Merge 053346f into 8e957c0

npm · Dec 12, 2016 · 0fd6ca4 · 0fd6ca4
2 parents 8e957c0 + 053346f
commit 0fd6ca4
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/lib/authorizer.js b/lib/authorizer.js
@@ -18,6 +18,9 @@ AuthorizerOAuth2.prototype.authorize = AuthorizerOAuth2.prototype.whoami = funct
     if (err) return cb(err)
     else if (!user.accessToken) return _this.session.oauthURL(cb, token)
     else {
+      // since this plugin manages its own caching, let the upstream service
+      // know that it should not cache results itself
+      user.cacheAllowed = false
       // we hold a lock in redis for a few minutes, to prevent
       // a thundering herd of auth requests.
       _this.session.checkLock(token, function (locked) {

diff --git a/test/authorizer.js b/test/authorizer.js
@@ -103,6 +103,57 @@ tap.test('it returns error with login url if SSO dance is not complete', functio
   })
 })
 
+tap.test('it indicates that upstream caching is not allowed with OAuth-verified response', t => {
+  var authorizer = new Authorizer()
+  var profile = nock('https://api.github.com')
+    .get('/user')
+    .reply(200)
+
+  session.unlock('ben@example.com-abc123')
+
+  session.set('ben@example.com-abc123', userComplete, function (err) {
+    t.equal(err, null)
+    authorizer.authorize({
+      headers: {
+        authorization: 'Bearer ben@example.com-abc123'
+      }
+    }, function (err, user) {
+      authorizer.end()
+      session.unlock('ben@example.com-abc123')
+      session.delete('ben@example.com-abc123')
+
+      profile.done()
+      t.equal(err, null)
+      t.equal(user.email, 'ben@example.com')
+      t.equal(user.cacheAllowed, false)
+      t.end()
+    })
+  })
+})
+
+tap.test('it indicates that upstream caching is not allowed with cached response', t => {
+  var authorizer = new Authorizer()
+
+  session.lock('ben@example.com-abc123')
+  session.set('ben@example.com-abc123', userComplete, function (err) {
+    t.equal(err, null)
+    authorizer.authorize({
+      headers: {
+        authorization: 'Bearer ben@example.com-abc123'
+      }
+    }, function (err, user) {
+      authorizer.end()
+      session.delete('ben@example.com-abc123')
+      session.unlock('ben@example.com-abc123')
+
+      t.equal(err, null)
+      t.equal(user.email, 'ben@example.com')
+      t.equal(user.cacheAllowed, false)
+      t.end()
+    })
+  })
+})
+
 tap.test('after', function (t) {
   session.end(true)
   t.end()