Skip to content

Commit

Permalink
Whitelist resource owner parameters (#386)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hzalaz @luisrudge
hzalaz authored and luisrudge committed Mar 13, 2017
1 parent 41ed681 commit 6ede646
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 49 deletions.
2 changes: 1 addition & 1 deletion src/authentication/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,7 @@ Authentication.prototype.loginWithResourceOwner = function (options, cb) {
'clientID',
'scope',
'audience'
]).with(options);
]).with(options, ['username', 'password', 'scope', 'connection', 'device']);

body = objectHelper.toSnakeCase(body, ['auth0Client']);

Expand Down
92 changes: 46 additions & 46 deletions test/authentication/authentication.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ var RequestMock = require('../mock/request-mock');

var request = require('superagent');

var RequestBuilder = require('../../src/helper/request-builder')
var Authentication = require('../../src/authentication')
var RequestBuilder = require('../../src/helper/request-builder');
var Authentication = require('../../src/authentication');

var telemetryInfo = (new RequestBuilder({})).getTelemetryData();

Expand All @@ -20,24 +20,24 @@ describe('auth0.authentication', function () {
}).to.throwException(function (e) {
expect(e.message).to.be('options parameter is not valid');
});
})
});

it('should check that domain is set', function() {
expect(function() {
var auth0 = new Authentication({clientID:'...'});
}).to.throwException(function (e) {
expect(e.message).to.be('domain option is required');
});
})
});

it('should check that clientID is set', function() {
expect(function() {
var auth0 = new Authentication({domain: 'me.auth0.com'});
}).to.throwException(function (e) {
expect(e.message).to.be('clientID option is required');
});
})
})
});
});

context('buildAuthorizeUrl', function () {

Expand All @@ -57,13 +57,13 @@ describe('auth0.authentication', function () {
}).to.throwException(function (e) {
expect(e.message).to.be('options parameter is not valid');
});
})
});

it('should return a url using the default settings', function() {
var url = this.auth0.buildAuthorizeUrl({state:'1234'});

expect(url).to.be('https://me.auth0.com/authorize?client_id=...&response_type=code&redirect_uri=http%3A%2F%2Fpage.com%2Fcallback&state=1234');
})
});

it('should return a url with connection_scope', function() {
var url = this.auth0.buildAuthorizeUrl({
Expand All @@ -75,7 +75,7 @@ describe('auth0.authentication', function () {
});

expect(url).to.be('https://me.auth0.com/authorize?client_id=...&response_type=token&redirect_uri=http%3A%2F%2Fanotherpage.com%2Fcallback2&prompt=none&state=1234&connection_scope=scope1%2Cscope2');
})
});

it('should return a url with connection_scope as a string', function() {
var url = this.auth0.buildAuthorizeUrl({
Expand All @@ -87,7 +87,7 @@ describe('auth0.authentication', function () {
});

expect(url).to.be('https://me.auth0.com/authorize?client_id=...&response_type=token&redirect_uri=http%3A%2F%2Fanotherpage.com%2Fcallback2&prompt=none&state=1234&connection_scope=scope1%2Cscope2');
})
});

it('should return a url using overriding the default settings', function() {
var url = this.auth0.buildAuthorizeUrl({
Expand All @@ -98,7 +98,7 @@ describe('auth0.authentication', function () {
});

expect(url).to.be('https://me.auth0.com/authorize?client_id=...&response_type=token&redirect_uri=http%3A%2F%2Fanotherpage.com%2Fcallback2&prompt=none&state=1234');
})
});

it('should return a url using using whitelisted authorization parameter device', function() {
var url = this.auth0.buildAuthorizeUrl({
Expand All @@ -110,8 +110,8 @@ describe('auth0.authentication', function () {
});

expect(url).to.be('https://me.auth0.com/authorize?client_id=...&response_type=token&redirect_uri=http%3A%2F%2Fanotherpage.com%2Fcallback2&prompt=none&state=1234&device=my-device');
})
})
});
});

context('buildAuthorizeUrl with Telemetry', function () {
before(function() {
Expand All @@ -132,8 +132,8 @@ describe('auth0.authentication', function () {
});

expect(url).to.be('https://me.auth0.com/authorize?client_id=...&response_type=token&redirect_uri=http%3A%2F%2Fanotherpage.com%2Fcallback2&prompt=none&state=1234&auth0Client='+ encodeURIComponent(telemetryInfo));
})
})
});
});

context('buildLogoutUrl', function () {

Expand All @@ -153,21 +153,21 @@ describe('auth0.authentication', function () {
}).to.throwException(function (e) {
expect(e.message).to.be('options parameter is not valid');
});
})
});

it('should return a url using the default settings', function() {
var url = this.auth0.buildLogoutUrl();

expect(url).to.be('https://me.auth0.com/v2/logout?client_id=...');
})
});

it('should ignore the clientID', function() {
var url = this.auth0.buildLogoutUrl({
clientID: undefined,
clientID: undefined
});

expect(url).to.be('https://me.auth0.com/v2/logout?');
})
});

