Skip to content

Commit 231bc30

Browse files
committed
fix: review comments
1 parent a7335d1 commit 231bc30

File tree

4 files changed

+61
-26
lines changed

4 files changed

+61
-26
lines changed

extensions/authentication-passport/package-lock.json

Lines changed: 38 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

extensions/authentication-passport/package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,13 +60,16 @@
6060
"@types/passport": "^1.0.3",
6161
"@types/passport-http": "^0.3.8",
6262
"@types/passport-oauth2": "^1.4.8",
63+
"@types/qs": "^6.9.1",
6364
"axios": "^0.19.2",
6465
"body-parser": "^1.19.0",
6566
"express": "^4.17.1",
67+
"form-data": "^3.0.0",
6668
"jsonwebtoken": "^8.5.1",
6769
"lodash": "^4.17.15",
6870
"passport-http": "^0.3.0",
6971
"passport-oauth2": "^1.5.0",
72+
"qs": "^6.9.3",
7073
"supertest": "^4.0.2"
7174
}
7275
}

extensions/authentication-passport/src/__tests__/acceptance/authentication-with-passport-strategy-oauth2-adapter.acceptance.ts

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ import {
3737
import * as url from 'url';
3838
import {inject} from '@loopback/core';
3939
import axios from 'axios';
40+
import qs from 'qs';
4041

4142
/**
4243
* This test consists of three main components -> the supertest client, the LoopBack app (simple-rest-app.ts)
@@ -206,7 +207,7 @@ export class Oauth2Controller {
206207
}
207208
}
208209

209-
describe('Oauth2 authorization flow', () => {
210+
describe.only('Oauth2 authorization flow', () => {
210211
let app: RestApplication;
211212
let oauth2Strategy: StrategyAdapter<MyUser>;
212213
let client: Client;
@@ -223,6 +224,7 @@ describe('Oauth2 authorization flow', () => {
223224
let oauthProviderUrl: string;
224225
let providerLoginUrl: string;
225226
let callbackToLbApp: string;
227+
let loginPageParams: string;
226228

227229
context('Stage 1 - Authorization code grant', () => {
228230
describe('when client invokes oauth flow', () => {
@@ -241,20 +243,25 @@ describe('Oauth2 authorization flow', () => {
241243
// on seeing which the browser would redirect to the new uri
242244
const response = await supertest('').get(oauthProviderUrl).expect(302);
243245
providerLoginUrl = response.get('Location');
246+
loginPageParams = url.parse(providerLoginUrl).query || '';
244247
expect(url.parse(response.get('Location')).pathname).to.equal('/login');
245248
});
246249

247250
it('login page redirects to authorization app callback endpoint', async () => {
248-
let params = url.parse(providerLoginUrl).query;
249-
params = params + '&&username=user1&&password=abc';
251+
let loginPageHiddenParams = qs.parse(loginPageParams);
252+
let params = {
253+
username: 'user1',
254+
password: 'abc',
255+
client_id: loginPageHiddenParams.client_id,
256+
redirect_uri: loginPageHiddenParams.redirect_uri,
257+
scope: loginPageHiddenParams.scope
258+
};
250259
// On successful login, the authorizing app redirects to the callback url
251260
// HTTP status code 302 is returned to the browser
252-
const response = await supertest('')
253-
.post('http://localhost:9000/login_submit?' + params)
254-
.send({username: 'user', password: 'abc'})
255-
.expect(302);
256-
callbackToLbApp = response.get('Location');
257-
expect(url.parse(response.get('Location')).pathname).to.equal(
261+
let response = await axios.post('http://localhost:9000/login_submit', qs.stringify(params));
262+
expect(response.status).to.eql(302);
263+
callbackToLbApp = response.headers['Location'];
264+
expect(url.parse(callbackToLbApp).pathname).to.equal(
258265
'/auth/thirdparty/callback',
259266
);
260267
});

extensions/authentication-passport/src/__tests__/acceptance/fixtures/mock-oauth2-social-app.ts

Lines changed: 4 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -237,10 +237,7 @@ app.get('/login', function (req, response) {
237237
* 4. redirects to callback url with access code
238238
*/
239239
app.post('/login_submit', urlencodedParser, async function (req, res) {
240-
const user = findUser(
241-
req.body.username,
242-
req.body.password,
243-
);
240+
const user = findUser(req.body.username, req.body.password);
244241
if (user) {
245242
// get registered app
246243
const registeredApp = registeredApps[req.body.client_id || '1111'];
@@ -251,18 +248,15 @@ app.post('/login_submit', urlencodedParser, async function (req, res) {
251248
user,
252249
req.body.scope,
253250
user.signingKey,
254-
req.body.client_id || '1111',
251+
req.body.client_id,
255252
);
256253
// store generated token
257254
registeredApp.tokens[authCode] = {token: result.token};
258255
registeredApp[result.id] = {signingKey: user.signingKey, code: authCode};
259256
// redirect to call back url with the access code
260-
let params = '?client_id=' + (req.body.client_id || '1111');
257+
let params = '?client_id=' + (req.body.client_id);
261258
params = params + '&&code=' + authCode;
262-
res.redirect(
263-
(req.body.redirect_uri ||
264-
'http://localhost:8080/auth/thirdparty/callback') + params,
265-
);
259+
res.redirect(req.body.redirect_uri + params);
266260
} else {
267261
res.sendStatus(401);
268262
}

0 commit comments

Comments
 (0)