diff --git a/mocha-test.html b/mocha-test.html
index 351143a..0005979 100644
--- a/mocha-test.html
+++ b/mocha-test.html
@@ -2,7 +2,7 @@
   Mocha Tests
-  
+
diff --git a/package.json b/package.json index f43c4da..bb30dd9 100644 --- a/package.json +++ b/package.json @@ -6,8 +6,8 @@ "scripts": { "lint": "eslint src/AccessToken.js", "instrument": "istanbul instrument src/AccessToken.js --output src/AccessToken_instrumented.js", - "browserify": "./node_modules/browserify/bin/cmd.js test/accesstoken.js -o test/accesstoken_bundle.js", - "mocha-headless": "mocha-headless-chrome -f mocha-test.html -c test/coverage.json", + "browserify": "./node_modules/browserify/bin/cmd.js test/accesstoken.js --exclude btoa -o test/accesstoken_bundle.js", + "mocha-headless": "mocha-headless-chrome -a no-sandbox -f mocha-test.html -c test/coverage.json", "report": "istanbul report --root test/ lcov", "coveralls": "cat ./coverage/ | ./node_modules/coveralls/bin/coveralls.js && rm -rf ./coverage", "test": "npm run instrument && npm run browserify && npm run mocha-headless && npm run report" @@ -15,15 +15,23 @@ "author": "", "license": "MIT", "dependencies": { - "twiz-client-oauth": "file:../twiz-client-oauth", - "twiz-client-redirect": "file:../twiz-client-redirect" + "twiz-client-oauth": "", + "twiz-client-redirect": "", + "twiz-client-utils": "" + }, + "repository": { + "type": "git", + "url": "" + }, + "bugs": { + "url": "" }, "devDependencies": { - "browserify": "^16.2.0", - "coveralls": "^3.0.0", + "browserify": "^16.2.2", + "coveralls": "^3.0.2", "eslint": "^4.19.1", "istanbul": "^0.4.5", - "mocha": "^5.1.1", - "mocha-headless-chrome": "^2.0.0" + "mocha": "^5.2.0", + "mocha-headless-chrome": "^2.0.1" } } diff --git a/src/AccessToken.js b/src/AccessToken.js index 29ee030..97e990b 100644 --- a/src/AccessToken.js +++ b/src/AccessToken.js @@ -1,7 +1,8 @@ var OAuth = require('twiz-client-oauth'); var deliverData = require('twiz-client-redirect').prototype.deliverData; - function AccessToken (){ // checks that oauth data is in redirection(callback) url, and makes sure + function AccessToken (){ // Prepares data for Access Token leg + // Checks that oauth data is in redirection(callback) url, and makes sure // that oauth_token from url matches the one we saved in first step.; = this.leg[2]; @@ -20,7 +21,9 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData; requestTokenNotSet: 'Request token was not set', requestTokenNotSaved: 'Request token was not saved. Check that page url from which you make request match your redirection_url.', noRepeat: "Cannot make another request with same redirection(callback) url", - noStringProvided: "Expected string was not provided" + urlNotFound: "Current window location (url) not found", + noSessionData: 'Unable to find session data in current url', + spaWarning: 'Authorization data not found in url' }) } @@ -28,18 +31,16 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData; AccessToken.prototype.setAuthorizedTokens = function(){ - this.authorizeRedirectionUrl(), - // set params for access token leg explicitly - this.oauth[this.prefix + 'verifier'] = this.authorized.oauth_verifier // Put authorized verifier - this.oauth[this.prefix + 'token'] = this.authorized.oauth_token; // Authorized token + this.parseRedirectionUrl(this.winLoc); // parse url + /* istanbul ignore else */ + if(this.isAuthorizationDataInURL()){ + this.authorize(this.redirectionData); // authorize token + // set params for access token leg explicitly + this.oauth[this.prefix + 'verifier'] = this.authorized.oauth_verifier // Put authorized verifier + this.oauth[this.prefix + 'token'] = this.authorized.oauth_token; // Authorized token + } } - AccessToken.prototype.authorizeRedirectionUrl = function(){// makes sure we have needed data in redirection url - this.parseRedirectionUrl(this.winLoc); // parse - return this.authorize(this.redirectionData); // authorize token - - } - AccessToken.prototype.parseRedirectionUrl = function(url){ // parses data in url // console.log('in parseRedirectionUrl'); @@ -48,12 +49,12 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData; this.redirectionUrlParsed = true; // indicate that the url was already parsed - // console.log(this.redirectionData.twiz_); + // console.log('redirectionData: >>', this.redirectionData); } AccessToken.prototype.parse = function(str, delimiter1, delimiter2){ // parses substring of a string (str) - if(!str) throw this.CustomError('noStringProvided'); + if(!str) throw this.CustomError('urlNotFound'); var start =; // calculate from which index to take var end ; @@ -69,13 +70,11 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData; AccessToken.prototype.parseQueryParams = function (str){ var arr = []; - if(!str) throw this.CustomError('noStringProvided'); - if(str[0] === "?") str = str.substring(1); // remove "?" if we have one at beggining arr = str.split('&') // make new array element on each "&" - .map( function(el, i){ + .map( function(el){ var arr2 = el.split("="); // for each element make new array element on each "=" return arr2; @@ -101,14 +100,19 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData; return data; } - + // + AccessToken.prototype.isAuthorizationDataInURL = function(){ // check that we have valid twitter redirection url + if(!this.redirectionData.oauth_token && !this.redirectionData.oauth_verifier){ // not a redirection url + throw this.CustomError('spaWarning'); + } + else return true + } AccessToken.prototype.authorize = function(sent){ // check that sent data from redirection url has needed info + //console.log('in authorize'); if(this.isRequestTokenUsed(window.localStorage)) throw this.CustomError('noRepeat'); - - // console.log('in authorize') if(!sent.oauth_verifier) throw this.CustomError('verifierNotFound'); if(!sent.oauth_token) throw this.CustomError('tokenNotFound'); @@ -123,13 +127,13 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData; AccessToken.prototype.isRequestTokenUsed = function(storage){ // check that we have a token to use if(storage.requestToken_ === "null") return true; // token whould be "null" only when loadRequestToken() - // run twice on same redirection(callback) url + // runs twice on same redirection(callback) url return false; } - AccessToken.prototype.loadRequestToken = function(storage, sent){ + AccessToken.prototype.loadRequestToken = function(storage){ if(!storage.hasOwnProperty('requestToken_')) throw this.CustomError('requestTokenNotSaved'); @@ -141,33 +145,33 @@ var deliverData = require('twiz-client-redirect').prototype.deliverData; storage.requestToken_ = null; // since we've loaded the token, mark it as // used/erased with null // console.log('after erasing storage.requestToken :', storage.requestToken_); - - if (!this.loadedRequestToken) throw this.CustomError('requestTokenNotSet'); + // console.log('loadedRequestToken',this.loadedRequestToken); + if(!this.loadedRequestToken) throw this.CustomError('requestTokenNotSet'); } AccessToken.prototype.getSessionData = function(){ // gets session data from redirection url - console.log('in getSessionData') - if(!this.redirectionUrlParsed); - this.parseRedirectionUrl(window.location.href); // parse data from url + // console.log('in getSessionData') + if(!this.redirectionUrlParsed) + this.parseRedirectionUrl(window.location.href); // parse data from url - if(!{ // return if no session data - console.log(this.messages.noSessionData); - return; - } + if(!{ // return if no session data + console.warn(this.messages['noSessionData']); + return; + } this.sessionData = this.parseSessionData( // further parsing of session data - console.log(this.sessionData); + //console.log('sessionData: ',this.sessionData); return this.sessionData; } AccessToken.prototype.parseSessionData = function(str){ - if(/%[0-9][0-9]/g.test(str)) // See if there are percent encoded chars + if(/%[0-9A-Z][0-9A-Z]/g.test(str)) // See if there are percent encoded chars str = decodeURIComponent(decodeURIComponent(str)); // Decoding twice, since it was encoded twice // (by OAuth 1.0a specification). See genSBS function. return this.parseQueryParams(str); // Making an object from parsed key/values. } - AccessToken.prototype.deliverData = deliverData; // borrow function from Redirect module + AccessToken.prototype.deliverData = deliverData; // borrow function from Redirect module module.exports = AccessToken; diff --git a/test/accesstoken.js b/test/accesstoken.js index 7039cd3..a790038 100644 --- a/test/accesstoken.js +++ b/test/accesstoken.js @@ -1,24 +1,138 @@ var AccessToken = require('../src/AccessToken_instrumented'); var assert = require('assert'); +function errorValidation(name, err){ // used to check thrown errors by name + if( === name) return true; +} describe('Access Token', function(){ + var at = new AccessToken(); // make instance + + var session_data = '?data=quote%3DIf%2520one%2520way%2520be%2520better%2520than%2520another%252C%2520that%2520you%2520may%2520be%2520sure%2520is%2520natures%2520way.