it('should return a url using overriding the default settings', function() {
var url = this.auth0.buildLogoutUrl({
Expand All @@ -177,8 +177,8 @@ describe('auth0.authentication', function () {
});

expect(url).to.be('https://me.auth0.com/v2/logout?client_id=123&returnTo=http%3A%2F%2Fpage.com&federated=');
})
})
});
});

context('buildLogoutUrl with Telemetry', function () {
before(function() {
Expand All @@ -198,8 +198,8 @@ describe('auth0.authentication', function () {
});

expect(url).to.be('https://me.auth0.com/v2/logout?client_id=123&returnTo=http%3A%2F%2Fpage.com&federated=&auth0Client=' + encodeURIComponent(telemetryInfo));
})
})
});
});

context('userInfo', function () {
before(function() {
Expand All @@ -214,11 +214,11 @@ describe('auth0.authentication', function () {

afterEach(function(){
request.get.restore();
})
});

it('should call userinfo with the access token', function(done) {
stub(request, 'get', function(url) {
expect(url).to.be('https://me.auth0.com/userinfo')
expect(url).to.be('https://me.auth0.com/userinfo');
return new RequestMock({
headers: {
'Content-Type': 'application/json',
Expand Down Expand Up @@ -246,7 +246,7 @@ describe('auth0.authentication', function () {
is_social: false
});
done();
})
});
});
});

Expand All @@ -263,11 +263,11 @@ describe('auth0.authentication', function () {

afterEach(function(){
request.post.restore();
})
});

it('should call delegation with all the options', function(done) {
stub(request, 'post', function(url) {
expect(url).to.be('https://me.auth0.com/delegation')
expect(url).to.be('https://me.auth0.com/delegation');
return new RequestMock({
body: {
client_id: '...',
Expand Down Expand Up @@ -302,7 +302,7 @@ describe('auth0.authentication', function () {
'idToken': 'eyJ...'
});
done();
})
});
});
});

Expand All @@ -319,15 +319,15 @@ describe('auth0.authentication', function () {

afterEach(function(){
this.auth0.oauthToken.restore();
})
});

it('should call oauthToken with all the options', function(done) {
stub(this.auth0, 'oauthToken', function(options, cb) {
expect(options).to.eql({
username: 'someUsername',
password: '123456',
grantType: 'password'
})
});
cb();
});

Expand All @@ -336,7 +336,7 @@ describe('auth0.authentication', function () {
password: '123456'
}, function(err, data) {
done();
})
});
});

it('should call oauthToken with all the options', function(done) {
Expand All @@ -346,7 +346,7 @@ describe('auth0.authentication', function () {
password: '123456',
grantType: 'http://auth0.com/oauth/grant-type/password-realm',
realm: 'pepe.com'
})
});
cb();
});

Expand All @@ -356,7 +356,7 @@ describe('auth0.authentication', function () {
realm: 'pepe.com'
}, function(err, data) {
done();
})
});
});
});

Expand All @@ -373,11 +373,11 @@ describe('auth0.authentication', function () {

afterEach(function(){
request.post.restore();
})
});

it('should allow to login', function(done) {
stub(request, 'post', function(url) {
expect(url).to.be('https://me.auth0.com/oauth/token')
expect(url).to.be('https://me.auth0.com/oauth/token');
return new RequestMock({
body: {
client_id: '...',
Expand Down Expand Up @@ -430,11 +430,11 @@ describe('auth0.authentication', function () {

afterEach(function(){
request.get.restore();
})
});

it('should return the user country code', function(done) {
stub(request, 'get', function(url) {
expect(url).to.be('https://me.auth0.com/user/geoloc/country')
expect(url).to.be('https://me.auth0.com/user/geoloc/country');
return new RequestMock({
headers: {
'Content-Type': 'application/json'
Expand All @@ -455,7 +455,7 @@ describe('auth0.authentication', function () {
countryCode: 'AR'
});
done();
})
});
});

});
Expand All @@ -473,11 +473,11 @@ describe('auth0.authentication', function () {

afterEach(function(){
request.get.restore();
})
});

it('should call ssodata with all the options', function(done) {
stub(request, 'get', function(url) {
expect(url).to.be('https://me.auth0.com/user/ssodata/')
expect(url).to.be('https://me.auth0.com/user/ssodata/');
return new RequestMock({
headers: {},
cb: function(cb) {
Expand All @@ -496,7 +496,7 @@ describe('auth0.authentication', function () {
sso:false
});
done();
})
});
});
});

Expand All @@ -513,11 +513,11 @@ describe('auth0.authentication', function () {

afterEach(function(){
request.get.restore();
})
});

it('should call ssodata with all the ad options', function(done) {
stub(request, 'get', function(url) {
expect(url).to.be('https://me.auth0.com/user/ssodata?ldaps=1&client_id=...')
expect(url).to.be('https://me.auth0.com/user/ssodata?ldaps=1&client_id=...');
return new RequestMock({
headers: {},
cb: function(cb) {
Expand All @@ -536,8 +536,8 @@ describe('auth0.authentication', function () {
sso:false
});
done();
})
});
});
});

})
});
Loading

0 comments on commit 6ede646

Please sign in to comment.