Skip to content

Commit

Permalink
Add in Authorization Header and support extra headers by default.
Browse files Browse the repository at this point in the history
  • Loading branch information
@yaru22
yaru22 committed Nov 21, 2012
1 parent a846c28 commit efbce5b
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 14 deletions.
23 changes: 20 additions & 3 deletions lib/oauth2.js
View file
Expand Up @@ -5,13 +5,15 @@ var querystring= require('querystring'),
URL= require('url'),
OAuthUtils= require('./_utils');

exports.OAuth2= function(clientId, clientSecret, baseSite, authorizePath, accessTokenPath) {
exports.OAuth2= function(clientId, clientSecret, baseSite, authorizePath, accessTokenPath, customHeaders) {
this._clientId= clientId;
this._clientSecret= clientSecret;
this._baseSite= baseSite;
this._authorizeUrl= authorizePath || "/oauth/authorize";
this._accessTokenUrl= accessTokenPath || "/oauth/access_token";
this._accessTokenName= "access_token";
this._authMethod= "Bearer";
this._customHeaders = customHeaders || {};
}

// This 'hack' method is required for sites that don't use
Expand All @@ -23,10 +25,22 @@ exports.OAuth2.prototype.setAccessTokenName= function ( name ) {
this._accessTokenName= name;
}

// Sets the authorization method for Authorization header.
// e.g. Authorization: Bearer <token> # "Bearer" is the authorization method.
exports.OAuth2.prototype.setAuthMethod = function ( authMethod ) {
this._authMethod = authMethod;
};

exports.OAuth2.prototype._getAccessTokenUrl= function() {
return this._baseSite + this._accessTokenUrl; /* + "?" + querystring.stringify(params); */
}

// Build the authorization header. In particular, build the part after the colon.
// e.g. Authorization: Bearer <token> # Build "Bearer <token>"
exports.OAuth2.prototype._buildAuthHeader= function(token) {
return this._authMethod + ' ' + token;
};

exports.OAuth2.prototype._request= function(method, url, headers, post_body, access_token, callback) {

var http_library= https;
Expand All @@ -41,7 +55,7 @@ exports.OAuth2.prototype._request= function(method, url, headers, post_body, acc
http_library= http;
}

var realHeaders= {};
var realHeaders= this._customHeaders;
if( headers ) {
for(var key in headers) {
realHeaders[key] = headers[key];
Expand Down Expand Up @@ -157,5 +171,8 @@ exports.OAuth2.prototype.getProtectedResource= function(url, access_token, callb
}

exports.OAuth2.prototype.get= function(url, access_token, callback) {
this._request("GET", url, {}, "", access_token, callback );
var headers= {
'Authorization': this._buildAuthHeader(access_token)
};
this._request("GET", url, headers, "", access_token, callback );
}
52 changes: 41 additions & 11 deletions tests/oauth2.js
View file
@@ -1,10 +1,11 @@
var vows = require('vows'),
assert = require('assert'),
https = require('https'),
OAuth2= require('../lib/oauth2').OAuth2;

vows.describe('OAuth2').addBatch({
'Given an OAuth2 instance, ': {
topic: new OAuth2(),
'Given an OAuth2 instance with clientId and clientSecret, ': {
topic: new OAuth2("clientId", "clientSecret"),
'When handling the access token response': {
'we should correctly extract the token if received as form-data': function (oa) {
oa._request= function( method, url, fo, bar, bleh, callback) {
Expand Down Expand Up @@ -40,28 +41,57 @@ vows.describe('OAuth2').addBatch({
'When no grant_type parameter is specified': {
'we should pass the value of the code argument as the code parameter': function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.isTrue( post_body.indexOf("code=xsds23") != -1 )
}
assert.isTrue( post_body.indexOf("code=xsds23") != -1 );
};
oa.getOAuthAccessToken("xsds23", {} );
}
},
'When an invalid grant_type parameter is specified': {
'we should pass the value of the code argument as the code parameter': function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.isTrue( post_body.indexOf("code=xsds23") != -1 )
}
assert.isTrue( post_body.indexOf("code=xsds23") != -1 );
};
oa.getOAuthAccessToken("xsds23", {grant_type:"refresh_toucan"} );
}
},
'When a grant_type parameter of value "refresh_token" is specified': {
'we should pass the value of the code argument as the refresh_token parameter, should pass a grant_type parameter, but shouldn\'t pass a code parameter' : function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.isTrue( post_body.indexOf("refresh_token=sdsds2") != -1 )
assert.isTrue( post_body.indexOf("grant_type=refresh_token") != -1 )
assert.isTrue( post_body.indexOf("code=") == -1 )
}
assert.isTrue( post_body.indexOf("refresh_token=sdsds2") != -1 );
assert.isTrue( post_body.indexOf("grant_type=refresh_token") != -1 );
assert.isTrue( post_body.indexOf("code=") == -1 );
};
oa.getOAuthAccessToken("sdsds2", {grant_type:"refresh_token"} );
}
},
'When calling get with the default authorization method': {
'we should pass the authorization header with Bearer method and value of the access_token' : function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.equal(headers["Authorization"], "Bearer abcd5");
};
oa.get("", "abcd5");
}
},
'When calling get with the authorization method set to Basic': {
'we should pass the authorization header with Basic method and value of the access_token' : function(oa) {
oa._request= function(method, url, headers, post_body, access_token, callback) {
assert.equal(headers["Authorization"], "Basic cdg2");
};
oa.setAuthMethod("Basic");
oa.get("", "cdg2");
}
}
},
'Given an OAuth2 instance with clientId, clientSecret and customHeaders': {
topic: new OAuth2("clientId", "clientSecret", undefined, undefined, undefined,
{ 'SomeHeader': '123' }),
'When calling get': {
'we should see the custom headers mixed into headers property in options passed to http-library' : function(oa) {
https.request = function(options, callback) {
assert.equal(headers["SomeHeader"], "123");
};
oa.get("", {});
}
}
}
}).export(module);
}).export(module);

0 comments on commit efbce5b

Please sign in to comment.