Handle authentication errors before status errors (#35)

Author: blakeembrey

src/client-oauth2.js

@@ -107,30 +107,17 @@ function expects (obj, props) {
  * @param  {Object} data
  * @return {String}
  */
-function getAuthError (data) {
-  var message = ERROR_RESPONSES[data.error] ||
-    data.error ||
-    data.error_message
-
-  // Return an error instance with the message if it exists.
-  return message && new Error(message)
-}
-
-/**
- * Handle the authentication response object.
- *
- * @param  {Object}  data
- * @return {Promise}
- */
-function handleAuthResponse (data) {
-  var err = getAuthError(data)
-
-  // If the response contains an error, reject the refresh token.
-  if (err) {
-    return Promise.reject(err)
+function getAuthError (body) {
+  var message = ERROR_RESPONSES[body.error] ||
+    body.error_description ||
+    body.error
+
+  if (message) {
+    var err = new Error(message)
+    err.body = body
+    err.code = 'EAUTH'
+    return err
   }
-
-  return Promise.resolve(data)
 }
 
 /**
@@ -277,13 +264,22 @@ ClientOAuth2.prototype._request = function (options) {
 
   return this.request(options.method, url, body, options.headers)
     .then(function (res) {
+      var body = parseResponseBody(res.body)
+      var authErr = getAuthError(body)
+
+      if (authErr) {
+        return Promise.reject(authErr)
+      }
+
       if (res.status < 200 || res.status >= 399) {
-        var err = new Error('HTTP status ' + res.status)
-        err.status = res.status
-        err.body = parseResponseBody(res.body)
-        return Promise.reject(err)
+        var statusErr = new Error('HTTP status ' + res.status)
+        statusErr.status = res.status
+        statusErr.body = res.body
+        statusErr.code = 'ESTATUS'
+        return Promise.reject(statusErr)
       }
-      return parseResponseBody(res.body)
+
+      return body
     })
 }
 
@@ -378,7 +374,6 @@ ClientOAuth2Token.prototype.refresh = function (options) {
       grant_type: 'refresh_token'
     }
   }, options))
-    .then(handleAuthResponse)
     .then(function (data) {
       return self.client.createToken(extend(self.data, data))
     })
@@ -433,7 +428,6 @@ OwnerFlow.prototype.getToken = function (username, password, options) {
       grant_type: 'password'
     }
   }, options))
-    .then(handleAuthResponse)
     .then(function (data) {
       return self.client.createToken(data)
     })
@@ -548,7 +542,6 @@ CredentialsFlow.prototype.getToken = function (options) {
       grant_type: 'client_credentials'
     }
   }, options))
-    .then(handleAuthResponse)
     .then(function (data) {
       return self.client.createToken(data)
     })
@@ -635,7 +628,6 @@ CodeFlow.prototype.getToken = function (uri, options) {
       client_secret: options.clientSecret
     }
   }, options))
-    .then(handleAuthResponse)
     .then(function (data) {
       return self.client.createToken(data)
     })
@@ -686,7 +678,6 @@ JwtBearerFlow.prototype.getToken = function (token, options) {
       assertion: token
     }
   }, options))
-    .then(handleAuthResponse)
     .then(function (data) {
       return self.client.createToken(data)
     })

test/code.js

@@ -12,7 +12,7 @@ describe('code', function () {
     accessTokenUri: config.accessTokenUri,
     authorizationUri: config.authorizationUri,
     authorizationGrants: ['code'],
-    redirectUri: 'http://example.com/auth/callback',
+    redirectUri: config.redirectUri,
     scopes: 'notifications'
   })
 
@@ -36,6 +36,21 @@ describe('code', function () {
         })
     })
 
+    it('should reject with auth errors', function () {
+      var errored = false
+
+      return githubAuth.code.getToken(config.redirectUri + '?error=invalid_request')
+        .catch(function (err) {
+          errored = true
+
+          expect(err.code).to.equal('EAUTH')
+          expect(err.body.error).to.equal('invalid_request')
+        })
+        .then(function () {
+          expect(errored).to.be.true
+        })
+    })
+
     describe('#sign', function () {
       it('should be able to sign a standard request object', function () {
         return githubAuth.code.getToken(uri)

test/support/config.js

@@ -1,5 +1,6 @@
 exports.accessTokenUri = 'http://localhost:' + process.env.PORT + '/login/oauth/access_token'
 exports.authorizationUri = 'http://localhost:' + process.env.PORT + '/login/oauth/authorize'
+exports.redirectUri = 'http://example.com/auth/callback'
 
 exports.accessToken = '4430eb16f4f6577c0f3a15fb6127cbf828a8e403'
 exports.refreshToken = exports.accessToken.split('').reverse().join('')

test/token.js

@@ -4,13 +4,13 @@ var config = require('./support/config')
 var ClientOAuth2 = require('../')
 
 describe('token', function () {
-  var uri = 'http://example.com/auth/callback#access_token=' + config.accessToken + '&token_type=bearer'
+  var uri = config.redirectUri + '#access_token=' + config.accessToken + '&token_type=bearer'
 
   var githubAuth = new ClientOAuth2({
     clientId: config.clientId,
     authorizationUri: config.authorizationUri,
     authorizationGrants: ['token'],
-    redirectUri: 'http://example.com/auth/callback',
+    redirectUri: config.redirectUri,
     scopes: ['notifications']
   })
 

test/user.js

@@ -10,7 +10,7 @@ describe('user', function () {
     accessTokenUri: config.accessTokenUri,
     authorizationUri: config.authorizationUri,
     authorizationGrants: ['code'],
-    redirectUri: 'http://example.com/auth/callback',
+    redirectUri: config.redirectUri,
     scopes: 'notifications'
   })