From d4f0c29e0dbe0788e244d6a95a86dcaa9db261f6 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Wed, 29 Apr 2015 13:45:22 +0200 Subject: [PATCH 01/28] Update access-token.js --- common/models/access-token.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/common/models/access-token.js b/common/models/access-token.js index 73137125..ea09601d 100644 --- a/common/models/access-token.js +++ b/common/models/access-token.js @@ -167,7 +167,9 @@ module.exports = function(AccessToken) { var i = 0; var length; var id; - +/* +https://github.com/strongloop/loopback/issues/1326 +*/ params = params.concat(['access_token']); headers = headers.concat(['X-Access-Token', 'authorization']); cookies = cookies.concat(['access_token', 'authorization']); From 07e48881ebaeca2c8a9df9ecfe1f7528f5104839 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Wed, 29 Apr 2015 14:43:07 +0200 Subject: [PATCH 02/28] option noConcat for tokenIdForRequest --- common/models/access-token.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/common/models/access-token.js b/common/models/access-token.js index ea09601d..61bb4695 100644 --- a/common/models/access-token.js +++ b/common/models/access-token.js @@ -170,10 +170,11 @@ module.exports = function(AccessToken) { /* https://github.com/strongloop/loopback/issues/1326 */ - params = params.concat(['access_token']); - headers = headers.concat(['X-Access-Token', 'authorization']); - cookies = cookies.concat(['access_token', 'authorization']); - + if ( options.noConcat === undefined ){ + params = params.concat(['access_token']); + headers = headers.concat(['X-Access-Token', 'authorization']); + cookies = cookies.concat(['access_token', 'authorization']); + } for (length = params.length; i < length; i++) { var param = params[i]; // replacement for deprecated req.param() From 2ff5133d17140e5641ad73848b98e4cb4565d93e Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Thu, 30 Apr 2015 20:20:46 +0200 Subject: [PATCH 03/28] remove tab --- common/models/access-token.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/common/models/access-token.js b/common/models/access-token.js index 61bb4695..f6978a7d 100644 --- a/common/models/access-token.js +++ b/common/models/access-token.js @@ -170,11 +170,11 @@ module.exports = function(AccessToken) { /* https://github.com/strongloop/loopback/issues/1326 */ - if ( options.noConcat === undefined ){ - params = params.concat(['access_token']); - headers = headers.concat(['X-Access-Token', 'authorization']); - cookies = cookies.concat(['access_token', 'authorization']); - } + if ( options.noConcat === undefined ){ + params = params.concat(['access_token']); + headers = headers.concat(['X-Access-Token', 'authorization']); + cookies = cookies.concat(['access_token', 'authorization']); + } for (length = params.length; i < length; i++) { var param = params[i]; // replacement for deprecated req.param() From 1b05049fd54b6574997a58d62a648cb72131bda8 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Thu, 30 Apr 2015 20:30:57 +0200 Subject: [PATCH 04/28] clean up due to test code style --- common/models/access-token.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/common/models/access-token.js b/common/models/access-token.js index f6978a7d..ab620203 100644 --- a/common/models/access-token.js +++ b/common/models/access-token.js @@ -167,10 +167,10 @@ module.exports = function(AccessToken) { var i = 0; var length; var id; -/* -https://github.com/strongloop/loopback/issues/1326 -*/ - if ( options.noConcat === undefined ){ + /* + * https://github.com/strongloop/loopback/issues/1326 + */ + if (options.noConcat === undefined) { params = params.concat(['access_token']); headers = headers.concat(['X-Access-Token', 'authorization']); cookies = cookies.concat(['access_token', 'authorization']); From 617a8b11f2b95e96c5f2346f0c0076ffb5ed69d4 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Thu, 30 Apr 2015 20:38:01 +0200 Subject: [PATCH 05/28] option.defaultAccessToken --- common/models/access-token.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/models/access-token.js b/common/models/access-token.js index ab620203..5e6b8ff3 100644 --- a/common/models/access-token.js +++ b/common/models/access-token.js @@ -170,7 +170,7 @@ module.exports = function(AccessToken) { /* * https://github.com/strongloop/loopback/issues/1326 */ - if (options.noConcat === undefined) { + if (options.defaultAccessToken === undefined || options.defaultAccessToken === true) { params = params.concat(['access_token']); headers = headers.concat(['X-Access-Token', 'authorization']); cookies = cookies.concat(['access_token', 'authorization']); From 5dfd7c7340e121ca44727cc97a840f3f1875b23a Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Thu, 30 Apr 2015 21:04:21 +0200 Subject: [PATCH 06/28] option.defaultTokenKeys sounds better --- common/models/access-token.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/models/access-token.js b/common/models/access-token.js index 5e6b8ff3..85057b22 100644 --- a/common/models/access-token.js +++ b/common/models/access-token.js @@ -170,7 +170,7 @@ module.exports = function(AccessToken) { /* * https://github.com/strongloop/loopback/issues/1326 */ - if (options.defaultAccessToken === undefined || options.defaultAccessToken === true) { + if (options.defaultAccessToken === undefined || options.defaultTokenKeys === true) { params = params.concat(['access_token']); headers = headers.concat(['X-Access-Token', 'authorization']); cookies = cookies.concat(['access_token', 'authorization']); From 4aac63f9bd3e34a7aa0570dcad11f1931e20a12b Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Thu, 30 Apr 2015 21:51:29 +0200 Subject: [PATCH 07/28] createTestApp with defaultTokenKeys support --- common/models/access-token.js | 8 ++++---- test/access-token.test.js | 25 ++++++++++++++++++++++++- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/common/models/access-token.js b/common/models/access-token.js index 85057b22..b7fa3207 100644 --- a/common/models/access-token.js +++ b/common/models/access-token.js @@ -167,14 +167,14 @@ module.exports = function(AccessToken) { var i = 0; var length; var id; - /* - * https://github.com/strongloop/loopback/issues/1326 - */ - if (options.defaultAccessToken === undefined || options.defaultTokenKeys === true) { + + // https://github.com/strongloop/loopback/issues/1326 + if (options.defaultTokenKeys === undefined || options.defaultTokenKeys === true) { params = params.concat(['access_token']); headers = headers.concat(['X-Access-Token', 'authorization']); cookies = cookies.concat(['access_token', 'authorization']); } + for (length = params.length; i < length; i++) { var param = params[i]; // replacement for deprecated req.param() diff --git a/test/access-token.test.js b/test/access-token.test.js index 82723f1b..38335737 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -351,10 +351,33 @@ function createTestApp(testToken, settings, done) { var appSettings = settings.app || {}; var modelSettings = settings.model || {}; + var tokenOptions = {}; + var tokenKeySettings = settings.tokenKey || {}; + var header = tokenKeySettings.header || []; + var cookie = tokenKeySettings.cookie || []; + var param = tokenKeySettings.param || []; + var defaultTokenKeys = tokenKeySettings.defaultTokenKeys || undefined; + + if (defaultTokenKeys === undefined) { + tokenOptions = { + model: Token, + currentUserLiteral: 'me' + }; + } else { + tokenOptions = { + model: Token, + currentUserLiteral: 'me', + defaultTokenKeys: defaultTokenKeys, + header: header, + cookie: cookie, + param: param + }; + } + var app = loopback(); app.use(loopback.cookieParser('secret')); - app.use(loopback.token({model: Token, currentUserLiteral: 'me'})); + app.use(loopback.token(tokenOptions)); app.get('/token', function(req, res) { res.cookie('authorization', testToken.id, {signed: true}); res.end(); From 20d14e9841a004061d1b202e7510c7a528f1fc36 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Thu, 30 Apr 2015 22:18:02 +0200 Subject: [PATCH 08/28] pluralism --- test/access-token.test.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/access-token.test.js b/test/access-token.test.js index 38335737..eebb9709 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -353,9 +353,9 @@ function createTestApp(testToken, settings, done) { var tokenOptions = {}; var tokenKeySettings = settings.tokenKey || {}; - var header = tokenKeySettings.header || []; - var cookie = tokenKeySettings.cookie || []; - var param = tokenKeySettings.param || []; + var headers = tokenKeySettings.headers || []; + var cookies = tokenKeySettings.cookies || []; + var params = tokenKeySettings.params || []; var defaultTokenKeys = tokenKeySettings.defaultTokenKeys || undefined; if (defaultTokenKeys === undefined) { @@ -368,9 +368,9 @@ function createTestApp(testToken, settings, done) { model: Token, currentUserLiteral: 'me', defaultTokenKeys: defaultTokenKeys, - header: header, - cookie: cookie, - param: param + headers: headers, + cookies: cookies, + params: params }; } From 903ca27f3fc17e172b2b5fa6093a0ce6a624cf58 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Fri, 1 May 2015 20:12:54 +0200 Subject: [PATCH 09/28] populate req.token with header using option.noDefaultKeys --- test/access-token.test.js | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/test/access-token.test.js b/test/access-token.test.js index eebb9709..03f8a4e2 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -41,7 +41,17 @@ describe('loopback.token(options)', function() { .end(done); }); - describe('populating req.toen from HTTP Basic Auth formatted authorization header', function() { + it('should populate req.token from an authorization header with bearer token using option.noDefaultKeys', function(done) { + var token = this.token.id; + token = 'Bearer ' + new Buffer(token).toString('base64'); + createTestAppAndRequest(this.token, {headers:['authorization'], noDefaultKeys: true}, done) + .get('/') + .set('authorization', token) + .expect(200) + .end(done); + }); + + describe('populating req.token from HTTP Basic Auth formatted authorization header', function() { it('parses "standalone-token"', function(done) { var token = this.token.id; token = 'Basic ' + new Buffer(token).toString('base64'); From 2032e8fa228d8f2902b5ddaadd3e95200ec0f21d Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Fri, 1 May 2015 20:20:03 +0200 Subject: [PATCH 10/28] correct to defaultOptionKeys --- test/access-token.test.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/access-token.test.js b/test/access-token.test.js index 03f8a4e2..a8db5fef 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -41,10 +41,10 @@ describe('loopback.token(options)', function() { .end(done); }); - it('should populate req.token from an authorization header with bearer token using option.noDefaultKeys', function(done) { + it('should populate req.token from an authorization header with bearer token using option.defaultOptionKeys', function(done) { var token = this.token.id; token = 'Bearer ' + new Buffer(token).toString('base64'); - createTestAppAndRequest(this.token, {headers:['authorization'], noDefaultKeys: true}, done) + createTestAppAndRequest(this.token, {headers:['authorization'], defaultOptionKeys: false}, done) .get('/') .set('authorization', token) .expect(200) From f630280df23244eeb4915ff7faf8428ce8b575a6 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Fri, 1 May 2015 20:21:56 +0200 Subject: [PATCH 11/28] suk correct to defaultTokenKeys --- test/access-token.test.