Permalink
Browse files

Implement ignoreVersion option.

  • Loading branch information...
1 parent 5636296 commit 2125bae266c022be5dc2459a7ef3711383d9a8bb @jaredhanson committed Jul 29, 2012
@@ -122,8 +122,9 @@ function ConsumerStrategy(options, consumer, token, validate) {
this._consumer = consumer;
this._token = token;
this._validate = validate;
- this._realm = options.realm || 'Clients';
this._host = options.host || null;
+ this._realm = options.realm || 'Clients';
+ this._ignoreVersion = options.ignoreVersion || false;
}
/**
@@ -191,7 +192,7 @@ ConsumerStrategy.prototype.authenticate = function(req) {
, verifier = params['oauth_verifier']
, version = params['oauth_version']
- if (version && version !== '1.0') {
+ if (version && version !== '1.0' && !this._ignoreVersion) {
return this.fail(this._challenge('version_rejected'), 400);
}
@@ -114,8 +114,9 @@ function TokenStrategy(options, consumer, verify, validate) {
this._consumer = consumer;
this._verify = verify;
this._validate = validate;
- this._realm = options.realm || 'Users';
this._host = options.host || null;
+ this._realm = options.realm || 'Users';
+ this._ignoreVersion = options.ignoreVersion || false;
}
/**
@@ -182,7 +183,7 @@ TokenStrategy.prototype.authenticate = function(req) {
, nonce = params['oauth_nonce']
, version = params['oauth_version']
- if (version && version !== '1.0') {
+ if (version && version !== '1.0' && !this._ignoreVersion) {
return this.fail(this._challenge('version_rejected'), 400);
}
@@ -137,6 +137,67 @@ vows.describe('ConsumerStrategy').addBatch({
},
},
+ 'strategy handling a valid request without a request token placing credentials in header using 1.0A version': {
+ topic: function() {
+ var strategy = new ConsumerStrategy(
+ { ignoreVersion: true },
+ // consumer callback
+ function(consumerKey, done) {
+ if (consumerKey == 'abc123') {
+ done(null, { id: '1' }, 'ssh-secret');
+ } else {
+ done(new Error('something is wrong'))
+ }
+ },
+ // token callback
+ function(requestToken, done) {
+ done(new Error('token callback should not be called'));
+ }
+ );
+ return strategy;
+ },
+
+ 'after augmenting with actions': {
+ topic: function(strategy) {
+ var self = this;
+ var req = {};
+ strategy.success = function(user, info) {
+ self.callback(null, user, info);
+ }
+ strategy.fail = function(challenge, status) {
+ self.callback(new Error('should not be called'));
+ }
+ strategy.error = function(err) {
+ self.callback(new Error('should not be called'));
+ }
+
+ req.url = '/oauth/request_token';
+ req.method = 'POST';
+ req.headers = {};
+ req.headers['host'] = '127.0.0.1:3000';
+ req.headers['authorization'] = 'OAuth oauth_callback="http%3A%2F%2Fmacbook-air.local.jaredhanson.net%3A3001%2Foauth%2Fcallback",oauth_consumer_key="abc123",oauth_nonce="fNyKdt8ZTgTVdEABtUMFzcXRxF4a230q",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1341176111",oauth_version="1.0A",oauth_signature="VfpGYYsNM4Ih0Lt7JsIbJz6%2FJM4%3D"';
+ req.query = url.parse(req.url, true).query;
+ req.connection = { encrypted: false };
+ process.nextTick(function () {
+ strategy.authenticate(req);
+ });
+ },
+
+ 'should not generate an error' : function(err, user, info) {
+ assert.isNull(err);
+ },
+ 'should authenticate' : function(err, user, info) {
+ assert.equal(user.id, '1');
+ },
+ 'should set scheme to OAuth' : function(err, user, info) {
+ assert.equal(info.scheme, 'OAuth');
+ },
+ 'should set callbackURL' : function(err, user, info) {
+ assert.equal(info.oauth.callbackURL, 'http://macbook-air.local.jaredhanson.net:3001/oauth/callback');
+ },
+ },
+ },
+
'strategy handling a valid request without a request token using host option instead of host header': {
topic: function() {
var strategy = new ConsumerStrategy(
@@ -147,6 +147,72 @@ vows.describe('TokenStrategy').addBatch({
},
},
+ 'strategy handling a valid request with credentials in header using 1.0A version': {
+ topic: function() {
+ var strategy = new TokenStrategy(
+ { ignoreVersion: true },
+ // consumer callback
+ function(consumerKey, done) {
+ if (consumerKey == '1234') {
+ done(null, { id: '1' }, 'keep-this-secret');
+ } else {
+ done(new Error('something is wrong'))
+ }
+ },
+ // verify callback
+ function(accessToken, done) {
+ if (accessToken == 'abc-123-xyz-789') {
+ done(null, { username: 'bob' }, 'lips-zipped');
+ } else {
+ done(new Error('something is wrong'))
+ }
+ }
+ );
+ return strategy;
+ },
+
+ 'after augmenting with actions': {
+ topic: function(strategy) {
+ var self = this;
+ var req = {};
+ strategy.success = function(user, info) {
+ self.callback(null, user, info);
+ }
+ strategy.fail = function(challenge, status) {
+ self.callback(new Error('should not be called'));
+ }
+ strategy.error = function(err) {
+ self.callback(new Error('should not be called'));
+ }
+
+ req.url = '/1/users/show.json?screen_name=jaredhanson&user_id=1705';
+ req.method = 'GET';
+ req.headers = {};
+ req.headers['host'] = '127.0.0.1:3000';
+ req.headers['authorization'] = 'OAuth oauth_consumer_key="1234",oauth_nonce="A7E738D9A9684A60A40607017735ADAD",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1339004912",oauth_token="abc-123-xyz-789",oauth_version="1.0A",oauth_signature="W%2BppR%2BZyXT5UgrLV%2FTQnmlVSjZI%3D"';
+ req.query = url.parse(req.url, true).query;
+ req.connection = { encrypted: false };
+ process.nextTick(function () {
+ strategy.authenticate(req);
+ });
+ },
+
+ 'should not generate an error' : function(err, user, info) {
+ assert.isNull(err);
+ },
+ 'should authenticate' : function(err, user, info) {
+ assert.equal(user.username, 'bob');
+ },
+ 'should set scheme to OAuth' : function(err, user, info) {
+ assert.equal(info.scheme, 'OAuth');
+ },
+ 'should set consumer' : function(err, user, info) {
+ assert.equal(info.consumer.id, '1');
+ assert.strictEqual(info.client, info.consumer);
+ },
+ },
+ },
+
'strategy handling a valid request using host option instead of host header': {
topic: function() {
var strategy = new TokenStrategy(

0 comments on commit 2125bae

Please sign in to comment.