Skip to content

Commit

Permalink
Merge pull request #135 from node-oauth/release-4.2.0
Browse files Browse the repository at this point in the history
  • Loading branch information
jankapunkt authored Jun 6, 2022
2 parents f74634c + 5c3d361 commit e01e841
Show file tree
Hide file tree
Showing 31 changed files with 1,352 additions and 2,697 deletions.
1 change: 1 addition & 0 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ name: "CodeQL Semantic Analysis"
on:
push: # all pushes
pull_request: # all PR
types: [review_requested, ready_for_review] # only non-draft PR
schedule:
- cron: '0 2 * * *' # every night at 2am

Expand Down
151 changes: 151 additions & 0 deletions .github/workflows/tests-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,151 @@
name: Tests for Release

on:
push:
branches:
- release-* # all release-<version> branches
pull_request:
# only non-draft PR and when there are "pushes" to the open PR
types: [review_requested, ready_for_review, synchronize]
branches:
- release-* # all release-<version> branches


jobs:
# STEP 1 - NPM Audit

# Before we even test a thing we want to have a clean audit! Since this is
# sufficient to be done using the lowest node version, we can easily use
# a fixed one:

audit:
name: NPM Audit
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: '12'
# install to create local package-lock.json but don't cache the files
# also: no audit for dev dependencies
- run: npm i --package-lock-only && npm audit --production

# STEP 2 - basic unit tests

# This is the standard unit tests as we do in the basic tests for every PR
unittest:
name: Basic unit tests
runs-on: ubuntu-latest
needs: [audit]
strategy:
matrix:
node: [12, 14, 16]
steps:
- name: Checkout ${{ matrix.node }}
uses: actions/checkout@v2

- name: Setup node ${{ matrix.node }}
uses: actions/setup-node@v2
with:
node-version: ${{ matrix.node }}

- name: Cache dependencies ${{ matrix.node }}
uses: actions/cache@v1
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ matrix.node }}
# for this workflow we also require npm audit to pass
- run: npm i
- run: npm run test:coverage

# with the following action we enforce PRs to have a high coverage
# and ensure, changes are tested well enough so that coverage won't fail
- name: check coverage
uses: VeryGoodOpenSource/very_good_coverage@v1.2.0
with:
path: './coverage/lcov.info'
min_coverage: 95

# STEP 3 - Integration tests

# Since our release may affect several packages that depend on it we need to
# cover the closest ones, like adapters and examples.

integrationtests:
name: Extended integration tests
runs-on: ubuntu-latest
needs: [unittest]
strategy:
matrix:
node: [12, 14] # TODO get running for node 16
steps:
# checkout this repo
- name: Checkout ${{ matrix.node }}
uses: actions/checkout@v2

# checkout express-adapter repo
- name: Checkout express-adapter ${{ matrix.node }}
uses: actions/checkout@v2
with:
repository: node-oauth/express-oauth-server
path: github/testing/express

- name: Setup node ${{ matrix.node }}
uses: actions/setup-node@v2
with:
node-version: ${{ matrix.node }}

- name: Cache dependencies ${{ matrix.node }}
uses: actions/cache@v1
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server-${{ hashFiles('github/testing/express/**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server
# in order to test the adapter we need to use the current checkout
# and install it as local dependency
# we just cloned and install it as local dependency
- run: |
cd github/testing/express
npm i
npm install ../../../
npm run test
# todo repeat with other adapters

publish-npm-dry:
runs-on: ubuntu-latest
needs: [integrationtests]
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 12
registry-url: https://registry.npmjs.org/
- run: npm i
- run: npm publish --dry-run
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}

publish-github-dry:
needs: [integrationtests]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
# we always publish targeting the lowest supported node version
node-version: 12
registry-url: $registry-url(npm)
- run: npm i
- run: npm publish --dry-run
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
60 changes: 16 additions & 44 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
@@ -1,44 +1,21 @@
name: Test suite
name: Tests

# This workflow runs standard unit tests to ensure basic integrity and avoid
# regressions on pull-requests (and pushes)

on:
push:
branches:
- master # allthough master is push protected we still keep it
- master # allthough master is push protected we still keep it
- development
pull_request: # runs on all PR
pull_request: # runs on all PR
branches-ignore:
- release-* # on release we run an extended workflow so no need for this

jobs:
# ----------------------------------
# uncomment when a linter is added
# ----------------------------------

