@@ -13,6 +13,30 @@ const HttpMocks = require('node-mocks-http')
1313
1414const LoginConsentRequest = require ( '../../src/handlers/login-consent-request' )
1515
16+ function createOpAuthRequest ( overwrite ) {
17+ return Object . assign ( {
18+ req : {
19+ body : { } ,
20+ app : {
21+ locals : {
22+ ldp : {
23+ serverUri : 'https://pod.example'
24+ }
25+ }
26+ } ,
27+ session : {
28+ consentedOrigins : [ 'https://example.com' ]
29+ }
30+ } ,
31+ res : HttpMocks . createResponse ( ) ,
32+ subject : { } ,
33+ params : {
34+ redirect_uri : 'https://example.com'
35+ } ,
36+ host : { }
37+ } , overwrite )
38+ }
39+
1640describe ( 'LoginConsentRequest' , ( ) => {
1741 describe ( 'constructor()' , ( ) => {
1842 it ( 'should initialize a new instance' , ( ) => {
@@ -70,8 +94,7 @@ describe('LoginConsentRequest', () => {
7094
7195 describe ( 'handle()' , ( ) => {
7296 it ( 'should return the opAuthRequest object' , ( ) => {
73- let res = HttpMocks . createResponse ( )
74- let opAuthRequest = { req : { body : { } } , res, subject : { } }
97+ let opAuthRequest = createOpAuthRequest ( )
7598
7699 return LoginConsentRequest . handle ( opAuthRequest )
77100 . then ( returnedRequest => {
@@ -80,8 +103,7 @@ describe('LoginConsentRequest', () => {
80103 } )
81104
82105 it ( 'should invoke obtainConsent()' , ( ) => {
83- let res = HttpMocks . createResponse ( )
84- let opAuthRequest = { req : { body : { } } , res, subject : { } }
106+ let opAuthRequest = createOpAuthRequest ( )
85107
86108 let obtainConsent = sinon . spy ( LoginConsentRequest , 'obtainConsent' )
87109
@@ -93,8 +115,7 @@ describe('LoginConsentRequest', () => {
93115 } )
94116
95117 it ( 'should pass through opAuthRequest if skipConsent is set' , ( ) => {
96- let res = HttpMocks . createResponse ( )
97- let opAuthRequest = { req : { body : { } } , res, subject : { } }
118+ let opAuthRequest = createOpAuthRequest ( )
98119 let skipConsent = true
99120
100121 return LoginConsentRequest . handle ( opAuthRequest , skipConsent )
@@ -103,16 +124,6 @@ describe('LoginConsentRequest', () => {
103124 LoginConsentRequest . obtainConsent . resetHistory ( )
104125 } )
105126 } )
106-
107- it ( 'should not invoke obtainConsent() if subject is missing' , ( ) => {
108- let res = HttpMocks . createResponse ( )
109- let opAuthRequest = { req : { body : { } } , res }
110-
111- return LoginConsentRequest . handle ( opAuthRequest )
112- . then ( ( ) => {
113- expect ( LoginConsentRequest . obtainConsent ) . to . not . have . been . called ( )
114- } )
115- } )
116127 } )
117128
118129 describe ( 'clientId getter' , ( ) => {
@@ -130,52 +141,46 @@ describe('LoginConsentRequest', () => {
130141 describe ( 'isLocalRpClient()' , ( ) => {
131142 it ( 'should be false if host has no local client initialized' , ( ) => {
132143 let params = { 'client_id' : '1234' }
133- let response = HttpMocks . createResponse ( )
134- let opAuthRequest = { host : { } }
144+ let res = HttpMocks . createResponse ( )
145+ let opAuthRequest = createOpAuthRequest ( { res } )
135146
136- let request = new LoginConsentRequest ( { params, response , opAuthRequest } )
147+ let request = new LoginConsentRequest ( { params, res , opAuthRequest } )
137148
138149 expect ( request . isLocalRpClient ( '1234' ) ) . to . be . false ( )
139150 } )
140151
141152 it ( 'should be false if params has no client id' , ( ) => {
142153 let params = { }
143- let response = HttpMocks . createResponse ( )
144- let opAuthRequest = {
145- host : { }
146- }
