From 3f4f3ce37dba6d9596201e4c36f2dac954fd527e Mon Sep 17 00:00:00 2001 From: Cindy Qi Li Date: Fri, 22 Sep 2017 23:00:01 -0400 Subject: [PATCH] GPII-2538: Fixed all unit and acceptance tests affected by the implementation of secured /untrusted-settings endpoint. --- .../accessRequester/src/accessRequester.js | 5 ++- .../test/AccessRequesterTests.js | 15 ++------- ...wManager.untrusted.config.development.json | 2 +- .../flowManager/src/UntrustedFlowManager.js | 4 +-- .../test/SettingsDataSourceTests.js | 21 +++--------- .../src/AuthGrantFinder.js | 2 +- .../src/ClientService.js | 3 +- testData/clientCredentials/pilot.json | 4 +-- tests/UntrustedBrowserChannelTests.js | 1 + tests/UntrustedDevelopmentTests.js | 1 + tests/all-tests.js | 1 + .../cloud/OAuth2AcceptanceDataStore.json | 32 +++++++++++++++++++ 12 files changed, 52 insertions(+), 39 deletions(-) diff --git a/gpii/node_modules/accessRequester/src/accessRequester.js b/gpii/node_modules/accessRequester/src/accessRequester.js index 5dcc586bb..17e19bb1f 100644 --- a/gpii/node_modules/accessRequester/src/accessRequester.js +++ b/gpii/node_modules/accessRequester/src/accessRequester.js @@ -14,8 +14,7 @@ https://github.com/GPII/universal/blob/master/LICENSE.txt var fluid = fluid || require("infusion"), gpii = fluid.registerNamespace("gpii"), - $ = fluid.registerNamespace("jQuery"), - querystring = require("querystring"); + $ = fluid.registerNamespace("jQuery"); /* * Access Requester provides getAccessToken(userToken) API that returns a promise object whose resolved value is the access token. @@ -77,7 +76,7 @@ gpii.accessRequester.getAccessToken = function (clientCredentialDataSource, acce var accessTokenRequestParams = $.extend({}, accessTokenDataSource.options.dataSourceModel, clientCredential, { username: userToken }); - var accessTokenPromise = accessTokenDataSource.set(null, querystring.stringify(accessTokenRequestParams)); + var accessTokenPromise = accessTokenDataSource.set(null, accessTokenRequestParams); fluid.promise.follow(accessTokenPromise, promiseTogo); }, function (err) { promiseTogo.reject(err); diff --git a/gpii/node_modules/accessRequester/test/AccessRequesterTests.js b/gpii/node_modules/accessRequester/test/AccessRequesterTests.js index c7a02ed9b..785a6d168 100644 --- a/gpii/node_modules/accessRequester/test/AccessRequesterTests.js +++ b/gpii/node_modules/accessRequester/test/AccessRequesterTests.js @@ -15,7 +15,6 @@ https://github.com/GPII/universal/blob/master/LICENSE.txt var fluid = require("infusion"), gpii = fluid.registerNamespace("gpii"), kettle = require("kettle"), - querystring = require("querystring"), nock = require("nock"); require("accessRequester"); @@ -43,7 +42,7 @@ gpii.tests.accessRequester.testCases = { }, status: 200, response: { - access_token: "access-token-test", + access_token: "access-token-test-in-accessRequester", expiresIn: 3600, token_type: "Bearer" } @@ -89,17 +88,10 @@ gpii.tests.accessRequester.setupNock = function (config) { cloudMock.log(console.log); // mock POST requests to "/access_token" - cloudMock.post(gpii.tests.accessRequester.url, "\"" + querystring.stringify(config.data) + "\"") + cloudMock.post(gpii.tests.accessRequester.url, config.data) .reply(config.status, config.response); }; -// Tear down mock ajax environment when the test is over -gpii.tests.accessRequester.teardownNock = function () { - nock.isDone(); - nock.cleanAll(); - nock.restore(); -}; - // The customized accessRequester component for tests fluid.defaults("gpii.tests.accessRequester", { gradeNames: ["gpii.accessRequester"], @@ -189,9 +181,6 @@ fluid.defaults("gpii.tests.accessRequester.testCaseHolder.error.wrongClientCrede listener: "jqUnit.assertLeftHand", args: ["The error is