From 91f27f8e362cef33642158736357afd618365d56 Mon Sep 17 00:00:00 2001 From: Francesco Stefanni Date: Sun, 5 Dec 2021 15:30:56 +0100 Subject: [PATCH] Supported state in case of denial --- lib/handlers/authorize-handler.js | 7 +++- .../handlers/authorize-handler_test.js | 33 +++++++++++++++---- 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index e825012..371eadd 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -96,6 +96,12 @@ AuthorizeHandler.prototype.handle = function(request, response) { let ResponseType; return Promise.bind(this) + .then(function() { + state = this.getState(request); + if(request.query.allowed === 'false') { + throw new AccessDeniedError('Access denied: user denied access to application'); + } + }) .then(function() { const requestedScope = this.getScope(request); @@ -107,7 +113,6 @@ AuthorizeHandler.prototype.handle = function(request, response) { return this.generateAuthorizationCode(client, user, scope); }) .then(function(authorizationCode) { - state = this.getState(request); ResponseType = this.getResponseType(request); return this.saveAuthorizationCode(authorizationCode, expiresAt, scope, client, uri, user); diff --git a/test/integration/handlers/authorize-handler_test.js b/test/integration/handlers/authorize-handler_test.js index 49d2c0d..6641b4c 100644 --- a/test/integration/handlers/authorize-handler_test.js +++ b/test/integration/handlers/authorize-handler_test.js @@ -161,12 +161,33 @@ describe('AuthorizeHandler integration', function() { it('should throw an error if `allowed` is `false`', function() { const model = { - getAccessToken: function() {}, - getClient: function() {}, - saveAuthorizationCode: function() {} + getAccessToken: function() { + return { + user: {}, + accessTokenExpiresAt: new Date(new Date().getTime() + 10000) + }; + }, + getClient: function() { + return { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; + }, + saveAuthorizationCode: function() { + throw new Error('Unhandled exception'); + } }; const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); - const request = new Request({ body: {}, headers: {}, method: {}, query: { allowed: 'false' } }); + const request = new Request({ + body: { + client_id: 'test' + }, + headers: { + 'Authorization': 'Bearer foo' + }, + method: {}, + query: { + allowed: 'false', + state: 'foobar' + } + }); const response = new Response({ body: {}, headers: {} }); return handler.handle(request, response) @@ -328,7 +349,7 @@ describe('AuthorizeHandler integration', function() { return handler.handle(request, response) .then(should.fail) .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20parameter%3A%20%60scope%60'); + response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20parameter%3A%20%60scope%60&state=foobar'); }); }); @@ -416,7 +437,7 @@ describe('AuthorizeHandler integration', function() { return handler.handle(request, response) .then(should.fail) .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20scope%3A%20Requested%20scope%20is%20invalid'); + response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20scope%3A%20Requested%20scope%20is%20invalid&state=foobar'); }); });