Merge pull request #12 from twilio-labs/validate-identity-parameter

Add verification for user_identity parameter

Author: timmydoza

README.md

@@ -1,5 +1,6 @@
 # @twilio-labs/plugin-rtc
 
+![npm](https://img.shields.io/npm/v/@twilio-labs/plugin-rtc)
 [![CircleCI](https://circleci.com/gh/twilio-labs/plugin-rtc.svg?style=svg)](https://circleci.com/gh/twilio-labs/plugin-rtc)
 
 This plugin adds functionality to the [Twilio CLI](https://github.com/twilio/twilio-cli) which supports developing and deploying real-time communication apps.
@@ -113,6 +114,22 @@ POST /token
 <td> <b>Status</b> </td> <td> <b>Response</b> </td>
 </tr>
 
+<tr>
+<td> 400 </td>
+<td>
+
+```json
+{
+    "error": {
+      "message": "missing user_identity",
+      "explanation": "The user_identity parameter is missing."
+    }
+}
+```
+
+</td>
+</tr>
+
 <tr>
 <td> 401 </td>
 <td>

package.json

@@ -6,16 +6,15 @@
   "publishConfig": {
     "access": "public"
   },
-  "repository": "twilio-labs/plugin-rtc",
+  "repository": "https://github.com/twilio-labs/plugin-rtc",
   "scripts": {
     "test": "TZ=utc jest",
     "postpack": "rm -f oclif.manifest.json",
     "prepack": "oclif-dev manifest && oclif-dev readme",
-    "version": "oclif-dev readme && git add README.md",
     "lint": "eslint .",
     "posttest": "npm run lint"
   },
-  "author": "",
+  "author": "Twilio",
   "license": "Apache-2.0",
   "dependencies": {
     "@oclif/command": "^1.5.19",

src/video-token-server.js

@@ -46,6 +46,18 @@ module.exports.handler = (context, event, callback) => {
     return;
   }
 
+  if (!user_identity) {
+    response.setStatusCode(400);
+    response.setBody({
+      error: {
+        message: 'missing user_identity',
+        explanation: 'The user_identity parameter is missing.',
+      },
+    });
+    callback(null, response);
+    return;
+  }
+
   const token = new AccessToken(TWILIO_ACCOUNT_SID, TWILIO_API_KEY_SID, TWILIO_API_KEY_SECRET, {
     ttl: MAX_ALLOWED_SESSION_DURATION,
   });

test/video-token-server.test.js

@@ -16,7 +16,7 @@ describe('the video-token-server', () => {
   it('should return an "unauthorized" error when the passcode is incorrect', () => {
     Date.now = () => 5;
 
-    handler(mockContext, { passcode: '9876543210' }, callback);
+    handler(mockContext, { passcode: '9876543210', user_identity: 'test identity' }, callback);
 
     expect(callback).toHaveBeenCalledWith(null, {
       body: {
@@ -33,7 +33,7 @@ describe('the video-token-server', () => {
   it('should return an "expired" error when the current time is past the API_PASSCODE_EXPIRY time', () => {
     Date.now = () => 15;
 
-    handler(mockContext, { passcode: '1234566789' }, callback);
+    handler(mockContext, { passcode: '1234566789', user_identity: 'test identity'}, callback);
 
     expect(callback).toHaveBeenCalledWith(null, {
       body: {
@@ -48,11 +48,29 @@ describe('the video-token-server', () => {
     });
   });
 
-  it('should return a token when only the passcode is supplied', () => {
+  it('should return a "missing user_identity" error when the "user_identity" parameter is not supplied', () => {
     Date.now = () => 5;
 
     handler(mockContext, { passcode: '1234566789' }, callback);
 
+    expect(callback).toHaveBeenCalledWith(null, {
+      body: {
+        error: {
+          message: 'missing user_identity',
+          explanation:
+            'The user_identity parameter is missing.',
+        },
+      },
+      headers: { 'Content-Type': 'application/json' },
+      statusCode: 400,
+    });
+  });
+
+  it('should return a token when no room_name is supplied', () => {
+    Date.now = () => 5;
+
+    handler(mockContext, { passcode: '1234566789',  user_identity: 'test identity' }, callback);
+
     expect(callback).toHaveBeenCalledWith(null, {
       body: { token: expect.any(String) },
       headers: { 'Content-Type': 'application/json' },
@@ -62,6 +80,7 @@ describe('the video-token-server', () => {
     expect(jwt.decode(callback.mock.calls[0][1].body.token)).toEqual({
       exp: 14400,
       grants: {
+        identity: "test identity",
         video: {},
       },
       iat: 0,