feat(oauth): make server compatible with AppAuth (#534) r=@rfk
Ref: https://appauth.io/
This commit is contained in:
Родитель
f32a3d7cf8
Коммит
ff9e4228d9
|
@ -84,6 +84,8 @@ const PAYLOAD_SCHEMA = Joi.object({
|
|||
then: Joi.forbidden()
|
||||
}),
|
||||
|
||||
redirect_uri: validators.redirectUri.optional(),
|
||||
|
||||
grant_type: Joi.string()
|
||||
.valid(GRANT_AUTHORIZATION_CODE, GRANT_REFRESH_TOKEN, GRANT_JWT)
|
||||
.default(GRANT_AUTHORIZATION_CODE)
|
||||
|
@ -98,7 +100,7 @@ const PAYLOAD_SCHEMA = Joi.object({
|
|||
scope: Joi.alternatives().when('grant_type', {
|
||||
is: GRANT_REFRESH_TOKEN,
|
||||
then: validators.scope,
|
||||
otherwise: Joi.forbidden()
|
||||
otherwise: Joi.optional()
|
||||
}),
|
||||
|
||||
code: Joi.string()
|
||||
|
|
|
@ -32,6 +32,10 @@ exports.scope = Joi.string()
|
|||
.max(256)
|
||||
.regex(/^[a-zA-Z0-9 _\/.:]+$/);
|
||||
|
||||
exports.redirectUri = Joi.string()
|
||||
.max(256)
|
||||
.regex(/^[a-zA-Z0-9\-_\/.:]+$/);
|
||||
|
||||
// taken from mozilla/persona/lib/validate.js
|
||||
exports.assertion = Joi.string()
|
||||
.min(50)
|
||||
|
|
64
test/api.js
64
test/api.js
|
@ -1899,6 +1899,70 @@ describe('/v1', function() {
|
|||
|
||||
});
|
||||
|
||||
describe('?redirect_uri', () => {
|
||||
function getCode(clientId) {
|
||||
mockAssertion().reply(200, VERIFY_GOOD);
|
||||
return Server.api.post({
|
||||
url: '/authorization',
|
||||
payload: authParams({
|
||||
client_id: clientId
|
||||
})
|
||||
}).then((res) => {
|
||||
return url.parse(res.result.redirect, true).query.code;
|
||||
});
|
||||
}
|
||||
it('works with https redirect_uri', () => {
|
||||
return getCode(clientId).then((code) => {
|
||||
return Server.api.post({
|
||||
url: '/token',
|
||||
payload: {
|
||||
client_id: clientId,
|
||||
client_secret: secret,
|
||||
code: code,
|
||||
redirect_uri: 'https://2aa95473a5115d5f3deb36bb6875cf76f05e4c4d.extensions.allizom.org/'
|
||||
}
|
||||
});
|
||||
}).then((res) => {
|
||||
assert.equal(res.statusCode, 200);
|
||||
});
|
||||
});
|
||||
|
||||
it('works with app redirect_uri', () => {
|
||||
return getCode(clientId).then((code) => {
|
||||
return Server.api.post({
|
||||
url: '/token',
|
||||
payload: {
|
||||
client_id: clientId,
|
||||
client_secret: secret,
|
||||
code: code,
|
||||
redirect_uri: 'testpilot-notes://redirect.android'
|
||||
}
|
||||
});
|
||||
}).then((res) => {
|
||||
assert.equal(res.statusCode, 200);
|
||||
});
|
||||
});
|
||||
|
||||
it('is validated', () => {
|
||||
return getCode(clientId).then((code) => {
|
||||
return Server.api.post({
|
||||
url: '/token',
|
||||
payload: {
|
||||
client_id: clientId,
|
||||
client_secret: secret,
|
||||
code: code,
|
||||
redirect_uri: 'https://foo\n\n<>\n\r'
|
||||
}
|
||||
});
|
||||
}).then((res) => {
|
||||
assert.equal(res.statusCode, 400);
|
||||
assertInvalidRequestParam(res.result, 'redirect_uri');
|
||||
assertSecurityHeaders(res);
|
||||
});
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
describe('/client', function() {
|
||||
|
|
Загрузка…
Ссылка в новой задаче