Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/auth oauth2 Password grant_type now sends credentials in x-www-form-urlencoded form #832

Merged
merged 77 commits into from
Oct 17, 2018
Merged

Fix/auth oauth2 Password grant_type now sends credentials in x-www-form-urlencoded form #832

merged 77 commits into from
Oct 17, 2018

Conversation

alain-charles
Copy link
Contributor

Please read and mark the following check list before creating a pull request:

Short description of what this resolves:

Fixes #716

alain-charles and others added 30 commits June 29, 2018 08:33
@alain-charles
Added password grant_type option
cef7a1d
@alain-charles
Added password grant_type option implementation
9f0dbab
@alain-charles
Playground sample for oAuth2 password grant-type
44d7d2e
@alain-charles
Added route to oAuth2 password grant-type sample
f57b737
@alain-charles
Addes angular-jwt for decoding jwt token (used in playground only)
ed4628e
@alain-charles
Added /api/auth/token endpoint (oAuth2 password grant-type playground)
d7f01df
@alain-charles
Patched code for passing ci
af52e88
@alain-charles
code optimization for passing ci
554f7dc
@nnixaa
Merge branch 'master' into master
fa0548f
@alain-charles
Changes request by Dmitry (first review)
b72adae
@alain-charles
Generalized code in oauth2-strategy
733efc0 
Now : If existing, NbAuthResult contains backend error description
other Changes requested by Dmitry (first review)
@alain-charles
Merge remote-tracking branch 'origin/master'
57fab69
@alain-charles
Generalized code in oauth2-strategy
c50df3a 
Now : If existing, NbAuthResult contains backend error description
other Changes requested by Dmitry (first review)
+tslint missing trailing comma arghhh
@alain-charles
Added unit tests for oAuth-strategy password authentication
dda5436
@alain-charles
Merge branch 'master' into master
ef0be25
@nnixaa
Merge branch 'master' into master
e180dc3
@alain-charles
Cleaned code according to nnixaa second review
6aa1fdb
@alain-charles
Merge branch 'master' of https://github.com/alain-charles/nebular
96c7344
@alain-charles
Removed package-lock.json from git repo
cf82c42
@alain-charles
package-lock.json to revert
dcff930
@alain-charles
reverted package-lock.json
315662f
@alain-charles
Added new grant_type 'PASSWORD' in the block comment for it to be ins…
57a0230 
…erted in the doc
@alain-charles
Merge remote-tracking branch 'upstream/master'
d69d633
@alain-charles
Add the refreshtoken request management in NbJwtInterceptor and NbAut…
1be8d91 
…hService
@alain-charles
Merge branch 'master' of https://github.com/alain-charles/nebular
4b67825
@alain-charles
Merge branch 'master' into temp
deea3e2
@alain-charles
The token now contains ownerStrategyName, with is a back link to the …
acd0241 
…strategy

 used to create the token (future use)
@alain-charles
feature/auth:
25250f0 
The token now contains ownerStrategyName, with is a back link to the strategy
used to create the token (future use).

BREAKING CHANGE :
NbAuthCreateToken (token.ts) now takes a third parameter, which is the ownerStrategyName
Tokens are created by strategies that are called from services, so it is *potentially* a breaking change.
@alain-charles
feature/auth:
c0fdd31 
The token now contains ownerStrategyName, with is a back link to the strategy
used to create the token (future use).
updated unit tests files and oauth2-password-login.component (breaking change below)

BREAKING CHANGE :
NbAuthCreateToken (token.ts) now takes a third parameter, which is the ownerStrategyName
Tokens are created by strategies that are called from services, so it is *potentially* a breaking change.
@alain-charles
feature/auth:
bd564b3 
removed useless code and cleaned one unit test file

BREAKING CHANGE :
NbAuthCreateToken (token.ts) now takes a third parameter, which is the ownerStrategyName
Tokens are created by strategies that are called from services, so it is *potentially* a breaking change.
@alain-charles
Removed unused function argument in spec.ts file
f5a4eda
@alain-charles
formatting issue
49557c2
@alain-charles
Provides now a NoOp filter for NbAuthJWTInterceptor
0e23673 
Returns always true so that NO url is intercepted
=> the user writes the filter according to the doc (Auth urls MUST be filtered) and injects it in his own auth_module
@alain-charles
Merge branch 'master' of https://github.com/akveo/nebular
b53f84f
@alain-charles
According to RFC6749 section 4.3.2, the Oauth2 token request body wit…
f123878 
…h grant-type='password' must provide username to the auth server and not email.

