Showing with 28 additions and 22 deletions.

+7 −1 lib/db/mysql/schema.sql

+10 −5 lib/routes/key_data.js

+11 −16 test/db/index.js
diff --git a/lib/db/mysql/schema.sql b/lib/db/mysql/schema.sql
@@ -16,7 +16,8 @@ CREATE TABLE IF NOT EXISTS clients (
   redirectUri VARCHAR(256) NOT NULL,
   canGrant BOOLEAN DEFAULT FALSE,
   createdAt TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  trusted BOOLEAN DEFAULT FALSE
+  trusted BOOLEAN DEFAULT FALSE,
+  allowedScopes VARCHAR(1024)
 ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_unicode_ci;
 
 CREATE TABLE IF NOT EXISTS codes (
@@ -76,3 +77,8 @@ CREATE TABLE IF NOT EXISTS refreshTokens (
   createdAt TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
   lastUsedAt TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
 ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_unicode_ci;
+
+CREATE TABLE scopes (
+  scope VARCHAR(128) NOT NULL PRIMARY KEY,
+  hasScopedKeys BOOLEAN NOT NULL DEFAULT FALSE
+) ENGINE=InnoDB;
diff --git a/lib/routes/key_data.js b/lib/routes/key_data.js
@@ -12,6 +12,10 @@ const validators = require('../validators');
 const verify = require('../browserid');
 const Scope = require('../scope');
 
+/**
+ * We're using a static value for key material on purpose, in future this value can read from the DB.
+ * @type {String}
+ */
 const ADDITIONAL_KEY_MATERIAL = Buffer.alloc(32).toString('hex');
 
 module.exports = {
@@ -39,19 +43,20 @@ module.exports = {
       payload: req.payload
     });
 
-    const requestedScopes = new Set(Scope(req.payload.scope).values());
+    const requestedScopes = Scope(req.payload.scope);
     const requestedClientId = req.params.client_id;
 
     P.all([
       verify(req.payload.assertion),
       db.getClient(Buffer.from(requestedClientId, 'hex')).then((client) => {
         if (client) {
-          const allowedScopes = new Set(Scope(client.allowedScopes || []).values());
           // find all requested scopes in allowed scopes
-          const scopes = new Set([...allowedScopes].filter((x) => requestedScopes.has(x)));
           const scopeRequests = [];
-          scopes.forEach((s) => {
-            scopeRequests.push(db.getScope(s));
+          const allowedScopes = Scope(client.allowedScopes);
+          requestedScopes.values().forEach((s) => {
+            if (allowedScopes.has(s)) {
+              scopeRequests.push(db.getScope(s));
+            }
           });
 
           return P.all(scopeRequests).then((result) => {

diff --git a/test/db/index.js b/test/db/index.js
@@ -569,27 +569,22 @@ describe('db', function() {
   describe('scopes', function () {
 
     it('can register and fetch scopes', () => {
-      const scopeName = 'https://some-scope.mozilla.org';
+      const scopeName = 'https://some-scope.mozilla.org/apps/' + Math.random();
+      const notFoundScope = 'https://some-scope-404.mozilla.org';
       const newScope = {
         scope: scopeName,
         hasScopedKeys: true
       };
       return db.registerScope(newScope)
-        .then(
-          function() {
-            return db.getScope(scopeName);
-          },
-          function(err) {
-            assert.fail(err);
-          }
-        ).then(
-          function(result) {
-            assert.deepEqual(newScope, result);
-          },
-          function(err) {
-            assert.fail(err);
-          }
-        );
+        .then(() => {
+          return db.getScope(notFoundScope);
+        })
+        .then((notFoundScope) => {
+          assert.equal(notFoundScope, undefined);
+          return db.getScope(scopeName);
+        }).then((result) => {
+          assert.deepEqual(newScope, result);
+        });
     });
 
   });