Skip to content
This repository has been archived by the owner on Apr 3, 2019. It is now read-only.

Commit

Permalink
Merge pull request #601 from mozilla/key-data-missing-scopes
Browse files Browse the repository at this point in the history 
fix(key-data): Correctly handle non-existent scopes when finding key data
  • Loading branch information
@vladikoff
vladikoff committed Sep 14, 2018
2 parents 91313f1 + 34d9493 commit fc939d9
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 3 deletions.
2 changes: 1 addition & 1 deletion lib/routes/key_data.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ module.exports = {
const allowedScopes = ScopeSet.fromString(client.allowedScopes);
const scopeLookups = requestedScopes.filtered(allowedScopes).getScopeValues().map(s => db.getScope(s));
return P.all(scopeLookups).then((result) => {
return result.filter((s) => !! s.hasScopedKeys);
return result.filter((s) => !! (s && s.hasScopedKeys));
});
} else {
logger.debug('keyDataRoute.clientNotFound', { id: req.payload.client_id });
Expand Down
15 changes: 13 additions & 2 deletions test/api.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2642,7 +2642,7 @@ describe('/v1', function() {
.then((res) => {
assert.equal(res.statusCode, 200);
assertSecurityHeaders(res);
assert.equal(Object.keys(res.result).length, 2, 'only one scope returned');
assert.equal(Object.keys(res.result).length, 2, 'two scopes returned');

const keyOne = res.result[SCOPE_CAN_SCOPE_KEY];
const keyTwo = res.result[ANOTHER_CAN_SCOPE_KEY];
Expand Down Expand Up @@ -2670,7 +2670,7 @@ describe('/v1', function() {
});
});

it('fails with a non-scoped-key scope ', () => {
it('succeeds with a non-scoped-key scope', () => {
genericRequest.payload.scope = 'https://identity.mozilla.com/apps/sample-scope';
mockAssertion().reply(200, VERIFY_GOOD);
return Server.api.post(genericRequest)
Expand All @@ -2681,6 +2681,17 @@ describe('/v1', function() {
});
});

it('succeeds with scopes that arent explicitly defined in config', () => {
genericRequest.payload.scope += ' kv';
mockAssertion().reply(200, VERIFY_GOOD);
return Server.api.post(genericRequest)
.then((res) => {
assert.equal(res.statusCode, 200);
assertSecurityHeaders(res);
assert.deepEqual(Object.keys(res.result), [SCOPE_CAN_SCOPE_KEY], 'undefined scope is ignored');
});
});

it('fails with bad assertion', () => {
return Server.api.post(genericRequest)
.then((res) => {
Expand Down

0 comments on commit fc939d9

Please sign in to comment.