diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index 845e25b55..97324b2c1 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -78,10 +78,6 @@ AuthorizeHandler.prototype.handle = function(request, response) { throw new InvalidArgumentError('Invalid argument: `response` must be an instance of Response'); } - if ('false' === request.query.allowed) { - return Promise.reject(new AccessDeniedError('Access denied: user denied access to application')); - } - var fns = [ this.getAuthorizationCodeLifetime(), this.getClient(request), @@ -97,6 +93,12 @@ AuthorizeHandler.prototype.handle = function(request, response) { var ResponseType; return Promise.bind(this) + .then(function() { + state = this.getState(request); + if(request.query.allowed === 'false') { + throw new AccessDeniedError('Access denied: user denied access to application'); + } + }) .then(function() { var requestedScope = this.getScope(request); @@ -108,9 +110,7 @@ AuthorizeHandler.prototype.handle = function(request, response) { return this.generateAuthorizationCode(client, user, scope); }) .then(function(authorizationCode) { - state = this.getState(request); ResponseType = this.getResponseType(request); - return this.saveAuthorizationCode(authorizationCode, expiresAt, scope, client, uri, user); }) .then(function(code) { diff --git a/test/integration/handlers/authorize-handler_test.js b/test/integration/handlers/authorize-handler_test.js index f895f82e3..5c72853f7 100644 --- a/test/integration/handlers/authorize-handler_test.js +++ b/test/integration/handlers/authorize-handler_test.js @@ -161,13 +161,35 @@ describe('AuthorizeHandler integration', function() { it('should throw an error if `allowed` is `false`', function() { var model = { - getAccessToken: function() {}, - getClient: function() {}, - saveAuthorizationCode: function() {} + getAccessToken: function() { + return { + user: {}, + accessTokenExpiresAt: new Date(new Date().getTime() + 10000) + }; + }, + getClient: function() { + return { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; + }, + saveAuthorizationCode: function() { + throw new Error('Unhandled exception'); + } }; + var handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); - var request = new Request({ body: {}, headers: {}, method: {}, query: { allowed: 'false' } }); var response = new Response({ body: {}, headers: {} }); + var request = new Request({ + body: { + client_id: 'test' + }, + headers: { + 'Authorization': 'Bearer foo' + }, + method: {}, + query: { + allowed: 'false', + state: 'foobar' + } + }); return handler.handle(request, response) .then(should.fail) @@ -328,7 +350,7 @@ describe('AuthorizeHandler integration', function() { return handler.handle(request, response) .then(should.fail) .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20parameter%3A%20%60scope%60'); + response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20parameter%3A%20%60scope%60&state=foobar'); }); }); @@ -416,7 +438,7 @@ describe('AuthorizeHandler integration', function() { return handler.handle(request, response) .then(should.fail) .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20scope%3A%20Requested%20scope%20is%20invalid'); + response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20scope%3A%20Requested%20scope%20is%20invalid&state=foobar'); }); });