From 0a49c1ba35365ac830a527aa2527fc8819bbc29f Mon Sep 17 00:00:00 2001 From: gits2501 Date: Thu, 21 Jun 2018 17:13:55 +0200 Subject: [PATCH] Added one more test case --- src/AccessToken.js | 29 +++++++++++++++++++---------- test/accesstoken.js | 27 +++++++++++++++++++-------- 2 files changed, 38 insertions(+), 18 deletions(-) diff --git a/src/AccessToken.js b/src/AccessToken.js index ac63753..44f2644 100644 --- a/src/AccessToken.js +++ b/src/AccessToken.js @@ -22,7 +22,8 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData; requestTokenNotSaved: 'Request token was not saved. Check that page url from which you make request match your redirection_url.', noRepeat: "Cannot make another request with same redirection(callback) url", urlNotFound: "Current window location (url) not found", - noSessionData: 'Unable to find session data in current url' + noSessionData: 'Unable to find session data in current url', + spaWarning: 'Authorization data not found in url' }) } @@ -30,15 +31,17 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData; AccessToken.prototype.setAuthorizedTokens = function(){ - this.authorizeRedirectionUrl(), - // set params for access token leg explicitly - this.oauth[this.prefix + 'verifier'] = this.authorized.oauth_verifier // Put authorized verifier - this.oauth[this.prefix + 'token'] = this.authorized.oauth_token; // Authorized token + this.parseRedirectionUrl(this.winLoc); // parse url + /* istanbul ignore else */ + if(this.isAuthorizationDataInURL()){ + this.authorize(this.redirectionData); // authorize token + // set params for access token leg explicitly + this.oauth[this.prefix + 'verifier'] = this.authorized.oauth_verifier // Put authorized verifier + this.oauth[this.prefix + 'token'] = this.authorized.oauth_token; // Authorized token + } } AccessToken.prototype.authorizeRedirectionUrl = function(){// makes sure we have needed data in redirection url - this.parseRedirectionUrl(this.winLoc); // parse url - return this.authorize(this.redirectionData); // authorize token } @@ -101,10 +104,16 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData; return data; } - + // + AccessToken.prototype.isAuthorizationDataInURL = function(){ // check that we have valid twitter redirection url + if(!this.redirectionData.oauth_token && !this.redirectionData.oauth_verifier){ // not a redirection url + throw this.CustomError('spaWarning'); + } + else return true + } AccessToken.prototype.authorize = function(sent){ // check that sent data from redirection url has needed info - // console.log('in authorize'); + //console.log('in authorize'); if(this.isRequestTokenUsed(window.localStorage)) throw this.CustomError('noRepeat'); @@ -141,7 +150,7 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData; // used/erased with null // console.log('after erasing storage.requestToken :', storage.requestToken_); // console.log('loadedRequestToken',this.loadedRequestToken); - if (!this.loadedRequestToken) throw this.CustomError('requestTokenNotSet'); + if(!this.loadedRequestToken) throw this.CustomError('requestTokenNotSet'); } AccessToken.prototype.getSessionData = function(){ // gets session data from redirection url diff --git a/test/accesstoken.js b/test/accesstoken.js index 6ed56e9..a790038 100644 --- a/test/accesstoken.js +++ b/test/accesstoken.js @@ -23,7 +23,7 @@ describe('Access Token', function(){ // token leg). Remove 'oauth_token=' - it('ready ', function(){ + it('ready ', function(){ at.winLoc += query; // mock curent location with tokens from twitter assert.doesNotThrow(at.setAuthorizedTokens.bind(at)); }) @@ -95,19 +95,21 @@ describe('Access Token', function(){ delete window.localStorage.requestToken_ ; // make like token was not saved assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'requestTokenNotSaved')); }) + + it('token missmatch - throw error', function(){ // Check that received request_token + // is same as the one that is sent + at.winLoc = pageUrl + session_data + request_token + verifier; // Set current location (url) + window.localStorage.requestToken_ = 'NotSameAsTheOneReceived'; // Make saved request_token different + assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'tokenMissmatch')); + }) - - it('request token not set', function(){ // property is there but has no value + it('request token not set', function(){ // property is there but has no value at.winLoc = session_data + request_token + verifier; // set current location (url) window.localStorage.requestToken_ = ''; // make token fresh assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'requestTokenNotSet')); }) - it('request token not set', function(){ // property is there but has no value - at.winLoc = pageUrl + session_data + request_token + verifier; // set current location (url) - window.localStorage.requestToken_ = ''; // make token fresh - assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'requestTokenNotSet')); - }) + describe('session data', function(){ @@ -121,6 +123,15 @@ describe('Access Token', function(){ }) + describe('spa apps warning', function(){ + + it('Authorization data not found in url - throw error', function(){ + at.winLoc = 'https://myApp.com/noQueryString'; // simulate no authorization data (request token + // and verifier) + assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'spaWarning')); + }) + + }) })