# lintjs:
# name: Javascript lint
# runs-on: ubuntu-latest
# steps:
# - name: checkout
# uses: actions/checkout@v2
#
# - name: setup node
# uses: actions/setup-node@v1
# with:
# node-version: '12.x'
#
# - name: cache dependencies
# uses: actions/cache@v1
# with:
# path: ~/.npm
# key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
# restore-keys: |
# ${{ runner.os }}-node-
# - run: npm ci
# - run: npm run lint

unittest:
name: unit tests
runs-on: ubuntu-latest
# uncomment when a linter is added
# needs: [lintjs]
strategy:
matrix:
node: [12, 14, 16]
Expand All @@ -58,18 +35,13 @@ jobs:
key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ matrix.node }}
- run: npm ci
- run: npm i
- run: npm run test:coverage

# ----------------------------------
# uncomment when a linter is added
# ----------------------------------

# - name: check coverage
# uses: devmasx/coverage-check-action@v1.2.0
# with:
# type: lcov
# result_path: coverage/lcov.info
# min_coverage: 90
# token: ${{github.token}}

# with the following action we enforce PRs to have a high coverage
# and ensure, changes are tested well enough so that coverage won't fail
- name: check coverage
uses: VeryGoodOpenSource/very_good_coverage@v1.2.0
with:
path: './coverage/lcov.info'
min_coverage: 95
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -39,3 +39,6 @@ tramp
# coverage
coverage
.nyc_output

package-lock.json
yarn.lock
2 changes: 2 additions & 0 deletions .npmignore
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
test/
package-lock.json
yarn.lock
1 change: 1 addition & 0 deletions .npmrc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
package-lock=false
34 changes: 34 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,39 @@
## Changelog

## 4.2.0
### Fixed
- fix(core): Bearer regular expression matching in authenticate handler #105
- fix(request): set WWW-Authenticate header for invalid requests #96 oauthjs#646
- fix(handler): deny access when body.allowed is 'false' (#94)
- fix(handlers): skip varcheck for state when allowEmptyState #89 #93

### Added
- supported custom validateRedirectUri
- feature: Supported state in case of denialMerge #99
- Bearer regular expression matching in authenticate handler
- docs: Update extension-grants.rst with example #92
- feature(core): extract is.js into standalone package @node-oauth/formats #55
- feature(authorize): allow custom implementations of validateRedirectUri via model #89 p.4
- support custom validateRedirectUri()
- allow to implement model.validateRedirectUri
- updated AuthorizeHandler
- default conforms with RFC 6819 Section-5.2.3.5

### Tests
- Integration test password grant (#100)
* test example
* created db & model factories
* added refresh_token grant type test
* removed failing test, not implemented feature
* add reference to issue
* client authentication test
* random client credentials in test
* replace math.random by crypto.randomBytes

### CI
- refactor(ci): remove unused ci workflow
- fix(ci): use node-oauth/express-oauth-server for integration test

## 4.1.1

### Added
Expand Down
46 changes: 45 additions & 1 deletion docs/misc/extension-grants.rst
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,51 @@
Extension Grants
==================

.. todo:: Describe how to implement extension grants.
Create a subclass of ``AbstractGrantType`` and create methods `handle` and `saveToken` along with other required methods according to your needs:

.. code-block:: js
const OAuth2Server = require('oauth2-server');
const AbstractGrantType = OAuth2Server.AbstractGrantType;
const InvalidArgumentError = OAuth2Server.InvalidArgumentError;
const InvalidRequestError = OAuth2Server.InvalidRequestError;
class MyCustomGrantType extends AbstractGrantType {
constructor(opts) {
super(opts);
}
async handle(request, client) {
if (!request) throw new InvalidArgumentError('Missing `request`');
if (!client) throw new InvalidArgumentError('Missing `client`');
let scope = this.getScope(request);
let user = await this.getUserBySomething(request);
return this.saveToken(user, client, scope);
}
async saveToken(user, client, scope) {
this.validateScope(user, client, scope);
let token = {
accessToken: await this.generateAccessToken(client, user, scope),
accessTokenExpiresAt: this.getAccessTokenExpiresAt(),
refreshToken: await this.generateRefreshToken(client, user, scope),
refreshTokenExpiresAt: this.getRefreshTokenExpiresAt(),
scope: scope
};
return this.model.saveToken(token, client, user);
}
async getUserBySomething(request) {
//Get user's data by corresponding data (FB User ID, Google, etc.), etc.
}
}
module.exports = MyCustomGrantType;
Extension grants are registered through :ref:`OAuth2Server#token() <OAuth2Server#token>` (``options.extendedGrantTypes``).

This might require you to approve the new ``grant_type`` for a particular ``client`` if you do checks on valid grant types.
1 change: 1 addition & 0 deletions docs/model/overview.rst
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ Model functions used by the authorization code grant:
- :ref:`Model#saveAuthorizationCode`
- :ref:`Model#revokeAuthorizationCode`
- :ref:`Model#validateScope`
- :ref:`Model#validateRedirectUri`

--------

Expand Down
Loading

0 comments on commit e01e841

Please sign in to comment.