From 82335ce476e299e22cd6cdc20ce553173846b61b Mon Sep 17 00:00:00 2001 From: Jared Hanson Date: Wed, 18 May 2016 13:11:12 -0700 Subject: [PATCH] Clarify code grant test cases. --- lib/grant/code.js | 3 +- test/grant/code.test.js | 76 ++++++++++++++++++++++++++++++++++------- 2 files changed, 64 insertions(+), 15 deletions(-) diff --git a/lib/grant/code.js b/lib/grant/code.js index e54071b2..1ca49d1f 100644 --- a/lib/grant/code.js +++ b/lib/grant/code.js @@ -94,9 +94,8 @@ module.exports = function code(options, issue) { if (!clientID) { throw new AuthorizationError('Missing required parameter: client_id', 'invalid_request'); } if (scope) { - if (typeof scope !== 'string') { - throw new AuthorizationError('scope parameter must be a string', 'invalid_request'); + throw new AuthorizationError('Invalid parameter: scope must be a string', 'invalid_request'); } for (var i = 0, len = separators.length; i < len; i++) { diff --git a/test/grant/code.test.js b/test/grant/code.test.js index b5e57a24..8c88b64a 100644 --- a/test/grant/code.test.js +++ b/test/grant/code.test.js @@ -283,7 +283,7 @@ describe('grant.code', function() { it('should error', function() { expect(err).to.be.an.instanceOf(Error); expect(err.constructor.name).to.equal('AuthorizationError'); - expect(err.message).to.equal('scope parameter must be a string'); + expect(err.message).to.equal('Invalid parameter: scope must be a string'); expect(err.code).to.equal('invalid_request'); }); }); @@ -305,6 +305,14 @@ describe('grant.code', function() { var response; before(function(done) { + function issue(client, redirectURI, user, done) { + if (client.id !== 'c123') { return done(new Error('incorrect client argument')); } + if (redirectURI !== 'http://example.com/auth/callback') { return done(new Error('incorrect redirectURI argument')); } + if (user.id !== 'u123') { return done(new Error('incorrect user argument')); } + + return done(null, 'xyz'); + } + chai.oauth2orize.grant(code(issue)) .txn(function(txn) { txn.client = { id: 'c123', name: 'Example' }; @@ -332,6 +340,14 @@ describe('grant.code', function() { var response; before(function(done) { + function issue(client, redirectURI, user, done) { + if (client.id !== 'c123') { return done(new Error('incorrect client argument')); } + if (redirectURI !== 'http://example.com/auth/callback') { return done(new Error('incorrect redirectURI argument')); } + if (user.id !== 'u123') { return done(new Error('incorrect user argument')); } + + return done(null, 'xyz'); + } + chai.oauth2orize.grant(code(issue)) .txn(function(txn) { txn.client = { id: 'c123', name: 'Example' }; @@ -360,6 +376,14 @@ describe('grant.code', function() { var response; before(function(done) { + function issue(client, redirectURI, user, done) { + if (client.id !== 'c123') { return done(new Error('incorrect client argument')); } + if (redirectURI !== 'http://example.com/auth/callback') { return done(new Error('incorrect redirectURI argument')); } + if (user.id !== 'u123') { return done(new Error('incorrect user argument')); } + + return done(null, 'xyz'); + } + chai.oauth2orize.grant(code(issue)) .txn(function(txn) { txn.client = { id: 'c123', name: 'Example' }; @@ -387,6 +411,14 @@ describe('grant.code', function() { var response; before(function(done) { + function issue(client, redirectURI, user, done) { + if (client.id !== 'c123') { return done(new Error('incorrect client argument')); } + if (redirectURI !== 'http://example.com/auth/callback') { return done(new Error('incorrect redirectURI argument')); } + if (user.id !== 'u123') { return done(new Error('incorrect user argument')); } + + return done(null, 'xyz'); + } + chai.oauth2orize.grant(code(issue)) .txn(function(txn) { txn.client = { id: 'c123', name: 'Example' }; @@ -415,6 +447,10 @@ describe('grant.code', function() { var err; before(function(done) { + function issue(client, redirectURI, user, done) { + return done(null, false); + } + chai.oauth2orize.grant(code(issue)) .txn(function(txn) { txn.client = { id: 'cUNAUTHZ', name: 'Example' }; @@ -445,6 +481,10 @@ describe('grant.code', function() { var err; before(function(done) { + function issue(client, redirectURI, user, done) { + return done(new Error('something went wrong')); + } + chai.oauth2orize.grant(code(issue)) .txn(function(txn) { txn.client = { id: 'cERROR', name: 'Example' }; @@ -472,6 +512,10 @@ describe('grant.code', function() { var err; before(function(done) { + function issue(client, redirectURI, user, done) { + throw new Error('something was thrown'); + } + chai.oauth2orize.grant(code(issue)) .txn(function(txn) { txn.client = { id: 'cTHROW', name: 'Example' }; @@ -499,6 +543,10 @@ describe('grant.code', function() { var err; before(function(done) { + function issue(client, redirectURI, user, done) { + return done(null, 'xyz'); + } + chai.oauth2orize.grant(code(issue)) .txn(function(txn) { txn.client = { id: 'c123', name: 'Example' }; @@ -524,10 +572,12 @@ describe('grant.code', function() { describe('decision handling with user response', function() { function issue(client, redirectURI, user, ares, done) { - if (client.id == 'c123' && redirectURI == 'http://example.com/auth/callback' && user.id == 'u123' && ares.scope == 'foo') { - return done(null, 'xyz'); - } - return done(new Error('something went wrong')); + if (client.id !== 'c123') { return done(new Error('incorrect client argument')); } + if (redirectURI !== 'http://example.com/auth/callback') { return done(new Error('incorrect redirectURI argument')); } + if (user.id !== 'u123') { return done(new Error('incorrect user argument')); } + if (ares.scope !== 'foo') { return done(new Error('incorrect ares argument')); } + + return done(null, 'xyz'); } describe('transaction with response scope', function() { @@ -560,10 +610,13 @@ describe('grant.code', function() { describe('decision handling with user response and client request', function() { function issue(client, redirectURI, user, ares, areq, done) { - if (client.id == 'c123' && redirectURI == 'http://example.com/auth/callback' && user.id == 'u123' && ares.scope == 'foo' && areq.codeChallenge == 'hashed-s3cr1t') { - return done(null, 'xyz'); - } - return done(new Error('something went wrong')); + if (client.id !== 'c123') { return done(new Error('incorrect client argument')); } + if (redirectURI !== 'http://example.com/auth/callback') { return done(new Error('incorrect redirectURI argument')); } + if (user.id !== 'u123') { return done(new Error('incorrect user argument')); } + if (ares.scope !== 'foo') { return done(new Error('incorrect ares argument')); } + if (areq.codeChallenge !== 'hashed-s3cr1t') { return done(new Error('incorrect areq argument')); } + + return done(null, 'xyz'); } describe('transaction with response scope', function() { @@ -597,10 +650,7 @@ describe('grant.code', function() { describe('decision handling with response mode', function() { function issue(client, redirectURI, user, done) { - if (client.id == 'c123' && redirectURI == 'http://example.com/auth/callback' && user.id == 'u123') { - return done(null, 'xyz'); - } - return done(new Error('something went wrong')); + return done(null, 'xyz'); } var fooResponseMode = function(txn, res, params) {