fix: review comments

deepakrkris · deepakrkris · commit 231bc3052fe9 · 2020-03-25T19:02:32.000-07:00
diff --git a/extensions/authentication-passport/package-lock.json b/extensions/authentication-passport/package-lock.json
diff --git a/extensions/authentication-passport/package.json b/extensions/authentication-passport/package.json
@@ -60,13 +60,16 @@
     "@types/passport": "^1.0.3",
     "@types/passport-http": "^0.3.8",
     "@types/passport-oauth2": "^1.4.8",
+    "@types/qs": "^6.9.1",
     "axios": "^0.19.2",
     "body-parser": "^1.19.0",
     "express": "^4.17.1",
+    "form-data": "^3.0.0",
     "jsonwebtoken": "^8.5.1",
     "lodash": "^4.17.15",
     "passport-http": "^0.3.0",
     "passport-oauth2": "^1.5.0",
+    "qs": "^6.9.3",
     "supertest": "^4.0.2"
   }
 }
diff --git a/extensions/authentication-passport/src/__tests__/acceptance/authentication-with-passport-strategy-oauth2-adapter.acceptance.ts b/extensions/authentication-passport/src/__tests__/acceptance/authentication-with-passport-strategy-oauth2-adapter.acceptance.ts
@@ -37,6 +37,7 @@ import {
 import * as url from 'url';
 import {inject} from '@loopback/core';
 import axios from 'axios';
+import qs from 'qs';
 
 /**
  * This test consists of three main components -> the supertest client, the LoopBack app (simple-rest-app.ts)
@@ -206,7 +207,7 @@ export class Oauth2Controller {
   }
 }
 
-describe('Oauth2 authorization flow', () => {
+describe.only('Oauth2 authorization flow', () => {
   let app: RestApplication;
   let oauth2Strategy: StrategyAdapter<MyUser>;
   let client: Client;
@@ -223,6 +224,7 @@ describe('Oauth2 authorization flow', () => {
   let oauthProviderUrl: string;
   let providerLoginUrl: string;
   let callbackToLbApp: string;
+  let loginPageParams: string;
 
   context('Stage 1 - Authorization code grant', () => {
     describe('when client invokes oauth flow', () => {
@@ -241,20 +243,25 @@ describe('Oauth2 authorization flow', () => {
         // on seeing which the browser would redirect to the new uri
         const response = await supertest('').get(oauthProviderUrl).expect(302);
         providerLoginUrl = response.get('Location');
+        loginPageParams = url.parse(providerLoginUrl).query || '';
         expect(url.parse(response.get('Location')).pathname).to.equal('/login');
       });
 
       it('login page redirects to authorization app callback endpoint', async () => {
-        let params = url.parse(providerLoginUrl).query;
-        params = params + '&&username=user1&&password=abc';
+        let loginPageHiddenParams = qs.parse(loginPageParams);
+        let params = {
+          username: 'user1',
+          password: 'abc',
+          client_id: loginPageHiddenParams.client_id,
+          redirect_uri: loginPageHiddenParams.redirect_uri,
+          scope: loginPageHiddenParams.scope
+        };
         // On successful login, the authorizing app redirects to the callback url
         // HTTP status code 302 is returned to the browser
-        const response = await supertest('')
-          .post('http://localhost:9000/login_submit?' + params)
-          .send({username: 'user', password: 'abc'})
-          .expect(302);
-        callbackToLbApp = response.get('Location');
-        expect(url.parse(response.get('Location')).pathname).to.equal(
+        let response = await axios.post('http://localhost:9000/login_submit', qs.stringify(params));
+        expect(response.status).to.eql(302);
+        callbackToLbApp = response.headers['Location'];
+        expect(url.parse(callbackToLbApp).pathname).to.equal(
           '/auth/thirdparty/callback',
         );
       });
diff --git a/extensions/authentication-passport/src/__tests__/acceptance/fixtures/mock-oauth2-social-app.ts b/extensions/authentication-passport/src/__tests__/acceptance/fixtures/mock-oauth2-social-app.ts
@@ -237,10 +237,7 @@ app.get('/login', function (req, response) {
  * 4. redirects to callback url with access code
  */
 app.post('/login_submit', urlencodedParser, async function (req, res) {
-  const user = findUser(
-    req.body.username,
-    req.body.password,
-  );
+  const user = findUser(req.body.username, req.body.password);
   if (user) {
     // get registered app
     const registeredApp = registeredApps[req.body.client_id || '1111'];
@@ -251,18 +248,15 @@ app.post('/login_submit', urlencodedParser, async function (req, res) {
       user,
       req.body.scope,
       user.signingKey,
-      req.body.client_id || '1111',
+      req.body.client_id,
     );
     // store generated token
     registeredApp.tokens[authCode] = {token: result.token};
     registeredApp[result.id] = {signingKey: user.signingKey, code: authCode};
     // redirect to call back url with the access code
-    let params = '?client_id=' + (req.body.client_id || '1111');
+    let params = '?client_id=' + (req.body.client_id);
     params = params + '&&code=' + authCode;
-    res.redirect(
-      (req.body.redirect_uri ||
-        'http://localhost:8080/auth/thirdparty/callback') + params,
-    );
+    res.redirect(req.body.redirect_uri + params);
   } else {
     res.sendStatus(401);
   }