Corrects issue #653
@alain-charles
According to RFC6749 section 4.3.2, the Oauth2 token request body wit…
1f61fd0 
…h grant-type='password' MAY provide the scope parameter

=>Corrects completely issue #653
@alain-charles
Merge branch 'master' of https://github.com/akveo/nebular
fc5109d
@alain-charles
Test token.getValue() instead of ownerStrategyName in ifAuthenticated…
989dd73 
…*() methods of authService

Updated unit tests
@alain-charles
Merge branch 'master' of https://github.com/akveo/nebular
bff1649 
# Conflicts:
#	src/framework/auth/services/auth.spec.ts
@alain-charles
Merge branch 'master' of https://github.com/akveo/nebular
7f428c5 
# Conflicts:
#	src/framework/auth/services/auth.spec.ts
@alain-charles
Merge branch 'master' of https://github.com/akveo/nebular
28791ce
@alain-charles
oAuth2 password grant_type now sends parameters as application/x-www-…
37dfe28 
…form-urlencoded string

Unit tests updated for corresponding strategy
Resolves #716
@alain-charles
merge from upstream master
f6205c8
@alain-charles
Checkout authservice
49d076c
@alain-charles
Copy link
Contributor Author

@nnixaa did you have a look at that ?

@nnixaa
Copy link
Collaborator

nnixaa commented Oct 3, 2018

Hi @alain-charles, sorry, will have a look later this week.

nnixaa
nnixaa requested changes Oct 12, 2018
View reviewed changes
Copy link
Collaborator

@nnixaa nnixaa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alain-charles sorry for the delay!

src/framework/auth/strategies/oauth2/oauth2-strategy.ts Outdated Show resolved Hide resolved
src/framework/auth/strategies/oauth2/oauth2-strategy.ts Outdated Show resolved Hide resolved
src/framework/auth/strategies/oauth2/oauth2-strategy.ts Outdated
headers = headers.append('Content-Type', 'application/x-www-form-urlencoded');

return this.http.post(url, this.buildPasswordRequestData(username, password),
{headers: headers})
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is no need to a new line here and also the spaces { headers: this.buildAuthHeader() }

src/framework/auth/strategies/oauth2/oauth2-strategy.ts Outdated Show resolved Hide resolved
src/framework/auth/strategies/oauth2/oauth2-strategy.ts Show resolved Hide resolved
src/framework/auth/strategies/oauth2/oauth2-strategy.spec.ts Outdated Show resolved Hide resolved
@alain-charles
Copy link
Contributor Author

@nnixaa i'ms sorry, i had corrected that but it must have been corrupted by some undo command :)

@codecov
Copy link

codecov bot commented Oct 17, 2018

Codecov Report

Merging #832 into master will decrease coverage by 0.19%.
The diff coverage is 100%.

@@           Coverage Diff            @@
##           master    #832     +/-   ##
========================================
- Coverage   76.99%   76.8%   -0.2%     
========================================
  Files         200     201      +1     
  Lines        5947    5966     +19     
  Branches      451     455      +4     
========================================
+ Hits         4579    4582      +3     
- Misses       1262    1278     +16     
  Partials      106     106
Impacted Files Coverage Δ
...ramework/auth/strategies/oauth2/oauth2-strategy.ts 84.13% <100%> (+0.33%) ⬆️
...heme/components/datepicker/datepicker.directive.ts 63.2% <0%> (-10.38%) ⬇️
...heme/components/datepicker/datepicker.component.ts 82.85% <0%> (-3.58%) ⬇️
.../theme/components/datepicker/datepicker-adapter.ts 64.7% <0%> (-2.95%) ⬇️
...rc/framework/theme/components/menu/menu.service.ts 32.6% <0%> (-0.24%) ⬇️
...eme/components/calendar-kit/calendar-kit.module.ts 100% <0%> (ø) ⬆️
.../theme/components/calendar-kit/components/index.ts 100% <0%> (ø) ⬆️
...kit/components/calendar-date/calendar-date.pipe.ts 100% <0%> (ø)
...mework/theme/components/select/select.component.ts 84.65% <0%> (+0.47%) ⬆️
...rk/theme/components/cdk/overlay/overlay-trigger.ts 97.64% <0%> (+1.49%) ⬆️

@nnixaa nnixaa merged commit 57fda28 into akveo:master Oct 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nnixaa nnixaa nnixaa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

NbOAuth2AuthStrategy sends parameters in body instead of using 'x-www-form-urlencoded'
2 participants
@alain-charles @nnixaa