Updated tests to support new model.validateScope method

Author: lfk

test/integration/grant-types/authorization-code-grant-type_test.js

@@ -115,7 +115,8 @@ describe('AuthorizationCodeGrantType integration', function() {
       var model = {
         getAuthorizationCode: function() { return { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() * 2), user: {} }; },
         revokeAuthorizationCode: function() { return { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() / 2), user: {} }; },
-        saveToken: function() { return token; }
+        saveToken: function() { return token; },
+        validateScope: function() { return 'foo'; }
       };
       var grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model });
       var request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} });
@@ -464,7 +465,8 @@ describe('AuthorizationCodeGrantType integration', function() {
       var model = {
         getAuthorizationCode: function() {},
         revokeAuthorizationCode: function() {},
-        saveToken: function() { return token; }
+        saveToken: function() { return token; },
+        validateScope: function() { return 'foo'; }
       };
       var grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model });
 

test/integration/grant-types/client-credentials-grant-type_test.js

@@ -94,7 +94,8 @@ describe('ClientCredentialsGrantType integration', function() {
       var token = {};
       var model = {
         getUserFromClient: function() { return {}; },
-        saveToken: function() { return token; }
+        saveToken: function() { return token; },
+        validateScope: function() { return 'foo'; }
       };
       var grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model });
       var request = new Request({ body: {}, headers: {}, method: {}, query: {} });
@@ -194,7 +195,8 @@ describe('ClientCredentialsGrantType integration', function() {
       var token = {};
       var model = {
         getUserFromClient: function() {},
-        saveToken: function() { return token; }
+        saveToken: function() { return token; },
+        validateScope: function() { return 'foo'; }
       };
       var grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 123, model: model });
 

test/integration/grant-types/password-grant-type_test.js

@@ -95,10 +95,11 @@ describe('PasswordGrantType integration', function() {
       var token = {};
       var model = {
         getUser: function() { return {}; },
-        saveToken: function() { return token; }
+        saveToken: function() { return token; },
+        validateScope: function() { return 'baz'; }
       };
       var grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model });
-      var request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} });
+      var request = new Request({ body: { username: 'foo', password: 'bar', scope: 'baz' }, headers: {}, method: {}, query: {} });
 
       return grantType.handle(request, client)
         .then(function(data) {
@@ -269,7 +270,8 @@ describe('PasswordGrantType integration', function() {
       var token = {};
       var model = {
         getUser: function() {},
-        saveToken: function() { return token; }
+        saveToken: function() { return token; },
+        validateScope: function() { return 'foo'; }
       };
       var grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model });
 

test/integration/handlers/authenticate-handler_test.js

@@ -66,14 +66,14 @@ describe('AuthenticateHandler integration', function() {
       }
     });
 
-    it('should throw an error if `scope` was given and the model does not implement `validateScope()`', function() {
+    it('should throw an error if `scope` was given and the model does not implement `verifyScope()`', function() {
       try {
         new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: { getAccessToken: function() {} }, scope: 'foobar' });
 
         should.fail();
       } catch (e) {
         e.should.be.an.instanceOf(InvalidArgumentError);
-        e.message.should.equal('Invalid argument: model does not implement `validateScope()`');
+        e.message.should.equal('Invalid argument: model does not implement `verifyScope()`');
       }
     });
 
@@ -87,7 +87,7 @@ describe('AuthenticateHandler integration', function() {
     it('should set the `scope`', function() {
       var model = {
         getAccessToken: function() {},
-        validateScope: function() {}
+        verifyScope: function() {}
       };
       var grantType = new AuthenticateHandler({
         addAcceptedScopesHeader: true,
@@ -173,7 +173,7 @@ describe('AuthenticateHandler integration', function() {
         getAccessToken: function() {
           return accessToken;
         },
-        validateScope: function() {
+        verifyScope: function() {
           return true;
         }
       };
@@ -434,17 +434,17 @@ describe('AuthenticateHandler integration', function() {
     });
   });
 
-  describe('validateScope()', function() {
+  describe('verifyScope()', function() {
     it('should throw an error if `scope` is invalid', function() {
       var model = {
         getAccessToken: function() {},
-        validateScope: function() {
+        verifyScope: function() {
           return false;
         }
       };
       var handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: 'foo' });
 
-      return handler.validateScope('foo')
+      return handler.verifyScope('foo')
         .then(should.fail)
         .catch(function(e) {
           e.should.be.an.instanceOf(InvalidScopeError);
@@ -455,33 +455,33 @@ describe('AuthenticateHandler integration', function() {
     it('should support promises', function() {
       var model = {
         getAccessToken: function() {},
-        validateScope: function() {
+        verifyScope: function() {
           return true;
         }
       };
       var handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: 'foo' });
 
