Add auto generated state

simov · Apr 8, 2015 · e7d25e4 · e7d25e4
1 parent 0bc8b7e
commit e7d25e4
Show file tree

Hide file tree

Showing 5 changed files with 93 additions and 7 deletions.
diff --git a/lib/config.js b/lib/config.js
@@ -41,6 +41,17 @@ exports.dynamic = function (provider, options) {
   return override
 }
 
+exports.state = function (provider) {
+  var state
+  if (typeof provider.state == 'string' || typeof provider.state == 'number') {
+    state = provider.state.toString()
+  }
+  else if (typeof provider.state == 'boolean' && provider.state) {
+    state = (Math.floor(Math.random() * 999999) + 1).toString()
+  }
+  return state
+}
+
 exports.init = function (config) {
   config = config||{}
   // oauth configuration
@@ -70,7 +81,7 @@ exports.init = function (config) {
     provider.transport = options.transport||config.server.transport
 
     // oauth state
-    provider.state = options.state
+    provider.state = options.state||config.server.state
 
     // custom
     var reserved = ['protocol', 'host', 'callback', 'key', 'secret', 'scope', 'state']
@@ -105,5 +116,9 @@ exports.provider = function (config, session) {
   if (session.dynamic) {
     provider = this.dynamic(provider, session.dynamic)
   }
+  if (provider.state) {
+    provider = dcopy(provider)
+    provider.state = this.state(provider)
+  }
   return provider
 }
diff --git a/test/config.js b/test/config.js
@@ -60,6 +60,30 @@ describe('config', function () {
     })
   })
 
+  describe('state', function () {
+    it('string', function () {
+      var provider = {state:'123'}
+        , state = config.state(provider)
+      state.should.equal('123')
+    })
+    it('number', function () {
+      var provider = {state:123}
+        , state = config.state(provider)
+      state.should.equal('123')
+    })
+    it('boolean true', function () {
+      var provider = {state:true}
+        , state = config.state(provider)
+      state.should.match(/\d+/)
+      state.should.be.type('string')
+    })
+    it('boolean false', function () {
+      var provider = {state:false}
+        , state = config.state(provider)
+      should.equal(state, undefined)
+    })
+  })
+
   describe('init', function () {
     it('shortcuts', function () {
       var options = {server:{}, facebook:{key:'key',secret:'secret'}}
@@ -146,5 +170,13 @@ describe('config', function () {
       var provider = config.provider(cfg, session)
       should.deepEqual(provider, {callback:'/contacts'})
     })
+    it('state dcopy', function () {
+      var cfg = {google:{callback:'/', state:true}}
+      var session = {provider:'google'}
+      var provider = config.provider(cfg, session)
+      cfg.google.state.should.equal(true)
+      provider.state.should.match(/\d+/)
+      provider.state.should.be.type('string')
+    })
   })
 })
diff --git a/test/consumer/express/session.js b/test/consumer/express/session.js
@@ -14,10 +14,10 @@ describe('session - express', function () {
   }
 
   var config = {server: {protocol:'http', host:'localhost:5000'}}
-  var server
+  var server, grant
 
   before(function (done) {
-    var grant = new Grant(config)
+    grant = new Grant(config)
     var app = express().use(grant)
 
     grant.config.facebook.authorize_url = '/authorize_url'
@@ -89,6 +89,19 @@ describe('session - express', function () {
     })
   })
 
+  it('state auto generated', function (done) {
+    grant.config.facebook.state = true
+    request.get(url('/connect/facebook'), {
+      jar:request.jar(),
+      followAllRedirects:true,
+      json:true
+    }, function (err, res, body) {
+      body.state.should.match(/\d+/)
+      body.state.should.be.type('string')
+      done()
+    })
+  })
+
   after(function (done) {
     server.close(done)
   })

diff --git a/test/consumer/hapi/session.js b/test/consumer/hapi/session.js
@@ -15,10 +15,10 @@ describe('session - hapi', function () {
   }
 
   var config = {server: {protocol:'http', host:'localhost:5000'}}
-  var server
+  var server, grant
 
   before(function (done) {
-    var grant = new Grant()
+    grant = new Grant()
 
     server = new Hapi.Server()
     server.connection({host:'localhost', port:5000})
@@ -100,6 +100,19 @@ describe('session - hapi', function () {
     })
   })
 
+  it('state auto generated', function (done) {
+    grant.register.config.facebook.state = true
+    request.get(url('/connect/facebook'), {
+      jar:request.jar(),
+      followAllRedirects:true,
+      json:true
+    }, function (err, res, body) {
+      body.state.should.match(/\d+/)
+      body.state.should.be.type('string')
+      done()
+    })
+  })
+
   after(function (done) {
     server.stop(done)
   })

diff --git a/test/consumer/koa/session.js b/test/consumer/koa/session.js
@@ -19,10 +19,10 @@ describe('session - koa', function () {
   }
 
   var config = {server: {protocol:'http', host:'localhost:5000'}}
-  var server
+  var server, grant
 
   before(function (done) {
-    var grant = new Grant(config)
+    grant = new Grant(config)
 
     var app = koa()
     app.keys = ['secret','key']
@@ -102,6 +102,19 @@ describe('session - koa', function () {
     })
   })
 
+  it('state auto generated', function (done) {
+    grant.config.facebook.state = true
+    request.get(url('/connect/facebook'), {
+      jar:request.jar(),
+      followAllRedirects:true,
+      json:true
+    }, function (err, res, body) {
+      body.state.should.match(/\d+/)
+      body.state.should.be.type('string')
+      done()
+    })
+  })
+
   after(function (done) {
     server.close(done)
   })