Implement ignoreVersion option.

Author: jaredhanson

lib/passport-http-oauth/strategies/consumer.js

@@ -122,8 +122,9 @@ function ConsumerStrategy(options, consumer, token, validate) {
   this._consumer = consumer;
   this._token = token;
   this._validate = validate;
-  this._realm = options.realm || 'Clients';
   this._host = options.host || null;
+  this._realm = options.realm || 'Clients';
+  this._ignoreVersion = options.ignoreVersion || false;
 }
 
 /**
@@ -191,7 +192,7 @@ ConsumerStrategy.prototype.authenticate = function(req) {
     , verifier = params['oauth_verifier']
     , version = params['oauth_version']
 
-  if (version && version !== '1.0') {
+  if (version && version !== '1.0' && !this._ignoreVersion) {
     return this.fail(this._challenge('version_rejected'), 400);
   }
 

lib/passport-http-oauth/strategies/token.js

@@ -114,8 +114,9 @@ function TokenStrategy(options, consumer, verify, validate) {
   this._consumer = consumer;
   this._verify = verify;
   this._validate = validate;
-  this._realm = options.realm || 'Users';
   this._host = options.host || null;
+  this._realm = options.realm || 'Users';
+  this._ignoreVersion = options.ignoreVersion || false;
 }
 
 /**
@@ -182,7 +183,7 @@ TokenStrategy.prototype.authenticate = function(req) {
     , nonce = params['oauth_nonce']
     , version = params['oauth_version']
 
-  if (version && version !== '1.0') {
+  if (version && version !== '1.0' && !this._ignoreVersion) {
     return this.fail(this._challenge('version_rejected'), 400);
   }
 

test/strategies/consumer-test.js

@@ -137,6 +137,67 @@ vows.describe('ConsumerStrategy').addBatch({
     },
   },
 
+  'strategy handling a valid request without a request token placing credentials in header using 1.0A version': {
+    topic: function() {
+      var strategy = new ConsumerStrategy(
+        { ignoreVersion: true },
+        // consumer callback
+        function(consumerKey, done) {
+          if (consumerKey == 'abc123') {
+            done(null, { id: '1' }, 'ssh-secret');
+          } else {
+            done(new Error('something is wrong'))
+          }
+        },
+        // token callback
+        function(requestToken, done) {
+          done(new Error('token callback should not be called'));
+        }
+      );
+      return strategy;
+    },
+    
+    'after augmenting with actions': {
+      topic: function(strategy) {
+        var self = this;
+        var req = {};
+        strategy.success = function(user, info) {
+          self.callback(null, user, info);
+        }
+        strategy.fail = function(challenge, status) {
+          self.callback(new Error('should not be called'));
+        }
+        strategy.error = function(err) {
+          self.callback(new Error('should not be called'));
+        }
+        
+        req.url = '/oauth/request_token';
+        req.method = 'POST';
+        req.headers = {};
+        req.headers['host'] = '127.0.0.1:3000';
+        req.headers['authorization'] = 'OAuth oauth_callback="http%3A%2F%2Fmacbook-air.local.jaredhanson.net%3A3001%2Foauth%2Fcallback",oauth_consumer_key="abc123",oauth_nonce="fNyKdt8ZTgTVdEABtUMFzcXRxF4a230q",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1341176111",oauth_version="1.0A",oauth_signature="VfpGYYsNM4Ih0Lt7JsIbJz6%2FJM4%3D"';
+        req.query = url.parse(req.url, true).query;
+        req.connection = { encrypted: false };
+        process.nextTick(function () {
+          strategy.authenticate(req);
+        });
+      },
+      
+      'should not generate an error' : function(err, user, info) {
+        assert.isNull(err);
+      },
+      'should authenticate' : function(err, user, info) {
+        assert.equal(user.id, '1');
+      },
+      'should set scheme to OAuth' : function(err, user, info) {
+        assert.equal(info.scheme, 'OAuth');
+      },
+      'should set callbackURL' : function(err, user, info) {
+        assert.equal(info.oauth.callbackURL, 'http://macbook-air.local.jaredhanson.net:3001/oauth/callback');
+      },
+    },
+  },
+  
   'strategy handling a valid request without a request token using host option instead of host header': {
     topic: function() {
       var strategy = new ConsumerStrategy(

test/strategies/token-test.js

@@ -147,6 +147,72 @@ vows.describe('TokenStrategy').addBatch({
     },
   },
 
+  'strategy handling a valid request with credentials in header using 1.0A version': {
+    topic: function() {
+      var strategy = new TokenStrategy(
+        { ignoreVersion: true },
+        // consumer callback
+        function(consumerKey, done) {
+          if (consumerKey == '1234') {
+            done(null, { id: '1' }, 'keep-this-secret');
+          } else {
+            done(new Error('something is wrong'))
+          }
+        },
+        // verify callback
+        function(accessToken, done) {
+          if (accessToken == 'abc-123-xyz-789') {
+            done(null, { username: 'bob' }, 'lips-zipped');
+          } else {
+            done(new Error('something is wrong'))
+          }
+        }
+      );
+      return strategy;
+    },
+    
+    'after augmenting with actions': {
+      topic: function(strategy) {
+        var self = this;
+        var req = {};
+        strategy.success = function(user, info) {
+          self.callback(null, user, info);
+        }
+        strategy.fail = function(challenge, status) {
+          self.callback(new Error('should not be called'));
+        }
+        strategy.error = function(err) {
+          self.callback(new Error('should not be called'));
+        }
+        
+        req.url = '/1/users/show.json?screen_name=jaredhanson&user_id=1705';
+        req.method = 'GET';
+        req.headers = {};
+        req.headers['host'] = '127.0.0.1:3000';
+        req.headers['authorization'] = 'OAuth oauth_consumer_key="1234",oauth_nonce="A7E738D9A9684A60A40607017735ADAD",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1339004912",oauth_token="abc-123-xyz-789",oauth_version="1.0A",oauth_signature="W%2BppR%2BZyXT5UgrLV%2FTQnmlVSjZI%3D"';
+        req.query = url.parse(req.url, true).query;
+        req.connection = { encrypted: false };
+        process.nextTick(function () {
+          strategy.authenticate(req);
+        });
+      },
+      
+      'should not generate an error' : function(err, user, info) {
+        assert.isNull(err);
+      },
+      'should authenticate' : function(err, user, info) {
+        assert.equal(user.username, 'bob');
+      },
+      'should set scheme to OAuth' : function(err, user, info) {
+        assert.equal(info.scheme, 'OAuth');
+      },
+      'should set consumer' : function(err, user, info) {
+        assert.equal(info.consumer.id, '1');
+        assert.strictEqual(info.client, info.consumer);
+      },
+    },
+  },
+  
   'strategy handling a valid request using host option instead of host header': {
     topic: function() {
       var strategy = new TokenStrategy(