%2520%26author%3DAristotle'; + var request_token = '&oauth_token=l4eELQAAAAAA0d0BAAABYxZJrAM'; + var verifier = '&oauth_verifier=oWP8wRebbcfArwyV0oh4YxAWMeHUFrRC'; + var query = session_data + request_token + verifier; // mock twitter redirection (callback) url with tokens + + describe('Success', function(){ - describe('Access Token leg', function(){ - var request_token = 'longStringOfAlphanumerics33521' // mock request token from first leg (request token leg); - var query = '?oauth_token='+request_token+'&oauth_verifier=similarStringOfAlphanumerics4224'; // make query string - window.localStorage.requestToken_ = request_token // mock saved request token (in request token leg) - - var at = new AccessToken(); // make instance - at.winLoc += query // mock authorized url (query string from twitter) + + + window.localStorage.requestToken_ = request_token.substring(13); // mock saved request token (in request + // token leg). Remove 'oauth_token=' + it('ready ', function(){ - assert.doesNotThrow(at.setAuthorizedTokens.bind(at)) + at.winLoc += query; // mock curent location with tokens from twitter + assert.doesNotThrow(at.setAuthorizedTokens.bind(at)); + }) + + it('oauth_verifier from url parsed', function(){ // check that oauth verifier is parsed + assert.ok(at.redirectionData.oauth_token); + }) + + it('oauth_token from url parsed', function(){ // check that oauth token is parsed + assert.ok(at.redirectionData.oauth_verifier); + }) + + it('load (saved) request token',function(){ // make sure that saved token is loaded + assert.ok(at.loadedRequestToken); + }) + + it('mark request token as used', function(){ // check that loaded token is marked as used + var rToken = window.localStorage.requestToken_; + var used = rToken === 'null' ? false : rToken + + assert.ok(!used); }) + + describe('session data', function(){ // get session data + it('get session data', function(){ + assert.ok(typeof at.getSessionData() === 'object'); + }) + + + it('redirection data', function(){ // check redirection data + var rdata =; + assert.ok(typeof rdata === 'string' && rdata.length != 0); + }) + + it('session data', function(){ + assert.ok(typeof at.sessionData === 'object') + }) + + }) }) - describe('not ready') + describe('Failure', function(){ + var pageUrl = at.winLoc + query; // save current page + + it('window location not found - throw error', function(){ + at.winLoc = ''; // current url not present + assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'urlNotFound')) + }) + + it('request token already used - throw error', function(){ // request token is allready used + at.winLoc = pageUrl; + assert.throws(at.setAuthorizedTokens.bind(at), errorValidation(null, 'noRepeat')); + }) + + it('oauth_token missing - throw error', function(){ + at.winLoc = session_data + verifier; // leave out oauth_token + window.localStorage.requestToken_ = request_token; // make token fresh + assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'tokenNotFound')) + }) + + it('oauth_verifier missing - throw error', function(){ + at.winLoc = session_data + request_token; // leave out oauth_verifier + window.localStorage.requestToken_ = request_token; // make token fresh + assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'verifierNotFound')); + }) + + it('request token not saved - throw error', function(){ + at.winLoc = session_data + request_token + verifier; // set current location (url) + delete window.localStorage.requestToken_ ; // make like token was not saved + assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'requestTokenNotSaved')); + }) + + it('token missmatch - throw error', function(){ // Check that received request_token + // is same as the one that is sent + at.winLoc = pageUrl + session_data + request_token + verifier; // Set current location (url) + window.localStorage.requestToken_ = 'NotSameAsTheOneReceived'; // Make saved request_token different + assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'tokenMissmatch')); + }) + + it('request token not set', function(){ // property is there but has no value + at.winLoc = session_data + request_token + verifier; // set current location (url) + window.localStorage.requestToken_ = ''; // make token fresh + assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'requestTokenNotSet')); + }) + + + + + describe('session data', function(){ + + it('session data not found - log warning on console', function(){ + at.winLoc = pageUrl + '?' + request_token.substring(1) + verifier; // leave out session data + window.localStorage.requestToken_ = request_token; // make token fresh + at.redirectionUrlParsed = false; // parse again + assert.doesNotThrow(at.getSessionData.bind(at), undefined); + }) + + }) + + describe('spa apps warning', function(){ + + it('Authorization data not found in url - throw error', function(){ + at.winLoc = ''; // simulate no authorization data (request token + // and verifier) + assert.throws(at.setAuthorizedTokens.bind(at), errorValidation.bind(null, 'spaWarning')); + }) + + }) + }) + })