remove updating clients
clients are immutable
This commit is contained in:
Girish Ramakrishnan
@@ -8,7 +8,6 @@ exports = module.exports = {
|
||||
getAllWithTokenCountByIdentifier: getAllWithTokenCountByIdentifier,
|
||||
add: add,
|
||||
del: del,
|
||||
update: update,
|
||||
getByAppId: getByAppId,
|
||||
delByAppId: delByAppId,
|
||||
|
||||
@@ -85,24 +84,6 @@ function add(id, appId, clientSecret, redirectURI, scope, callback) {
|
||||
});
|
||||
}
|
||||
|
||||
function update(id, appId, clientSecret, redirectURI, scope, callback) {
|
||||
assert.strictEqual(typeof id, 'string');
|
||||
assert.strictEqual(typeof appId, 'string');
|
||||
assert.strictEqual(typeof clientSecret, 'string');
|
||||
assert.strictEqual(typeof redirectURI, 'string');
|
||||
assert.strictEqual(typeof scope, 'string');
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
|
||||
var data = [ appId, clientSecret, redirectURI, scope, id ];
|
||||
|
||||
database.query('UPDATE clients SET appId = ?, clientSecret = ?, redirectURI = ?, scope = ? WHERE id = ?', data, function (error, result) {
|
||||
if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
|
||||
if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
|
||||
|
||||
callback(null);
|
||||
});
|
||||
}
|
||||
|
||||
function del(id, callback) {
|
||||
assert.strictEqual(typeof id, 'string');
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
|
||||
@@ -5,7 +5,6 @@ exports = module.exports = {
|
||||
|
||||
add: add,
|
||||
get: get,
|
||||
update: update,
|
||||
del: del,
|
||||
getAllWithDetailsByUserId: getAllWithDetailsByUserId,
|
||||
getClientTokensByUserId: getClientTokensByUserId,
|
||||
@@ -92,23 +91,6 @@ function get(id, callback) {
|
||||
});
|
||||
}
|
||||
|
||||
// we only allow appIdentifier and redirectURI to be updated
|
||||
function update(id, appId, redirectURI, callback) {
|
||||
assert.strictEqual(typeof id, 'string');
|
||||
assert.strictEqual(typeof appId, 'string');
|
||||
assert.strictEqual(typeof redirectURI, 'string');
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
|
||||
clientdb.get(id, function (error, result) {
|
||||
if (error) return callback(error);
|
||||
|
||||
clientdb.update(id, appId, result.clientSecret, redirectURI, result.scope, function (error, result) {
|
||||
if (error) return callback(error);
|
||||
callback(null, result);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
function del(id, callback) {
|
||||
assert.strictEqual(typeof id, 'string');
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
|
||||
@@ -5,7 +5,6 @@
|
||||
exports = module.exports = {
|
||||
add: add,
|
||||
get: get,
|
||||
update: update,
|
||||
del: del,
|
||||
getAllByUserId: getAllByUserId,
|
||||
getClientTokens: getClientTokens,
|
||||
@@ -49,22 +48,6 @@ function get(req, res, next) {
|
||||
});
|
||||
}
|
||||
|
||||
function update(req, res, next) {
|
||||
assert.strictEqual(typeof req.params.clientId, 'string');
|
||||
|
||||
var data = req.body;
|
||||
|
||||
if (!data) return next(new HttpError(400, 'Cannot parse data field'));
|
||||
if (typeof data.appId !== 'string' || !data.appId) return next(new HttpError(400, 'appId is required'));
|
||||
if (typeof data.redirectURI !== 'string' || !data.redirectURI) return next(new HttpError(400, 'redirectURI is required'));
|
||||
if (!validUrl.isWebUri(data.redirectURI)) return next(new HttpError(400, 'redirectURI must be a valid uri'));
|
||||
|
||||
clients.update(req.params.clientId, data.appId, data.redirectURI, function (error, result) {
|
||||
if (error) return next(new HttpError(500, error));
|
||||
next(new HttpSuccess(202, result));
|
||||
});
|
||||
}
|
||||
|
||||
function del(req, res, next) {
|
||||
assert.strictEqual(typeof req.params.clientId, 'string');
|
||||
|
||||
|
||||