154+ let res = HttpMocks . createResponse ( )
155+ let opAuthRequest = createOpAuthRequest ( { res } )
147156
148- let request = new LoginConsentRequest ( { params, response , opAuthRequest } )
157+ let request = new LoginConsentRequest ( { params, res , opAuthRequest } )
149158
150159 expect ( request . isLocalRpClient ( undefined ) ) . to . be . false ( )
151160 } )
152161
153- it ( 'should be false if host local client id does not match params' , ( ) => {
154- let params = { 'client_id' : '1234' }
155- let response = HttpMocks . createResponse ( )
156- let opAuthRequest = {
157- host : {
158- localClientId : '5678'
159- }
160- }
162+ it ( 'should be false if host local app origin does not equal param server uri' , ( ) => {
163+ let params = { }
164+ let res = HttpMocks . createResponse ( )
165+ let opAuthRequest = createOpAuthRequest ( {
166+ res
167+ } )
161168
162- let request = new LoginConsentRequest ( { params, response , opAuthRequest } )
169+ let request = new LoginConsentRequest ( { params, res , opAuthRequest } )
163170
164- expect ( request . isLocalRpClient ( '1234 ' ) ) . to . be . false ( )
171+ expect ( request . isLocalRpClient ( 'https://example.com ' ) ) . to . be . false ( )
165172 } )
166173
167- it ( 'should be true if host local client id equals param client_id' , ( ) => {
168- let params = { 'client_id' : '1234' }
169- let response = HttpMocks . createResponse ( )
170- let opAuthRequest = {
171- host : {
172- localClientId : '1234'
173- }
174- }
174+ it ( 'should be true if host local app origin equals param server uri' , ( ) => {
175+ let params = { }
176+ let res = HttpMocks . createResponse ( )
177+ let opAuthRequest = createOpAuthRequest ( {
178+ res
179+ } )
175180
176- let request = new LoginConsentRequest ( { params, response , opAuthRequest } )
181+ let request = new LoginConsentRequest ( { params, res , opAuthRequest } )
177182
178- expect ( request . isLocalRpClient ( '1234 ' ) ) . to . be . true ( )
183+ expect ( request . isLocalRpClient ( 'https://pod.example ' ) ) . to . be . true ( )
179184 } )
180185 } )
181186
@@ -188,7 +193,14 @@ describe('LoginConsentRequest', () => {
188193 beforeEach ( ( ) => {
189194 req = { body : { scope : 'openid' , client_id : clientId } }
190195 res = HttpMocks . createResponse ( )
191- opAuthRequest = { req, res, host }
196+ opAuthRequest = createOpAuthRequest ( { res, host } )
197+ opAuthRequest = {
198+ ...opAuthRequest ,
199+ req : {
200+ ...opAuthRequest . req ,
201+ body : req . body
202+ }
203+ }
192204 } )
193205
194206 it ( 'should mark successful consent automatically' , ( ) => {
@@ -221,7 +233,14 @@ describe('LoginConsentRequest', () => {
221233 beforeEach ( ( ) => {
222234 req = { body : { consent : true , scope : 'openid' , client_id : clientId } }
223235 res = HttpMocks . createResponse ( )
224- opAuthRequest = { req, res, host }
236+ opAuthRequest = createOpAuthRequest ( { res, host } )
237+ opAuthRequest = {
238+ ...opAuthRequest ,
239+ req : {
240+ ...opAuthRequest . req ,
241+ body : req . body
242+ }
243+ }
225244 } )
226245
227246 it ( 'should call saveConsentForClient()' , ( ) => {
@@ -270,19 +289,17 @@ describe('LoginConsentRequest', () => {
270289 beforeEach ( ( ) => {
271290 req = { body : { scope : 'openid' } }
272291 res = HttpMocks . createResponse ( )
273- opAuthRequest = { req, res }
274- } )
275-
276- it ( 'should check for previously saved consent' , ( ) => {
277- let request = LoginConsentRequest . from ( opAuthRequest )
278-
279- request . checkSavedConsentFor = sinon . mock ( )
