From cf98d379c44a3fd2a0c34bbd032f18d1f848c4e4 Mon Sep 17 00:00:00 2001 From: ebarault Date: Fri, 3 Mar 2017 12:35:41 +0100 Subject: [PATCH] fix custom token model in token middleware Fixing server/middleware/token.js to handle correctly the setup of a custom AccessToken model by name in either middleware.json or using any of : app.use(loopback.token({...})); app.middlewareFromConfig(loopback.token, {...}) app.middleware('auth', loopback.token({...}) --- server/middleware/token.js | 8 +- test/access-token.test.js | 95 +++++++++++++++++-- .../access-control/common/models/user.json | 4 +- 3 files changed, 92 insertions(+), 15 deletions(-) diff --git a/server/middleware/token.js b/server/middleware/token.js index e154a7d2..d885e429 100644 --- a/server/middleware/token.js +++ b/server/middleware/token.js @@ -95,13 +95,7 @@ function token(options) { var app = req.app; var registry = app.registry; if (!TokenModel) { - if (registry === loopback.registry) { - TokenModel = options.model || loopback.AccessToken; - } else if (options.model) { - TokenModel = registry.getModel(options.model); - } else { - TokenModel = registry.getModel('AccessToken'); - } + TokenModel = registry.getModel(options.model || 'AccessToken'); } assert(typeof TokenModel === 'function', diff --git a/test/access-token.test.js b/test/access-token.test.js index dace75b5..a426c891 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -14,7 +14,7 @@ var extend = require('util')._extend; var session = require('express-session'); var request = require('supertest'); -var Token, ACL; +var Token, ACL, User, TestModel; describe('loopback.token(options)', function() { var app; @@ -22,17 +22,99 @@ describe('loopback.token(options)', function() { app = loopback({localRegistry: true, loadBuiltinModels: true}); app.dataSource('db', {connector: 'memory'}); + ACL = app.registry.getModel('ACL'); + app.model(ACL, {dataSource: 'db'}); + + User = app.registry.getModel('User'); + app.model(User, {dataSource: 'db'}); + Token = app.registry.createModel({ name: 'MyToken', base: 'AccessToken', }); app.model(Token, {dataSource: 'db'}); - ACL = app.registry.getModel('ACL'); + TestModel = app.registry.createModel({ + name: 'TestModel', + base: 'Model', + }); + TestModel.getToken = function(options, cb) { + cb(null, options && options.accessToken || null); + }; + TestModel.remoteMethod('getToken', { + accepts: {arg: 'options', type: 'object', http: 'optionsFromRequest'}, + returns: {arg: 'token', type: 'object'}, + http: {verb: 'GET', path: '/token'}, + }); + app.model(TestModel, {dataSource: 'db'}); createTestingToken.call(this, done); }); + it('defaults to built-in AccessToken model', function() { + var BuiltInToken = app.registry.getModel('AccessToken'); + app.model(BuiltInToken, {dataSource: 'db'}); + + app.enableAuth({dataSource: 'db'}); + app.use(loopback.token()); + app.use(loopback.rest()); + + return BuiltInToken.create({userId: 123}).then(function(token) { + return request(app) + .get('/TestModels/token?_format=json') + .set('authorization', token.id) + .expect(200) + .expect('Content-Type', /json/) + .then(res => { + expect(res.body.token.id).to.eql(token.id); + }); + }); + }); + + it('uses correct custom AccessToken model from model class param', function() { + User.hasMany(Token, { + as: 'accessTokens', + options: {disableInclude: true}, + }); + + app.enableAuth(); + app.use(loopback.token({model: Token})); + app.use(loopback.rest()); + + return Token.create({userId: 123}).then(function(token) { + return request(app) + .get('/TestModels/token?_format=json') + .set('authorization', token.id) + .expect(200) + .expect('Content-Type', /json/) + .then(res => { + expect(res.body.token.id).to.eql(token.id); + }); + }); + }); + + it('uses correct custom AccessToken model from string param', function() { + User.hasMany(Token, { + as: 'accessTokens', + options: {disableInclude: true}, + }); + + app.enableAuth(); + app.use(loopback.token({model: Token.modelName})); + app.use(loopback.rest()); + + return Token.create({userId: 123}).then(function(token) { + return request(app) + .get('/TestModels/token?_format=json') + .set('authorization', token.id) + .expect(200) + .expect('Content-Type', /json/) + .then(res => { + expect(res.body.token.id).to.eql(token.id); + }); + }); + }); + it('should populate req.token from the query string', function(done) { createTestAppAndRequest(this.token, done) .get('/?access_token=' + this.token.id) @@ -287,7 +369,7 @@ describe('loopback.token(options)', function() { }); it('should overwrite invalid existing token (is !== undefined and has no "id" property) ' + - ' when enableDoubkecheck is true', + ' when enableDoublecheck is true', function(done) { var token = this.token; app.use(function(req, res, next) { @@ -607,9 +689,10 @@ function createTestAppAndRequest(testToken, settings, done) { } function createTestApp(testToken, settings, done) { - done = arguments[arguments.length - 1]; - if (settings == done) settings = {}; - settings = settings || {}; + if (!done && typeof settings === 'function') { + done = settings; + settings = {}; + } var appSettings = settings.app || {}; var modelSettings = settings.model || {}; diff --git a/test/fixtures/access-control/common/models/user.json b/test/fixtures/access-control/common/models/user.json index ef769cbf..fb0aea37 100644 --- a/test/fixtures/access-control/common/models/user.json +++ b/test/fixtures/access-control/common/models/user.json @@ -20,5 +20,5 @@ "principalId": "$everyone" } ], - "replaceOnPUT": false -} \ No newline at end of file + "replaceOnPUT": false +}