fix unreliable 'successful' flag, don't set content-type on leave_open
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
dab45e39a6
commit
d28be9e3f8
GPG Key ID:
DFAC2CF4E1D1BEC9
@ -86,7 +86,7 @@ class AuthRequest {
|
||||
data,
|
||||
leave_open
|
||||
}: AccessSettings): Promise<AccessResult> {
|
||||
this.default_header (typeof redirect_to !== 'string');
|
||||
this.default_header (typeof redirect_to !== 'string' && !leave_open);
|
||||
|
||||
const at = await auth.sign (
|
||||
'access_token',
|
||||
@ -122,6 +122,8 @@ class AuthRequest {
|
||||
result.refresh_token_id = rt.id;
|
||||
}
|
||||
|
||||
this._is_successful = true;
|
||||
|
||||
if (typeof redirect_to === 'string') {
|
||||
this.response.setHeader ('Location', redirect_to);
|
||||
this.response.statusCode = 302;
|
||||
@ -135,7 +137,6 @@ class AuthRequest {
|
||||
this.response.end (JSON.stringify (res));
|
||||
}
|
||||
|
||||
this._is_successful = true;
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@sapphirecode/auth-server-helper",
|
||||
"version": "2.1.2",
|
||||
"version": "2.1.3",
|
||||
"main": "dist/index.js",
|
||||
"author": {
|
||||
"name": "Timo Hocker",
|
||||
|
||||
@ -5,6 +5,7 @@
|
||||
* Created by Timo Hocker <timo@scode.ovh>, January 2021
|
||||
*/
|
||||
|
||||
/* eslint-disable max-lines */
|
||||
import http, { IncomingMessage, ServerResponse } from 'http';
|
||||
import { to_b64 } from '@sapphirecode/encoding-helper';
|
||||
import auth from '../../lib/Authority';
|
||||
@ -55,7 +56,8 @@ describe ('auth handler', () => {
|
||||
beforeAll (() => {
|
||||
clock_setup ();
|
||||
|
||||
const ah = create_auth_handler ((req) => {
|
||||
// eslint-disable-next-line complexity, max-lines-per-function
|
||||
const ah = create_auth_handler (async (req) => {
|
||||
if (!req.is_basic && !req.is_bearer) {
|
||||
let body_auth = false;
|
||||
try {
|
||||
@ -94,6 +96,14 @@ describe ('auth handler', () => {
|
||||
redirect_to: '/redirected'
|
||||
});
|
||||
}
|
||||
else if (req.user === 'leave' && req.password === 'open') {
|
||||
req.response.setHeader ('Content-Type', 'text/plain');
|
||||
await req.allow_access ({
|
||||
access_token_expires_in: expires_seconds,
|
||||
leave_open: true
|
||||
});
|
||||
req.response.end ('custom response');
|
||||
}
|
||||
else {
|
||||
req.deny ();
|
||||
}
|
||||
@ -320,4 +330,21 @@ describe ('auth handler', () => {
|
||||
error_description: 'unknown authorization type'
|
||||
});
|
||||
});
|
||||
|
||||
it ('should not set content-type when leave-open is specified', async () => {
|
||||
const resp1 = await get ({ authorization: 'Basic leave:open' });
|
||||
expect (resp1.statusCode)
|
||||
.toEqual (200);
|
||||
expect (resp1.headers['content-type'])
|
||||
.toEqual ('text/plain');
|
||||
expect (resp1.body)
|
||||
.toEqual ('custom response');
|
||||
let signature = '';
|
||||
for (const c of resp1.headers['set-cookie'] as string[]) {
|
||||
if (c.includes ('cookie_jar='))
|
||||
signature = c.replace ('cookie_jar=', '');
|
||||
}
|
||||
expect (signature).not.toEqual ('');
|
||||
check_token (signature, 'access_token');
|
||||
});
|
||||
});
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user