280- . returns ( Promise . resolve ( false ) )
281-
282- return LoginConsentRequest . obtainConsent ( request )
283- . then ( ( ) => {
284- expect ( request . checkSavedConsentFor ) . to . have . been . called ( )
285- } )
292+ opAuthRequest = createOpAuthRequest ( { res } )
293+ opAuthRequest = {
294+ ...opAuthRequest ,
295+ req : {
296+ ...opAuthRequest . req ,
297+ body : req . body ,
298+ session : {
299+ consentedOrigins : [ ]
300+ }
301+ }
302+ }
286303 } )
287304
288305 describe ( 'if user consent has been previously saved' , ( ) => {
@@ -305,16 +322,17 @@ describe('LoginConsentRequest', () => {
305322 } )
306323
307324 describe ( 'if user consent has NOT been previously saved' , ( ) => {
308- it ( 'should call renderConsentPage ()' , ( ) => {
325+ it ( 'should call redirectToConsent ()' , ( ) => {
309326 let request = LoginConsentRequest . from ( opAuthRequest )
310327
311328 request . checkSavedConsentFor = sinon . mock ( )
312329 . returns ( Promise . resolve ( false ) )
313330 request . response . render = sinon . mock ( )
314331
315- let renderConsentPage = sinon . spy ( request , 'renderConsentPage ' )
332+ let renderConsentPage = sinon . spy ( request , 'redirectToConsent ' )
316333
317334 return LoginConsentRequest . obtainConsent ( request )
335+ . catch ( ( ) => { } )
318336 . then ( ( ) => {
319337 expect ( renderConsentPage ) . to . have . been . called ( )
320338 } )
@@ -328,6 +346,7 @@ describe('LoginConsentRequest', () => {
328346 request . response . render = sinon . mock ( )
329347
330348 return LoginConsentRequest . obtainConsent ( request )
349+ . catch ( ( opAuthRequest ) => opAuthRequest )
331350 . then ( opAuthRequest => {
332351 expect ( opAuthRequest . consent ) . to . not . exist ( )
333352 expect ( opAuthRequest . scope ) . to . not . exist ( )
@@ -337,37 +356,28 @@ describe('LoginConsentRequest', () => {
337356 } )
338357 } )
339358
340- describe ( 'renderConsentPage()' , ( ) => {
341- it ( 'should call res.render' , ( ) => {
342- let req = { body : { } }
359+ describe ( 'redirectToConsent()' , ( ) => {
360+ it ( 'should call res.redirect' , ( ) => {
343361 let res = HttpMocks . createResponse ( )
344362
345- let render = sinon . stub ( res , 'render ' )
363+ let redirect = sinon . stub ( res , 'redirect ' )
346364
347- let opAuthRequest = { req, res }
365+ let opAuthRequest = createOpAuthRequest ( { res } )
366+ opAuthRequest = {
367+ ...opAuthRequest ,
368+ req : {
369+ ...opAuthRequest . req ,
370+ session : {
371+ consentedOrigins : [ ]
372+ }
373+ }
374+ }
348375 let request = LoginConsentRequest . from ( opAuthRequest )
349376
350377 return LoginConsentRequest . obtainConsent ( request )
378+ . catch ( ( ) => { } )
351379 . then ( ( ) => {
352- expect ( render ) . to . have . been . calledWith ( 'auth/consent' )
353- } )
354- } )
355-
356- it ( 'should set the headerSent property on opAuthRequest' , ( ) => {
357- let req = { body : { } }
358- let res = HttpMocks . createResponse ( )
359-
360- sinon . stub ( res , 'render' )
361-
362- let opAuthRequest = { req, res }
363- let request = LoginConsentRequest . from ( opAuthRequest )
364-
365- request . checkSavedConsentFor = sinon . mock ( )
366- . returns ( Promise . resolve ( false ) )
367-
368- return LoginConsentRequest . obtainConsent ( request )
369- . then ( opAuthRequest => {
370- expect ( opAuthRequest . headersSent ) . to . be . true ( )
380+ expect ( redirect ) . to . have . been . called ( )
371381 } )
372382 } )
373383 } )
0 commit comments