@@ -297,177 +297,6 @@ describe('OAuth Clients API', function () {
|
||||
});
|
||||
});
|
||||
|
||||
describe('update', function () {
|
||||
var CLIENT_0 = {
|
||||
id: '',
|
||||
appId: 'someAppId-0',
|
||||
redirectURI: 'http://some.callback0',
|
||||
scope: 'profile'
|
||||
};
|
||||
var CLIENT_1 = {
|
||||
id: '',
|
||||
appId: 'someAppId-1',
|
||||
redirectURI: 'http://some.callback1',
|
||||
scope: 'profile'
|
||||
};
|
||||
|
||||
before(function (done) {
|
||||
async.series([
|
||||
server.start.bind(null),
|
||||
database._clear.bind(null),
|
||||
|
||||
function (callback) {
|
||||
var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
|
||||
var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});
|
||||
|
||||
superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
|
||||
.query({ setupToken: 'somesetuptoken' })
|
||||
.send({ username: USERNAME, password: PASSWORD, email: EMAIL })
|
||||
.end(function (error, result) {
|
||||
expect(error).to.not.be.ok();
|
||||
expect(result).to.be.ok();
|
||||
expect(result.statusCode).to.equal(201);
|
||||
expect(scope1.isDone()).to.be.ok();
|
||||
expect(scope2.isDone()).to.be.ok();
|
||||
|
||||
// stash token for further use
|
||||
token = result.body.token;
|
||||
|
||||
callback();
|
||||
});
|
||||
},
|
||||
|
||||
settings.setDeveloperMode.bind(null, true),
|
||||
|
||||
function (callback) {
|
||||
superagent.post(SERVER_URL + '/api/v1/oauth/clients')
|
||||
.query({ access_token: token })
|
||||
.send({ appId: CLIENT_0.appId, redirectURI: CLIENT_0.redirectURI, scope: CLIENT_0.scope })
|
||||
.end(function (error, result) {
|
||||
expect(error).to.not.be.ok();
|
||||
expect(result.statusCode).to.equal(201);
|
||||
|
||||
CLIENT_0 = result.body;
|
||||
|
||||
callback();
|
||||
});
|
||||
}
|
||||
], done);
|
||||
});
|
||||
|
||||
after(cleanup);
|
||||
|
||||
describe('without developer mode', function () {
|
||||
before(function (done) {
|
||||
settings.setDeveloperMode(false, done);
|
||||
});
|
||||
|
||||
it('fails', function (done) {
|
||||
superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
|
||||
.query({ access_token: token })
|
||||
.send({ appId: CLIENT_1.appId, redirectURI: CLIENT_1.redirectURI })
|
||||
.end(function (error, result) {
|
||||
expect(error).to.not.be.ok();
|
||||
expect(result.statusCode).to.equal(412);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('with developer mode', function () {
|
||||
before(function (done) {
|
||||
settings.setDeveloperMode(true, done);
|
||||
});
|
||||
|
||||
it('fails without token', function (done) {
|
||||
superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
|
||||
.send({ appId: 'someApp', redirectURI: 'http://foobar.com' })
|
||||
.end(function (error, result) {
|
||||
expect(error).to.not.be.ok();
|
||||
expect(result.statusCode).to.equal(401);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
it('fails without appId', function (done) {
|
||||
superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
|
||||
.query({ access_token: token })
|
||||
.send({ redirectURI: CLIENT_1.redirectURI })
|
||||
.end(function (error, result) {
|
||||
expect(error).to.not.be.ok();
|
||||
expect(result.statusCode).to.equal(400);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('fails with empty appId', function (done) {
|
||||
superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
|
||||
.query({ access_token: token })
|
||||
.send({ appId: '', redirectURI: CLIENT_1.redirectURI })
|
||||
.end(function (error, result) {
|
||||
expect(error).to.not.be.ok();
|
||||
expect(result.statusCode).to.equal(400);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('fails without redirectURI', function (done) {
|
||||
superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
|
||||
.query({ access_token: token })
