From b3cbb20be1da67f208606d550f599845230472ac Mon Sep 17 00:00:00 2001 From: Maurice Williams Date: Tue, 26 May 2015 18:02:49 -0400 Subject: [PATCH] splitting client authentication-related middleware in to its own file * refs #5286 * includes test cases for `addClientSecret` * no tests first `generateAccessToken` and `authenticateClient` because there isn't anything to test in them --- core/server/middleware/client-auth.js | 35 ++++++++++++++++ core/server/middleware/middleware.js | 35 ++++------------ core/test/unit/middleware/clientAuth_spec.js | 44 ++++++++++++++++++++ 3 files changed, 86 insertions(+), 28 deletions(-) create mode 100644 core/server/middleware/client-auth.js create mode 100644 core/test/unit/middleware/clientAuth_spec.js diff --git a/core/server/middleware/client-auth.js b/core/server/middleware/client-auth.js new file mode 100644 index 0000000000..71f1686d09 --- /dev/null +++ b/core/server/middleware/client-auth.js @@ -0,0 +1,35 @@ +var passport = require('passport'), + _ = require('lodash'), + oauthServer, + + clientAuth; + +function cacheOauthServer(server) { + oauthServer = server; +} + +clientAuth = { + // work around to handle missing client_secret + // oauth2orize needs it, but untrusted clients don't have it + addClientSecret: function addClientSecret(req, res, next) { + if (_.isEmpty(req.body.client_secret)) { + req.body.client_secret = 'not_available'; + } + next(); + }, + + // ### Authenticate Client Middleware + // authenticate client that is asking for an access token + authenticateClient: function authenticateClient(req, res, next) { + return passport.authenticate(['oauth2-client-password'], {session: false})(req, res, next); + }, + + // ### Generate access token Middleware + // register the oauth2orize middleware for password and refresh token grants + generateAccessToken: function generateAccessToken(req, res, next) { + return oauthServer.token()(req, res, next); + } +}; + +module.exports = clientAuth; +module.exports.cacheOauthServer = cacheOauthServer; diff --git a/core/server/middleware/middleware.js b/core/server/middleware/middleware.js index bdc9d28135..1d45380acb 100644 --- a/core/server/middleware/middleware.js +++ b/core/server/middleware/middleware.js @@ -19,10 +19,10 @@ var _ = require('lodash'), busboy = require('./ghost-busboy'), cacheControl = require('./cache-control'), spamPrevention = require('./spam-prevention'), + clientAuth = require('./client-auth'), middleware, - blogApp, - oauthServer; + blogApp; function isBlackListedFileType(file) { var blackListedFileTypes = ['.hbs', '.md', '.json'], @@ -34,10 +34,6 @@ function cacheBlogApp(app) { blogApp = app; } -function cacheOauthServer(server) { - oauthServer = server; -} - function isSSLrequired(isAdmin, configUrl, forceAdminSSL) { var forceSSL = url.parse(configUrl).protocol === 'https:' ? true : false; if (forceSSL || (isAdmin && forceAdminSSL)) { @@ -173,27 +169,6 @@ middleware = { }); }, - // work around to handle missing client_secret - // oauth2orize needs it, but untrusted clients don't have it - addClientSecret: function (req, res, next) { - if (!req.body.client_secret) { - req.body.client_secret = 'not_available'; - } - next(); - }, - - // ### Authenticate Client Middleware - // authenticate client that is asking for an access token - authenticateClient: function (req, res, next) { - return passport.authenticate(['oauth2-client-password'], {session: false})(req, res, next); - }, - - // ### Generate access token Middleware - // register the oauth2orize middleware for password and refresh token grants - generateAccessToken: function (req, res, next) { - return oauthServer.token()(req, res, next); - }, - // Check to see if we should use SSL // and redirect if needed checkSSL: function (req, res, next) { @@ -330,7 +305,11 @@ middleware = { module.exports = middleware; module.exports.cacheBlogApp = cacheBlogApp; -module.exports.cacheOauthServer = cacheOauthServer; + +module.exports.addClientSecret = clientAuth.addClientSecret; +module.exports.cacheOauthServer = clientAuth.cacheOauthServer; +module.exports.authenticateClient = clientAuth.authenticateClient; +module.exports.generateAccessToken = clientAuth.generateAccessToken; // SSL helper functions are exported primarily for unity testing. module.exports.isSSLrequired = isSSLrequired; diff --git a/core/test/unit/middleware/clientAuth_spec.js b/core/test/unit/middleware/clientAuth_spec.js new file mode 100644 index 0000000000..5a0eb8c4dd --- /dev/null +++ b/core/test/unit/middleware/clientAuth_spec.js @@ -0,0 +1,44 @@ +/*globals describe, beforeEach, it*/ +/*jshint expr:true*/ +var should = require('should'), + sinon = require('sinon'), + + middleware = require('../../../server/middleware').middleware; + +describe('Middleware: Client Auth', function () { + var req, res, next; + + beforeEach(function () { + req = {}; + res = {}; + next = sinon.spy(); + }); + + describe('addClientSecret', function () { + it('sets a `client_secret` if not part of body', function () { + var requestBody = {}; + + req.body = requestBody; + + middleware.addClientSecret(req, res, next); + + next.called.should.be.true; + should(req.body).have.property('client_secret'); + req.body.client_secret.should.not.be.empty; + }); + + it('does not tamper with `client_secret` if already present', function () { + var requestBody = { + client_secret: 'keep-it-safe-keep-it-secret' + }; + + req.body = requestBody; + + middleware.addClientSecret(req, res, next); + + next.called.should.be.true; + should(req.body).have.property('client_secret'); + req.body.client_secret.should.equal('keep-it-safe-keep-it-secret'); + }); + }); +});