felixheck
diff --git a/‎src/index.js‎
Lines changed: 33 additions & 19 deletions b/‎src/index.js‎
Lines changed: 33 additions & 19 deletions
diff --git a/‎src/manager.js‎
Lines changed: 0 additions & 81 deletions b/‎src/manager.js‎
Lines changed: 0 additions & 81 deletions
diff --git a/‎src/token.js‎
Lines changed: 2 additions & 1 deletion b/‎src/token.js‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎test/_helpers.js‎
Lines changed: 43 additions & 12 deletions b/‎test/_helpers.js‎
Lines changed: 43 additions & 12 deletions
diff --git a/‎test/cache.spec.js‎
Lines changed: 6 additions & 6 deletions b/‎test/cache.spec.js‎
Lines changed: 6 additions & 6 deletions
@@ -1,32 +1,49 @@
+const { GrantManager } = require('keycloak-auth-utils')
 const cache = require('./cache')
-const manager = require('./manager')
 const token = require('./token')
 const { error, fakeReply, verify } = require('./utils')
 const pkg = require('../package.json')
 
+let manager
+
+/**
+ * @function
+ * @public
+ *
+ * Get user information based on token with help of Keycloak.
+ * If all validations and requests are successful, save the
+ * token and its user data in memory cache.
+ *
+ * @param {string} token The token to be validated
+ * @param {Function} reply The callback handler
+ */
+function handleKeycloakUserInfo (tkn, reply) {
+  manager.userInfo(tkn.get()).then((userInfo) => {
+    const { scope, expiresIn } = tkn.getData()
+    const userData = { credentials: Object.assign({ scope }, userInfo) }
+
+    cache.set(tkn.get(), userData, expiresIn)
+    reply.continue(userData)
+  }).catch((err) => {
+    reply(error('unauthorized', err))
+  })
+}
+
 /**
  * @function
  * @public
  *
  * Validate a token with help of Keycloak.
- * If all validations and requests are successful,
- * save the token and its user data in memory cache.
  *
  * @param {string} token The token to be validated
  * @param {Function} reply The callback handler
  */
 function handleKeycloakValidation (tkn, reply) {
-  const rawTkn = tkn.get()
+  const invalidate = (err) => reply(error('unauthorized', err, error.msg.invalid))
 
-  manager.validateAccessToken(rawTkn, reply, () => {
-    manager.userInfo(rawTkn, reply, (userInfo) => {
-      const { scope, expiresIn } = tkn.getData()
-      const userData = { credentials: Object.assign({ scope }, userInfo) }
-      cache.set(tkn.get(), userData, expiresIn)
-
-      return reply.continue(userData)
-    })
-  })
+  manager.validateAccessToken(tkn.get()).then((res) => {
+    res ? handleKeycloakUserInfo(tkn, reply) : invalidate()
+  }).catch(invalidate)
 }
 
 /**
@@ -49,11 +66,8 @@ function validate (field, reply) {
   }
 
   cache.get(tkn.get(), (err, cached) => {
-    if (cached && !err) {
-      return reply.continue(cached)
-    }
-
-    return handleKeycloakValidation(tkn, reply)
+    const isCached = cached && !err
+    isCached ? reply.continue(cached) : handleKeycloakValidation(tkn, reply)
   })
 }
 
@@ -94,7 +108,7 @@ function strategy (server) {
  */
 function plugin (server, opts, next) {
   opts = verify(opts)
-  manager.init(opts.client)
+  manager = new GrantManager(opts.client)
   cache.init(server, opts.cache)
 
   server.auth.scheme('keycloak-jwt', strategy)
 
@@ -17,12 +17,13 @@ function token (field) {
    * @private
    *
    * Extract bearer token out of header.
+   * https://tools.ietf.org/html/rfc7519
    *
    * @param {string} header The header to be scanned
    * @returns {string} The extracted header
    */
   function extractToken (header) {
-    return /^(?:bearer) ([A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*)$/i.exec(header)
+    return /^(?:bearer) ([a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?)$/i.exec(header)
   }
 
   /**
 
@@ -1,7 +1,11 @@
 const hapi = require('hapi')
+const _ = require('lodash')
+const { GrantManager } = require('keycloak-auth-utils')
 const authKeycloak = require('../src')
 const fixtures = require('./_fixtures')
 
+const GrantManagerClone = {}
+
 /**
  * @type Object
  * @private
@@ -13,6 +17,27 @@ const defaults = {
   cache: false
 }
 
