From 091534e5e9c85e84dfa7e300a2c653159c6916f1 Mon Sep 17 00:00:00 2001
From: Yan Cui <theburningmonk@gmail.com>
Date: Thu, 6 Jun 2019 10:37:48 +0200
Subject: [PATCH] fix: scopes is now passed through validation

Closes #200
---
 lib/deploy/events/apiGateway/validate.js      |  6 ++++
 lib/deploy/events/apiGateway/validate.test.js | 33 ++++++++++++++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/lib/deploy/events/apiGateway/validate.js b/lib/deploy/events/apiGateway/validate.js
index 8c3cd39f..5cac9295 100644
--- a/lib/deploy/events/apiGateway/validate.js
+++ b/lib/deploy/events/apiGateway/validate.js
@@ -151,6 +151,7 @@ module.exports = {
     let identityValidationExpression;
     let claims;
     let authorizerId;
+    let scopes;
 
     if (typeof authorizer === 'string') {
       if (authorizer.toUpperCase() === 'AWS_IAM') {
@@ -186,6 +187,10 @@ module.exports = {
         type = authorizer.type;
       }
 
+      if (Array.isArray(authorizer.scopes)) {
+        scopes = authorizer.scopes;
+      }
+
       resultTtlInSeconds = Number.parseInt(authorizer.resultTtlInSeconds, 10);
       resultTtlInSeconds = Number.isNaN(resultTtlInSeconds) ? 300 : resultTtlInSeconds;
       claims = authorizer.claims || [];
@@ -226,6 +231,7 @@ module.exports = {
       identitySource,
       identityValidationExpression,
       claims,
+      scopes,
     };
   },
 
diff --git a/lib/deploy/events/apiGateway/validate.test.js b/lib/deploy/events/apiGateway/validate.test.js
index 2d44e8b9..2720ddb2 100644
--- a/lib/deploy/events/apiGateway/validate.test.js
+++ b/lib/deploy/events/apiGateway/validate.test.js
@@ -450,6 +450,38 @@ describe('#httpValidate()', () => {
     expect(authorizer.identityValidationExpression).to.equal('foo');
   });
 
+  it('should accept authorizer config with scopes', () => {
+    serverlessStepFunctions.serverless.service.functions = {
+      foo: {},
+    };
+
+    serverlessStepFunctions.serverless.service.stepFunctions = {
+      stateMachines: {
+        first: {
+          events: [
+            {
+              http: {
+                method: 'GET',
+                path: 'foo/bar',
+                integration: 'MOCK',
+                authorizer: {
+                  name: 'authorizer',
+                  arn: 'arn:aws:cognito-idp:eu-west-1:xxxxxxxxxx',
+                  identitySouce: 'method.request.header.Authorization',
+                  scopes: ['scope1', 'scope2'],
+                },
+              },
+            },
+          ],
+        },
+      },
+    };
+
+    const validated = serverlessStepFunctions.httpValidate();
+    const authorizer = validated.events[0].http.authorizer;
+    expect(authorizer.scopes).to.deep.equal(['scope1', 'scope2']);
+  });
+
   it('should accept authorizer config with a type', () => {
     serverlessStepFunctions.serverless.service.functions = {
       foo: {},
@@ -509,7 +541,6 @@ describe('#httpValidate()', () => {
     expect(validated.events[0].http.authorizer.authorizerId).to.equal('12345');
   });
 
-
   it('should accept authorizer config with a lambda arn', () => {
     serverlessStepFunctions.serverless.service.stepFunctions = {
       stateMachines: {