Merge pull request #282 from mozilla/issue_202

Accept and ignore client_secret param in /destroy, fixes #202
mozilla · Jun 30, 2015 · e70e564 · e70e564
2 parents 0fc777e + 25a4d30
commit e70e564
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 2 deletions.
diff --git a/lib/routes/destroy.js b/lib/routes/destroy.js
@@ -16,7 +16,8 @@ module.exports = {
       token: Joi.string()
         .length(config.get('unique.token') * 2) // hex = bytes*2
         .regex(validators.HEX_STRING)
-        .required()
+        .required(),
+      client_secret: Joi.string().allow('')
     }
   },
   handler: function destroyToken(req, reply) {

diff --git a/test/api.js b/test/api.js
@@ -1442,6 +1442,31 @@ describe('/v1', function() {
         });
       });
     });
+    it('should accept client_secret', function() {
+      return newToken().then(function(res) {
+        return Server.api.post({
+          url: '/destroy',
+          payload: {
+            token: res.result.access_token,
+            client_secret: 'foo'
+          }
+        });
+      }).then(function(res) {
+        assert.equal(res.statusCode, 200);
+      });
+    });
+    it('should accept empty client_secret', function() {
+      return newToken().then(function(res) {
+        return Server.api.post({
+          url: '/destroy',
+          payload: {
+            token: res.result.access_token,
+            client_secret: ''
+          }
+        });
+      }).then(function(res) {
+        assert.equal(res.statusCode, 200);
+      });
+    });
   });
-
 });