Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh the oauth_nonce on redirect (#1573) #1574

Merged
merged 2 commits into from May 17, 2015
Merged

Refresh the oauth_nonce on redirect (#1573) #1574

merged 2 commits into from May 17, 2015

Conversation

simov
Copy link
Member

@simov simov commented May 13, 2015

  • Cache the initial oauth options passed to request in _oauth.params
  • On subsequent calls to init() use the cached _oauth.params
    to invoke the oauth params generation logic again

Fixes #1573

@simov
Refresh the oauth_nonce on redirect (request#1573)
12ff833 
- Cache the initial oauth options passed to request in _oauth.params
- On subsequent calls to init() use the cached _oauth.params
  to invoke the oauth params generation logic again
@simov simov mentioned this pull request May 13, 2015
Closed
@marshall007
Copy link

@simov I just noticed that since the subsequent calls to init() occur after the logic in lib/redirect.js#L135-L139 if you are redirected to an external host your OAuth credentials will be forwarded.

Here's a failing test case where we start at http://localhost:6767 and get redirected to http://127.0.0.1:6768, but the credentials are still set:

tape('no credentials on external redirect', function(t) {
  var s1 = http.createServer(function (req, res) {
    res.writeHead(302, {location:'http://127.0.0.1:6768'})
    res.end()
  })
  var s2 = http.createServer(function (req, res) {
    res.writeHead(200, {'content-type':'text/plain'})
    res.end()
  })
  s1.listen(6767, function () {
    s2.listen(6768, function () {
      request.get(
        { url: 'http://localhost:6767'
        , oauth:
          { consumer_key: 'consumer_key'
          , consumer_secret: 'consumer_secret'
          , token: 'token'
          , token_secret: 'token_secret'
          }
        }, function (err, res, body) {
          t.equal(err, null)
          t.equal(res.request.headers.Authorization, undefined)
          s1.close(function () {
            s2.close(function () {
              t.end()
            })
          })
        })
    })
  })
})

@simov
Copy link
Member Author

simov commented May 14, 2015

Good catch @marshall007 and thanks for the test 👍

Pushed your test and a fix for it.

simov added a commit that referenced this pull request May 17, 2015
@simov
Merge pull request #1574 from simov/oauth-redirect
fdf29a1 
Refresh the oauth_nonce on redirect (#1573)
@simov simov merged commit fdf29a1 into request:master May 17, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OAuth parameters are not refreshed following a 302 redirect
2 participants
@simov @marshall007