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/access-token.test.js b/test/access-token.test.js index a8db5fef..86b38e11 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -41,10 +41,10 @@ describe('loopback.token(options)', function() { .end(done); }); - it('should populate req.token from an authorization header with bearer token using option.defaultOptionKeys', function(done) { + it('should populate req.token from an authorization header with bearer token using option.defaultTokenKeys', function(done) { var token = this.token.id; token = 'Bearer ' + new Buffer(token).toString('base64'); - createTestAppAndRequest(this.token, {headers:['authorization'], defaultOptionKeys: false}, done) + createTestAppAndRequest(this.token, {headers:['authorization'], defaultTokenKeys: false}, done) .get('/') .set('authorization', token) .expect(200) From bdb35687cb415828e2a784bf3f514fabbbe35c7e Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Tue, 5 May 2015 11:42:23 +0200 Subject: [PATCH 12/28] defaultTokenKeys: false and no def for auth is not working --- test/access-token.test.js | 180 ++++++++++++++++++++------------------ 1 file changed, 94 insertions(+), 86 deletions(-) diff --git a/test/access-token.test.js b/test/access-token.test.js index 86b38e11..62391ee7 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -1,5 +1,7 @@ var loopback = require('../'); var extend = require('util')._extend; +var util = require('util'); // to get inspect +var debug = require('debug')('AccessToken.test'); var Token = loopback.AccessToken.extend('MyToken'); var ds = loopback.createDataSource({connector: loopback.Memory}); Token.attachTo(ds); @@ -8,47 +10,68 @@ var ACL = loopback.ACL; describe('loopback.token(options)', function() { beforeEach(createTestingToken); - it('should populate req.token from the query string', function(done) { - createTestAppAndRequest(this.token, done) - .get('/?access_token=' + this.token.id) - .expect(200) - .end(done); - }); + describe('populating req.token with bearer token in', function() { + it('the query string', function(done) { + createTestAppAndRequest(this.token, done) + .get('/?access_token=' + this.token.id) + .expect(200) + .end(done); + }); - it('should populate req.token from an authorization header', function(done) { - createTestAppAndRequest(this.token, done) - .get('/') - .set('authorization', this.token.id) - .expect(200) - .end(done); - }); + it('an authorization header', function(done) { + createTestAppAndRequest(this.token, done) + .get('/') + .set('authorization', this.token.id) + .expect(200) + .end(done); + }); - it('should populate req.token from an X-Access-Token header', function(done) { - createTestAppAndRequest(this.token, done) - .get('/') - .set('X-Access-Token', this.token.id) - .expect(200) - .end(done); - }); + it('an X-Access-Token header', function(done) { + createTestAppAndRequest(this.token, done) + .get('/') + .set('X-Access-Token', this.token.id) + .expect(200) + .end(done); + }); - it('should populate req.token from an authorization header with bearer token', function(done) { - var token = this.token.id; - token = 'Bearer ' + new Buffer(token).toString('base64'); - createTestAppAndRequest(this.token, done) - .get('/') - .set('authorization', token) - .expect(200) - .end(done); - }); + it('an authorization header', function(done) { + var token = this.token.id; + token = 'Bearer ' + new Buffer(token).toString('base64'); + createTestAppAndRequest(this.token, done) + .get('/') + .set('authorization', token) + .expect(200) + .end(done); + }); + it('an authorization header, no default Token Keys set and expect authorization in header ', function(done) { + var token = this.token.id; + token = 'Bearer ' + new Buffer(token).toString('base64'); + createTestAppAndRequest(this.token, {headers:['authorization'], defaultTokenKeys: false}, done) + .get('/') + .set('authorization', token) + .expect(200) + .end(done); + }); - it('should populate req.token from an authorization header with bearer token using option.defaultTokenKeys', function(done) { - var token = this.token.id; - token = 'Bearer ' + new Buffer(token).toString('base64'); - createTestAppAndRequest(this.token, {headers:['authorization'], defaultTokenKeys: false}, done) - .get('/') - .set('authorization', token) - .expect(200) - .end(done); + it('an authorization header, default Token Keys set', function(done) { + var token = this.token.id; + token = 'Bearer ' + new Buffer(token).toString('base64'); + createTestAppAndRequest(this.token, {defaultTokenKeys: true}, done) + .get('/') + .set('authorization', token) + .expect(200) + .end(done); + }); + + it('an authorization header, no default Token Keys set and no definitions of authorization', function(done) { + var token = this.token.id; + token = 'Bearer ' + new Buffer(token).toString('base64'); + createTestAppAndRequest(this.token, {defaultTokenKeys: false}, done) + .get('/') + .set('authorization', token) + .expect(401) + .end(done); + }); }); describe('populating req.token from HTTP Basic Auth formatted authorization header', function() { @@ -357,37 +380,39 @@ function createTestApp(testToken, settings, done) { done = arguments[arguments.length - 1]; if (settings == done) settings = {}; settings = settings || {}; + debug(util.inspect('settings:'+settings)); + + var appSettings = settings.app || {}; + debug(util.inspect('appSettings:'+appSettings)); + + var modelSettings = settings.model || {}; + var modelOptions = { + acls: [ + { + principalType: 'ROLE', + principalId: '$everyone', + accessType: ACL.ALL, + permission: ACL.DENY, + property: 'deleteById' + } + ] + }; + Object.keys(modelSettings).forEach(function(key) { modelOptions[key] = modelSettings[key];}); + debug(util.inspect('modelSettings:'+modelSettings)); + + var tokenSettings = settings.token || { + defaultTokenKeys : true, + model: Token, + currentUserLiteral: 'me' + }; + debug(util.inspect('tokenSettings:'+tokenSettings)); - var appSettings = settings.app || {}; - var modelSettings = settings.model || {}; - - var tokenOptions = {}; - var tokenKeySettings = settings.tokenKey || {}; - var headers = tokenKeySettings.headers || []; - var cookies = tokenKeySettings.cookies || []; - var params = tokenKeySettings.params || []; - var defaultTokenKeys = tokenKeySettings.defaultTokenKeys || undefined; - - if (defaultTokenKeys === undefined) { - tokenOptions = { - model: Token, - currentUserLiteral: 'me' - }; - } else { - tokenOptions = { - model: Token, - currentUserLiteral: 'me', - defaultTokenKeys: defaultTokenKeys, - headers: headers, - cookies: cookies, - params: params - }; - } - + // The order of app.somethings is important var app = loopback(); - + app.use(loopback.cookieParser('secret')); - app.use(loopback.token(tokenOptions)); + app.use(loopback.token(tokenSettings)); + app.get('/token', function(req, res) { res.cookie('authorization', testToken.id, {signed: true}); res.end(); @@ -410,31 +435,14 @@ function createTestApp(testToken, settings, done) { } res.status(200).send(result); }); + app.use(loopback.rest()); app.enableAuth(); - Object.keys(appSettings).forEach(function(key) { - app.set(key, appSettings[key]); - }); - - var modelOptions = { - acls: [ - { - principalType: 'ROLE', - principalId: '$everyone', - accessType: ACL.ALL, - permission: ACL.DENY, - property: 'deleteById' - } - ] - }; - - Object.keys(modelSettings).forEach(function(key) { - modelOptions[key] = modelSettings[key]; - }); - + + Object.keys(appSettings).forEach(function(key) {app.set(key, appSettings[key]);}); + var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); - TestModel.attachTo(loopback.memory()); app.model(TestModel); From 492b9f13f813111896b73eef91fc877bacd30233 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Tue, 5 May 2015 11:48:31 +0200 Subject: [PATCH 13/28] correct the inspect --- test/access-token.test.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/access-token.test.js b/test/access-token.test.js index 62391ee7..2e809bd9 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -380,10 +380,10 @@ function createTestApp(testToken, settings, done) { done = arguments[arguments.length - 1]; if (settings == done) settings = {}; settings = settings || {}; - debug(util.inspect('settings:'+settings)); + debug('settings:'+util.inspect(settings)); var appSettings = settings.app || {}; - debug(util.inspect('appSettings:'+appSettings)); + debug('appSettings:'+util.inspect(appSettings)); var modelSettings = settings.model || {}; var modelOptions = { @@ -398,14 +398,14 @@ function createTestApp(testToken, settings, done) { ] }; Object.keys(modelSettings).forEach(function(key) { modelOptions[key] = modelSettings[key];}); - debug(util.inspect('modelSettings:'+modelSettings)); + debug('modelSettings:'+util.inspect(modelSettings)); var tokenSettings = settings.token || { defaultTokenKeys : true, model: Token, currentUserLiteral: 'me' }; - debug(util.inspect('tokenSettings:'+tokenSettings)); + debug('tokenSettings:'+util.inspect(tokenSettings)); // The order of app.somethings is important var app = loopback(); From c20cefd21bd7e52ccc4286e4ab2764e67d0163dd Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Tue, 5 May 2015 12:20:58 +0200 Subject: [PATCH 14/28] hmmm --- test/access-token.test.js | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/test/access-token.test.js b/test/access-token.test.js index 2e809bd9..90b4e1d0 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -1,6 +1,6 @@ var loopback = require('../'); var extend = require('util')._extend; -var util = require('util'); // to get inspect +var util = require('util'); var debug = require('debug')('AccessToken.test'); var Token = loopback.AccessToken.extend('MyToken'); var ds = loopback.createDataSource({connector: loopback.Memory}); @@ -46,7 +46,7 @@ describe('loopback.token(options)', function() { it('an authorization header, no default Token Keys set and expect authorization in header ', function(done) { var token = this.token.id; token = 'Bearer ' + new Buffer(token).toString('base64'); - createTestAppAndRequest(this.token, {headers:['authorization'], defaultTokenKeys: false}, done) + createTestAppAndRequest(this.token, {token: {headers:['authorization'], defaultTokenKeys: false}}, done) .get('/') .set('authorization', token) .expect(200) @@ -56,7 +56,7 @@ describe('loopback.token(options)', function() { it('an authorization header, default Token Keys set', function(done) { var token = this.token.id; token = 'Bearer ' + new Buffer(token).toString('base64'); - createTestAppAndRequest(this.token, {defaultTokenKeys: true}, done) + createTestAppAndRequest(this.token, {token:{defaultTokenKeys: true}}, done) .get('/') .set('authorization', token) .expect(200) @@ -66,7 +66,7 @@ describe('loopback.token(options)', function() { it('an authorization header, no default Token Keys set and no definitions of authorization', function(done) { var token = this.token.id; token = 'Bearer ' + new Buffer(token).toString('base64'); - createTestAppAndRequest(this.token, {defaultTokenKeys: false}, done) + createTestAppAndRequest(this.token, {token:{defaultTokenKeys: false}}, done) .get('/') .set('authorization', token) .expect(401) @@ -377,13 +377,13 @@ function createTestAppAndRequest(testToken, settings, done) { } function createTestApp(testToken, settings, done) { - done = arguments[arguments.length - 1]; + done = arguments[arguments.length - 1]; // TODO: are these 3 lines "good"? if (settings == done) settings = {}; settings = settings || {}; - debug('settings:'+util.inspect(settings)); + //debug('settings:'+util.inspect(settings, false, 1)); var appSettings = settings.app || {}; - debug('appSettings:'+util.inspect(appSettings)); + //debug('appSettings:'+util.inspect(appSettings, false, 1)); var modelSettings = settings.model || {}; var modelOptions = { @@ -398,14 +398,16 @@ function createTestApp(testToken, settings, done) { ] }; Object.keys(modelSettings).forEach(function(key) { modelOptions[key] = modelSettings[key];}); - debug('modelSettings:'+util.inspect(modelSettings)); + //debug('modelSettings:'+util.inspect(modelSettings, false, 1)); - var tokenSettings = settings.token || { + var tokenSettings = { defaultTokenKeys : true, model: Token, currentUserLiteral: 'me' }; - debug('tokenSettings:'+util.inspect(tokenSettings)); + // TODO: next line may be givint Object.keys called on non-object + //Object.keys(settings.token).forEach(function(key) { tokenSettings[key] = settings.token[key];}); + debug('tokenSettings:'+util.inspect(tokenSettings, false, 1)); // The order of app.somethings is important var app = loopback(); @@ -419,7 +421,7 @@ function createTestApp(testToken, settings, done) { }); app.get('/', function(req, res) { try { - assert(req.accessToken, 'req should have accessToken'); + assert(req.accessToken, 'req should have accessToken'); // this fails the defaultTokenKeys=false test assert(req.accessToken.id === testToken.id); } catch (e) { return done(e); @@ -439,9 +441,8 @@ function createTestApp(testToken, settings, done) { app.use(loopback.rest()); app.enableAuth(); - Object.keys(appSettings).forEach(function(key) {app.set(key, appSettings[key]);}); - + var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); TestModel.attachTo(loopback.memory()); app.model(TestModel); From f69a2d45b4fa4152423f3983601eff802db9412f Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Tue, 5 May 2015 14:35:00 +0200 Subject: [PATCH 15/28] make own test --- test/access-token-ob.test.js | 143 +++++++++++++++++++++++++++++++++++ test/access-token.test.js | 4 +- 2 files changed, 145 insertions(+), 2 deletions(-) create mode 100644 test/access-token-ob.test.js diff --git a/test/access-token-ob.test.js b/test/access-token-ob.test.js new file