+/**
+ * @type Object.<Function>
+ * @public
+ *
+ * Provide several functions to clone, reset and
+ * stub methods of `GrantManager`.
+ */
+const prototypes = {
+  clone () {
+    GrantManagerClone.prototype = _.cloneDeep(GrantManager.prototype)
+  },
+  reset () {
+    GrantManager.prototype = GrantManagerClone.prototype
+  },
+  stub (name, value, type = 'resolve') {
+    GrantManager.prototype[name] = function () {
+      return Promise[type](value)
+    }
+  }
+}
+
 /**
  * @function
  * @private
@@ -36,6 +61,21 @@ function registerRoutes (server) {
     {
       method: 'GET',
       path: '/role',
+      config: {
+        auth: {
+          strategies: ['keycloak-jwt'],
+          access: {
+            scope: ['editor']
+          }
+        },
+        handler (req, reply) {
+          reply({ foo: 42 })
+        }
+      }
+    },
+    {
+      method: 'GET',
+      path: '/role/guest',
       config: {
         auth: {
           strategies: ['keycloak-jwt'],
@@ -84,17 +124,7 @@ function registerPlugin (server, options = defaults, done = () => {}) {
 function getServer (options, done) {
   const server = new hapi.Server()
 
-  server.connection({
-    host: '127.0.0.1',
-    port: 1337
-  })
-
-  process.on('SIGINT', () => {
-    server.stop({ timeout: 10000 }).then((err) => {
-      process.exit((err) ? 1 : 0)
-    })
-  })
-
+  server.connection()
   server.initialize((err) => {
     if (err) throw err
 
@@ -108,5 +138,6 @@ function getServer (options, done) {
 
 module.exports = {
   getServer,
-  registerPlugin
+  registerPlugin,
+  prototypes
 }
@@ -1,13 +1,13 @@
 const test = require('ava')
-const helpers = require('./_helpers')
+const { getServer } = require('./_helpers')
 const cache = require('../src/cache')
 
 test.afterEach('reset cache', () => {
   cache.reset()
 })
 
 test.cb.serial('just create one instance – object', (t) => {
-  helpers.getServer(false, (server) => {
+  getServer(false, (server) => {
     const cch1 = cache.init(server, { segment: 'foo' })
     const cch2 = cache.init(server, { segment: 'foo' })
 
@@ -19,7 +19,7 @@ test.cb.serial('just create one instance – object', (t) => {
 })
 
 test.cb.serial('just create one instance – boolean', (t) => {
-  helpers.getServer(false, (server) => {
+  getServer(false, (server) => {
     const cch1 = cache.init(server, false)
     const cch2 = cache.init(server, false)
 
@@ -31,7 +31,7 @@ test.cb.serial('just create one instance – boolean', (t) => {
 })
 
 test.cb.serial('set and get value', (t) => {
-  helpers.getServer(false, (server) => {
+  getServer(false, (server) => {
     cache.init(server, { segment: 'foo' })
     cache.set('bar', 42, 10000)
 
@@ -44,7 +44,7 @@ test.cb.serial('set and get value', (t) => {
 })
 
 test.cb.serial('set and get value – no cache', (t) => {
-  helpers.getServer(false, (server) => {
+  getServer(false, (server) => {
     cache.init(server, false)
     cache.set('bar', 42, 10000)
 
@@ -57,7 +57,7 @@ test.cb.serial('set and get value – no cache', (t) => {
 })
 
 test.cb.serial('set and get value – expired', (t) => {
-  helpers.getServer(false, (server) => {
+  getServer(false, (server) => {
     cache.init(server, { segment: 'foo' })
     cache.set('bar', 42, 100)
Original file line number	Diff line number	Diff line change
`@@ -17,12 +17,13 @@ function token (field) {`
`17`	`17`	`* @private`
`18`	`18`	`*`
`19`	`19`	`* Extract bearer token out of header.`
	`20`	`+ * https://tools.ietf.org/html/rfc7519`
`20`	`21`	`*`
`21`	`22`	`* @param {string} header The header to be scanned`
`22`	`23`	`* @returns {string} The extracted header`
`23`	`24`	`*/`
`24`	`25`	`function extractToken (header) {`
`25`		`- return /^(?:bearer) ([A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*)$/i.exec(header)`
	`26`	`+ return /^(?:bearer) ([a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?)$/i.exec(header)`
`26`	`27`	`}`
`27`	`28`
`28`	`29`	`/**`