-      handler.validateScope('foo').should.be.an.instanceOf(Promise);
+      handler.verifyScope('foo').should.be.an.instanceOf(Promise);
     });
 
     it('should support non-promises', function() {
       var model = {
         getAccessToken: function() {},
-        validateScope: function() {
+        verifyScope: function() {
           return true;
         }
       };
       var handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: 'foo' });
 
-      handler.validateScope('foo').should.be.an.instanceOf(Promise);
+      handler.verifyScope('foo').should.be.an.instanceOf(Promise);
     });
   });
 
   describe('updateResponse()', function() {
     it('should not set the `X-Accepted-OAuth-Scopes` header if `scope` is not specified', function() {
       var model = {
         getAccessToken: function() {},
-        validateScope: function() {}
+        verifyScope: function() {}
       };
       var handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: false, model: model });
       var response = new Response({ body: {}, headers: {} });
@@ -494,7 +494,7 @@ describe('AuthenticateHandler integration', function() {
     it('should set the `X-Accepted-OAuth-Scopes` header if `scope` is specified', function() {
       var model = {
         getAccessToken: function() {},
-        validateScope: function() {}
+        verifyScope: function() {}
       };
       var handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: false, model: model, scope: 'foo bar' });
       var response = new Response({ body: {}, headers: {} });
@@ -507,7 +507,7 @@ describe('AuthenticateHandler integration', function() {
     it('should not set the `X-Authorized-OAuth-Scopes` header if `scope` is not specified', function() {
       var model = {
         getAccessToken: function() {},
-        validateScope: function() {}
+        verifyScope: function() {}
       };
       var handler = new AuthenticateHandler({ addAcceptedScopesHeader: false, addAuthorizedScopesHeader: true, model: model });
       var response = new Response({ body: {}, headers: {} });
@@ -520,7 +520,7 @@ describe('AuthenticateHandler integration', function() {
     it('should set the `X-Authorized-OAuth-Scopes` header', function() {
       var model = {
         getAccessToken: function() {},
-        validateScope: function() {}
+        verifyScope: function() {}
       };
       var handler = new AuthenticateHandler({ addAcceptedScopesHeader: false, addAuthorizedScopesHeader: true, model: model, scope: 'foo bar' });
       var response = new Response({ body: {}, headers: {} });

test/integration/handlers/token-handler_test.js

@@ -269,7 +269,8 @@ describe('TokenHandler integration', function() {
       var model = {
         getClient: function() { return { grants: ['password'] }; },
         getUser: function() { return {}; },
-        saveToken: function() { return token; }
+        saveToken: function() { return token; },
+        validateScope: function() { return 'baz'; }
       };
       var handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 });
       var request = new Request({
@@ -278,7 +279,8 @@ describe('TokenHandler integration', function() {
           client_secret: 'secret',
           username: 'foo',
           password: 'bar',
-          grant_type: 'password'
+          grant_type: 'password',
+          scope: 'baz'
         },
         headers: { 'content-type': 'application/x-www-form-urlencoded', 'transfer-encoding': 'chunked' },
         method: 'POST',
@@ -616,6 +618,7 @@ describe('TokenHandler integration', function() {
           getAuthorizationCode: function() { return { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() * 2), user: {} }; },
           getClient: function() {},
           saveToken: function() { return token; },
+          validateScope: function() { return 'foo'; },
           revokeAuthorizationCode: function() { return { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() / 2), user: {} }; }
         };
         var handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 });
@@ -644,12 +647,14 @@ describe('TokenHandler integration', function() {
         var model = {
           getClient: function() {},
           getUserFromClient: function() { return {}; },
-          saveToken: function() { return token; }
+          saveToken: function() { return token; },
+          validateScope: function() { return 'foo'; }
         };
         var handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 });
         var request = new Request({
           body: {
-            grant_type: 'client_credentials'
+            grant_type: 'client_credentials',
+            scope: 'foo'
           },
           headers: {},
           method: {},
@@ -671,7 +676,8 @@ describe('TokenHandler integration', function() {
         var model = {
           getClient: function() {},
           getUser: function() { return {}; },
-          saveToken: function() { return token; }
+          saveToken: function() { return token; },
+          validateScope: function() { return 'baz'; }
         };
         var handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 });
         var request = new Request({
@@ -680,7 +686,8 @@ describe('TokenHandler integration', function() {
             client_secret: 'secret',
             grant_type: 'password',
             password: 'bar',
-            username: 'foo'
+            username: 'foo',
+            scope: 'baz'
           },
           headers: {},
           method: {},
@@ -731,7 +738,8 @@ describe('TokenHandler integration', function() {
         var model = {
           getClient: function() {},
           getUser: function() { return {}; },
-          saveToken: function() { return token; }
+          saveToken: function() { return token; },
+          validateScope: function() { return 'foo'; }
         };
         var handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120, extendedGrantTypes: { 'urn:ietf:params:oauth:grant-type:saml2-bearer': PasswordGrantType } });
         var request = new Request({ body: { grant_type: 'urn:ietf:params:oauth:grant-type:saml2-bearer', username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} });