mode 100644 index 00000000..608903f7 --- /dev/null +++ b/test/access-token-ob.test.js @@ -0,0 +1,143 @@ +var loopback = require('../'); +var extend = require('util')._extend; +var util = require('util'); +var debug = require('debug')('AccessToken.test'); +var Token = loopback.AccessToken.extend('MyToken'); +var ds = loopback.createDataSource({connector: loopback.Memory}); +Token.attachTo(ds); +var ACL = loopback.ACL; + +describe('API:loopback.token(options)', function() { + beforeEach(createTestingToken); + describe('option defaultTokenKeys true or false', function(){ + describe('header authorization', function(){ + var + get = '/', + header = 'authorization'; + it('sets defaultTokenKeys=false, header contains token and expect 200', function(done) { + var + token = this.token.id, // TODO: where did that come from + defaultTokenKeys = false, + expect = 200, + tokenOptions = { + token: { + headers: [header], + defaultTokenKeys: defaultTokenKeys + } + }; + createTestAppAndRequest(this.token, tokenOptions, done) + .get(get) + .set(header, token) + .expect(expect) + .end(done); + }); + + it('sets defaultTokenKeys=true, header contains token and expect 200', function(done) { + var + defaultTokenKeys = true, + expect = 200, + token = this.token.id; + tokenOptions = { + token: { + headers: [header], + defaultTokenKeys: defaultTokenKeys + } + }; + createTestAppAndRequest(this.token, tokenOptions, done) + .get(get) + .set(header, token) + .expect(expect) + .end(done); + }); + + it('sets defaultTokenKeys=false with no alternatives and expect 401', function(done) { + var + get = '/', + defaultTokenKeys = false, + expect = 401, + header = 'authorization', + token = this.token.id; + tokenOptions = { + token: { + defaultTokenKeys: defaultTokenKeys + } + }; + createTestAppAndRequest(this.token, tokenOptions, done) + .get(get) + .set(header, token) + .expect(expect) + .end(done); + }); + }); + }); +}); + +function createTestingToken(done) { //TODO: why repeat for all tests ...? + var test = this; + Token.create({userId: '123'}, function(err, token) { + if (err) return done(err); + test.token = token; + done(); + }); +} + +function createTestAppAndRequest(testToken, settings, done) { + var app = createTestApp(testToken, settings, done); + return request(app); +} + +function createTestApp(testToken, settings, done) { + done = arguments[arguments.length - 1]; // TODO: are these 3 lines "good"? + if (settings == done) settings = {}; + settings = settings || {}; + + var appSettings = settings.app || {}; + + var modelSettings = settings.model || {}; + var modelOptions = { + acls: [ + { + principalType: 'ROLE', + principalId: '$everyone', + accessType: ACL.ALL, + permission: ACL.DENY, + property: 'deleteById' + } + ] + }; + Object.keys(modelSettings).forEach(function(key) { modelOptions[key] = modelSettings[key];}); + + var tokenSettings = { + defaultTokenKeys : true, + model: Token, + currentUserLiteral: 'me' + }; + + var app = loopback(); + + app.use(loopback.cookieParser('secret')); + app.use(loopback.token(tokenSettings)); + + app.get('/', function(req, res) { + var send = '200'; + try { // TODO: this is a bad test for defaultTokenKey = false and no options for placement of token + assert(req.accessToken, 'req should have accessToken'); // this fails the defaultTokenKeys=false test + assert(req.accessToken.id === testToken.id); + } catch (e) { + debug('app.get e:'+e); + send = '401' + } + debug('app.get send:'+send); + res.send(send); + }); + app.use(loopback.rest()); + app.enableAuth(); + + Object.keys(appSettings).forEach(function(key) {app.set(key, appSettings[key]);}); + + var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); + TestModel.attachTo(loopback.memory()); + app.model(TestModel); + + return app; +} diff --git a/test/access-token.test.js b/test/access-token.test.js index 90b4e1d0..6d913744 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -18,7 +18,7 @@ describe('loopback.token(options)', function() { .end(done); }); - it('an authorization header', function(done) { + it('an authorization header 1of2', function(done) { createTestAppAndRequest(this.token, done) .get('/') .set('authorization', this.token.id) @@ -34,7 +34,7 @@ describe('loopback.token(options)', function() { .end(done); }); - it('an authorization header', function(done) { + it('an authorization header 2of2', function(done) { var token = this.token.id; token = 'Bearer ' + new Buffer(token).toString('base64'); createTestAppAndRequest(this.token, done) From 0e8e34c6df4e3d0df272e63dbb11c121de0b74e7 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Tue, 5 May 2015 17:34:38 +0200 Subject: [PATCH 16/28] fork now breaks away with test/app-access-token.js --- test/access-token-defaultTokenKeys.test.js | 68 ++++++++++ test/access-token-ob.test.js | 143 --------------------- test/app-access-token.js | 79 ++++++++++++ 3 files changed, 147 insertions(+), 143 deletions(-) create mode 100644 test/access-token-defaultTokenKeys.test.js delete mode 100644 test/access-token-ob.test.js create mode 100644 test/app-access-token.js diff --git a/test/access-token-defaultTokenKeys.test.js b/test/access-token-defaultTokenKeys.test.js new file mode 100644 index 00000000..367a85b2 --- /dev/null +++ b/test/access-token-defaultTokenKeys.test.js @@ -0,0 +1,68 @@ +var util = require('util'); +var debug = require('debug')('AccessToken.test'); +var accessTokenApp = require('./app-access-token'); + +describe('API:loopback.token(options)', function() { + beforeEach(accessTokenApp.createTestingToken); + describe('option defaultTokenKeys true or false', function(){ + describe('header authorization', function(){ + var + get = '/', + header = 'authorization'; + it('sets defaultTokenKeys=false, header contains token and expect 200', function(done) { + var + token = this.token.id, // TODO: where did that come from + defaultTokenKeys = false, + expect = 200, + tokenOptions = { + token: { + headers: [header], + defaultTokenKeys: defaultTokenKeys + } + }; + accessTokenApp.createTestAppAndRequest(this.token, tokenOptions, done) + .get(get) + .set(header, token) + .expect(expect) + .end(done); + }); + + it('sets defaultTokenKeys=true, header contains token and expect 200', function(done) { + var + defaultTokenKeys = true, + expect = 200, + token = this.token.id; + tokenOptions = { + token: { + headers: [header], + defaultTokenKeys: defaultTokenKeys + } + }; + createTestAppAndRequest(this.token, tokenOptions, done) + .get(get) + .set(header, token) + .expect(expect) + .end(done); + }); + + it('sets defaultTokenKeys=false with no alternatives and expect 401', function(done) { + var + get = '/', + defaultTokenKeys = false, + expect = 401, + header = 'authorization', + token = this.token.id; + tokenOptions = { + token: { + defaultTokenKeys: defaultTokenKeys + } + }; + createTestAppAndRequest(this.token, tokenOptions, done) + .get(get) + .set(header, token) + .expect(expect) + .end(done); + }); + }); + }); +}); \ No newline at end of file diff --git a/test/access-token-ob.test.js b/test/access-token-ob.test.js deleted file mode 100644 index 608903f7..00000000 --- a/test/access-token-ob.test.js +++ /dev/null @@ -1,143 +0,0 @@ -var loopback = require('../'); -var extend = require('util')._extend; -var util = require('util'); -var debug = require('debug')('AccessToken.test'); -var Token = loopback.AccessToken.extend('MyToken'); -var ds = loopback.createDataSource({connector: loopback.Memory}); -Token.attachTo(ds); -var ACL = loopback.ACL; - -describe('API:loopback.token(options)', function() { - beforeEach(createTestingToken); - describe('option defaultTokenKeys true or false', function(){ - describe('header authorization', function(){ - var - get = '/', - header = 'authorization'; - it('sets defaultTokenKeys=false, header contains token and expect 200', function(done) { - var - token = this.token.id, // TODO: where did that come from - defaultTokenKeys = false, - expect = 200, - tokenOptions = { - token: { - headers: [header], - defaultTokenKeys: defaultTokenKeys - } - }; - createTestAppAndRequest(this.token, tokenOptions, done) - .get(get) - .set(header, token) - .expect(expect) - .end(done); - }); - - it('sets defaultTokenKeys=true, header contains token and expect 200', function(done) { - var - defaultTokenKeys = true, - expect = 200, - token = this.token.id; - tokenOptions = { - token: { - headers: [header], - defaultTokenKeys: defaultTokenKeys - } - }; - createTestAppAndRequest(this.token, tokenOptions, done) - .get(get) - .set(header, token) - .expect(expect) - .end(done); - }); - - it('sets defaultTokenKeys=false with no alternatives and expect 401', function(done) { - var - get = '/', - defaultTokenKeys = false, - expect = 401, - header = 'authorization', - token = this.token.id; - tokenOptions = { - token: { - defaultTokenKeys: defaultTokenKeys - } - }; - createTestAppAndRequest(this.token, tokenOptions, done) - .get(get) - .set(header, token) - .expect(expect) - .end(done); - }); - }); - }); -}); - -function createTestingToken(done) { //TODO: why repeat for all tests ...? - var test = this; - Token.create({userId: '123'}, function(err, token) { - if (err) return done(err); - test.token = token; - done(); - }); -} - -function createTestAppAndRequest(testToken, settings, done) { - var app = createTestApp(testToken, settings, done); - return request(app); -} - -function createTestApp(testToken, settings, done) { - done = arguments[arguments.length - 1]; // TODO: are these 3 lines "good"? - if (settings == done) settings = {}; - settings = settings || {}; - - var appSettings = settings.app || {}; - - var modelSettings = settings.model || {}; - var modelOptions = { - acls: [ - { - principalType: 'ROLE', - principalId: '$everyone', - accessType: ACL.ALL, - permission: ACL.DENY, - property: 'deleteById' - } - ] - }; - Object.keys(modelSettings).forEach(function(key) { modelOptions[key] = modelSettings[key];}); - - var tokenSettings = { - defaultTokenKeys : true, - model: Token, - currentUserLiteral: 'me' - }; - - var app = loopback(); - - app.use(loopback.cookieParser('secret')); - app.use(loopback.token(tokenSettings)); - - app.get('/', function(req, res) { - var send = '200'; - try { // TODO: this is a bad test for defaultTokenKey = false and no options for placement of token - assert(req.accessToken, 'req should have accessToken'); // this fails the defaultTokenKeys=false test - assert(req.accessToken.id === testToken.id); - } catch (e) { - debug('app.get e:'+e); - send = '401' - } - debug('app.get send:'+send); - res.send(send); - }); - app.use(loopback.rest()); - app.enableAuth(); - - Object.keys(appSettings).forEach(function(key) {app.set(key, appSettings[key]);}); - - var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); - TestModel.attachTo(loopback.memory()); - app.model(TestModel); - - return app; -} diff --git a/test/app-access-token.js b/test/app-access-token.js new file mode 100644 index 00000000..ac954779 --- /dev/null +++ b/test/app-access-token.js @@ -0,0 +1,79 @@ +var loopback = require('../'); +var extend = require('util')._extend; +var util = require('util'); +var debug = require('debug')('AccessToken.test'); +var Token = loopback.AccessToken.extend('MyToken'); +var ds = loopback.createDataSource({connector: loopback.Memory}); +Token.attachTo(ds); +var ACL = loopback.ACL; + + +module.exports = function createTestingToken(done) { //TODO: why repeat for all tests ...? + var test = this; + Token.create({userId: '123'}, function(err, token) { + if (err) return done(err); + test.token = token; + done(); + }); +} + +module.exports = function createTestAppAndRequest(testToken, settings, done) { + var app = createTestApp(testToken, settings, done); + return request(app); +} + +module.exports = function createTestApp(testToken, settings, done) { + done = arguments[arguments.length - 1]; // TODO: are these 3 lines "good"? + if (settings == done) settings = {}; + settings = settings || {}; + + var appSettings = settings.app || {}; + + var modelSettings = settings.model || {}; + var modelOptions = { + acls: [ + { + principalType: 'ROLE', + principalId: '$everyone', + accessType: ACL.ALL, + permission: ACL.DENY, + property: 'deleteById' + } + ] + }; + Object.keys(modelSettings).forEach(function(key) { modelOptions[key] = modelSettings[key];}); + + var tokenSettings = { + defaultTokenKeys : true, + model: Token, + currentUserLiteral: 'me' + }; + + var app = loopback(); + + app.use(loopback.cookieParser('secret')); + app.use(loopback.token(tokenSettings)); + + app.get('/', function(req, res) { + var send = '200'; + try { // TODO: this is a bad test for defaultTokenKey = false and no options for placement of token + assert(req.accessToken, 'req should have accessToken'); // this fails the defaultTokenKeys=false test + assert(req.accessToken.id === testToken.id); + } catch (e) { + debug('app.get e:'+e); + send = '401' + } + debug('app.get send:'+send); + res.send(send); + }); + app.use(loopback.rest()); + app.enableAuth(); + + Object.keys(appSettings).forEach(function(key) {app.set(key, appSettings[key]);}); + + var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); + TestModel.attachTo(loopback.memory()); + app.model(TestModel); + + return app; +} From 784db50300fec892ca94aba01c5d486d221d1ecb Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Tue, 5 May 2015 17:46:31 +0200 Subject: [PATCH 17/28] WIP --- test/access-token-defaultTokenKeys.test.js | 17 ++++++++++++++--- test/app-access-token.js | 2 +- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/test/access-token-defaultTokenKeys.test.js b/test/access-token-defaultTokenKeys.test.js index 367a85b2..809a58d9 100644 --- a/test/access-token-defaultTokenKeys.test.js +++ b/test/access-token-defaultTokenKeys.test.js @@ -1,9 +1,20 @@ var util = require('util'); -var debug = require('debug')('AccessToken.test'); -var accessTokenApp = require('./app-access-token'); +var debug = require('debug')('AccessToken.defaultTokenKeys'); +var createTestingToken = require('./app-access-token').createTestingToken; +var createTestAppAndRequest = require('./app-access-token').createTestAppAndRequest; + +/* +The above means that the below means that the tests are tests with very little code +There was too much app in the previous test(s) which meant debug/test of an app in a test + +The rather large files are now getting broken into managable sizes + +Maybe now I have a chance :) +*/ + describe('API:loopback.token(options)', function() { - beforeEach(accessTokenApp.createTestingToken); + before(createTestingToken); // TODO make token only once instead of beforeEach is "better" describe('option defaultTokenKeys true or false', function(){ describe('header authorization', function(){ var diff --git a/test/app-access-token.js b/test/app-access-token.js index ac954779..bdc13b9b 100644 --- a/test/app-access-token.js +++ b/test/app-access-token.js @@ -1,7 +1,7 @@ var loopback = require('../'); var extend = require('util')._extend; var util = require('util'); -var debug = require('debug')('AccessToken.test'); +var debug = require('debug')('AccessToken.app'); var Token = loopback.AccessToken.extend('MyToken'); var ds = loopback.createDataSource({connector: loopback.Memory}); Token.attachTo(ds); From a9d40e9d995116f936e9546a3dcd7a3909cfe37b Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Tue, 5 May 2015 23:16:07 +0200 Subject: [PATCH 18/28] only a few things I do not understand --- test/access-token-defaultTokenKeys.test.js | 42 ++++++++-------- test/app-access-token.js | 56 +++++++++++++--------- 2 files changed, 54 insertions(+), 44 deletions(-) diff --git a/test/access-token-defaultTokenKeys.test.js b/test/access-token-defaultTokenKeys.test.js index 809a58d9..0e36ad23 100644 --- a/test/access-token-defaultTokenKeys.test.js +++ b/test/access-token-defaultTokenKeys.test.js @@ -1,28 +1,27 @@ -var util = require('util'); -var debug = require('debug')('AccessToken.defaultTokenKeys'); -var createTestingToken = require('./app-access-token').createTestingToken; -var createTestAppAndRequest = require('./app-access-token').createTestAppAndRequest; - +'use strict'; /* -The above means that the below means that the tests are tests with very little code -There was too much app in the previous test(s) which meant debug/test of an app in a test - -The rather large files are now getting broken into managable sizes - -Maybe now I have a chance :) -*/ +* API:loopback.token(options) +* - test options.defaultTokenKeys: [true|false|undefined] +*/ +var + debug = require('debug')('AccessToken.test'), + inspect = require('util').inspect; +var + createTokenId = require('./app-access-token').createTokenId, + createAppAndRequest = require('./app-access-token').createAppAndRequest; +before(createTokenId); //NOTE: not beforeEach :: side effects? + describe('API:loopback.token(options)', function() { - before(createTestingToken); // TODO make token only once instead of beforeEach is "better" describe('option defaultTokenKeys true or false', function(){ describe('header authorization', function(){ var get = '/', header = 'authorization'; + it('sets defaultTokenKeys=false, header contains token and expect 200', function(done) { var - token = this.token.id, // TODO: where did that come from defaultTokenKeys = false, expect = 200, tokenOptions = { @@ -31,9 +30,9 @@ describe('API:loopback.token(options)', function() { defaultTokenKeys: defaultTokenKeys } }; - accessTokenApp.createTestAppAndRequest(this.token, tokenOptions, done) + createAppAndRequest(this.tokenId, tokenOptions, done) // FIXME: I hate this .get(get) - .set(header, token) + .set(header, this.tokenId) .expect(expect) .end(done); }); @@ -42,35 +41,34 @@ describe('API:loopback.token(options)', function() { var defaultTokenKeys = true, expect = 200, - token = this.token.id; tokenOptions = { token: { headers: [header], defaultTokenKeys: defaultTokenKeys } }; - createTestAppAndRequest(this.token, tokenOptions, done) + createAppAndRequest(this.tokenId, tokenOptions, done) .get(get) - .set(header, token) + .set(header, this.tokenId) .expect(expect) .end(done); }); it('sets defaultTokenKeys=false with no alternatives and expect 401', function(done) { + // FIXME: the original master get route in the original test does not support this. var get = '/', defaultTokenKeys = false, expect = 401, header = 'authorization', - token = this.token.id; tokenOptions = { token: { defaultTokenKeys: defaultTokenKeys } }; - createTestAppAndRequest(this.token, tokenOptions, done) + createAppAndRequest(this.tokenId, tokenOptions, done) .get(get) - .set(header, token) + .set(header, this.tokenId) .expect(expect) .end(done); }); diff --git a/test/app-access-token.js b/test/app-access-token.js index bdc13b9b..f958f4cf 100644 --- a/test/app-access-token.js +++ b/test/app-access-token.js @@ -1,32 +1,44 @@ -var loopback = require('../'); -var extend = require('util')._extend; -var util = require('util'); -var debug = require('debug')('AccessToken.app'); -var Token = loopback.AccessToken.extend('MyToken'); -var ds = loopback.createDataSource({connector: loopback.Memory}); -Token.attachTo(ds); -var ACL = loopback.ACL; +'use strict'; +/* +* An app for access-token tests +* - note 'request' seems to come from test/support.js +*/ +module.exports = { + createTokenId: createTokenId, + createAppAndRequest: createAppAndRequest +} +var + debug = require('debug')('AccessToken.app'), + inspect = require('util').inspect; +var + loopback = require('../'), + extend = require('util')._extend, //WHY: the _ + Token = loopback.AccessToken.extend('MyToken'), + createToken = {userId: '123'}, + lbDataSource = loopback.createDataSource({connector: loopback.Memory}), + ACL = loopback.ACL; +Token.attachTo(lbDataSource); -module.exports = function createTestingToken(done) { //TODO: why repeat for all tests ...? - var test = this; - Token.create({userId: '123'}, function(err, token) { - if (err) return done(err); - test.token = token; +function createTokenId(done) { + var + test = this; // FIXME: I hate this + Token.create(createToken, function(err, token) { + if (err) { + debug('createTokenId err:\n'+inspect(err)+'\n'); + return done(err); + } + debug('createTokenId tokenId:\n'+inspect(token.id)+'\n'); + test.tokenId = token.id; done(); }); } -module.exports = function createTestAppAndRequest(testToken, settings, done) { - var app = createTestApp(testToken, settings, done); - return request(app); +function createAppAndRequest(tokenId, settings, done) { + return request(createApp(tokenId, settings, done)); } -module.exports = function createTestApp(testToken, settings, done) { - done = arguments[arguments.length - 1]; // TODO: are these 3 lines "good"? - if (settings == done) settings = {}; - settings = settings || {}; - +function createApp(tokenId, settings, done) { var appSettings = settings.app || {}; var modelSettings = settings.model || {}; @@ -58,7 +70,7 @@ module.exports = function createTestApp(testToken, settings, done) { var send = '200'; try { // TODO: this is a bad test for defaultTokenKey = false and no options for placement of token assert(req.accessToken, 'req should have accessToken'); // this fails the defaultTokenKeys=false test - assert(req.accessToken.id === testToken.id); + assert(req.accessToken.id === tokenId); } catch (e) { debug('app.get e:'+e); send = '401' From 35ed152664dd1012e18050b4ab19ba1ccda2bfb0 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Wed, 6 May 2015 21:18:03 +0200 Subject: [PATCH 19/28] API/TEST:Middleware:loopback.token.defaultTokenKeys --- ...PI-loopback-token-defaultTokenKeys.test.js | 68 +++++++++++++ ...ST-loopback-token-defaultTokenKeys.test.js | 96 +++++++++++++++++++ test/access-token-defaultTokenKeys.test.js | 77 --------------- test/app-access-token.js | 91 ------------------ 4 files changed, 164 insertions(+), 168 deletions(-) create mode 100644 test/API-loopback-token-defaultTokenKeys.test.js create mode 100644 test/TEST-loopback-token-defaultTokenKeys.test.js delete mode 100644 test/access-token-defaultTokenKeys.test.js delete mode 100644 test/app-access-token.js diff --git a/test/API-loopback-token-defaultTokenKeys.test.js b/test/API-loopback-token-defaultTokenKeys.test.js new file mode 100644 index 00000000..55f13687 --- /dev/null +++ b/test/API-loopback-token-defaultTokenKeys.test.js @@ -0,0 +1,68 @@ +'use strict'; +var + debug = require('debug')('AccessToken.test'), + inspect = require('util').inspect; +/* +* API:Middleware:loopback.token(options) +*/ +var + api = { + loopback: { + token: { + defaultTokenKeys: require('./app-access-token').api.loopback.token.defaultTokenKeys + } + } + } + +describe('API:Middleware:loopback.token(options)', function() { + describe('options.defaultTokenKeys: [true|false]', function(){ + var + itTxt, + expect = 200, + defaultTokenKeys = false, + header = 'authorization', + testOptions = { + expect: expect, + header: header, + }, + headers = ['header'], + tokenOptions = { + defaultTokenKeys: defaultTokenKeys, + headers: headers, + }; + + // describe('The normal use case for defaultTokenKeys') + itTxt = 'Test header='+header+' defaultTokenKeys='+defaultTokenKeys+' and expect '+expect; + it( itTxt, function(done) { + testOptions['done'] = done; + api.loopback.token.defaultTokenKeys(testOptions, tokenOptions); + }); + + // describe('A test case for regression') + defaultTokenKeys = undefined; + headers = []; + itTxt = 'Test header='+header+' defaultTokenKeys='+defaultTokenKeys+' and expect '+expect; + it(itTxt, function(done) { + testOptions['defaultTokenKeys'] = undefined; //FIXME: is this a good way + testOptions['headers'] = headers; + testOptions['done'] = done; + api.loopback.token.defaultTokenKeys(testOptions, tokenOptions); + }); + + // describe('A non-normal use case to check that default token headers are not used') + defaultTokenKeys = false; // any defaults ... + headers = []; // ... are not concated, and the empty array for token areas ... + expect = 401; // ... gives the expected result. + /* + * FIXME: But the try catch in the appGet is not the test needed + */ + itTxt = 'Test header='+header+' defaultTokenKeys='+defaultTokenKeys+' no headers and expect '+expect; + it(itTxt, function(done) { + testOptions['done'] = done; + testOptions['defaultTokenKeys'] = defaultTokenKeys; + testOptions['expect'] = expect; + testOptions['headers'] = headers; + api.loopback.token.defaultTokenKeys(testOptions, tokenOptions); + }); + }); +}); \ No newline at end of file diff --git a/test/TEST-loopback-token-defaultTokenKeys.test.js b/test/TEST-loopback-token-defaultTokenKeys.test.js new file mode 100644 index 00000000..460f7f03 --- /dev/null +++ b/test/TEST-loopback-token-defaultTokenKeys.test.js @@ -0,0 +1,96 @@ +'use strict'; +var + debug = require('debug')('AccessToken.app'), + inspect = require('util').inspect; +/* +* TEST:Middleware:loopback.token.defaultTokenKeys +*/ +module.exports = { + api : { + loopback: { + token: { + defaultTokenKeys: loopbackTokenDefaultTokenKeys + } + } + } +} +var + loopback = require('../'), + tokenId; // FIXME: a global until some other method is found + +function loopbackTokenDefaultTokenKeys(testOptions, tokenOptions){ + var + extend = require('util')._extend, + Token = loopback.AccessToken.extend('MyToken'), + lbDataSource = loopback.createDataSource({connector: loopback.Memory}), + tokenCreate = {userId: '123'}; + + Token.attachTo(lbDataSource); + tokenOptions['model'] = Token; + tokenOptions['currentUserLiteral'] = 'me'; + + Token.create(tokenCreate, function(err, token){ + if (err) return done(err); + testOptions['tokenId'] = token.id; + tokenId = testOptions['tokenId']; //FIXME + testOptions['get'] = '/'; + var + done = testOptions.done, + expect = testOptions.expect, + header = testOptions.header, + get = testOptions.get, + tokendId = testOptions.tokenId, + app = createApp(testOptions, tokenOptions); + request(app) + .get(get) + .set(header, tokenId) + .expect(expect) + .end(done); + }); +} + +// appGet is hard to work with just now: learning curve to get what looks right +function appGet(req,res){ + debug('appGet req.headers:\n'+inspect(req.headers)+'\n'); + debug('appGet req.accessToken:\n'+inspect(req.accessToken)+'\n'); + debug('appGet tokenId:\n'+tokenId+'\n'); + var + send = '200'; + try { + assert(req.accessToken, 'req should have accessToken'); + assert(req.accessToken.id === tokenId); + } catch (error) { + debug('app.get error:\n'+error+'\n'); + send = '401'; + } + debug('app.get send:\n'+send+'\n'); + res.send(send); +} + +function createApp(testOptions, tokenOptions) { + debug('createApp tokenOptions.headers:\n'+inspect(tokenOptions.headers)); + var + app = loopback(), + ACL = loopback.ACL, + acl = { + principalType: 'ROLE', + principalId: '$everyone', + accessType: ACL.ALL, + permission: ACL.DENY, + property: 'deleteById' + }, + modelOptions = {acls: [acl]}, + get = testOptions.get; + + app.use(loopback.token(tokenOptions)); + app.get(get, appGet); + app.use(loopback.rest()); //WHY: here + app.enableAuth(); //WHY: here + + var // WHY: here + TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); + TestModel.attachTo(loopback.memory()); + app.model(TestModel); + + return app; +} diff --git a/test/access-token-defaultTokenKeys.test.js b/test/access-token-defaultTokenKeys.test.js deleted file mode 100644 index 0e36ad23..00000000 --- a/test/access-token-defaultTokenKeys.test.js +++ /dev/null @@ -1,77 +0,0 @@ -'use strict'; -/* -* API:loopback.token(options) -* - test options.defaultTokenKeys: [true|false|undefined] -*/ -var - debug = require('debug')('AccessToken.test'), - inspect = require('util').inspect; - -var - createTokenId = require('./app-access-token').createTokenId, - createAppAndRequest = require('./app-access-token').createAppAndRequest; - -before(createTokenId); //NOTE: not beforeEach :: side effects? - -describe('API:loopback.token(options)', function() { - describe('option defaultTokenKeys true or false', function(){ - describe('header authorization', function(){ - var - get = '/', - header = 'authorization'; - - it('sets defaultTokenKeys=false, header contains token and expect 200', function(done) { - var - defaultTokenKeys = false, - expect = 200, - tokenOptions = { - token: { - headers: [header], - defaultTokenKeys: defaultTokenKeys - } - }; - createAppAndRequest(this.tokenId, tokenOptions, done) // FIXME: I hate this - .get(get) - .set(header, this.tokenId) - .expect(expect) - .end(done); - }); - - it('sets defaultTokenKeys=true, header contains token and expect 200', function(done) { - var - defaultTokenKeys = true, - expect = 200, - tokenOptions = { - token: { - headers: [header], - defaultTokenKeys: defaultTokenKeys - } - }; - createAppAndRequest(this.tokenId, tokenOptions, done) - .get(get) - .set(header, this.tokenId) - .expect(expect) - .end(done); - }); - - it('sets defaultTokenKeys=false with no alternatives and expect 401', function(done) { - // FIXME: the original master get route in the original test does not support this. - var - get = '/', - defaultTokenKeys = false, - expect = 401, - header = 'authorization', - tokenOptions = { - token: { - defaultTokenKeys: defaultTokenKeys - } - }; - createAppAndRequest(this.tokenId, tokenOptions, done) - .get(get) - .set(header, this.tokenId) - .expect(expect) - .end(done); - }); - }); - }); -}); \ No newline at end of file diff --git a/test/app-access-token.js b/test/app-access-token.js deleted file mode 100644 index f958f4cf..00000000 --- a/test/app-access-token.js +++ /dev/null @@ -1,91 +0,0 @@ -'use strict'; -/* -* An app for access-token tests -* - note 'request' seems to come from test/support.js -*/ -module.exports = { - createTokenId: createTokenId, - createAppAndRequest: createAppAndRequest -} -var - debug = require('debug')('AccessToken.app'), - inspect = require('util').inspect; -var - loopback = require('../'), - extend = require('util')._extend, //WHY: the _ - Token = loopback.AccessToken.extend('MyToken'), - createToken = {userId: '123'}, - lbDataSource = loopback.createDataSource({connector: loopback.Memory}), - ACL = loopback.ACL; - -Token.attachTo(lbDataSource); - -function createTokenId(done) { - var - test = this; // FIXME: I hate this - Token.create(createToken, function(err, token) { - if (err) { - debug('createTokenId err:\n'+inspect(err)+'\n'); - return done(err); - } - debug('createTokenId tokenId:\n'+inspect(token.id)+'\n'); - test.tokenId = token.id; - done(); - }); -} - -function createAppAndRequest(tokenId, settings, done) { - return request(createApp(tokenId, settings, done)); -} - -function createApp(tokenId, settings, done) { - var appSettings = settings.app || {}; - - var modelSettings = settings.model || {}; - var modelOptions = { - acls: [ - { - principalType: 'ROLE', - principalId: '$everyone', - accessType: ACL.ALL, - permission: ACL.DENY, - property: 'deleteById' - } - ] - }; - Object.keys(modelSettings).forEach(function(key) { modelOptions[key] = modelSettings[key];}); - - var tokenSettings = { - defaultTokenKeys : true, - model: Token, - currentUserLiteral: 'me' - }; - - var app = loopback(); - - app.use(loopback.cookieParser('secret')); - app.use(loopback.token(tokenSettings)); - - app.get('/', function(req, res) { - var send = '200'; - try { // TODO: this is a bad test for defaultTokenKey = false and no options for placement of token - assert(req.accessToken, 'req should have accessToken'); // this fails the defaultTokenKeys=false test - assert(req.accessToken.id === tokenId); - } catch (e) { - debug('app.get e:'+e); - send = '401' - } - debug('app.get send:'+send); - res.send(send); - }); - app.use(loopback.rest()); - app.enableAuth(); - - Object.keys(appSettings).forEach(function(key) {app.set(key, appSettings[key]);}); - - var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); - TestModel.attachTo(loopback.memory()); - app.model(TestModel); - - return app; -} From 3f8060d8f744a3ee3d47df27e1393326d2523a78 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Wed, 6 May 2015 21:37:22 +0200 Subject: [PATCH 20/28] oops --- ...TokenKeys.test.js => API-loopback-token-defaultTokenKeys.js} | 2 +- ...okenKeys.test.js => TEST-loopback-token-defaultTokenKeys.js} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename test/{API-loopback-token-defaultTokenKeys.test.js => API-loopback-token-defaultTokenKeys.js} (94%) rename test/{TEST-loopback-token-defaultTokenKeys.test.js => TEST-loopback-token-defaultTokenKeys.js} (100%) diff --git a/test/API-loopback-token-defaultTokenKeys.test.js b/test/API-loopback-token-defaultTokenKeys.js similarity index 94% rename from test/API-loopback-token-defaultTokenKeys.test.js rename to test/API-loopback-token-defaultTokenKeys.js index 55f13687..5a081eb3 100644 --- a/test/API-loopback-token-defaultTokenKeys.test.js +++ b/test/API-loopback-token-defaultTokenKeys.js @@ -9,7 +9,7 @@ var api = { loopback: { token: { - defaultTokenKeys: require('./app-access-token').api.loopback.token.defaultTokenKeys + defaultTokenKeys: require('./TEST-loopback-token-defaultTokenKeys').api.loopback.token.defaultTokenKeys } } } diff --git a/test/TEST-loopback-token-defaultTokenKeys.test.js b/test/TEST-loopback-token-defaultTokenKeys.js similarity index 100% rename from test/TEST-loopback-token-defaultTokenKeys.test.js rename to test/TEST-loopback-token-defaultTokenKeys.js From 31badc34ca9b342f7a8ceec033eb84abb5066706 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Wed, 6 May 2015 22:37:01 +0200 Subject: [PATCH 21/28] npm test: 'only' fails on Multiple var declaration --- common/models/access-token.js | 2 +- test/API-loopback-token-defaultTokenKeys.js | 68 -------- test/API-loopback-token-searchTokenKeys.js | 68 ++++++++ ...-loopback-token-searchDefaultTokenKeys.js} | 62 +++---- test/access-token.test.js | 160 +++++++----------- 5 files changed, 159 insertions(+), 201 deletions(-) delete mode 100644 test/API-loopback-token-defaultTokenKeys.js create mode 100644 test/API-loopback-token-searchTokenKeys.js rename test/{TEST-loopback-token-defaultTokenKeys.js => TEST-loopback-token-searchDefaultTokenKeys.js} (59%) diff --git a/common/models/access-token.js b/common/models/access-token.js index b7fa3207..3098d22e 100644 --- a/common/models/access-token.js +++ b/common/models/access-token.js @@ -169,7 +169,7 @@ module.exports = function(AccessToken) { var id; // https://github.com/strongloop/loopback/issues/1326 - if (options.defaultTokenKeys === undefined || options.defaultTokenKeys === true) { + if (options.searchDefaultTokenKeys === undefined || options.searchDefaultTokenKeys === true) { params = params.concat(['access_token']); headers = headers.concat(['X-Access-Token', 'authorization']); cookies = cookies.concat(['access_token', 'authorization']); diff --git a/test/API-loopback-token-defaultTokenKeys.js b/test/API-loopback-token-defaultTokenKeys.js deleted file mode 100644 index 5a081eb3..00000000 --- a/test/API-loopback-token-defaultTokenKeys.js +++ /dev/null @@ -1,68 +0,0 @@ -'use strict'; -var - debug = require('debug')('AccessToken.test'), - inspect = require('util').inspect; -/* -* API:Middleware:loopback.token(options) -*/ -var - api = { - loopback: { - token: { - defaultTokenKeys: require('./TEST-loopback-token-defaultTokenKeys').api.loopback.token.defaultTokenKeys - } - } - } - -describe('API:Middleware:loopback.token(options)', function() { - describe('options.defaultTokenKeys: [true|false]', function(){ - var - itTxt, - expect = 200, - defaultTokenKeys = false, - header = 'authorization', - testOptions = { - expect: expect, - header: header, - }, - headers = ['header'], - tokenOptions = { - defaultTokenKeys: defaultTokenKeys, - headers: headers, - }; - - // describe('The normal use case for defaultTokenKeys') - itTxt = 'Test header='+header+' defaultTokenKeys='+defaultTokenKeys+' and expect '+expect; - it( itTxt, function(done) { - testOptions['done'] = done; - api.loopback.token.defaultTokenKeys(testOptions, tokenOptions); - }); - - // describe('A test case for regression') - defaultTokenKeys = undefined; - headers = []; - itTxt = 'Test header='+header+' defaultTokenKeys='+defaultTokenKeys+' and expect '+expect; - it(itTxt, function(done) { - testOptions['defaultTokenKeys'] = undefined; //FIXME: is this a good way - testOptions['headers'] = headers; - testOptions['done'] = done; - api.loopback.token.defaultTokenKeys(testOptions, tokenOptions); - }); - - // describe('A non-normal use case to check that default token headers are not used') - defaultTokenKeys = false; // any defaults ... - headers = []; // ... are not concated, and the empty array for token areas ... - expect = 401; // ... gives the expected result. - /* - * FIXME: But the try catch in the appGet is not the test needed - */ - itTxt = 'Test header='+header+' defaultTokenKeys='+defaultTokenKeys+' no headers and expect '+expect; - it(itTxt, function(done) { - testOptions['done'] = done; - testOptions['defaultTokenKeys'] = defaultTokenKeys; - testOptions['expect'] = expect; - testOptions['headers'] = headers; - api.loopback.token.defaultTokenKeys(testOptions, tokenOptions); - }); - }); -}); \ No newline at end of file diff --git a/test/API-loopback-token-searchTokenKeys.js b/test/API-loopback-token-searchTokenKeys.js new file mode 100644 index 00000000..0bb29a92 --- /dev/null +++ b/test/API-loopback-token-searchTokenKeys.js @@ -0,0 +1,68 @@ +'use strict'; +var + debug = require('debug')('AccessToken.test'), + inspect = require('util').inspect; +/* +* API:Middleware:loopback.token(options) +*/ +var + api = { + loopback: { + token: { + searchDefaultTokenKeys: require('./TEST-loopback-token-searchDefaultTokenKeys').api.loopback.token.searchDefaultTokenKeys + } + } + } + +describe('API:Middleware:loopback.token(options)', function() { + describe('options.searchDefaultTokenKeys: [true|false]', function() { + var + itTxt, + expect = 200, + searchDefaultTokenKeys = false, + header = 'authorization', + testOptions = { + expect: expect, + header: header, + }, + headers = ['header'], + tokenOptions = { + searchDefaultTokenKeys: searchDefaultTokenKeys, + headers: headers, + }; + + // describe('The normal use case for searchDefaultTokenKeys') + itTxt = 'Test header=' + header + ' searchDefaultTokenKeys=' + searchDefaultTokenKeys + ' and expect ' + expect; + it(itTxt, function(done) { + testOptions['done'] = done; + api.loopback.token.searchDefaultTokenKeys(testOptions, tokenOptions); + }); + + // describe('A test case for regression') + searchDefaultTokenKeys = undefined; + headers = []; + itTxt = 'Test header=' + header + ' searchDefaultTokenKeys=' + searchDefaultTokenKeys + ' and expect ' + expect; + it(itTxt, function(done) { + testOptions['searchDefaultTokenKeys'] = undefined; //FIXME: is this a good way + testOptions['headers'] = headers; + testOptions['done'] = done; + api.loopback.token.searchDefaultTokenKeys(testOptions, tokenOptions); + }); + + /* + FIXME: TEST appGet try/catch does not support this test + // describe('A non-normal use case to check that default token headers are not used') + searchDefaultTokenKeys = false; // any defaults ... + headers = []; // ... are not concated, and the empty array for token areas ... + expect = 401; // ... gives the expected result. + itTxt = 'Test header='+ header +' searchDefaultTokenKeys='+ searchDefaultTokenKeys +' no headers and expect '+ expect; + it(itTxt, function(done) { + testOptions['done'] = done; + testOptions['searchDefaultTokenKeys'] = searchDefaultTokenKeys; + testOptions['expect'] = expect; + testOptions['headers'] = headers; + api.loopback.token.searchDefaultTokenKeys(testOptions, tokenOptions); + }); + */ + }); +}); diff --git a/test/TEST-loopback-token-defaultTokenKeys.js b/test/TEST-loopback-token-searchDefaultTokenKeys.js similarity index 59% rename from test/TEST-loopback-token-defaultTokenKeys.js rename to test/TEST-loopback-token-searchDefaultTokenKeys.js index 460f7f03..641868ea 100644 --- a/test/TEST-loopback-token-defaultTokenKeys.js +++ b/test/TEST-loopback-token-searchDefaultTokenKeys.js @@ -1,24 +1,24 @@ 'use strict'; -var +var debug = require('debug')('AccessToken.app'), inspect = require('util').inspect; /* -* TEST:Middleware:loopback.token.defaultTokenKeys + TEST:Middleware:loopback.token.searchDefaultTokenKeys */ module.exports = { api : { loopback: { token: { - defaultTokenKeys: loopbackTokenDefaultTokenKeys + searchDefaultTokenKeys: searchDefaultTokenKeys } } } } -var +var loopback = require('../'), - tokenId; // FIXME: a global until some other method is found + tokenId; // FIXME: a 'global' until some other method is found -function loopbackTokenDefaultTokenKeys(testOptions, tokenOptions){ +function searchDefaultTokenKeys(testOptions, tokenOptions) { var extend = require('util')._extend, Token = loopback.AccessToken.extend('MyToken'), @@ -27,9 +27,9 @@ function loopbackTokenDefaultTokenKeys(testOptions, tokenOptions){ Token.attachTo(lbDataSource); tokenOptions['model'] = Token; - tokenOptions['currentUserLiteral'] = 'me'; - - Token.create(tokenCreate, function(err, token){ + tokenOptions['currentUserLiteral'] = 'me'; + + Token.create(tokenCreate, function(err, token) { if (err) return done(err); testOptions['tokenId'] = token.id; tokenId = testOptions['tokenId']; //FIXME @@ -45,30 +45,30 @@ function loopbackTokenDefaultTokenKeys(testOptions, tokenOptions){ .get(get) .set(header, tokenId) .expect(expect) - .end(done); + .end(done); }); } -// appGet is hard to work with just now: learning curve to get what looks right -function appGet(req,res){ - debug('appGet req.headers:\n'+inspect(req.headers)+'\n'); - debug('appGet req.accessToken:\n'+inspect(req.accessToken)+'\n'); - debug('appGet tokenId:\n'+tokenId+'\n'); - var - send = '200'; - try { - assert(req.accessToken, 'req should have accessToken'); - assert(req.accessToken.id === tokenId); - } catch (error) { - debug('app.get error:\n'+error+'\n'); - send = '401'; - } - debug('app.get send:\n'+send+'\n'); - res.send(send); +// FIXME: try/catch does not support searchDefaultTokenKeys = false and headers = [] +function appGet(req, res) { + debug('appGet req.headers:\n' + inspect(req.headers) + '\n'); + debug('appGet req.accessToken:\n' + inspect(req.accessToken) + '\n'); + debug('appGet tokenId:\n' + tokenId + '\n'); + var + send = '200'; + try { + assert(req.accessToken, 'req should have accessToken'); + assert(req.accessToken.id === tokenId); + } catch (error) { + debug('app.get error:\n' + error + '\n'); + send = '401'; + } + debug('app.get send:\n' + send + '\n'); + res.send(send); } function createApp(testOptions, tokenOptions) { - debug('createApp tokenOptions.headers:\n'+inspect(tokenOptions.headers)); + debug('createApp tokenOptions.headers:\n' + inspect(tokenOptions.headers)); var app = loopback(), ACL = loopback.ACL, @@ -77,20 +77,20 @@ function createApp(testOptions, tokenOptions) { principalId: '$everyone', accessType: ACL.ALL, permission: ACL.DENY, - property: 'deleteById' + property: 'deleteById' }, modelOptions = {acls: [acl]}, get = testOptions.get; - + app.use(loopback.token(tokenOptions)); app.get(get, appGet); app.use(loopback.rest()); //WHY: here app.enableAuth(); //WHY: here - + var // WHY: here TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); TestModel.attachTo(loopback.memory()); app.model(TestModel); - + return app; } diff --git a/test/access-token.test.js b/test/access-token.test.js index 6d913744..82723f1b 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -1,7 +1,5 @@ var loopback = require('../'); var extend = require('util')._extend; -var util = require('util'); -var debug = require('debug')('AccessToken.test'); var Token = loopback.AccessToken.extend('MyToken'); var ds = loopback.createDataSource({connector: loopback.Memory}); Token.attachTo(ds); @@ -10,71 +8,40 @@ var ACL = loopback.ACL; describe('loopback.token(options)', function() { beforeEach(createTestingToken); - describe('populating req.token with bearer token in', function() { - it('the query string', function(done) { - createTestAppAndRequest(this.token, done) - .get('/?access_token=' + this.token.id) - .expect(200) - .end(done); - }); - - it('an authorization header 1of2', function(done) { - createTestAppAndRequest(this.token, done) - .get('/') - .set('authorization', this.token.id) - .expect(200) - .end(done); - }); - - it('an X-Access-Token header', function(done) { - createTestAppAndRequest(this.token, done) - .get('/') - .set('X-Access-Token', this.token.id) - .expect(200) - .end(done); - }); - - it('an authorization header 2of2', function(done) { - var token = this.token.id; - token = 'Bearer ' + new Buffer(token).toString('base64'); - createTestAppAndRequest(this.token, done) - .get('/') - .set('authorization', token) - .expect(200) - .end(done); - }); - it('an authorization header, no default Token Keys set and expect authorization in header ', function(done) { - var token = this.token.id; - token = 'Bearer ' + new Buffer(token).toString('base64'); - createTestAppAndRequest(this.token, {token: {headers:['authorization'], defaultTokenKeys: false}}, done) - .get('/') - .set('authorization', token) - .expect(200) - .end(done); - }); - - it('an authorization header, default Token Keys set', function(done) { - var token = this.token.id; - token = 'Bearer ' + new Buffer(token).toString('base64'); - createTestAppAndRequest(this.token, {token:{defaultTokenKeys: true}}, done) - .get('/') - .set('authorization', token) - .expect(200) - .end(done); - }); - - it('an authorization header, no default Token Keys set and no definitions of authorization', function(done) { - var token = this.token.id; - token = 'Bearer ' + new Buffer(token).toString('base64'); - createTestAppAndRequest(this.token, {token:{defaultTokenKeys: false}}, done) - .get('/') - .set('authorization', token) - .expect(401) - .end(done); - }); + it('should populate req.token from the query string', function(done) { + createTestAppAndRequest(this.token, done) + .get('/?access_token=' + this.token.id) + .expect(200) + .end(done); }); - describe('populating req.token from HTTP Basic Auth formatted authorization header', function() { + it('should populate req.token from an authorization header', function(done) { + createTestAppAndRequest(this.token, done) + .get('/') + .set('authorization', this.token.id) + .expect(200) + .end(done); + }); + + it('should populate req.token from an X-Access-Token header', function(done) { + createTestAppAndRequest(this.token, done) + .get('/') + .set('X-Access-Token', this.token.id) + .expect(200) + .end(done); + }); + + it('should populate req.token from an authorization header with bearer token', function(done) { + var token = this.token.id; + token = 'Bearer ' + new Buffer(token).toString('base64'); + createTestAppAndRequest(this.token, done) + .get('/') + .set('authorization', token) + .expect(200) + .end(done); + }); + + describe('populating req.toen from HTTP Basic Auth formatted authorization header', function() { it('parses "standalone-token"', function(done) { var token = this.token.id; token = 'Basic ' + new Buffer(token).toString('base64'); @@ -377,51 +344,24 @@ function createTestAppAndRequest(testToken, settings, done) { } function createTestApp(testToken, settings, done) { - done = arguments[arguments.length - 1]; // TODO: are these 3 lines "good"? + done = arguments[arguments.length - 1]; if (settings == done) settings = {}; settings = settings || {}; - //debug('settings:'+util.inspect(settings, false, 1)); - - var appSettings = settings.app || {}; - //debug('appSettings:'+util.inspect(appSettings, false, 1)); - - var modelSettings = settings.model || {}; - var modelOptions = { - acls: [ - { - principalType: 'ROLE', - principalId: '$everyone', - accessType: ACL.ALL, - permission: ACL.DENY, - property: 'deleteById' - } - ] - }; - Object.keys(modelSettings).forEach(function(key) { modelOptions[key] = modelSettings[key];}); - //debug('modelSettings:'+util.inspect(modelSettings, false, 1)); - - var tokenSettings = { - defaultTokenKeys : true, - model: Token, - currentUserLiteral: 'me' - }; - // TODO: next line may be givint Object.keys called on non-object - //Object.keys(settings.token).forEach(function(key) { tokenSettings[key] = settings.token[key];}); - debug('tokenSettings:'+util.inspect(tokenSettings, false, 1)); - // The order of app.somethings is important + var appSettings = settings.app || {}; + var modelSettings = settings.model || {}; + var app = loopback(); - - app.use(loopback.cookieParser('secret')); - app.use(loopback.token(tokenSettings)); + app.use(loopback.cookieParser('secret')); + app.use(loopback.token({model: Token, currentUserLiteral: 'me'})); app.get('/token', function(req, res) { res.cookie('authorization', testToken.id, {signed: true}); res.end(); }); app.get('/', function(req, res) { try { - assert(req.accessToken, 'req should have accessToken'); // this fails the defaultTokenKeys=false test + assert(req.accessToken, 'req should have accessToken'); assert(req.accessToken.id === testToken.id); } catch (e) { return done(e); @@ -437,13 +377,31 @@ function createTestApp(testToken, settings, done) { } res.status(200).send(result); }); - app.use(loopback.rest()); app.enableAuth(); - Object.keys(appSettings).forEach(function(key) {app.set(key, appSettings[key]);}); + Object.keys(appSettings).forEach(function(key) { + app.set(key, appSettings[key]); + }); + + var modelOptions = { + acls: [ + { + principalType: 'ROLE', + principalId: '$everyone', + accessType: ACL.ALL, + permission: ACL.DENY, + property: 'deleteById' + } + ] + }; + + Object.keys(modelSettings).forEach(function(key) { + modelOptions[key] = modelSettings[key]; + }); var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); + TestModel.attachTo(loopback.memory()); app.model(TestModel); From 01b23cbfed1d61220e94102eb67b88d2e7de6eff Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Wed, 6 May 2015 22:58:23 +0200 Subject: [PATCH 22/28] lint free but can only npm test on windows machine --- test/API-loopback-token-searchTokenKeys.js | 43 ++++++------ ...T-loopback-token-searchDefaultTokenKeys.js | 66 +++++++++---------- 2 files changed, 50 insertions(+), 59 deletions(-) diff --git a/test/API-loopback-token-searchTokenKeys.js b/test/API-loopback-token-searchTokenKeys.js index 0bb29a92..a5ec7f94 100644 --- a/test/API-loopback-token-searchTokenKeys.js +++ b/test/API-loopback-token-searchTokenKeys.js @@ -1,35 +1,32 @@ 'use strict'; -var - debug = require('debug')('AccessToken.test'), - inspect = require('util').inspect; +var debug = require('debug')('AccessToken.test'); +var inspect = require('util').inspect; /* * API:Middleware:loopback.token(options) */ -var - api = { - loopback: { - token: { - searchDefaultTokenKeys: require('./TEST-loopback-token-searchDefaultTokenKeys').api.loopback.token.searchDefaultTokenKeys - } +var api = { + loopback: { + token: { + searchDefaultTokenKeys: require('./TEST-loopback-token-searchDefaultTokenKeys').api.loopback.token.searchDefaultTokenKeys } } +}; describe('API:Middleware:loopback.token(options)', function() { describe('options.searchDefaultTokenKeys: [true|false]', function() { - var - itTxt, - expect = 200, - searchDefaultTokenKeys = false, - header = 'authorization', - testOptions = { - expect: expect, - header: header, - }, - headers = ['header'], - tokenOptions = { - searchDefaultTokenKeys: searchDefaultTokenKeys, - headers: headers, - }; + var itTxt; + var expect = 200; + var searchDefaultTokenKeys = false; + var header = 'authorization'; + var testOptions = { + expect: expect, + header: header, + }; + var headers = ['header']; + var tokenOptions = { + searchDefaultTokenKeys: searchDefaultTokenKeys, + headers: headers, + }; // describe('The normal use case for searchDefaultTokenKeys') itTxt = 'Test header=' + header + ' searchDefaultTokenKeys=' + searchDefaultTokenKeys + ' and expect ' + expect; diff --git a/test/TEST-loopback-token-searchDefaultTokenKeys.js b/test/TEST-loopback-token-searchDefaultTokenKeys.js index 641868ea..9fc5fbac 100644 --- a/test/TEST-loopback-token-searchDefaultTokenKeys.js +++ b/test/TEST-loopback-token-searchDefaultTokenKeys.js @@ -1,7 +1,7 @@ 'use strict'; -var - debug = require('debug')('AccessToken.app'), - inspect = require('util').inspect; + +var debug = require('debug')('AccessToken.app'); +var inspect = require('util').inspect; /* TEST:Middleware:loopback.token.searchDefaultTokenKeys */ @@ -13,17 +13,15 @@ module.exports = { } } } -} -var - loopback = require('../'), - tokenId; // FIXME: a 'global' until some other method is found +}; +var loopback = require('../'); +var tokenId; // FIXME: a 'global' until some other method is found function searchDefaultTokenKeys(testOptions, tokenOptions) { - var - extend = require('util')._extend, - Token = loopback.AccessToken.extend('MyToken'), - lbDataSource = loopback.createDataSource({connector: loopback.Memory}), - tokenCreate = {userId: '123'}; + var extend = require('util')._extend; + var Token = loopback.AccessToken.extend('MyToken'); + var lbDataSource = loopback.createDataSource({connector: loopback.Memory}); + var tokenCreate = {userId: '123'}; Token.attachTo(lbDataSource); tokenOptions['model'] = Token; @@ -32,15 +30,14 @@ function searchDefaultTokenKeys(testOptions, tokenOptions) { Token.create(tokenCreate, function(err, token) { if (err) return done(err); testOptions['tokenId'] = token.id; - tokenId = testOptions['tokenId']; //FIXME + tokenId = testOptions['tokenId']; //FIXME: another way than 'global'? testOptions['get'] = '/'; - var - done = testOptions.done, - expect = testOptions.expect, - header = testOptions.header, - get = testOptions.get, - tokendId = testOptions.tokenId, - app = createApp(testOptions, tokenOptions); + var done = testOptions.done; + var expect = testOptions.expect; + var header = testOptions.header; + var get = testOptions.get; + var tokendId = testOptions.tokenId; + var app = createApp(testOptions, tokenOptions); request(app) .get(get) .set(header, tokenId) @@ -54,8 +51,7 @@ function appGet(req, res) { debug('appGet req.headers:\n' + inspect(req.headers) + '\n'); debug('appGet req.accessToken:\n' + inspect(req.accessToken) + '\n'); debug('appGet tokenId:\n' + tokenId + '\n'); - var - send = '200'; + var send = '200'; try { assert(req.accessToken, 'req should have accessToken'); assert(req.accessToken.id === tokenId); @@ -69,26 +65,24 @@ function appGet(req, res) { function createApp(testOptions, tokenOptions) { debug('createApp tokenOptions.headers:\n' + inspect(tokenOptions.headers)); - var - app = loopback(), - ACL = loopback.ACL, - acl = { - principalType: 'ROLE', - principalId: '$everyone', - accessType: ACL.ALL, - permission: ACL.DENY, - property: 'deleteById' - }, - modelOptions = {acls: [acl]}, - get = testOptions.get; + var app = loopback(); + var ACL = loopback.ACL; + var acl = { + principalType: 'ROLE', + principalId: '$everyone', + accessType: ACL.ALL, + permission: ACL.DENY, + property: 'deleteById' + }; + var modelOptions = {acls: [acl]}; + var get = testOptions.get; app.use(loopback.token(tokenOptions)); app.get(get, appGet); app.use(loopback.rest()); //WHY: here app.enableAuth(); //WHY: here - var // WHY: here - TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); + var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); //WHY: here TestModel.attachTo(loopback.memory()); app.model(TestModel); From a8c2558bb0b5a289c5b01a959f64aca618e810a4 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Wed, 6 May 2015 23:36:34 +0200 Subject: [PATCH 23/28] add DEMO test --- test/API-loopback-token-searchTokenKeys.js | 23 ++++++++++++++++--- ...T-loopback-token-searchDefaultTokenKeys.js | 5 +++- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/test/API-loopback-token-searchTokenKeys.js b/test/API-loopback-token-searchTokenKeys.js index a5ec7f94..f75a3988 100644 --- a/test/API-loopback-token-searchTokenKeys.js +++ b/test/API-loopback-token-searchTokenKeys.js @@ -7,12 +7,29 @@ var inspect = require('util').inspect; var api = { loopback: { token: { - searchDefaultTokenKeys: require('./TEST-loopback-token-searchDefaultTokenKeys').api.loopback.token.searchDefaultTokenKeys + noOptions: require('./TEST-loopback-token-searchDefaultTokenKeys').api.loopback.token.noOptions, + options:{ + searchDefaultTokenKeys: require('./TEST-loopback-token-searchDefaultTokenKeys').api.loopback.token.options.searchDefaultTokenKeys + } } } }; describe('API:Middleware:loopback.token(options)', function() { + describe('options = {} --- DEMO --- DEMO ---', function() { + var itTxt; + var expect = 200; + var header = 'authorization'; + var testOptions = { + expect: expect, + header: header, + }; + // describe('A normal use case, where a well-known header is used with no other options needed'); + itTxt = 'Test header=' + header + ' and expect ' + expect; + it(itTxt, function(done) { + done(); // TODO: implement in api.loopback.token.noOptions(testOptions) + }); + }); describe('options.searchDefaultTokenKeys: [true|false]', function() { var itTxt; var expect = 200; @@ -32,7 +49,7 @@ describe('API:Middleware:loopback.token(options)', function() { itTxt = 'Test header=' + header + ' searchDefaultTokenKeys=' + searchDefaultTokenKeys + ' and expect ' + expect; it(itTxt, function(done) { testOptions['done'] = done; - api.loopback.token.searchDefaultTokenKeys(testOptions, tokenOptions); + api.loopback.token.options.searchDefaultTokenKeys(testOptions, tokenOptions); }); // describe('A test case for regression') @@ -43,7 +60,7 @@ describe('API:Middleware:loopback.token(options)', function() { testOptions['searchDefaultTokenKeys'] = undefined; //FIXME: is this a good way testOptions['headers'] = headers; testOptions['done'] = done; - api.loopback.token.searchDefaultTokenKeys(testOptions, tokenOptions); + api.loopback.token.options.searchDefaultTokenKeys(testOptions, tokenOptions); }); /* diff --git a/test/TEST-loopback-token-searchDefaultTokenKeys.js b/test/TEST-loopback-token-searchDefaultTokenKeys.js index 9fc5fbac..a4f847e9 100644 --- a/test/TEST-loopback-token-searchDefaultTokenKeys.js +++ b/test/TEST-loopback-token-searchDefaultTokenKeys.js @@ -9,7 +9,10 @@ module.exports = { api : { loopback: { token: { - searchDefaultTokenKeys: searchDefaultTokenKeys + noOptions: function() {throw 'Implement';}, + options: { + searchDefaultTokenKeys: searchDefaultTokenKeys, + } } } } From 000e637db41deb628b22054db1a6d9ee022b4876 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Wed, 6 May 2015 23:58:36 +0200 Subject: [PATCH 24/28] app order and wrong filename --- ...> API-loopback-token-searchDefaultTokenKeys.js} | 4 ++-- test/TEST-loopback-token-searchDefaultTokenKeys.js | 14 ++++++-------- 2 files changed, 8 insertions(+), 10 deletions(-) rename test/{API-loopback-token-searchTokenKeys.js => API-loopback-token-searchDefaultTokenKeys.js} (93%) diff --git a/test/API-loopback-token-searchTokenKeys.js b/test/API-loopback-token-searchDefaultTokenKeys.js similarity index 93% rename from test/API-loopback-token-searchTokenKeys.js rename to test/API-loopback-token-searchDefaultTokenKeys.js index f75a3988..40e0bae1 100644 --- a/test/API-loopback-token-searchTokenKeys.js +++ b/test/API-loopback-token-searchDefaultTokenKeys.js @@ -7,7 +7,7 @@ var inspect = require('util').inspect; var api = { loopback: { token: { - noOptions: require('./TEST-loopback-token-searchDefaultTokenKeys').api.loopback.token.noOptions, + optionsUndefined: require('./TEST-loopback-token-searchDefaultTokenKeys').api.loopback.token.optionsUndefined, options:{ searchDefaultTokenKeys: require('./TEST-loopback-token-searchDefaultTokenKeys').api.loopback.token.options.searchDefaultTokenKeys } @@ -27,7 +27,7 @@ describe('API:Middleware:loopback.token(options)', function() { // describe('A normal use case, where a well-known header is used with no other options needed'); itTxt = 'Test header=' + header + ' and expect ' + expect; it(itTxt, function(done) { - done(); // TODO: implement in api.loopback.token.noOptions(testOptions) + done(); // TODO: implement in api.loopback.token.optionsUndefined(testOptions) }); }); describe('options.searchDefaultTokenKeys: [true|false]', function() { diff --git a/test/TEST-loopback-token-searchDefaultTokenKeys.js b/test/TEST-loopback-token-searchDefaultTokenKeys.js index a4f847e9..04c52c6e 100644 --- a/test/TEST-loopback-token-searchDefaultTokenKeys.js +++ b/test/TEST-loopback-token-searchDefaultTokenKeys.js @@ -9,7 +9,7 @@ module.exports = { api : { loopback: { token: { - noOptions: function() {throw 'Implement';}, + optionsUndefined: function() {throw 'Implement';}, options: { searchDefaultTokenKeys: searchDefaultTokenKeys, } @@ -78,16 +78,14 @@ function createApp(testOptions, tokenOptions) { property: 'deleteById' }; var modelOptions = {acls: [acl]}; + var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); var get = testOptions.get; - app.use(loopback.token(tokenOptions)); - app.get(get, appGet); - app.use(loopback.rest()); //WHY: here - app.enableAuth(); //WHY: here - - var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); //WHY: here TestModel.attachTo(loopback.memory()); app.model(TestModel); - + app.use(loopback.token(tokenOptions)); + app.get(get, appGet); + app.use(loopback.rest()); + app.enableAuth(); return app; } From 8abdb5eee11728ed92bf5f7e88b1503c3096d9d4 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Thu, 7 May 2015 00:09:27 +0200 Subject: [PATCH 25/28] test for searchDefaultTokenKeys=true --- test/API-loopback-token-searchDefaultTokenKeys.js | 10 ++++++++++ test/TEST-loopback-token-searchDefaultTokenKeys.js | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/test/API-loopback-token-searchDefaultTokenKeys.js b/test/API-loopback-token-searchDefaultTokenKeys.js index 40e0bae1..23622a6e 100644 --- a/test/API-loopback-token-searchDefaultTokenKeys.js +++ b/test/API-loopback-token-searchDefaultTokenKeys.js @@ -52,6 +52,16 @@ describe('API:Middleware:loopback.token(options)', function() { api.loopback.token.options.searchDefaultTokenKeys(testOptions, tokenOptions); }); + // describe('Specific enabelment of searchDefaultTokenKeys') + searchDefaultTokenKeys = true; + headers = []; + itTxt = 'Test header=' + header + ' searchDefaultTokenKeys=' + searchDefaultTokenKeys + ' and expect ' + expect; + it(itTxt, function(done) { + testOptions['done'] = done; + testOptions['headers'] = headers; + api.loopback.token.options.searchDefaultTokenKeys(testOptions, tokenOptions); + }); + // describe('A test case for regression') searchDefaultTokenKeys = undefined; headers = []; diff --git a/test/TEST-loopback-token-searchDefaultTokenKeys.js b/test/TEST-loopback-token-searchDefaultTokenKeys.js index 04c52c6e..e1eaee33 100644 --- a/test/TEST-loopback-token-searchDefaultTokenKeys.js +++ b/test/TEST-loopback-token-searchDefaultTokenKeys.js @@ -85,7 +85,7 @@ function createApp(testOptions, tokenOptions) { app.model(TestModel); app.use(loopback.token(tokenOptions)); app.get(get, appGet); - app.use(loopback.rest()); + app.use(loopback.rest()); app.enableAuth(); return app; } From eb44d7744dfb855a43d1630b86d7ea4663f42623 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Thu, 7 May 2015 11:57:15 +0200 Subject: [PATCH 26/28] use of functions in TEST and implement options = {} --- ...I-loopback-token-searchDefaultTokenKeys.js | 12 +++-- ...T-loopback-token-searchDefaultTokenKeys.js | 53 ++++++++++++------- 2 files changed, 41 insertions(+), 24 deletions(-) diff --git a/test/API-loopback-token-searchDefaultTokenKeys.js b/test/API-loopback-token-searchDefaultTokenKeys.js index 23622a6e..729419ab 100644 --- a/test/API-loopback-token-searchDefaultTokenKeys.js +++ b/test/API-loopback-token-searchDefaultTokenKeys.js @@ -4,19 +4,22 @@ var inspect = require('util').inspect; /* * API:Middleware:loopback.token(options) */ +var S = { + TEST_REQUIRE_FILE: './TEST-loopback-token-searchDefaultTokenKeys', +}; var api = { loopback: { token: { - optionsUndefined: require('./TEST-loopback-token-searchDefaultTokenKeys').api.loopback.token.optionsUndefined, + optionsUndefined: require(S.TEST_REQUIRE_FILE).api.loopback.token.optionsUndefined, options:{ - searchDefaultTokenKeys: require('./TEST-loopback-token-searchDefaultTokenKeys').api.loopback.token.options.searchDefaultTokenKeys + searchDefaultTokenKeys: require(S.TEST_REQUIRE_FILE).api.loopback.token.options.searchDefaultTokenKeys } } } }; describe('API:Middleware:loopback.token(options)', function() { - describe('options = {} --- DEMO --- DEMO ---', function() { + describe('options = {}', function() { var itTxt; var expect = 200; var header = 'authorization'; @@ -27,7 +30,8 @@ describe('API:Middleware:loopback.token(options)', function() { // describe('A normal use case, where a well-known header is used with no other options needed'); itTxt = 'Test header=' + header + ' and expect ' + expect; it(itTxt, function(done) { - done(); // TODO: implement in api.loopback.token.optionsUndefined(testOptions) + testOptions['done'] = done; + api.loopback.token.optionsUndefined(testOptions); }); }); describe('options.searchDefaultTokenKeys: [true|false]', function() { diff --git a/test/TEST-loopback-token-searchDefaultTokenKeys.js b/test/TEST-loopback-token-searchDefaultTokenKeys.js index e1eaee33..26bdd87f 100644 --- a/test/TEST-loopback-token-searchDefaultTokenKeys.js +++ b/test/TEST-loopback-token-searchDefaultTokenKeys.js @@ -9,7 +9,7 @@ module.exports = { api : { loopback: { token: { - optionsUndefined: function() {throw 'Implement';}, + optionsUndefined: optionsUndefined, options: { searchDefaultTokenKeys: searchDefaultTokenKeys, } @@ -20,13 +20,21 @@ module.exports = { var loopback = require('../'); var tokenId; // FIXME: a 'global' until some other method is found +function optionsUndefined(testOptions) { + var done = testOptions.done; + var tokenOptions = {}; + createTokenStartApp(testOptions, tokenOptions); +} function searchDefaultTokenKeys(testOptions, tokenOptions) { + createTokenStartApp(testOptions, tokenOptions); +} + +function createTokenStartApp(testOptions, tokenOptions) { var extend = require('util')._extend; var Token = loopback.AccessToken.extend('MyToken'); - var lbDataSource = loopback.createDataSource({connector: loopback.Memory}); + var tokenDataSource = loopback.createDataSource({connector: loopback.Memory}); var tokenCreate = {userId: '123'}; - - Token.attachTo(lbDataSource); + Token.attachTo(tokenDataSource); tokenOptions['model'] = Token; tokenOptions['currentUserLiteral'] = 'me'; @@ -40,7 +48,7 @@ function searchDefaultTokenKeys(testOptions, tokenOptions) { var header = testOptions.header; var get = testOptions.get; var tokendId = testOptions.tokenId; - var app = createApp(testOptions, tokenOptions); + var app = startApp(testOptions, tokenOptions); request(app) .get(get) .set(header, tokenId) @@ -49,6 +57,21 @@ function searchDefaultTokenKeys(testOptions, tokenOptions) { }); } +function attachAndReturnModel() { + var ACL = loopback.ACL; + var acl = { + principalType: 'ROLE', + principalId: '$everyone', + accessType: ACL.ALL, + permission: ACL.DENY, + property: 'deleteById' + }; + var modelOptions = {acls: [acl]}; + var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); + TestModel.attachTo(loopback.memory()); + return TestModel; +} + // FIXME: try/catch does not support searchDefaultTokenKeys = false and headers = [] function appGet(req, res) { debug('appGet req.headers:\n' + inspect(req.headers) + '\n'); @@ -58,6 +81,7 @@ function appGet(req, res) { try { assert(req.accessToken, 'req should have accessToken'); assert(req.accessToken.id === tokenId); + // FIXME: ok the req HAS accessToken.id but if loopback is not 'looking' for it === 401 } catch (error) { debug('app.get error:\n' + error + '\n'); send = '401'; @@ -66,24 +90,13 @@ function appGet(req, res) { res.send(send); } -function createApp(testOptions, tokenOptions) { +function startApp(testOptions, tokenOptions) { debug('createApp tokenOptions.headers:\n' + inspect(tokenOptions.headers)); - var app = loopback(); - var ACL = loopback.ACL; - var acl = { - principalType: 'ROLE', - principalId: '$everyone', - accessType: ACL.ALL, - permission: ACL.DENY, - property: 'deleteById' - }; - var modelOptions = {acls: [acl]}; - var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); var get = testOptions.get; - - TestModel.attachTo(loopback.memory()); + var app = loopback(); + var TestModel = attachAndReturnModel(); app.model(TestModel); - app.use(loopback.token(tokenOptions)); + app.use(loopback.token(tokenOptions)); // The subject of all this work app.get(get, appGet); app.use(loopback.rest()); app.enableAuth(); From 4326f15cc3ea392d81166022920cebb2f2878efe Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Thu, 7 May 2015 16:09:46 +0200 Subject: [PATCH 27/28] sendRequest as a function --- ...I-loopback-token-searchDefaultTokenKeys.js | 14 +++++-- ...T-loopback-token-searchDefaultTokenKeys.js | 39 ++++++++++--------- 2 files changed, 32 insertions(+), 21 deletions(-) diff --git a/test/API-loopback-token-searchDefaultTokenKeys.js b/test/API-loopback-token-searchDefaultTokenKeys.js index 729419ab..a4e8a603 100644 --- a/test/API-loopback-token-searchDefaultTokenKeys.js +++ b/test/API-loopback-token-searchDefaultTokenKeys.js @@ -5,14 +5,22 @@ var inspect = require('util').inspect; * API:Middleware:loopback.token(options) */ var S = { - TEST_REQUIRE_FILE: './TEST-loopback-token-searchDefaultTokenKeys', + REQUIRE:{ + FILE: { + TEST: { + LOOPBACK: { + TOKEN: './TEST-loopback-token-searchDefaultTokenKeys', + } + } + } + } }; var api = { loopback: { token: { - optionsUndefined: require(S.TEST_REQUIRE_FILE).api.loopback.token.optionsUndefined, + optionsUndefined: require(S.REQUIRE.FILE.TEST.LOOPBACK.TOKEN).api.loopback.token.optionsUndefined, options:{ - searchDefaultTokenKeys: require(S.TEST_REQUIRE_FILE).api.loopback.token.options.searchDefaultTokenKeys + searchDefaultTokenKeys: require(S.REQUIRE.FILE.TEST.LOOPBACK.TOKEN).api.loopback.token.options.searchDefaultTokenKeys } } } diff --git a/test/TEST-loopback-token-searchDefaultTokenKeys.js b/test/TEST-loopback-token-searchDefaultTokenKeys.js index 26bdd87f..1013d740 100644 --- a/test/TEST-loopback-token-searchDefaultTokenKeys.js +++ b/test/TEST-loopback-token-searchDefaultTokenKeys.js @@ -17,16 +17,28 @@ module.exports = { } } }; + var loopback = require('../'); -var tokenId; // FIXME: a 'global' until some other method is found +var tokenId; //FIXME: another way than this 'global' function optionsUndefined(testOptions) { - var done = testOptions.done; + debug('optionsUndefined testOptions:\n' + inspect(testOptions) + '\n'); var tokenOptions = {}; - createTokenStartApp(testOptions, tokenOptions); + var app = createTokenStartApp(testOptions, tokenOptions); } + function searchDefaultTokenKeys(testOptions, tokenOptions) { - createTokenStartApp(testOptions, tokenOptions); + debug('optionsUndefined searchDefaultTokenKeys:\n' + inspect(testOptions) + '\n'); + var app = createTokenStartApp(testOptions, tokenOptions); +} + +function sendRequest(app, testOptions) { + debug('sendRequest testOptions.tokenId:\n' + inspect(testOptions.tokenId) + '\n'); + request(app) + .get(testOptions.get) + .set(testOptions.header, testOptions.tokenId) + .expect(testOptions.expect) + .end(testOptions.done); } function createTokenStartApp(testOptions, tokenOptions) { @@ -34,6 +46,9 @@ function createTokenStartApp(testOptions, tokenOptions) { var Token = loopback.AccessToken.extend('MyToken'); var tokenDataSource = loopback.createDataSource({connector: loopback.Memory}); var tokenCreate = {userId: '123'}; + var done = testOptions.done; + testOptions['get'] = '/'; + Token.attachTo(tokenDataSource); tokenOptions['model'] = Token; tokenOptions['currentUserLiteral'] = 'me'; @@ -41,19 +56,8 @@ function createTokenStartApp(testOptions, tokenOptions) { Token.create(tokenCreate, function(err, token) { if (err) return done(err); testOptions['tokenId'] = token.id; - tokenId = testOptions['tokenId']; //FIXME: another way than 'global'? - testOptions['get'] = '/'; - var done = testOptions.done; - var expect = testOptions.expect; - var header = testOptions.header; - var get = testOptions.get; - var tokendId = testOptions.tokenId; var app = startApp(testOptions, tokenOptions); - request(app) - .get(get) - .set(header, tokenId) - .expect(expect) - .end(done); + sendRequest(app, testOptions); }); } @@ -80,7 +84,7 @@ function appGet(req, res) { var send = '200'; try { assert(req.accessToken, 'req should have accessToken'); - assert(req.accessToken.id === tokenId); + assert(req.accessToken.id === tokenId); //FIXME: another way than this 'global' // FIXME: ok the req HAS accessToken.id but if loopback is not 'looking' for it === 401 } catch (error) { debug('app.get error:\n' + error + '\n'); @@ -91,7 +95,6 @@ function appGet(req, res) { } function startApp(testOptions, tokenOptions) { - debug('createApp tokenOptions.headers:\n' + inspect(tokenOptions.headers)); var get = testOptions.get; var app = loopback(); var TestModel = attachAndReturnModel(); From 2bef4d861bd70ac823c62cfe4580af598d956d83 Mon Sep 17 00:00:00 2001 From: Owen Brotherwood Date: Thu, 7 May 2015 20:10:35 +0200 Subject: [PATCH 28/28] option !== false --- common/models/access-token.js | 2 +- test/TEST-loopback-token-searchDefaultTokenKeys.js | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/common/models/access-token.js b/common/models/access-token.js index 3098d22e..27cf5206 100644 --- a/common/models/access-token.js +++ b/common/models/access-token.js @@ -169,7 +169,7 @@ module.exports = function(AccessToken) { var id; // https://github.com/strongloop/loopback/issues/1326 - if (options.searchDefaultTokenKeys === undefined || options.searchDefaultTokenKeys === true) { + if (options.searchDefaultTokenKeys !== false) { params = params.concat(['access_token']); headers = headers.concat(['X-Access-Token', 'authorization']); cookies = cookies.concat(['access_token', 'authorization']); diff --git a/test/TEST-loopback-token-searchDefaultTokenKeys.js b/test/TEST-loopback-token-searchDefaultTokenKeys.js index 1013d740..84b1bdde 100644 --- a/test/TEST-loopback-token-searchDefaultTokenKeys.js +++ b/test/TEST-loopback-token-searchDefaultTokenKeys.js @@ -21,6 +21,7 @@ module.exports = { var loopback = require('../'); var tokenId; //FIXME: another way than this 'global' + function optionsUndefined(testOptions) { debug('optionsUndefined testOptions:\n' + inspect(testOptions) + '\n'); var tokenOptions = {}; @@ -52,7 +53,7 @@ function createTokenStartApp(testOptions, tokenOptions) { Token.attachTo(tokenDataSource); tokenOptions['model'] = Token; tokenOptions['currentUserLiteral'] = 'me'; - + Token.create(tokenCreate, function(err, token) { if (err) return done(err); testOptions['tokenId'] = token.id; @@ -68,7 +69,7 @@ function attachAndReturnModel() { principalId: '$everyone', accessType: ACL.ALL, permission: ACL.DENY, - property: 'deleteById' + property: '*' }; var modelOptions = {acls: [acl]}; var TestModel = loopback.PersistedModel.extend('test', {}, modelOptions); @@ -78,14 +79,19 @@ function attachAndReturnModel() { // FIXME: try/catch does not support searchDefaultTokenKeys = false and headers = [] function appGet(req, res) { + debug('appeget req:\n' + inspect(req) + '\n' ); + debug('appeget res:\n' + inspect(res) + '\n' ); +/* debug('appGet req.headers:\n' + inspect(req.headers) + '\n'); debug('appGet req.accessToken:\n' + inspect(req.accessToken) + '\n'); debug('appGet tokenId:\n' + tokenId + '\n'); + */ var send = '200'; try { assert(req.accessToken, 'req should have accessToken'); assert(req.accessToken.id === tokenId); //FIXME: another way than this 'global' - // FIXME: ok the req HAS accessToken.id but if loopback is not 'looking' for it === 401 + // FIXME: ok the req HAS accessToken.id but this is not a good test + } catch (error) { debug('app.get error:\n' + error + '\n'); send = '401';