Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add basic auth to AuthCode.get_token #131

Merged
merged 4 commits into from
Apr 12, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions lib/oauth2/strategy/auth_code.ex
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ defmodule OAuth2.Strategy.AuthCode do
|> put_param(:client_id, client.client_id)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this line be also removed?

|> put_param(:redirect_uri, client.redirect_uri)
|> merge_params(params)
|> basic_auth()
|> put_headers(headers)
end
end
Expand Down
6 changes: 1 addition & 5 deletions lib/oauth2/strategy/client_credentials.ex
Original file line number Diff line number Diff line change
Expand Up @@ -37,13 +37,9 @@ defmodule OAuth2.Strategy.ClientCredentials do
|> put_headers(headers)
end

defp auth_scheme(client, "auth_header"), do: auth_header(client)
defp auth_scheme(client, "auth_header"), do: basic_auth(client)
defp auth_scheme(client, "request_body"), do: request_body(client)

defp auth_header(%{client_id: id, client_secret: secret} = client) do
put_header(client, "Authorization", "Basic " <> Base.encode64(id <> ":" <> secret))
end

defp request_body(client) do
client
|> put_param(:client_id, client.client_id)
Expand Down
3 changes: 1 addition & 2 deletions lib/oauth2/strategy/password.ex
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,8 @@ defmodule OAuth2.Strategy.Password do
|> put_param(:username, username)
|> put_param(:password, password)
|> put_param(:grant_type, "password")
|> put_param(:client_id, client.client_id)
|> put_param(:client_secret, client.client_secret)
|> merge_params(params)
|> basic_auth()
|> put_headers(headers)
end
end
3 changes: 1 addition & 2 deletions lib/oauth2/strategy/refresh.ex
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,8 @@ defmodule OAuth2.Strategy.Refresh do
client
|> put_param(:refresh_token, token)
|> put_param(:grant_type, "refresh_token")
|> put_param(:client_id, client.client_id)
|> put_param(:client_secret, client.client_secret)
|> merge_params(params)
|> basic_auth()
|> put_headers(headers)
end
end
12 changes: 7 additions & 5 deletions test/oauth2/client_test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,10 @@ defmodule OAuth2.ClientTest do
client = build_client(site: bypass_server(server))
client_with_token = tokenize_client(client)
async_client = async_client(client)
basic_auth = Base.encode64(client.client_id <> ":" <> client.client_secret)

{:ok, client: client,
{:ok, basic_auth: basic_auth,
client: client,
server: server,
client_with_token: client_with_token,
async_client: async_client}
Expand Down Expand Up @@ -78,9 +80,9 @@ defmodule OAuth2.ClientTest do
end
end

test "refresh_token and refresh_token! with a POST", %{server: server, client_with_token: client} do
test "refresh_token and refresh_token! with a POST", %{basic_auth: base64, server: server, client_with_token: client} do
bypass server, "POST", "/oauth/token", fn conn ->
assert get_req_header(conn, "authorization") == []
assert get_req_header(conn, "authorization") == ["Basic #{base64}"]
assert get_req_header(conn, "accept") == ["application/json"]
assert get_req_header(conn, "content-type") == ["application/x-www-form-urlencoded"]

Expand All @@ -103,9 +105,9 @@ defmodule OAuth2.ClientTest do
assert client.token.refresh_token == "new-refresh-token"
end

test "refresh token when response missing refresh_token", %{server: server, client_with_token: client} do
test "refresh token when response missing refresh_token", %{basic_auth: base64, server: server, client_with_token: client} do
bypass server, "POST", "/oauth/token", fn conn ->
assert get_req_header(conn, "authorization") == []
assert get_req_header(conn, "authorization") == ["Basic #{base64}"]
assert get_req_header(conn, "accept") == ["application/json"]
assert get_req_header(conn, "content-type") == ["application/x-www-form-urlencoded"]

Expand Down
4 changes: 3 additions & 1 deletion test/oauth2/strategy/auth_code_test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,13 @@ defmodule OAuth2.Strategy.AuthCodeTest do
test "get_token", %{client: client, server: server} do
code = "abc1234"
access_token = "access-token-1234"
base64 = Base.encode64(client.client_id <> ":" <> client.client_secret)

Bypass.expect server, fn conn ->
assert conn.method == "POST"
assert conn.request_path == "/oauth/token"
assert get_req_header(conn, "content-type") == ["application/x-www-form-urlencoded"]
assert conn.method == "POST"
assert get_req_header(conn, "authorization") == ["Basic #{base64}"]

{:ok, body, conn} = read_body(conn)
body = URI.decode_query(body)
Expand Down
6 changes: 4 additions & 2 deletions test/oauth2/strategy/password_test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,13 @@ defmodule OAuth2.Strategy.PasswordTest do

test "get_token when username and password given in params", %{client: client} do
client = Password.get_token(client, [username: "scrogson", password: "password"], [])
base64 = Base.encode64(client.client_id <> ":" <> client.client_secret)

assert client.params["username"] == "scrogson"
assert client.params["password"] == "password"
assert client.params["grant_type"] == "password"
assert client.params["client_id"] == client.client_id
assert client.params["client_secret"] == client.client_secret

assert List.keyfind(client.headers, "authorization", 0) == {"authorization", "Basic #{base64}"}
end

test "get_token when username and password updated via put_param", %{client: client} do
Expand Down
6 changes: 4 additions & 2 deletions test/oauth2/strategy/refresh_test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,12 @@ defmodule OAuth2.Strategy.RefreshTest do
test "get_token" do
client = build_client()
client = Refresh.get_token(client, [refresh_token: "refresh-token"], [])
base64 = Base.encode64(client.client_id <> ":" <> client.client_secret)

assert client.params["grant_type"] == "refresh_token"
assert client.params["refresh_token"] == "refresh-token"
assert client.params["client_id"] == client.client_id
assert client.params["client_secret"] == client.client_secret

assert List.keyfind(client.headers, "authorization", 0) == {"authorization", "Basic #{base64}"}
end

test "get_token throws and error if there is no 'refresh_token' param" do
Expand Down