Added one more test case

src/AccessToken.js

@@ -22,23 +22,26 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData;
          requestTokenNotSaved: 'Request token was not saved. Check that page url from which you make request match your redirection_url.',
          noRepeat: "Cannot make another request with same redirection(callback) url",
          urlNotFound: "Current window location (url) not found",
-         noSessionData: 'Unable to find session data in current url'
+         noSessionData: 'Unable to find session data in current url',
+         spaWarning: 'Authorization data not found in url'
       })
    }
 
    AccessToken.prototype = Object.create(OAuth.prototype);
 
    AccessToken.prototype.setAuthorizedTokens = function(){
 
-      this.authorizeRedirectionUrl(),
-                                             // set params for access token leg explicitly 
-      this.oauth[this.prefix + 'verifier'] = this.authorized.oauth_verifier // Put authorized verifier
-      this.oauth[this.prefix + 'token']    = this.authorized.oauth_token;   // Authorized token
+     this.parseRedirectionUrl(this.winLoc);        // parse url 
+     /* istanbul ignore else */
+     if(this.isAuthorizationDataInURL()){ 
+         this.authorize(this.redirectionData);     // authorize token
+                                                   // set params for access token leg explicitly 
+         this.oauth[this.prefix + 'verifier'] = this.authorized.oauth_verifier // Put authorized verifier
+         this.oauth[this.prefix + 'token']    = this.authorized.oauth_token;   // Authorized token
+     }
    }
 
    AccessToken.prototype.authorizeRedirectionUrl = function(){// makes sure we have needed data in redirection url
-     this.parseRedirectionUrl(this.winLoc);          // parse url 
-     return this.authorize(this.redirectionData);    // authorize token
 
    }
 
@@ -101,10 +104,16 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData;
 
       return data;
    } 
-
+  // 
+   AccessToken.prototype.isAuthorizationDataInURL = function(){ // check that we have valid twitter redirection url
+       if(!this.redirectionData.oauth_token && !this.redirectionData.oauth_verifier){ // not a redirection url
+           throw this.CustomError('spaWarning');
+       }
+       else return true
+   }
    AccessToken.prototype.authorize = function(sent){ // check that sent data from redirection url has needed info
 
-      // console.log('in authorize');
+       //console.log('in authorize');
       if(this.isRequestTokenUsed(window.localStorage))          
         throw this.CustomError('noRepeat');
 
@@ -141,7 +150,7 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData;
                                                                 // used/erased with null 
      // console.log('after erasing storage.requestToken :', storage.requestToken_);  
      // console.log('loadedRequestToken',this.loadedRequestToken);
-     if (!this.loadedRequestToken) throw this.CustomError('requestTokenNotSet');
+     if(!this.loadedRequestToken) throw this.CustomError('requestTokenNotSet');
    }
 
    AccessToken.prototype.getSessionData = function(){       // gets session data from redirection url

test/accesstoken.js

@@ -23,7 +23,7 @@ describe('Access Token', function(){
                                                                        // token leg). Remove 'oauth_token='
 
 
-      it('ready ', function(){ 
+      it('ready ', function(){
           at.winLoc += query;                              // mock curent location with tokens from twitter 
           assert.doesNotThrow(at.setAuthorizedTokens.bind(at));
       })
@@ -95,19 +95,21 @@ describe('Access Token', function(){
          delete window.localStorage.requestToken_ ;              // make like token was not saved
          assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'requestTokenNotSaved'));
       })
+
+      it('token missmatch - throw error', function(){                    // Check that received request_token 
+                                                                         //  is same as  the one that is sent
+         at.winLoc = pageUrl + session_data + request_token + verifier;  // Set current location (url)
+         window.localStorage.requestToken_ = 'NotSameAsTheOneReceived';  // Make saved request_token different 
+         assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'tokenMissmatch'));
+      })
 
-
-       it('request token not set', function(){                   // property is there but has no value
+      it('request token not set', function(){                   // property is there but has no value
          at.winLoc = session_data + request_token + verifier;    // set current location (url)
          window.localStorage.requestToken_ = '';                 // make token fresh 
          assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'requestTokenNotSet'));
       })
 
-      it('request token not set', function(){                    // property is there but has no value
-         at.winLoc = pageUrl + session_data + request_token + verifier;    // set current location (url)
-         window.localStorage.requestToken_ = '';                 // make token fresh 
-         assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'requestTokenNotSet'));
-      })
+
 
 
       describe('session data', function(){
@@ -121,6 +123,15 @@ describe('Access Token', function(){
 
       })
 
+      describe('spa apps warning', function(){
+
+           it('Authorization data not found in url - throw error', function(){
+               at.winLoc = 'https://myApp.com/noQueryString'; // simulate no authorization data (request token 
+                                                              // and verifier)
+               assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'spaWarning'));
+           })
+
+      })
    })