test/integration/server_test.js

@@ -159,10 +159,11 @@ describe('Server integration', function() {
         },
         saveToken: function() {
           return { accessToken: 1234, client: {}, user: {} };
-        }
+        },
+        validateScope: function() { return 'foo'; }
       };
       var server = new Server({ model: model });
-      var request = new Request({ body: { client_id: 1234, client_secret: 'secret', grant_type: 'password', username: 'foo', password: 'pass' }, headers: { 'content-type': 'application/x-www-form-urlencoded', 'transfer-encoding': 'chunked' }, method: 'POST', query: {} });
+      var request = new Request({ body: { client_id: 1234, client_secret: 'secret', grant_type: 'password', username: 'foo', password: 'pass', scope: 'foo' }, headers: { 'content-type': 'application/x-www-form-urlencoded', 'transfer-encoding': 'chunked' }, method: 'POST', query: {} });
       var response = new Response({ body: {}, headers: {} });
 
       return server.token(request, response)
@@ -203,10 +204,13 @@ describe('Server integration', function() {
         },
         saveToken: function() {
           return { accessToken: 1234, client: {}, user: {} };
+        },
+        validateScope: function() {
+            return 'foo';
         }
       };
       var server = new Server({ model: model });
-      var request = new Request({ body: { client_id: 1234, client_secret: 'secret', grant_type: 'password', username: 'foo', password: 'pass' }, headers: { 'content-type': 'application/x-www-form-urlencoded', 'transfer-encoding': 'chunked' }, method: 'POST', query: {} });
+      var request = new Request({ body: { client_id: 1234, client_secret: 'secret', grant_type: 'password', username: 'foo', password: 'pass', scope: 'foo' }, headers: { 'content-type': 'application/x-www-form-urlencoded', 'transfer-encoding': 'chunked' }, method: 'POST', query: {} });
       var response = new Response({ body: {}, headers: {} });
 
       server.token(request, response, null, next);

test/unit/grant-types/authorization-code-grant-type_test.js

@@ -66,6 +66,7 @@ describe('AuthorizationCodeGrantType', function() {
       };
       var handler = new AuthorizationCodeGrantType({ accessTokenLifetime: 120, model: model });
 
+      sinon.stub(handler, 'validateScope').returns('foobiz');
       sinon.stub(handler, 'generateAccessToken').returns(Promise.resolve('foo'));
       sinon.stub(handler, 'generateRefreshToken').returns(Promise.resolve('bar'));
 

test/unit/grant-types/client-credentials-grant-type_test.js

@@ -41,6 +41,7 @@ describe('ClientCredentialsGrantType', function() {
       };
       var handler = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model });
 
+      sinon.stub(handler, 'validateScope').returns('foobar');
       sinon.stub(handler, 'generateAccessToken').returns('foo');
       sinon.stub(handler, 'getAccessTokenExpiresAt').returns('biz');
 

test/unit/grant-types/password-grant-type_test.js

@@ -43,6 +43,7 @@ describe('PasswordGrantType', function() {
       };
       var handler = new PasswordGrantType({ accessTokenLifetime: 120, model: model });
 
+      sinon.stub(handler, 'validateScope').returns('foobar');
       sinon.stub(handler, 'generateAccessToken').returns('foo');
       sinon.stub(handler, 'generateRefreshToken').returns('bar');
       sinon.stub(handler, 'getAccessTokenExpiresAt').returns('biz');

test/unit/handlers/authenticate-handler_test.js

@@ -92,19 +92,19 @@ describe('AuthenticateHandler', function() {
     });
   });
 
-  describe('validateScope()', function() {
+  describe('verifyScope()', function() {
     it('should call `model.getAccessToken()` if scope is defined', function() {
       var model = {
         getAccessToken: function() {},
-        validateScope: sinon.stub().returns(true)
+        verifyScope: sinon.stub().returns(true)
       };
       var handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: 'bar' });
 
-      return handler.validateScope('foo')
+      return handler.verifyScope('foo')
         .then(function() {
-          model.validateScope.callCount.should.equal(1);
-          model.validateScope.firstCall.args.should.have.length(2);
-          model.validateScope.firstCall.args[0].should.equal('foo', 'bar');
+          model.verifyScope.callCount.should.equal(1);
+          model.verifyScope.firstCall.args.should.have.length(2);
+          model.verifyScope.firstCall.args[0].should.equal('foo', 'bar');
         })
         .catch(should.fail);
     });