Authorization"], "Bearer abcd5");
assert.isNull( access_token );
};
oa.useAuthorizationHeaderforGET(true);
oa.get("", "abcd5");
}
},
'and call get with the authorization method set to Basic': {
'we should pass the authorization header with Basic method and value of the access_token, _request should be passed a null access_token' : function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.equal(headers["Authorization"], "Basic cdg2");
assert.isNull( access_token );
};
oa.useAuthorizationHeaderforGET(true);
oa.setAuthMethod("Basic");
oa.get("", "cdg2");
}
}
},
'When we do not use the authorization header': {
'and call get': {
'we should pass NOT provide an authorization header and the access_token should be being passed to _request' : function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.isUndefined(headers["Authorization"]);
assert.equal( access_token, "abcd5" );
};
oa.useAuthorizationHeaderforGET(false);
oa.get("", "abcd5");
}
}
}
},
'Given an OAuth2 instance with clientId, clientSecret and customHeaders': {
topic: new OAuth2("clientId", "clientSecret", undefined, undefined, undefined,
{ 'SomeHeader': '123' }),
'When calling get': {
'we should see the custom headers mixed into headers property in options passed to http-library' : function(oa) {
oa._executeRequest= function( http_library, options, callback ) {
assert.equal(options.headers["SomeHeader"], "123");
};
oa.get("", {});
}
}
}
}).export(module);
Reference in New Issue View Git Blame Copy Permalink