diff --git a/lib/star.js b/lib/star.js index aa707e1..87c5b67 100644 --- a/lib/star.js +++ b/lib/star.js @@ -11,38 +11,42 @@ function star (uri, params, cb) { var auth = params.auth assert(auth && typeof auth === "object", "must pass auth to star") - if (auth.token) { - return cb(new Error("This operation is unsupported for token-based auth")) - } - else if (!(auth.username && auth.password)) { - return cb(new Error("Must be logged in to star/unstar packages")) + if (!(auth.token || (auth.password && auth.username && auth.email))) { + var er = new Error("Must be logged in to star/unstar packages") + er.code = "ENEEDAUTH" + return cb(er) } var client = this this.request(uri+"?write=true", { auth : auth }, function (er, fullData) { if (er) return cb(er) - fullData = { - _id : fullData._id, - _rev : fullData._rev, - users : fullData.users || {} - } - - if (starred) { - client.log.info("starring", fullData._id) - fullData.users[auth.username] = true - client.log.verbose("starring", fullData) - } else { - delete fullData.users[auth.username] - client.log.info("unstarring", fullData._id) - client.log.verbose("unstarring", fullData) - } - - var options = { - method : "PUT", - body : fullData, - auth : auth - } - return client.request(uri, options, cb) + client.whoami(uri, params, function (er, username) { + if (er) return cb(er) + + var data = { + _id : fullData._id, + _rev : fullData._rev, + users : fullData.users || {} + } + + if (starred) { + client.log.info("starring", data._id) + data.users[username] = true + client.log.verbose("starring", data) + } + else { + delete data.users[username] + client.log.info("unstarring", data._id) + client.log.verbose("unstarring", data) + } + + var options = { + method : "PUT", + body : data, + auth : auth + } + return client.request(uri, options, cb) + }) }) } diff --git a/lib/whoami.js b/lib/whoami.js index 684ce7b..4c099eb 100644 --- a/lib/whoami.js +++ b/lib/whoami.js @@ -11,7 +11,9 @@ function whoami (uri, params, cb) { var auth = params.auth assert(auth && typeof auth === "object", "must pass auth to whoami") - this.request(url.resolve(uri, "whoami"), { auth : auth }, function (er, userdata) { + if (auth.username) return process.nextTick(cb.bind(this, null, auth.username)) + + this.request(url.resolve(uri, "-/whoami"), { auth : auth }, function (er, userdata) { if (er) return cb(er) cb(null, userdata.username) diff --git a/package.json b/package.json index 44e58b0..bd4557f 100644 --- a/package.json +++ b/package.json @@ -25,6 +25,7 @@ }, "devDependencies": { "negotiator": "^0.4.9", + "nock": "^0.56.0", "tap": "" }, "optionalDependencies": { diff --git a/test/star.js b/test/star.js index 1a8576f..0d899ee 100644 --- a/test/star.js +++ b/test/star.js @@ -1,9 +1,9 @@ var test = require("tap").test - var server = require("./lib/server.js") var common = require("./lib/common.js") var client = common.freshClient() var cache = require("./fixtures/underscore/cache.json") +var nock = require("nock") function nop () {} @@ -19,7 +19,7 @@ var AUTH = { } var PARAMS = { starred : STARRED, - auth : AUTH + auth : AUTH } test("star call contract", function (t) { @@ -58,22 +58,6 @@ test("star call contract", function (t) { "params must include auth" ) - t.test("token auth disallowed in star", function (t) { - var params = { - auth : { - token : "lol" - } - } - client.star(URI, params, function (err) { - t.equal( - err && err.message, - "This operation is unsupported for token-based auth", - "star doesn't support token-based auth" - ) - t.end() - }) - }) - t.end() }) @@ -96,7 +80,7 @@ test("star a package", function (t) { req.on("end", function () { var updated = JSON.parse(b) - var already = [ + var already = [ "vesln", "mvolkmann", "lancehunt", "mikl", "linus", "vasc", "bat", "dmalam", "mbrevoort", "danielr", "rsimoes", "thlorenz" ] @@ -110,7 +94,7 @@ test("star a package", function (t) { t.ok(updated.users[USERNAME], "user is in the starred list") res.statusCode = 201 - res.json({starred:true}) + res.json({ starred : true }) }) }) @@ -118,10 +102,80 @@ test("star a package", function (t) { starred : STARRED, auth : AUTH } - client.star("http://localhost:1337/underscore", params, function (error, data) { - t.ifError(error, "no errors") + + client.star("http://localhost:1337/underscore", params, function (er, data) { + t.ifError(er, "no errors") t.ok(data.starred, "was starred") t.end() }) }) + +test("if password auth, only sets authorization on put", function (t) { + var starGet = nock("http://localhost:1010") + .get("/underscore?write=true") + .reply(200, {}) + + var starPut = nock("http://localhost:1010", { + reqheaders : { + authorization : "Basic " + new Buffer(AUTH.username+":"+ + AUTH.password).toString("base64") + } + }) + .put("/underscore") + .reply(200) + + var params = { + starred : STARRED, + auth : AUTH + } + + client.star("http://localhost:1010/underscore", params, function (er) { + t.ifError(er, "starred without issues") + starGet.done() + starPut.done() + t.end() + }) +}) + +test("if token auth, sets bearer on get and put", function (t) { + var starGet = nock("http://localhost:1010", { + reqheaders : { + authorization : "Bearer foo" + } + }) + .get("/underscore?write=true") + .reply(200, {}) + + var getUser = nock("http://localhost:1010", { + reqheaders : { + authorization : "Bearer foo" + } + }) + .get("/-/whoami") + .reply(200, { + username : "bcoe" + }) + + var starPut = nock("http://localhost:1010", { + reqheaders : { + authorization : "Bearer foo" + } + }) + .put("/underscore") + .reply(200) + + var params = { + starred : STARRED, + auth : { + token : "foo" + } + } + client.star("http://localhost:1010/underscore", params, function (er) { + t.ifError(er, "starred without error") + starGet.done() + starPut.done() + getUser.done() + t.end() + }) +}) diff --git a/test/whoami.js b/test/whoami.js index ccb173a..21b70e8 100644 --- a/test/whoami.js +++ b/test/whoami.js @@ -49,10 +49,13 @@ test("whoami call contract", function (t) { }) test("whoami", function (t) { - server.expect("GET", "/whoami", function (req, res) { + server.expect("GET", "/-/whoami", function (req, res) { t.equal(req.method, "GET") // only available for token-based auth for now - t.equal(req.headers.authorization, "Bearer not-bad-meaning-bad-but-bad-meaning-wombat") + t.equal( + req.headers.authorization, + "Bearer not-bad-meaning-bad-but-bad-meaning-wombat" + ) res.json({username : WHOIAM}) })