diff --git a/src/clientdb.js b/src/clientdb.js index 1162a37ed..2859581b2 100644 --- a/src/clientdb.js +++ b/src/clientdb.js @@ -8,7 +8,6 @@ exports = module.exports = { getAllWithTokenCountByIdentifier: getAllWithTokenCountByIdentifier, add: add, del: del, - update: update, getByAppId: getByAppId, delByAppId: delByAppId, @@ -85,24 +84,6 @@ function add(id, appId, clientSecret, redirectURI, scope, callback) { }); } -function update(id, appId, clientSecret, redirectURI, scope, callback) { - assert.strictEqual(typeof id, 'string'); - assert.strictEqual(typeof appId, 'string'); - assert.strictEqual(typeof clientSecret, 'string'); - assert.strictEqual(typeof redirectURI, 'string'); - assert.strictEqual(typeof scope, 'string'); - assert.strictEqual(typeof callback, 'function'); - - var data = [ appId, clientSecret, redirectURI, scope, id ]; - - database.query('UPDATE clients SET appId = ?, clientSecret = ?, redirectURI = ?, scope = ? WHERE id = ?', data, function (error, result) { - if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error)); - if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND)); - - callback(null); - }); -} - function del(id, callback) { assert.strictEqual(typeof id, 'string'); assert.strictEqual(typeof callback, 'function'); diff --git a/src/clients.js b/src/clients.js index 9722c5c71..da7eeb8d3 100644 --- a/src/clients.js +++ b/src/clients.js @@ -5,7 +5,6 @@ exports = module.exports = { add: add, get: get, - update: update, del: del, getAllWithDetailsByUserId: getAllWithDetailsByUserId, getClientTokensByUserId: getClientTokensByUserId, @@ -92,23 +91,6 @@ function get(id, callback) { }); } -// we only allow appIdentifier and redirectURI to be updated -function update(id, appId, redirectURI, callback) { - assert.strictEqual(typeof id, 'string'); - assert.strictEqual(typeof appId, 'string'); - assert.strictEqual(typeof redirectURI, 'string'); - assert.strictEqual(typeof callback, 'function'); - - clientdb.get(id, function (error, result) { - if (error) return callback(error); - - clientdb.update(id, appId, result.clientSecret, redirectURI, result.scope, function (error, result) { - if (error) return callback(error); - callback(null, result); - }); - }); -} - function del(id, callback) { assert.strictEqual(typeof id, 'string'); assert.strictEqual(typeof callback, 'function'); diff --git a/src/routes/clients.js b/src/routes/clients.js index b5b79be64..f07f9b915 100644 --- a/src/routes/clients.js +++ b/src/routes/clients.js @@ -5,7 +5,6 @@ exports = module.exports = { add: add, get: get, - update: update, del: del, getAllByUserId: getAllByUserId, getClientTokens: getClientTokens, @@ -49,22 +48,6 @@ function get(req, res, next) { }); } -function update(req, res, next) { - assert.strictEqual(typeof req.params.clientId, 'string'); - - var data = req.body; - - if (!data) return next(new HttpError(400, 'Cannot parse data field')); - if (typeof data.appId !== 'string' || !data.appId) return next(new HttpError(400, 'appId is required')); - if (typeof data.redirectURI !== 'string' || !data.redirectURI) return next(new HttpError(400, 'redirectURI is required')); - if (!validUrl.isWebUri(data.redirectURI)) return next(new HttpError(400, 'redirectURI must be a valid uri')); - - clients.update(req.params.clientId, data.appId, data.redirectURI, function (error, result) { - if (error) return next(new HttpError(500, error)); - next(new HttpSuccess(202, result)); - }); -} - function del(req, res, next) { assert.strictEqual(typeof req.params.clientId, 'string'); diff --git a/src/routes/test/clients-test.js b/src/routes/test/clients-test.js index cac617229..7a59182dd 100644 --- a/src/routes/test/clients-test.js +++ b/src/routes/test/clients-test.js @@ -297,177 +297,6 @@ describe('OAuth Clients API', function () { }); }); - describe('update', function () { - var CLIENT_0 = { - id: '', - appId: 'someAppId-0', - redirectURI: 'http://some.callback0', - scope: 'profile' - }; - var CLIENT_1 = { - id: '', - appId: 'someAppId-1', - redirectURI: 'http://some.callback1', - scope: 'profile' - }; - - before(function (done) { - async.series([ - server.start.bind(null), - database._clear.bind(null), - - function (callback) { - var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {}); - var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {}); - - superagent.post(SERVER_URL + '/api/v1/cloudron/activate') - .query({ setupToken: 'somesetuptoken' }) - .send({ username: USERNAME, password: PASSWORD, email: EMAIL }) - .end(function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - expect(result.statusCode).to.equal(201); - expect(scope1.isDone()).to.be.ok(); - expect(scope2.isDone()).to.be.ok(); - - // stash token for further use - token = result.body.token; - - callback(); - }); - }, - - settings.setDeveloperMode.bind(null, true), - - function (callback) { - superagent.post(SERVER_URL + '/api/v1/oauth/clients') - .query({ access_token: token }) - .send({ appId: CLIENT_0.appId, redirectURI: CLIENT_0.redirectURI, scope: CLIENT_0.scope }) - .end(function (error, result) { - expect(error).to.not.be.ok(); - expect(result.statusCode).to.equal(201); - - CLIENT_0 = result.body; - - callback(); - }); - } - ], done); - }); - - after(cleanup); - - describe('without developer