Supply state as info.

Author: jaredhanson

lib/strategy.js

@@ -149,10 +149,10 @@ OAuth2Strategy.prototype.authenticate = function(req, options) {
   }
 
   if (req.query && req.query.code) {
-    function loaded(err, ok, info) {
+    function loaded(err, ok, state) {
       if (err) { return self.error(err); }
       if (!ok) {
-        return self.fail(info, 403);
+        return self.fail(state, 403);
       }
 
       var code = req.query.code;
@@ -171,6 +171,9 @@ OAuth2Strategy.prototype.authenticate = function(req, options) {
             function verified(err, user, info) {
               if (err) { return self.error(err); }
               if (!user) { return self.fail(info); }
+              
+              info = info || {};
+              if (state) { info.state = state; }
               self.success(user, info);
             }
 

test/oauth2.state.custom.test.js

@@ -247,4 +247,151 @@ describe('OAuth2Strategy', function() {
 
   }); // with custom state store that accepts meta argument
 
+  
+  describe('with custom state store that accepts meta argument and supplies state', function() {
+    function CustomStore() {
+    }
+    
+    CustomStore.prototype.verify = function(req, state, meta, cb) {
+      req.customStoreVerifyCalled = req.customStoreVerifyCalled ? req.customStoreVerifyCalled++ : 1;
+      return cb(null, true, { returnTo: 'http://www.example.com/' });
+    };
+    
+    describe('processing response to authorization request', function() {
+      
+      describe('that was approved without info', function() {
+        var strategy = new OAuth2Strategy({
+          authorizationURL: 'https://www.example.com/oauth2/authorize',
+          tokenURL: 'https://www.example.com/oauth2/token',
+          clientID: 'ABC123',
+          clientSecret: 'secret',
+          callbackURL: 'https://www.example.net/auth/example/callback',
+          store: new CustomStore()
+        },
+        function(accessToken, refreshToken, profile, done) {
+          if (accessToken !== '2YotnFZFEjr1zCsicMWpAA') { return done(new Error('incorrect accessToken argument')); }
+          if (refreshToken !== 'tGzv3JOkF0XG5Qx2TlKWIA') { return done(new Error('incorrect refreshToken argument')); }
+          if (typeof profile !== 'object') { return done(new Error('incorrect profile argument')); }
+          if (Object.keys(profile).length !== 0) { return done(new Error('incorrect profile argument')); }
+
+          return done(null, { id: '1234' });
+        });
+
+        strategy._oauth2.getOAuthAccessToken = function(code, options, callback) {
+          if (code !== 'SplxlOBeZQQYbYS6WxSbIA') { return callback(new Error('incorrect code argument')); }
+          if (options.grant_type !== 'authorization_code') { return callback(new Error('incorrect options.grant_type argument')); }
+          if (options.redirect_uri !== 'https://www.example.net/auth/example/callback') { return callback(new Error('incorrect options.redirect_uri argument')); }
+
+          return callback(null, '2YotnFZFEjr1zCsicMWpAA', 'tGzv3JOkF0XG5Qx2TlKWIA', { token_type: 'example' });
+        }
+        
+        var request
+          , user
+          , info;
+
+        before(function(done) {
+          chai.passport.use(strategy)
+            .success(function(u, i) {
+              user = u;
+              info = i;
+              done();
+            })
+            .req(function(req) {
+              request = req;
+        
+              req.url = '/auth/example/callback';
+              req.query = {};
+              req.query.code = 'SplxlOBeZQQYbYS6WxSbIA';
+              req.query.state = 'foos7473';
+            })
+            .authenticate();
+        });
+
+        it('should supply user', function() {
+          expect(user).to.be.an.object;
+          expect(user.id).to.equal('1234');
+        });
+
+        it('should supply info with state', function() {
+          expect(info).to.be.an.object;
+          expect(Object.keys(info)).to.have.length(1);
+          expect(info.state).to.be.an.object;
+          expect(info.state.returnTo).to.equal('http://www.example.com/');
+        });
+  
+        it('should verify state using custom store', function() {
+          expect(request.customStoreVerifyCalled).to.equal(1);
+        });
+      }); // that was approved without info
+      
+      describe('that was approved with info', function() {
+        var strategy = new OAuth2Strategy({
+          authorizationURL: 'https://www.example.com/oauth2/authorize',
+          tokenURL: 'https://www.example.com/oauth2/token',
+          clientID: 'ABC123',
+          clientSecret: 'secret',
+          callbackURL: 'https://www.example.net/auth/example/callback',
+          store: new CustomStore()
+        },
+        function(accessToken, refreshToken, profile, done) {
+          if (accessToken !== '2YotnFZFEjr1zCsicMWpAA') { return done(new Error('incorrect accessToken argument')); }
+          if (refreshToken !== 'tGzv3JOkF0XG5Qx2TlKWIA') { return done(new Error('incorrect refreshToken argument')); }
+          if (typeof profile !== 'object') { return done(new Error('incorrect profile argument')); }
+          if (Object.keys(profile).length !== 0) { return done(new Error('incorrect profile argument')); }
+
+          return done(null, { id: '1234' }, { message: 'Hello' });
+        });
+
+        strategy._oauth2.getOAuthAccessToken = function(code, options, callback) {
+          if (code !== 'SplxlOBeZQQYbYS6WxSbIA') { return callback(new Error('incorrect code argument')); }
+          if (options.grant_type !== 'authorization_code') { return callback(new Error('incorrect options.grant_type argument')); }
+          if (options.redirect_uri !== 'https://www.example.net/auth/example/callback') { return callback(new Error('incorrect options.redirect_uri argument')); }
+
+          return callback(null, '2YotnFZFEjr1zCsicMWpAA', 'tGzv3JOkF0XG5Qx2TlKWIA', { token_type: 'example' });
+        }
+        
+        var request
+          , user
+          , info;
+
+        before(function(done) {
+          chai.passport.use(strategy)
+            .success(function(u, i) {
+              user = u;
+              info = i;
+              done();
+            })
+            .req(function(req) {
+              request = req;
+        
+              req.url = '/auth/example/callback';
+              req.query = {};
+              req.query.code = 'SplxlOBeZQQYbYS6WxSbIA';
+              req.query.state = 'foos7473';
+            })
+            .authenticate();
+        });
+
+        it('should supply user', function() {
+          expect(user).to.be.an.object;
+          expect(user.id).to.equal('1234');
+        });
+
+        it('should supply info with state', function() {
+          expect(info).to.be.an.object;
+          expect(Object.keys(info)).to.have.length(2);
+          expect(info.message).to.equal('Hello');
+          expect(info.state).to.be.an.object;
+          expect(info.state.returnTo).to.equal('http://www.example.com/');
+        });
+  
+        it('should verify state using custom store', function() {
+          expect(request.customStoreVerifyCalled).to.equal(1);
+        });
+      }); // that was approved with info
+      
+    }); // processing response to authorization request
+    
+  }); // with custom state store that accepts meta argument and supplies state
+  
 });