From ac324ea08930accf5435f02d0c6dbd603843af3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20H=C3=B8egh?= Date: Thu, 12 Nov 2015 13:13:20 +0100 Subject: [PATCH 1/4] Less manipulation on generated auth URLs so no-SSL and subdomains are possible --- lib/auth.js | 13 +++---------- test/auth.spec.js | 28 +++++++++------------------- 2 files changed, 12 insertions(+), 29 deletions(-) diff --git a/lib/auth.js b/lib/auth.js index bf69b40..aed950e 100644 --- a/lib/auth.js +++ b/lib/auth.js @@ -67,11 +67,7 @@ module.exports = { throw new Error('Authorization URLs are not supported for password authentication'); } - return new URI({ - protocol: 'https', - hostname: this._getUtils()._getDomain(this.apiURL), - path: AUTH_PATH - }).setQuery(query).toString(); + return new URI(this.apiURL).path(AUTH_PATH).query(query).toString(); }, authenticateWithCredentialsForOffering: function(username, password, offeringId, callback) { @@ -206,11 +202,8 @@ module.exports = { }, _authenticate: function(requestData, callback) { - var url = new URI({ - protocol: 'https', - hostname: this._getUtils()._getDomain(this.apiURL), - path: TOKEN_PATH - }).toString(); + + var url = new URI(this.apiURL).path(TOKEN_PATH).toString(); _.extend(requestData, { client_id: this.clientId, diff --git a/test/auth.spec.js b/test/auth.spec.js index 35c9aa3..c3c18da 100644 --- a/test/auth.spec.js +++ b/test/auth.spec.js @@ -131,39 +131,33 @@ describe('auth', function() { it('should return the correct authorization URL for the client auth', function() { var redirectURL = 'https://www.myapp.com/oauth'; - var utils = { - _getDomain: sinon.stub().returns('podio.com') - }; var host = { - _getUtils: sinon.stub().returns(utils), + apiURL: 'https://podio.com', authType: 'client', clientId: 123 }; + var expectedURL = 'https://podio.com/oauth/authorize?client_id=123&redirect_uri=https%3A%2F%2Fwww.myapp.com%2Foauth&response_type=token'; - - expect(auth.getAuthorizationURL.call(host, redirectURL)).toEqual(expectedURL); - expect(utils._getDomain.calledOnce).toBe(true); + + expect(auth.getAuthorizationURL.call(host, redirectURL)).toBe(expectedURL); }); it('should return the correct authorization URL for the server auth', function() { var redirectURL = 'https://www.myapp.com/oauth'; - var utils = { - _getDomain: sinon.stub().returns('podio.com') - }; + var host = { - _getUtils: sinon.stub().returns(utils), + apiURL: 'https://podio.com', authType: 'server', clientId: 123 }; var expectedURL = 'https://podio.com/oauth/authorize?client_id=123&redirect_uri=https%3A%2F%2Fwww.myapp.com%2Foauth&response_type=code'; - expect(auth.getAuthorizationURL.call(host, redirectURL)).toEqual(expectedURL); + expect(auth.getAuthorizationURL.call(host, redirectURL)).toBe(expectedURL); }); it('should throw an error when retrieving an auth URL for password auth', function() { var redirectURL = 'https://www.myapp.com/oauth'; var host = { - utils: { _getDomain: sinon.stub().returns('podio.com') }, authType: 'password', clientId: 123 }; @@ -437,11 +431,8 @@ describe('auth', function() { describe('_authenticate', function() { it('should construct the request data and url correctly', function() { - var utils = { - _getDomain: sinon.stub().returns('podio.com') - }; var host = { - _getUtils: sinon.stub().returns(utils), + apiURL: 'http://sub.podio.com', clientId: 123, clientSecret: 'secret', _authRequest: sinon.stub() @@ -456,10 +447,9 @@ describe('auth', function() { auth._authenticate.call(host, requestData); expect(host._authRequest.calledOnce).toBe(true); - expect(host._authRequest.getCall(0).args[0]).toEqual('https://podio.com/oauth/token'); + expect(host._authRequest.getCall(0).args[0]).toEqual('http://sub.podio.com/oauth/token'); expect(host._authRequest.getCall(0).args[1]).toEqual(expectedRequestData); }); - }); describe('_onAuthResponse', function() { From 01ba96cc3cbfbde28c9cc447d4c9294f20b58f8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20H=C3=B8egh?= Date: Thu, 12 Nov 2015 13:17:24 +0100 Subject: [PATCH 2/4] 1.4.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ddeb4a9..8adfdc0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "podio-js", - "version": "1.4.0", + "version": "1.4.1", "description": "Podio Platform JavaScript SDK for NodeJS and the browser", "main": "lib/index", "scripts": { From ef48207111e544c86f6c2cf60b682f7634ff286a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20H=C3=B8egh?= Date: Thu, 12 Nov 2015 13:36:54 +0100 Subject: [PATCH 3/4] We SHOULD actually strip the subdomain from the auth URL --- lib/auth.js | 2 +- test/auth.spec.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/auth.js b/lib/auth.js index aed950e..37071be 100644 --- a/lib/auth.js +++ b/lib/auth.js @@ -67,7 +67,7 @@ module.exports = { throw new Error('Authorization URLs are not supported for password authentication'); } - return new URI(this.apiURL).path(AUTH_PATH).query(query).toString(); + return new URI(this.apiURL).subdomain("").path(AUTH_PATH).query(query).toString(); }, authenticateWithCredentialsForOffering: function(username, password, offeringId, callback) { diff --git a/test/auth.spec.js b/test/auth.spec.js index c3c18da..bd37940 100644 --- a/test/auth.spec.js +++ b/test/auth.spec.js @@ -132,7 +132,7 @@ describe('auth', function() { it('should return the correct authorization URL for the client auth', function() { var redirectURL = 'https://www.myapp.com/oauth'; var host = { - apiURL: 'https://podio.com', + apiURL: 'https://api.podio.com', authType: 'client', clientId: 123 }; From 0e666460ad655b76c102059d2d349464adfffdb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20H=C3=B8egh?= Date: Thu, 12 Nov 2015 13:38:07 +0100 Subject: [PATCH 4/4] 1.4.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 8adfdc0..23a09ff 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "podio-js", - "version": "1.4.1", + "version": "1.4.2", "description": "Podio Platform JavaScript SDK for NodeJS and the browser", "main": "lib/index", "scripts": {