diff --git a/src/addons.js b/src/addons.js index ba0e764eb..7bc8b10fc 100644 --- a/src/addons.js +++ b/src/addons.js @@ -251,7 +251,7 @@ function setupOauth(app, options, callback) { var appId = app.id; var redirectURI = 'https://' + app.fqdn; - var scope = 'profile'; + var scope = clients.SCOPE_PROFILE; clients.delByAppIdAndType(appId, clients.TYPE_OAUTH, function (error) { // remove existing creds if (error && error.reason !== ClientsError.NOT_FOUND) return callback(error); diff --git a/src/routes/oauth2.js b/src/routes/oauth2.js index 23247b56a..8584c06b4 100644 --- a/src/routes/oauth2.js +++ b/src/routes/oauth2.js @@ -527,10 +527,6 @@ function validateRequestedScopes(req, requestedScopes) { // It is used for API routes, which are authenticated using accesstokens. // Those accesstokens carry OAuth scopes and the middleware takes the required // scope as an argument and will verify the accesstoken against it. -// -// See server.js: -// var profileScope = routes.oauth2.scope('profile'); -// function scope(requestedScope) { assert.strictEqual(typeof requestedScope, 'string'); diff --git a/src/routes/test/clients-test.js b/src/routes/test/clients-test.js index 99871edb6..360095b6c 100644 --- a/src/routes/test/clients-test.js +++ b/src/routes/test/clients-test.js @@ -61,7 +61,7 @@ describe('OAuth Clients API', function () { it('fails without token', function (done) { superagent.post(SERVER_URL + '/api/v1/oauth/clients') - .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: 'profile' }) + .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: clients.SCOPE_PROFILE }) .end(function (error, result) { expect(result.statusCode).to.equal(401); done(); @@ -71,7 +71,7 @@ describe('OAuth Clients API', function () { it('fails without appId', function (done) { superagent.post(SERVER_URL + '/api/v1/oauth/clients') .query({ access_token: token }) - .send({ redirectURI: 'http://foobar.com', scope: 'profile' }) + .send({ redirectURI: 'http://foobar.com', scope: clients.SCOPE_PROFILE }) .end(function (error, result) { expect(result.statusCode).to.equal(400); done(); @@ -81,7 +81,7 @@ describe('OAuth Clients API', function () { it('fails with empty appId', function (done) { superagent.post(SERVER_URL + '/api/v1/oauth/clients') .query({ access_token: token }) - .send({ appId: '', redirectURI: 'http://foobar.com', scope: 'profile' }) + .send({ appId: '', redirectURI: 'http://foobar.com', scope: clients.SCOPE_PROFILE }) .end(function (error, result) { expect(result.statusCode).to.equal(400); done(); @@ -111,7 +111,7 @@ describe('OAuth Clients API', function () { it('fails without redirectURI', function (done) { superagent.post(SERVER_URL + '/api/v1/oauth/clients') .query({ access_token: token }) - .send({ appId: 'someApp', scope: 'profile' }) + .send({ appId: 'someApp', scope: clients.SCOPE_PROFILE }) .end(function (error, result) { expect(result.statusCode).to.equal(400); done(); @@ -121,7 +121,7 @@ describe('OAuth Clients API', function () { it('fails with empty redirectURI', function (done) { superagent.post(SERVER_URL + '/api/v1/oauth/clients') .query({ access_token: token }) - .send({ appId: 'someApp', redirectURI: '', scope: 'profile' }) + .send({ appId: 'someApp', redirectURI: '', scope: clients.SCOPE_PROFILE }) .end(function (error, result) { expect(result.statusCode).to.equal(400); done(); @@ -131,7 +131,7 @@ describe('OAuth Clients API', function () { it('fails with malformed redirectURI', function (done) { superagent.post(SERVER_URL + '/api/v1/oauth/clients') .query({ access_token: token }) - .send({ appId: 'someApp', redirectURI: 'foobar', scope: 'profile' }) + .send({ appId: 'someApp', redirectURI: 'foobar', scope: clients.SCOPE_PROFILE }) .end(function (error, result) { expect(result.statusCode).to.equal(400); done(); @@ -141,7 +141,7 @@ describe('OAuth Clients API', function () { it('fails with invalid name', function (done) { superagent.post(SERVER_URL + '/api/v1/oauth/clients') .query({ access_token: