From e7d25e4080cd443d1089f2821ce83ea99f2da21b Mon Sep 17 00:00:00 2001 From: simov Date: Wed, 8 Apr 2015 17:03:31 +0300 Subject: [PATCH] Add auto generated state --- lib/config.js | 17 ++++++++++++++++- test/config.js | 32 ++++++++++++++++++++++++++++++++ test/consumer/express/session.js | 17 +++++++++++++++-- test/consumer/hapi/session.js | 17 +++++++++++++++-- test/consumer/koa/session.js | 17 +++++++++++++++-- 5 files changed, 93 insertions(+), 7 deletions(-) diff --git a/lib/config.js b/lib/config.js index 040312f2..8f0a37c4 100644 --- a/lib/config.js +++ b/lib/config.js @@ -41,6 +41,17 @@ exports.dynamic = function (provider, options) { return override } +exports.state = function (provider) { + var state + if (typeof provider.state == 'string' || typeof provider.state == 'number') { + state = provider.state.toString() + } + else if (typeof provider.state == 'boolean' && provider.state) { + state = (Math.floor(Math.random() * 999999) + 1).toString() + } + return state +} + exports.init = function (config) { config = config||{} // oauth configuration @@ -70,7 +81,7 @@ exports.init = function (config) { provider.transport = options.transport||config.server.transport // oauth state - provider.state = options.state + provider.state = options.state||config.server.state // custom var reserved = ['protocol', 'host', 'callback', 'key', 'secret', 'scope', 'state'] @@ -105,5 +116,9 @@ exports.provider = function (config, session) { if (session.dynamic) { provider = this.dynamic(provider, session.dynamic) } + if (provider.state) { + provider = dcopy(provider) + provider.state = this.state(provider) + } return provider } diff --git a/test/config.js b/test/config.js index 09418a42..67a8d111 100644 --- a/test/config.js +++ b/test/config.js @@ -60,6 +60,30 @@ describe('config', function () { }) }) + describe('state', function () { + it('string', function () { + var provider = {state:'123'} + , state = config.state(provider) + state.should.equal('123') + }) + it('number', function () { + var provider = {state:123} + , state = config.state(provider) + state.should.equal('123') + }) + it('boolean true', function () { + var provider = {state:true} + , state = config.state(provider) + state.should.match(/\d+/) + state.should.be.type('string') + }) + it('boolean false', function () { + var provider = {state:false} + , state = config.state(provider) + should.equal(state, undefined) + }) + }) + describe('init', function () { it('shortcuts', function () { var options = {server:{}, facebook:{key:'key',secret:'secret'}} @@ -146,5 +170,13 @@ describe('config', function () { var provider = config.provider(cfg, session) should.deepEqual(provider, {callback:'/contacts'}) }) + it('state dcopy', function () { + var cfg = {google:{callback:'/', state:true}} + var session = {provider:'google'} + var provider = config.provider(cfg, session) + cfg.google.state.should.equal(true) + provider.state.should.match(/\d+/) + provider.state.should.be.type('string') + }) }) }) diff --git a/test/consumer/express/session.js b/test/consumer/express/session.js index 95654205..c279645d 100644 --- a/test/consumer/express/session.js +++ b/test/consumer/express/session.js @@ -14,10 +14,10 @@ describe('session - express', function () { } var config = {server: {protocol:'http', host:'localhost:5000'}} - var server + var server, grant before(function (done) { - var grant = new Grant(config) + grant = new Grant(config) var app = express().use(grant) grant.config.facebook.authorize_url = '/authorize_url' @@ -89,6 +89,19 @@ describe('session - express', function () { }) }) + it('state auto generated', function (done) { + grant.config.facebook.state = true + request.get(url('/connect/facebook'), { + jar:request.jar(), + followAllRedirects:true, + json:true + }, function (err, res, body) { + body.state.should.match(/\d+/) + body.state.should.be.type('string') + done() + }) + }) + after(function (done) { server.close(done) }) diff --git a/test/consumer/hapi/session.js b/test/consumer/hapi/session.js index 1dbd7f0f..cc946154 100644 --- a/test/consumer/hapi/session.js +++ b/test/consumer/hapi/session.js @@ -15,10 +15,10 @@ describe('session - hapi', function () { } var config = {server: {protocol:'http', host:'localhost:5000'}} - var server + var server, grant before(function (done) { - var grant = new Grant() + grant = new Grant() server = new Hapi.Server() server.connection({host:'localhost', port:5000}) @@ -100,6 +100,19 @@ describe('session - hapi', function () { }) }) + it('state auto generated', function (done) { + grant.register.config.facebook.state = true + request.get(url('/connect/facebook'), { + jar:request.jar(), + followAllRedirects:true, + json:true + }, function (err, res, body) { + body.state.should.match(/\d+/) + body.state.should.be.type('string') + done() + }) + }) + after(function (done) { server.stop(done) }) diff --git a/test/consumer/koa/session.js b/test/consumer/koa/session.js index e0402304..04100d80 100644 --- a/test/consumer/koa/session.js +++ b/test/consumer/koa/session.js @@ -19,10 +19,10 @@ describe('session - koa', function () { } var config = {server: {protocol:'http', host:'localhost:5000'}} - var server + var server, grant before(function (done) { - var grant = new Grant(config) + grant = new Grant(config) var app = koa() app.keys = ['secret','key'] @@ -102,6 +102,19 @@ describe('session - koa', function () { }) }) + it('state auto generated', function (done) { + grant.config.facebook.state = true + request.get(url('/connect/facebook'), { + jar:request.jar(), + followAllRedirects:true, + json:true + }, function (err, res, body) { + body.state.should.match(/\d+/) + body.state.should.be.type('string') + done() + }) + }) + after(function (done) { server.close(done) })