Skip to content

Commit

Permalink
renamed setting // updated doc // allow runtime params on oauth1
Browse files Browse the repository at this point in the history
  • Loading branch information
@AdriVanHoudt
AdriVanHoudt committed Aug 22, 2015
1 parent 7eb93fe commit f2d6092
Show file tree
Hide file tree
Showing 4 changed files with 91 additions and 4 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ Each strategy accepts the following optional settings:
- Facebook supports `display` ('page', 'popup', or 'touch'), `auth_type`, `auth_nonce`.
- Google supports `access_type`, `approval_prompt`, `prompt`, `login_hint`, `user_id`, `hd`.
- Twitter supports `force_login`, `screen_name`.
- `allowRuntimeQueryParams` - allows passing query parameters to the auth request by adding them to the first call to the endpoint. It will merge the query params you pass along with the predefined ones. Be aware that this will override predefined query params! Defaults to `false`.
- `allowRuntimeProviderParams` - allows passing query parameters from a **bell** protected endpoint to the auth request. It will merge the query params you pass along with the providerParams and any other predefined ones. Be aware that this will override predefined query parameters! Default to `false`.
- `scope` - Each built-in vendor comes with the required scope for basic profile information. Use `scope` to specify a different scope
as required by your application. Consult the provider for their specific supported scopes.
- `config` - a configuration object used to customize the provider settings. The built-in `'twitter'` provider accepts the `extendedProfile`
Expand Down
2 changes: 1 addition & 1 deletion lib/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ internals.schema = Joi.object({
ttl: Joi.number(),
domain: Joi.string().allow(null),
providerParams: Joi.object(),
allowRuntimeQueryParams: Joi.boolean().default(false),
allowRuntimeProviderParams: Joi.boolean().default(false),
scope: Joi.array().items(Joi.string()).when('provider.protocol', { is: 'oauth2', otherwise: Joi.forbidden() }),
name: Joi.string().required(),
config: Joi.object(),
Expand Down
6 changes: 5 additions & 1 deletion lib/oauth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@ exports.v1 = function (settings) {
var authQuery = settings.providerParams ? Hoek.clone(settings.providerParams) : {};
authQuery.oauth_token = payload.oauth_token;

if (settings.allowRuntimeProviderParams ) {
Hoek.merge(authQuery, request.query);
}

return reply.redirect(settings.provider.auth + '?' + internals.queryString(authQuery));
});
}
Expand Down Expand Up @@ -148,7 +152,7 @@ exports.v2 = function (settings) {
var nonce = Cryptiles.randomString(22);
query = Hoek.clone(settings.providerParams) || {};

if (settings.allowRuntimeQueryParams) {
if (settings.allowRuntimeProviderParams ) {
Hoek.merge(query, request.query);
}

Expand Down
85 changes: 84 additions & 1 deletion test/oauth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,89 @@ describe('Bell', function () {
});
});

it('does not pass on runtime query params by default', function (done) {

var mock = new Mock.V1();
mock.start(function (provider) {

var server = new Hapi.Server();
server.connection({ host: 'localhost', port: 80 });
server.register(Bell, function (err) {

expect(err).to.not.exist();

server.auth.strategy('custom', 'bell', {
password: 'password',
isSecure: false,
clientId: 'test',
clientSecret: 'secret',
provider: provider
});

server.route({
method: '*',
path: '/login',
config: {
auth: 'custom',
handler: function (request, reply) {

reply(request.auth.credentials);
}
}
});

server.inject('/login?runtime=true', function (res) {

expect(res.headers.location).to.equal(mock.uri + '/auth?oauth_token=1');

mock.stop(done);
});
});
});
});

it('passes on runtime query params with allowRuntimeProviderParams', function (done) {

var mock = new Mock.V1();
mock.start(function (provider) {

var server = new Hapi.Server();
server.connection({ host: 'localhost', port: 80 });
server.register(Bell, function (err) {

expect(err).to.not.exist();

server.auth.strategy('custom', 'bell', {
password: 'password',
isSecure: false,
clientId: 'test',
clientSecret: 'secret',
provider: provider,
allowRuntimeProviderParams: true
});

server.route({
method: '*',
path: '/login',
config: {
auth: 'custom',
handler: function (request, reply) {

reply(request.auth.credentials);
}
}
});

server.inject('/login?runtime=true', function (res) {

expect(res.headers.location).to.equal(mock.uri + '/auth?oauth_token=1&runtime=true');

mock.stop(done);
});
});
});
});

it('authenticates an endpoint via oauth with auth provider parameters', function (done) {

var mock = new Mock.V1();
Expand Down Expand Up @@ -868,7 +951,7 @@ describe('Bell', function () {
clientSecret: 'secret',
provider: provider,
providerParams: { special: true },
allowRuntimeQueryParams: true
allowRuntimeProviderParams: true
});

server.route({
Expand Down

0 comments on commit f2d6092

Please sign in to comment.