token }) - .send({ appId: '$"$%^45asdfasdfadf.adf.', redirectURI: 'http://foobar.com', scope: 'profile' }) + .send({ appId: '$"$%^45asdfasdfadf.adf.', redirectURI: 'http://foobar.com', scope: clients.SCOPE_PROFILE }) .end(function (error, result) { expect(result.statusCode).to.equal(400); done(); @@ -151,7 +151,7 @@ describe('OAuth Clients API', function () { it('succeeds with dash', function (done) { superagent.post(SERVER_URL + '/api/v1/oauth/clients') .query({ access_token: token }) - .send({ appId: 'fo-1234-bar', redirectURI: 'http://foobar.com', scope: 'profile' }) + .send({ appId: 'fo-1234-bar', redirectURI: 'http://foobar.com', scope: clients.SCOPE_PROFILE }) .end(function (error, result) { expect(result.statusCode).to.equal(201); done(); @@ -161,7 +161,7 @@ describe('OAuth Clients API', function () { it('succeeds', function (done) { superagent.post(SERVER_URL + '/api/v1/oauth/clients') .query({ access_token: token }) - .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: 'profile' }) + .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: clients.SCOPE_PROFILE }) .end(function (error, result) { expect(result.statusCode).to.equal(201); expect(result.body.id).to.be.a('string'); @@ -181,7 +181,7 @@ describe('OAuth Clients API', function () { id: '', appId: 'someAppId-0', redirectURI: 'http://some.callback0', - scope: 'profile' + scope: clients.SCOPE_PROFILE }; before(function (done) { @@ -239,14 +239,14 @@ describe('OAuth Clients API', function () { id: '', appId: 'someAppId-0', redirectURI: 'http://some.callback0', - scope: 'profile' + scope: clients.SCOPE_PROFILE }; var CLIENT_1 = { id: '', appId: 'someAppId-1', redirectURI: 'http://some.callback1', - scope: 'profile', + scope: clients.SCOPE_PROFILE, type: clients.TYPE_OAUTH }; diff --git a/src/routes/test/oauth2-test.js b/src/routes/test/oauth2-test.js index 0ce462fb4..b27760853 100644 --- a/src/routes/test/oauth2-test.js +++ b/src/routes/test/oauth2-test.js @@ -211,7 +211,7 @@ describe('OAuth2', function () { type: clients.TYPE_OAUTH, clientSecret: 'secret0', redirectURI: 'http://redirect0', - scope: 'profile' + scope: clients.SCOPE_PROFILE }; // unknown app through addon @@ -221,7 +221,7 @@ describe('OAuth2', function () { type: clients.TYPE_OAUTH, clientSecret: 'secret1', redirectURI: 'http://redirect1', - scope: 'profile' + scope: clients.SCOPE_PROFILE }; // known app @@ -231,7 +231,7 @@ describe('OAuth2', function () { type: clients.TYPE_OAUTH, clientSecret: 'secret2', redirectURI: 'http://redirect2', - scope: 'profile' + scope: clients.SCOPE_PROFILE }; // known app through addon @@ -241,7 +241,7 @@ describe('OAuth2', function () { type: clients.TYPE_OAUTH, clientSecret: 'secret3', redirectURI: 'http://redirect1', - scope: 'profile' + scope: clients.SCOPE_PROFILE }; // unknown app through proxy @@ -251,7 +251,7 @@ describe('OAuth2', function () { type: clients.TYPE_PROXY, clientSecret: 'secret4', redirectURI: 'http://redirect4', - scope: 'profile' + scope: clients.SCOPE_PROFILE }; // known app through proxy @@ -261,7 +261,7 @@ describe('OAuth2', function () { type: clients.TYPE_PROXY, clientSecret: 'secret5', redirectURI: 'http://redirect5', - scope: 'profile' + scope: clients.SCOPE_PROFILE }; // app with accessRestriction not allowing user @@ -271,7 +271,7 @@ describe('OAuth2', function () { type: clients.TYPE_OAUTH, clientSecret: 'secret6', redirectURI: 'http://redirect6', - scope: 'profile' + scope: clients.SCOPE_PROFILE }; // app with accessRestriction allowing user @@ -281,7 +281,7 @@ describe('OAuth2', function () { type: clients.TYPE_OAUTH, clientSecret: 'secret7', redirectURI: 'http://redirect7', - scope: 'profile' + scope: clients.SCOPE_PROFILE }; // app with accessRestriction allowing group @@ -291,7 +291,7 @@ describe('OAuth2', function () { type: clients.TYPE_OAUTH, clientSecret: 'secret9', redirectURI: 'http://redirect9', - scope: 'profile' + scope: clients.SCOPE_PROFILE }; // make csrf always succeed for testing