Skip to content
This repository has been archived by the owner on Aug 28, 2023. It is now read-only.

Commit

Permalink
add fix
Browse files Browse the repository at this point in the history
  • Loading branch information
@lovemaths
lovemaths committed Jan 6, 2017
1 parent 4025dff commit 7507534
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 3 deletions.
4 changes: 2 additions & 2 deletions lib/oidcstrategy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -466,7 +466,7 @@ function Strategy(options, verify) {
if (options.responseType !== 'id_token') {
if (options.isB2C && !options.clientSecret) {
// for B2C, clientSecret is required to redeem authorization code.
throw new Error('clientSecret is not provided.');
throw new Error('clientSecret must be provided for B2C hybrid flow and authorization code flow.');
} else if (!options.clientSecret) {
// for non-B2C, we can use either clientSecret or clientAssertion to redeem authorization code.
// Therefore, we need either clientSecret, or privatePEMKey and thumbprint (so we can create clientAssertion).
Expand Down Expand Up @@ -1262,7 +1262,7 @@ Strategy.prototype._getAccessTokenBySecretOrAssertion = (code, oauthConfig, next
post_params['client_assertion'] = assertion;
});

log.info('In _getAccessTokenBySecretOrAssertion: we created a client assertion: ' + post_params['client_assertion']);
log.info('In _getAccessTokenBySecretOrAssertion: we created a client assertion with thumbprint ' + oauthConfig.thumbprint);
};

var post_data = querystring.stringify(post_params);
Expand Down
14 changes: 13 additions & 1 deletion test/End_to_end_test/oidc_v1_test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ var create_app = require('./app/app');

var chai = require('chai');
var expect = chai.expect;
var fs = require('fs');

const TEST_TIMEOUT = 600000; // 600 seconds
const LOGIN_WAITING_TIME = 1000; // 1 second
Expand Down Expand Up @@ -64,6 +65,7 @@ var hybrid_config_common_endpoint_wrong_issuer,
hybrid_config_common_endpoint_short_lifetime,
hybrid_config_common_endpoint_wrong_secret,
hybrid_config_clientAssertion_invalid_pemKey,
hybrid_config_clientAssertion_unregistered_pemKey,
hybrid_config_clientAssertion_wrong_thumbprint = {};

// drivers needed for the tests
Expand Down Expand Up @@ -211,7 +213,12 @@ var apply_test_parameters = (done) => {
hybrid_config_clientAssertion_wrong_thumbprint.thumbprint = 'wrongThumbprint';
hybrid_config_clientAssertion_wrong_thumbprint.privatePEMKey = test_parameters.privatePEMKey;
hybrid_config_clientAssertion_wrong_thumbprint.clientSecret = null;

// 5. hybrid flow using client assertion with unregistered privatePEMKey
var unregistered_privatePEMKey = fs.readFileSync(__dirname + '/../resource/private.pem', 'utf8');
hybrid_config_clientAssertion_unregistered_pemKey = JSON.parse(JSON.stringify(hybrid_config));
hybrid_config_clientAssertion_unregistered_pemKey.thumbprint = test_parameters.thumbprint;
hybrid_config_clientAssertion_unregistered_pemKey.privatePEMKey = unregistered_privatePEMKey;
hybrid_config_clientAssertion_unregistered_pemKey.clientSecret = null;
done();
};

Expand Down Expand Up @@ -631,6 +638,11 @@ describe('oidc v1 negative test', function() {
checkInvalidResult(hybrid_config_clientAssertion_wrong_thumbprint, done);
});

// unregistered privatePEMKey
it('should fail with unregistered privatePEMKey', function(done) {
checkInvalidResult(hybrid_config_clientAssertion_unregistered_pemKey, done);
});

it('close service', function(done) {
expect('1').to.equal('1');
driver.quit();
Expand Down
14 changes: 14 additions & 0 deletions test/End_to_end_test/oidc_v2_test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ var create_app = require('./app/app');

var chai = require('chai');
var expect = chai.expect;
var fs = require('fs');

const TEST_TIMEOUT = 600000; // 600 seconds
const LOGIN_WAITING_TIME = 1000; // 1 second
Expand All @@ -61,6 +62,7 @@ hybrid_config_common_endpoint_with_scope = {};

// invalid configurations
var hybrid_config_common_endpoint_wrong_issuer, hybrid_config_common_endpoint_wrong_secret,
hybrid_config_clientAssertion_unregistered_pemKey,
hybrid_config_invalid_identityMetadata = {};

// driver needed for the tests
Expand Down Expand Up @@ -207,6 +209,13 @@ var apply_test_parameters = (done) => {
hybrid_config_invalid_identityMetadata = JSON.parse(JSON.stringify(config_template_common_endpoint));
hybrid_config_invalid_identityMetadata.identityMetadata = 'https://login.microsoftonline.com/common/v2.0/.well-known/wrong';

// 4. hybrid flow using client assertion with unregistered privatePEMKey
var unregistered_privatePEMKey = fs.readFileSync(__dirname + '/../resource/private.pem', 'utf8');
hybrid_config_clientAssertion_unregistered_pemKey = JSON.parse(JSON.stringify(hybrid_config));
hybrid_config_clientAssertion_unregistered_pemKey.thumbprint = test_parameters.thumbprint;
hybrid_config_clientAssertion_unregistered_pemKey.privatePEMKey = unregistered_privatePEMKey;
hybrid_config_clientAssertion_unregistered_pemKey.clientSecret = null;

done();
};

Expand Down Expand Up @@ -468,6 +477,11 @@ describe('oidc v2 negative test', function() {
checkInvalidResult(hybrid_config_common_endpoint_wrong_secret, done);
});

// unregistered privatePEMKey
it('should fail with unregistered privatePEMKey', function(done) {
checkInvalidResult(hybrid_config_clientAssertion_unregistered_pemKey, done);
});

it('close service', function(done) {
expect('1').to.equal('1');
driver.quit();
Expand Down

0 comments on commit 7507534

Please sign in to comment.