Bug 1048530 - Create a Loop test server for exchanging an OAuth code for a token. r=vladikoff,ckarlof,mikedeboer

2014-08-15 16:52:05 -07:00 · 2014-08-15 16:52:05 -07:00 · 4895838127
--- a/browser/components/loop/test/mochitest/browser_loop_fxa_server.js
+++ b/browser/components/loop/test/mochitest/browser_loop_fxa_server.js
@ -55,6 +55,41 @@ add_task(function* delete_setup_params() {
  is(Object.keys(request.response).length, 0, "Params should have been deleted");
 });

+// Begin /fxa-oauth/token tests
+
+add_task(function* token_request() {
+  let params = {
+    client_id: "my_client_id",
+    content_uri: "https://example.com/content/",
+    oauth_uri: "https://example.com/oauth/",
+    profile_uri: "https://example.com/profile/",
+    state: "my_state",
+  };
+  yield promiseOAuthParamsSetup(BASE_URL, params);
+  let request = yield promiseToken("my_code", params.state);
+  ise(request.status, 200, "Check token response status");
+  ise(request.response.access_token, "my_code_access_token", "Check access_token");
+  ise(request.response.scopes, "", "Check scopes");
+  ise(request.response.token_type, "bearer", "Check token_type");
+});
+
+add_task(function* token_request_invalid_state() {
+  let params = {
+    client_id: "my_client_id",
+    content_uri: "https://example.com/content/",
+    oauth_uri: "https://example.com/oauth/",
+    profile_uri: "https://example.com/profile/",
+    state: "my_invalid_state",
+  };
+  yield promiseOAuthParamsSetup(BASE_URL, params);
+  let request = yield promiseToken("my_code", "my_state");
+  ise(request.status, 400, "Check token response status");
+  ise(request.response, null, "Check token response body");
+});
+
+
+// Helper methods
+
 function promiseParams() {
  let deferred = Promise.defer();
  let xhr = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"].
@ -65,8 +100,28 @@ function promiseParams() {
    info("/fxa-oauth/params response:\n" + JSON.stringify(xhr.response, null, 4));
    deferred.resolve(xhr);
  });
-  xhr.addEventListener("error", error => deferred.reject(error));
+  xhr.addEventListener("error", deferred.reject);
  xhr.send();

  return deferred.promise;
 }
+
+function promiseToken(code, state) {
+  let deferred = Promise.defer();
+  let xhr = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"].
+              createInstance(Ci.nsIXMLHttpRequest);
+  xhr.open("POST", BASE_URL + "/fxa-oauth/token", true);
+  xhr.responseType = "json";
+  xhr.addEventListener("load", () => {
+    info("/fxa-oauth/token response:\n" + JSON.stringify(xhr.response, null, 4));
+    deferred.resolve(xhr);
+  });
+  xhr.addEventListener("error", deferred.reject);
+  let payload = {
+    code: code,
+    state: state,
+  };
+  xhr.send(JSON.stringify(payload, null, 4));
+
+  return deferred.promise;
+}
--- a/browser/components/loop/test/mochitest/loop_fxa.sjs
+++ b/browser/components/loop/test/mochitest/loop_fxa.sjs
@ -9,6 +9,8 @@

 const REQUIRED_PARAMS = ["client_id", "content_uri", "oauth_uri", "profile_uri", "state"];

+Components.utils.import("resource://gre/modules/NetUtil.jsm");
+
 /**
 * Entry point for HTTP requests.
 */
@ -20,6 +22,9 @@ function handleRequest(request, response) {
    case "/fxa-oauth/params":
      params(request, response);
      return;
+    case "/fxa-oauth/token":
+      token(request, response);
+      return;
  }
  response.setStatusLine(request.httpVersion, 404, "Not Found");
 }
@ -83,3 +88,31 @@ function params(request, response) {
  response.setHeader("Content-Type", "application/json; charset=utf-8", false);
  response.write(JSON.stringify(params, null, 2));
 }
+
+/**
+ * POST /fxa-oauth/token
+ *
+ * Validate the state parameter with the server session state and if it matches, exchange the code
+ * for an OAuth Token.
+ * Parameters: code & state as JSON in the POST body.
+ * Response: JSON containing an object of OAuth token information.
+ */
+function token(request, response) {
+  let params = JSON.parse(getSharedState("/fxa-oauth/params") || "{}");
+  let body = NetUtil.readInputStreamToString(request.bodyInputStream,
+                                             request.bodyInputStream.available());
+  let payload = JSON.parse(body);
+  if (!params.state || params.state !== payload.state) {
+    response.setStatusLine(request.httpVersion, 400, "State mismatch");
+    response.write("State mismatch");
+    return;
+  }
+
+  let tokenData = {
+    access_token: payload.code + "_access_token",
+    scopes: "",
+    token_type: "bearer",
+  };
+  response.setHeader("Content-Type", "application/json; charset=utf-8", false);
+  response.write(JSON.stringify(tokenData, null, 2));
+}