From 1617002e4bca14124a7baa95cfde32dfa806fa75 Mon Sep 17 00:00:00 2001 From: kravchenkodhealth <106426895+kravchenkodhealth@users.noreply.github.com> Date: Fri, 13 Jan 2023 18:14:36 +0200 Subject: [PATCH] [@dhealthdapps/backend] fix(routes): remove query param for revoke endpoint --- runtime/backend/src/oauth/routes/OAuthController.ts | 1 - runtime/backend/src/oauth/services/OAuthService.ts | 2 +- .../tests/unit/oauth/routes/OAuthController.spec.ts | 8 +++++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/runtime/backend/src/oauth/routes/OAuthController.ts b/runtime/backend/src/oauth/routes/OAuthController.ts index b2295038..83840c8b 100644 --- a/runtime/backend/src/oauth/routes/OAuthController.ts +++ b/runtime/backend/src/oauth/routes/OAuthController.ts @@ -230,7 +230,6 @@ export class OAuthController { protected async revoke( @NestRequest() req: Request, @Param("provider") provider: string, - @Query() query: OAuthCallbackRequest, ) { // read and decode access token, then find account in database const account: AccountDocument = await this.authService.getAccount(req); diff --git a/runtime/backend/src/oauth/services/OAuthService.ts b/runtime/backend/src/oauth/services/OAuthService.ts index 2d0eb2b1..e9af7c64 100644 --- a/runtime/backend/src/oauth/services/OAuthService.ts +++ b/runtime/backend/src/oauth/services/OAuthService.ts @@ -210,7 +210,7 @@ export class OAuthService { } // if scope not contains read_all - throw an exception if (request && request.scope !== this.expectedScope) { - throw new HttpException(`Unauthorized`, 401); + throw new HttpException(`Forbidden`, 403); } // reads OAuth provider from configuration diff --git a/runtime/backend/tests/unit/oauth/routes/OAuthController.spec.ts b/runtime/backend/tests/unit/oauth/routes/OAuthController.spec.ts index 82e3fe77..bfde6fc5 100644 --- a/runtime/backend/tests/unit/oauth/routes/OAuthController.spec.ts +++ b/runtime/backend/tests/unit/oauth/routes/OAuthController.spec.ts @@ -194,9 +194,11 @@ describe("common/OAuthController", () => { .mockRejectedValue(expectedError); // act - const result = (controller as any).callback(jest.fn(), "testProvider", { - scope: "read,activity:read_all", - }); + const result = (controller as any).callback( + jest.fn(), + "testProvider", + jest.fn(), + ); // assert expect(result).rejects.toThrowError(expectedError);