Update GitHubProvider to send token via header (#576)

mohiva · Feb 10, 2020 · 2c94117 · 2c94117
1 parent 48a8501
commit 2c94117
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 20 deletions.
diff --git a/silhouette/app/com/mohiva/play/silhouette/impl/providers/oauth2/GitHubProvider.scala b/silhouette/app/com/mohiva/play/silhouette/impl/providers/oauth2/GitHubProvider.scala
@@ -68,16 +68,17 @@ trait BaseGitHubProvider extends OAuth2Provider {
    * @return On success the build social profile, otherwise a failure.
    */
   override protected def buildProfile(authInfo: OAuth2Info): Future[Profile] = {
-    httpLayer.url(urls("api").format(authInfo.accessToken)).get().flatMap { response =>
-      val json = response.json
-      (json \ "message").asOpt[String] match {
-        case Some(msg) =>
-          val docURL = (json \ "documentation_url").asOpt[String]
-
-          throw new ProfileRetrievalException(SpecifiedProfileError.format(id, msg, docURL))
-        case _ => profileParser.parse(json, authInfo)
+    httpLayer.url(urls("api")).withHttpHeaders(HeaderNames.AUTHORIZATION -> s"Bearer ${authInfo.accessToken}").get()
+      .flatMap { response =>
+        val json = response.json
+        (json \ "message").asOpt[String] match {
+          case Some(msg) =>
+            val docURL = (json \ "documentation_url").asOpt[String]
+            throw new ProfileRetrievalException(SpecifiedProfileError.format(id, msg, docURL))
+
+          case _ => profileParser.parse(json, authInfo)
+        }
       }
-    }
   }
 }
 
@@ -153,5 +154,5 @@ object GitHubProvider {
    * The GitHub constants.
    */
   val ID = "github"
-  val API = "https://api.github.com/user?access_token=%s"
+  val API = "https://api.github.com/user"
 }
diff --git a/silhouette/test/com/mohiva/play/silhouette/impl/providers/oauth2/GitHubProviderSpec.scala b/silhouette/test/com/mohiva/play/silhouette/impl/providers/oauth2/GitHubProviderSpec.scala
@@ -116,14 +116,16 @@ class GitHubProviderSpec extends OAuth2ProviderSpec {
 
   "The `retrieveProfile` method" should {
     "fail with ProfileRetrievalException if API returns error" in new WithApplication with Context {
+      val authInfo = oAuthInfo.as[OAuth2Info]
       val wsRequest = mock[MockWSRequest]
       val wsResponse = mock[MockWSRequest#Response]
       wsResponse.status returns 400
+      wsRequest.withHttpHeaders(AUTHORIZATION -> s"Bearer ${authInfo.accessToken}") returns wsRequest
       wsResponse.json returns Helper.loadJson("providers/oauth2/github.error.json")
       wsRequest.get() returns Future.successful(wsResponse)
-      httpLayer.url(API.format("my.access.token")) returns wsRequest
+      httpLayer.url(API) returns wsRequest
 
-      failed[ProfileRetrievalException](provider.retrieveProfile(oAuthInfo.as[OAuth2Info])) {
+      failed[ProfileRetrievalException](provider.retrieveProfile(authInfo)) {
         case e => e.getMessage must equalTo(SpecifiedProfileError.format(
           provider.id,
           "Bad credentials",
@@ -132,42 +134,48 @@ class GitHubProviderSpec extends OAuth2ProviderSpec {
     }
 
     "fail with ProfileRetrievalException if an unexpected error occurred" in new WithApplication with Context {
+      val authInfo = oAuthInfo.as[OAuth2Info]
       val wsRequest = mock[MockWSRequest]
       val wsResponse = mock[MockWSRequest#Response]
       wsResponse.status returns 500
+      wsRequest.withHttpHeaders(AUTHORIZATION -> s"Bearer ${authInfo.accessToken}") returns wsRequest
       wsResponse.json throws new RuntimeException("")
       wsRequest.get() returns Future.successful(wsResponse)
-      httpLayer.url(API.format("my.access.token")) returns wsRequest
+      httpLayer.url(API) returns wsRequest
 
-      failed[ProfileRetrievalException](provider.retrieveProfile(oAuthInfo.as[OAuth2Info])) {
+      failed[ProfileRetrievalException](provider.retrieveProfile(authInfo)) {
         case e => e.getMessage must equalTo(UnspecifiedProfileError.format(provider.id))
       }
     }
 
     "use the overridden API URL" in new WithApplication with Context {
-      val url = "https://custom.api.url?access_token=%s"
+      val url = "https://custom.api.url"
+      val authInfo = oAuthInfo.as[OAuth2Info]
       val wsRequest = mock[MockWSRequest]
       val wsResponse = mock[MockWSRequest#Response]
       oAuthSettings.apiURL returns Some(url)
       wsResponse.status returns 200
       wsResponse.json returns Helper.loadJson("providers/oauth2/github.success.json")
+      wsRequest.withHttpHeaders(AUTHORIZATION -> s"Bearer ${authInfo.accessToken}") returns wsRequest
       wsRequest.get() returns Future.successful(wsResponse)
-      httpLayer.url(url.format("my.access.token")) returns wsRequest
+      httpLayer.url(url) returns wsRequest
 
-      await(provider.retrieveProfile(oAuthInfo.as[OAuth2Info]))
+      await(provider.retrieveProfile(authInfo))
 
-      there was one(httpLayer).url(url.format("my.access.token"))
+      there was one(httpLayer).url(url)
     }
 
     "return the social profile" in new WithApplication with Context {
+      val authInfo = oAuthInfo.as[OAuth2Info]
       val wsRequest = mock[MockWSRequest]
       val wsResponse = mock[MockWSRequest#Response]
       wsResponse.status returns 200
       wsResponse.json returns Helper.loadJson("providers/oauth2/github.success.json")
+      wsRequest.withHttpHeaders(AUTHORIZATION -> s"Bearer ${authInfo.accessToken}") returns wsRequest
       wsRequest.get() returns Future.successful(wsResponse)
-      httpLayer.url(API.format("my.access.token")) returns wsRequest
+      httpLayer.url(API) returns wsRequest
 
-      profile(provider.retrieveProfile(oAuthInfo.as[OAuth2Info])) { p =>
+      profile(provider.retrieveProfile(authInfo)) { p =>
         p must be equalTo CommonSocialProfile(
           loginInfo = LoginInfo(provider.id, "1"),
           fullName = Some("Apollonia Vanova"),