Skip to content

Commit

Permalink
Scopes are not properly separated
Browse files Browse the repository at this point in the history
  • Loading branch information
subnetmarco committed Nov 25, 2015
1 parent 4281bdc commit b7b65f2
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 3 deletions.
4 changes: 2 additions & 2 deletions kong/plugins/oauth2/access.lua
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ local function retrieve_scopes(parameters, conf)
local scope = parameters[SCOPE]
local scopes = {}
if conf.scopes and scope then
for v in scope:gmatch("%w+") do
for v in scope:gmatch("%S+") do
if not utils.table_contains(conf.scopes, v) then
return false, {[ERROR] = "invalid_scope", error_description = "\""..v.."\" is an invalid "..SCOPE}
else
Expand Down Expand Up @@ -323,7 +323,7 @@ local function parse_access_token(conf)
local authorization = ngx.req.get_headers()["authorization"]
if authorization then
local parts = {}
for v in authorization:gmatch("%w+") do -- Split by space
for v in authorization:gmatch("%S+") do -- Split by space
table.insert(parts, v)
end
if #parts == 2 and (parts[1]:lower() == "token" or parts[1]:lower() == "bearer") then
Expand Down
22 changes: 21 additions & 1 deletion spec/plugins/oauth2/access_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ describe("Authentication Plugin", function()
{ username = "auth_tests_consumer" }
},
plugin = {
{ name = "oauth2", config = { scopes = { "email", "profile" }, mandatory_scope = true, provision_key = "provision123", token_expiration = 5, enable_implicit_grant = true }, __api = 1 },
{ name = "oauth2", config = { scopes = { "email", "profile", "user.email" }, mandatory_scope = true, provision_key = "provision123", token_expiration = 5, enable_implicit_grant = true }, __api = 1 },
{ name = "oauth2", config = { scopes = { "email", "profile" }, mandatory_scope = true, provision_key = "provision123", token_expiration = 5, enable_implicit_grant = true }, __api = 2 },
{ name = "oauth2", config = { scopes = { "email", "profile" }, mandatory_scope = true, provision_key = "provision123", token_expiration = 5, enable_implicit_grant = true, hide_credentials = true }, __api = 3 },
{ name = "oauth2", config = { scopes = { "email", "profile" }, mandatory_scope = true, provision_key = "provision123", token_expiration = 5, enable_client_credentials = true, enable_authorization_code = false }, __api = 4 },
Expand Down Expand Up @@ -236,6 +236,26 @@ describe("Authentication Plugin", function()
assert.are.equal("email", data[1].scope)
end)

it("should return success with a dotted scope and store authenticated user properties", function()
local response, status = http_client.post(PROXY_SSL_URL.."/oauth2/authorize", { provision_key = "provision123", authenticated_userid = "id123", client_id = "clientid123", scope = "user.email", response_type = "code", state = "hello", authenticated_userid = "userid123" }, {host = "oauth2.com"})
local body = cjson.decode(response)
assert.are.equal(200, status)
assert.are.equal(1, utils.table_size(body))
assert.truthy(rex.match(body.redirect_uri, "^http://google\\.com/kong\\?code=[\\w]{32,32}&state=hello$"))

local matches = rex.gmatch(body.redirect_uri, "^http://google\\.com/kong\\?code=([\\w]{32,32})&state=hello$")
local code
for line in matches do
code = line
end
local data = dao_factory.oauth2_authorization_codes:find_by_keys({code = code})
assert.are.equal(1, #data)
assert.are.equal(code, data[1].code)

assert.are.equal("userid123", data[1].authenticated_userid)
assert.are.equal("user.email", data[1].scope)
end)

end)

describe("Implicit Grant", function()
Expand Down

0 comments on commit b7b65f2

Please sign in to comment.