mode', function () { - before(function (done) { - settings.setDeveloperMode(false, done); - }); - - it('fails', function (done) { - superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id) - .query({ access_token: token }) - .send({ appId: CLIENT_1.appId, redirectURI: CLIENT_1.redirectURI }) - .end(function (error, result) { - expect(error).to.not.be.ok(); - expect(result.statusCode).to.equal(412); - done(); - }); - }); - }); - - describe('with developer mode', function () { - before(function (done) { - settings.setDeveloperMode(true, done); - }); - - it('fails without token', function (done) { - superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id) - .send({ appId: 'someApp', redirectURI: 'http://foobar.com' }) - .end(function (error, result) { - expect(error).to.not.be.ok(); - expect(result.statusCode).to.equal(401); - done(); - }); - }); - - - it('fails without appId', function (done) { - superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id) - .query({ access_token: token }) - .send({ redirectURI: CLIENT_1.redirectURI }) - .end(function (error, result) { - expect(error).to.not.be.ok(); - expect(result.statusCode).to.equal(400); - done(); - }); - }); - - it('fails with empty appId', function (done) { - superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id) - .query({ access_token: token }) - .send({ appId: '', redirectURI: CLIENT_1.redirectURI }) - .end(function (error, result) { - expect(error).to.not.be.ok(); - expect(result.statusCode).to.equal(400); - done(); - }); - }); - - it('fails without redirectURI', function (done) { - superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id) - .query({ access_token: token }) - .send({ appId: CLIENT_1.appId }) - .end(function (error, result) { - expect(error).to.not.be.ok(); - expect(result.statusCode).to.equal(400); - done(); - }); - }); - - it('fails with empty redirectURI', function (done) { - superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id) - .query({ access_token: token }) - .send({ appId: CLIENT_1.appId, redirectURI: '' }) - .end(function (error, result) { - expect(error).to.not.be.ok(); - expect(result.statusCode).to.equal(400); - done(); - }); - }); - - it('fails with malformed redirectURI', function (done) { - superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id) - .query({ access_token: token }) - .send({ appId: CLIENT_1.appId, redirectURI: 'foobar' }) - .end(function (error, result) { - expect(error).to.not.be.ok(); - expect(result.statusCode).to.equal(400); - done(); - }); - }); - - it('succeeds', function (done) { - superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id) - .query({ access_token: token }) - .send({ appId: CLIENT_1.appId, redirectURI: CLIENT_1.redirectURI }) - .end(function (error, result) { - expect(error).to.not.be.ok(); - expect(result.statusCode).to.equal(202); - - superagent.get(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id) - .query({ access_token: token }) - .end(function (error, result) { - expect(error).to.be(null); - expect(result.statusCode).to.equal(200); - expect(result.body.appId).to.equal(CLIENT_1.appId); - expect(result.body.redirectURI).to.equal(CLIENT_1.redirectURI); - - done(); - }); - }); - }); - }); - }); - describe('del', function () { var CLIENT_0 = { id: '', diff --git a/src/server.js b/src/server.js index 8e71f38af..89807e2fe 100644 --- a/src/server.js +++ b/src/server.js @@ -130,7 +130,6 @@ function initializeExpressSync() { router.post('/api/v1/oauth/clients', routes.developer.enabled, settingsScope, routes.clients.add); router.get ('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.get); router.post('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.add); - router.put ('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.update); router.del ('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.del); router.get ('/api/v1/oauth/clients/:clientId/tokens', settingsScope, routes.clients.getClientTokens); router.del ('/api/v1/oauth/clients/:clientId/tokens', settingsScope, routes.clients.delClientTokens); diff --git a/src/test/database-test.js b/src/test/database-test.js index 28a50ee15..f5a91a46e 100644 --- a/src/test/database-test.js +++ b/src/test/database-test.js @@ -865,29 +865,6 @@ describe('database', function () { }); }); - it('update client fails due to unknown client id', function (done) { - clientdb.update(CLIENT_2.id, CLIENT_2.appId, CLIENT_2.clientSecret, CLIENT_2.redirectURI, CLIENT_2.scope, function (error) { - expect(error).to.be.a(DatabaseError); - expect(error.reason).to.equal(DatabaseError.NOT_FOUND); - done(); - }); - }); - - it('update client succeeds', function (done) { - clientdb.update(CLIENT_1.id, CLIENT_2.appId, CLIENT_2.clientSecret, CLIENT_2.redirectURI, CLIENT_2.scope, function (error) { - expect(error).to.be(null); - - clientdb.get(CLIENT_1.id, function (error, result) { - expect(error).to.be(null); - expect(result.appId).to.eql(CLIENT_2.appId); - expect(result.clientSecret).to.eql(CLIENT_2.clientSecret); - expect(result.redirectURI).to.eql(CLIENT_2.redirectURI); - expect(result.scope).to.eql(CLIENT_2.scope); - done(); - }); - }); - }); - it('delByAppId succeeds', function (done) { clientdb.delByAppId(CLIENT_0.appId, function (error) { expect(error).to.be(null);