|
||||
.send({ appId: CLIENT_1.appId })
|
||||
.end(function (error, result) {
|
||||
expect(error).to.not.be.ok();
|
||||
expect(result.statusCode).to.equal(400);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('fails with empty redirectURI', function (done) {
|
||||
superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
|
||||
.query({ access_token: token })
|
||||
.send({ appId: CLIENT_1.appId, redirectURI: '' })
|
||||
.end(function (error, result) {
|
||||
expect(error).to.not.be.ok();
|
||||
expect(result.statusCode).to.equal(400);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('fails with malformed redirectURI', function (done) {
|
||||
superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
|
||||
.query({ access_token: token })
|
||||
.send({ appId: CLIENT_1.appId, redirectURI: 'foobar' })
|
||||
.end(function (error, result) {
|
||||
expect(error).to.not.be.ok();
|
||||
expect(result.statusCode).to.equal(400);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('succeeds', function (done) {
|
||||
superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
|
||||
.query({ access_token: token })
|
||||
.send({ appId: CLIENT_1.appId, redirectURI: CLIENT_1.redirectURI })
|
||||
.end(function (error, result) {
|
||||
expect(error).to.not.be.ok();
|
||||
expect(result.statusCode).to.equal(202);
|
||||
|
||||
superagent.get(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
|
||||
.query({ access_token: token })
|
||||
.end(function (error, result) {
|
||||
expect(error).to.be(null);
|
||||
expect(result.statusCode).to.equal(200);
|
||||
expect(result.body.appId).to.equal(CLIENT_1.appId);
|
||||
expect(result.body.redirectURI).to.equal(CLIENT_1.redirectURI);
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('del', function () {
|
||||
var CLIENT_0 = {
|
||||
id: '',
|
||||
|
||||
@@ -130,7 +130,6 @@ function initializeExpressSync() {
|
||||
router.post('/api/v1/oauth/clients', routes.developer.enabled, settingsScope, routes.clients.add);
|
||||
router.get ('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.get);
|
||||
router.post('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.add);
|
||||
router.put ('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.update);
|
||||
router.del ('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.del);
|
||||
router.get ('/api/v1/oauth/clients/:clientId/tokens', settingsScope, routes.clients.getClientTokens);
|
||||
router.del ('/api/v1/oauth/clients/:clientId/tokens', settingsScope, routes.clients.delClientTokens);
|
||||
|
||||
@@ -865,29 +865,6 @@ describe('database', function () {
|
||||
});
|
||||
});
|
||||
|
||||
it('update client fails due to unknown client id', function (done) {
|
||||
clientdb.update(CLIENT_2.id, CLIENT_2.appId, CLIENT_2.clientSecret, CLIENT_2.redirectURI, CLIENT_2.scope, function (error) {
|
||||
expect(error).to.be.a(DatabaseError);
|
||||
expect(error.reason).to.equal(DatabaseError.NOT_FOUND);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('update client succeeds', function (done) {
|
||||
clientdb.update(CLIENT_1.id, CLIENT_2.appId, CLIENT_2.clientSecret, CLIENT_2.redirectURI, CLIENT_2.scope, function (error) {
|
||||
expect(error).to.be(null);
|
||||
|
||||
clientdb.get(CLIENT_1.id, function (error, result) {
|
||||
expect(error).to.be(null);
|
||||
expect(result.appId).to.eql(CLIENT_2.appId);
|
||||
expect(result.clientSecret).to.eql(CLIENT_2.clientSecret);
|
||||
expect(result.redirectURI).to.eql(CLIENT_2.redirectURI);
|
||||
expect(result.scope).to.eql(CLIENT_2.scope);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('delByAppId succeeds', function (done) {
|
||||
clientdb.delByAppId(CLIENT_0.appId, function (error) {
|
||||
expect(error).to.be(null);
|
||||
|
||||
Reference in New Issue
Block a user