received", gpii.tests.accessRequester.testCases.error_wrongClientCredential.expected, "{arguments}.0"], event: "{that}.events.onError" - }, { - // Make sure the nock is torn down only once after all nock required tests have completed - funcName: "gpii.tests.accessRequester.teardownNock" }] }] }] diff --git a/gpii/node_modules/flowManager/configs/gpii.flowManager.untrusted.config.development.json b/gpii/node_modules/flowManager/configs/gpii.flowManager.untrusted.config.development.json index 97880f982..88ba04fc2 100644 --- a/gpii/node_modules/flowManager/configs/gpii.flowManager.untrusted.config.development.json +++ b/gpii/node_modules/flowManager/configs/gpii.flowManager.untrusted.config.development.json @@ -9,7 +9,7 @@ }, "flowManager.untrustedSettingsUrl": { "record": "http://localhost:8084/%userToken/untrusted-settings/%device", - "target": "{that flowManager settingsDataSource}.options.url" + "target": "{that flowManager settingsDataSource}.options.untrustedSettingsUrl" }, "flowManager.accessTokenUrl": { "record": "http://localhost:8084/access_token", diff --git a/gpii/node_modules/flowManager/src/UntrustedFlowManager.js b/gpii/node_modules/flowManager/src/UntrustedFlowManager.js index 213714edd..e1f218fa8 100644 --- a/gpii/node_modules/flowManager/src/UntrustedFlowManager.js +++ b/gpii/node_modules/flowManager/src/UntrustedFlowManager.js @@ -198,7 +198,7 @@ gpii.flowManager.untrusted.settingsDataSource.get = function (that, userToken, d */ gpii.flowManager.untrusted.settingsDataSource.findValidAccessToken = function (that, userToken) { var accessToken = fluid.get(that, [userToken, "accessToken"]); - var expiresIn = gpii.oauth2.getExpiresIn(fluid.get(that, [userToken, "timestampExpires"])); + var expiresIn = gpii.oauth2.getExpiresIn(new Date(), fluid.get(that, [userToken, "timestampExpires"])); // If the locally saved access token exists and is still valid, return it. // Otherwise, request an new access token from the cloud and return. @@ -207,7 +207,7 @@ gpii.flowManager.untrusted.settingsDataSource.findValidAccessToken = function (t var accessTokenPromise = that.accessRequester.getAccessToken(userToken); var mapper = function (accessTokenObj) { var accessTokenFromCloud = accessTokenObj.access_token; - var timestampExpiresFromCloud = gpii.oauth2.getTimestampExpires(accessTokenObj.expiresIn); + var timestampExpiresFromCloud = gpii.oauth2.getTimestampExpires(new Date(), accessTokenObj.expiresIn); that.save(userToken, accessTokenFromCloud, timestampExpiresFromCloud); return accessTokenFromCloud; }; diff --git a/gpii/node_modules/flowManager/test/SettingsDataSourceTests.js b/gpii/node_modules/flowManager/test/SettingsDataSourceTests.js index 73a113ea6..26961a565 100644 --- a/gpii/node_modules/flowManager/test/SettingsDataSourceTests.js +++ b/gpii/node_modules/flowManager/test/SettingsDataSourceTests.js @@ -16,7 +16,6 @@ var fluid = require("infusion"), gpii = fluid.registerNamespace("gpii"), kettle = require("kettle"), jqUnit = fluid.registerNamespace("jqUnit"), - querystring = require("querystring"), nock = require("nock"); require("flowManager"); @@ -48,7 +47,7 @@ gpii.tests.settingsDataSource.testCases = { }, status: 200, response: { - access_token: "access-token-test", + access_token: "access-token-test-in-settingsDataSource", expiresIn: 3600, token_type: "Bearer" } @@ -76,7 +75,7 @@ gpii.tests.settingsDataSource.setupNock = function (config) { fluid.each(config, function (eachConfig, index) { // mock POST requests to "/access_token" if (index === "accessToken") { - cloudMock.post(eachConfig.url, "\"" + querystring.stringify(eachConfig.data) + "\"") + cloudMock.post(eachConfig.url, eachConfig.data) .reply(eachConfig.status, eachConfig.response); } else if (index === "untrustedSettings") { // mock GET requests to "/untrusted-settings" @@ -87,13 +86,6 @@ gpii.tests.settingsDataSource.setupNock = function (config) { }); }; -// Tear down mock ajax environment when the test is over -gpii.tests.settingsDataSource.teardownNock = function () { - nock.isDone(); - nock.cleanAll(); - nock.restore(); -}; - // The customized settingsDataSource component for tests fluid.defaults("gpii.tests.settingsDataSource", { gradeNames: ["gpii.flowManager.untrusted.settingsDataSource"], @@ -179,7 +171,7 @@ fluid.defaults("gpii.tests.settingsDataSource.validSavedAccessToken", { members: { "gpii-token-test": { accessToken: "a-valid-initial-access-token", - timestampExpires: new Date(new Date().getTime() + 10 * 1000).toISOString() // expires in 10 mins + timestampExpires: new Date(new Date().getTime() + 3600 * 1000).toISOString() // expires in 1 hour } } }); @@ -227,7 +219,7 @@ fluid.defaults("gpii.tests.settingsDataSource.expiredSavedAccessToken", { members: { "gpii-token-test": { accessToken: "a-valid-initial-access-token", - timestampExpires: new Date(new Date().getTime() - 10 * 1000).toISOString() // already expired for 10 mins + timestampExpires: new Date(new Date().getTime() - 10 * 1000).toISOString() // already expired 10 secs ago } } }); @@ -258,9 +250,6 @@ fluid.defaults("gpii.tests.settingsDataSource.testCaseHolder.expiredSavedAccessT }, { func: "jqUnit.assertNotEquals", args: ["The saved timestampExpires is different from the initial saved value", "{that}.initialSavedTimestampExpires", "{settingsDataSource}.gpii-token-test.timestampExpires"] - }, { - // Make sure the nock is torn down only once after all nock required tests have completed - func: "gpii.tests.settingsDataSource.teardownNock" }] }] }] @@ -278,7 +267,7 @@ gpii.tests.settingsDataSource.assertInitialAccessToken = function (that, setting var initialTimestampExpires = fluid.get(settingsDataSource, [gpii.tests.settingsDataSource.userToken, "timestampExpires"]); jqUnit.assertValue("A saved access token is in place", initialAccessToken); - jqUnit[isExpired ? "assertTrue" : "assertFalse"]("A saved access token is not expired", gpii.oauth2.getExpiresIn(initialTimestampExpires) === 0); + jqUnit[isExpired ? "assertTrue" : "assertFalse"]("A saved access token is not expired", gpii.oauth2.getExpiresIn(new Date(), initialTimestampExpires) === 0); that.initialSavedAccessToken = initialAccessToken; that.initialSavedTimestampExpires = initialTimestampExpires; }; diff --git a/gpii/node_modules/gpii-oauth2/gpii-oauth2-authz-server/src/AuthGrantFinder.js b/gpii/node_modules/gpii-oauth2/gpii-oauth2-authz-server/src/AuthGrantFinder.js index 3b7045859..c0f0a8ff8 100644 --- a/gpii/node_modules/gpii-oauth2/gpii-oauth2-authz-server/src/AuthGrantFinder.js +++ b/gpii/node_modules/gpii-oauth2/gpii-oauth2-authz-server/src/AuthGrantFinder.js @@ -50,7 +50,7 @@ var fluid = fluid || require("infusion"); authorizationPromise.then(function (authRecord) { if (authRecord) { if (authRecord.authorization.type === gpii.oauth2.docTypes.gpiiAppInstallationAuthorization && - gpii.oauth2.getExpiresIn(authRecord.authorization.timestampExpires) > 0) { + gpii.oauth2.getExpiresIn(new Date(), authRecord.authorization.timestampExpires) > 0) { grant = { accessToken: accessToken, gpiiToken: authRecord.authorization.gpiiToken, diff --git a/gpii/node_modules/gpii-oauth2/gpii-oauth2-authz-server/src/ClientService.js b/gpii/node_modules/gpii-oauth2/gpii-oauth2-authz-server/src/ClientService.js index da244e764..0921b5a29 100644 --- a/gpii/node_modules/gpii-oauth2/gpii-oauth2-authz-server/src/ClientService.js +++ b/gpii/node_modules/gpii-oauth2/gpii-oauth2-authz-server/src/ClientService.js @@ -59,7 +59,8 @@ gpii.oauth2.clientService.processClient = function (dataStore, oauth2ClientId, f if (client && client[fieldToVerify] === expectedVerifiedValue) { promiseTogo.resolve(client); } else { - promiseTogo.reject(gpii.oauth2.errors.unauthorizedClient); + fluid.log("clientService: unauthorized client with oauth2ClientId - " + oauth2ClientId); + promiseTogo.reject(gpii.oauth2.errors.unauthorized); } }, function (err) { promiseTogo.reject(err); diff --git a/testData/clientCredentials/pilot.json b/testData/clientCredentials/pilot.json index 5712f13f8..c8a964a69 100644 --- a/testData/clientCredentials/pilot.json +++ b/testData/clientCredentials/pilot.json @@ -1,4 +1,4 @@ { - "id": "pilot-computer", - "secret": "pilot-computer-secret" + "client_id": "pilot-computer", + "client_secret": "pilot-computer-secret" } diff --git a/tests/UntrustedBrowserChannelTests.js b/tests/UntrustedBrowserChannelTests.js index 60f3339fe..29cb7d5f5 100644 --- a/tests/UntrustedBrowserChannelTests.js +++ b/tests/UntrustedBrowserChannelTests.js @@ -25,6 +25,7 @@ fluid.require("%flowManager/test/shared/BrowserChannelTestDefs.js"); fluid.registerNamespace("gpii.tests.untrusted.flowManager.browserChannel"); +// The test pouchdb data is from %universal/tests/platform/cloud/OAuth2AcceptanceDataStore.json gpii.tests.untrusted.flowManager.browserChannel.testDefs = fluid.transform(gpii.tests.flowManager.browserChannel.testDefs, function (testDefIn) { var testDef = fluid.extend(true, {}, testDefIn, { gradeNames: ["gpii.test.pouch.pouchTestCaseHolder"], diff --git a/tests/UntrustedDevelopmentTests.js b/tests/UntrustedDevelopmentTests.js index 3f599b6c5..cdc14142e 100644 --- a/tests/UntrustedDevelopmentTests.js +++ b/tests/UntrustedDevelopmentTests.js @@ -27,6 +27,7 @@ gpii.loadTestingSupport(); fluid.registerNamespace("gpii.tests.untrusted.development"); +// The test pouchdb data is from %universal/tests/platform/cloud/OAuth2AcceptanceDataStore.json gpii.tests.untrusted.development.testDefs = fluid.transform(gpii.tests.development.testDefs, function (testDefIn) { var testDef = fluid.extend(true, {}, testDefIn, { config: { diff --git a/tests/all-tests.js b/tests/all-tests.js index 1c6ff1965..bfba07ec4 100644 --- a/tests/all-tests.js +++ b/tests/all-tests.js @@ -58,6 +58,7 @@ var testIncludes = [ "../gpii/node_modules/flowManager/test/UpdateTests.js", "../gpii/node_modules/flowManager/test/BrowserChannelTests.js", "../gpii/node_modules/flowManager/test/GetUserTokenTests.js", + "../gpii/node_modules/flowManager/test/SettingsDataSourceTests.js", "../gpii/node_modules/gpii-oauth2/gpii-oauth2-datastore/test/DbDataStoreTests.js", "../gpii/node_modules/matchMakerFramework/test/MatchMakerFrameworkTests.js", "../gpii/node_modules/flatMatchMaker/test/FlatMatchMakerTests.js", diff --git a/tests/platform/cloud/OAuth2AcceptanceDataStore.json b/tests/platform/cloud/OAuth2AcceptanceDataStore.json index a9d306500..767c7b85a 100644 --- a/tests/platform/cloud/OAuth2AcceptanceDataStore.json +++ b/tests/platform/cloud/OAuth2AcceptanceDataStore.json @@ -19,6 +19,30 @@ "gpiiToken": "alice_gpii_token", "userId": "user-2" }, + { + "_id": "gpiiToken-2", + "type": "gpiiToken", + "gpiiToken": "chrome2", + "userId": null + }, + { + "_id": "gpiiToken-3", + "type": "gpiiToken", + "gpiiToken": "chrome_and_firefox", + "userId": null + }, + { + "_id": "gpiiToken-4", + "type": "gpiiToken", + "gpiiToken": "testUser1", + "userId": null + }, + { + "_id": "gpiiToken-5", + "type": "gpiiToken", + "gpiiToken": "sammy", + "userId": null + }, { "_id": "client-1", "type": "webPrefsConsumerClient", @@ -69,6 +93,14 @@ "oauth2ClientSecret": "Bakersfield-AJC-client-secret", "userId": "user-1" }, + { + "_id": "client-8", + "type": "gpiiAppInstallationClient", + "name": "Pilot computers", + "oauth2ClientId": "pilot-computer", + "oauth2ClientSecret": "pilot-computer-secret", + "userId": "user-1" + }, { "_id": "authorization-1", "type": "webPrefsConsumerAuthorization",