Fixed #4503: assume token_type is Bearer in OAuth2 when not specified.

crystal-lang · Jun 3, 2017 · a3b77d3 · Sija · Jun 3, 2017 · a3b77d3
1 parent 3e6bd33
commit a3b77d3
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 10 deletions.
diff --git a/spec/std/oauth2/access_token_spec.cr b/spec/std/oauth2/access_token_spec.cr
@@ -67,6 +67,16 @@ class OAuth2::AccessToken
         }))
       token.extra.not_nil!["unknown"].should eq("[1,2,3]")
     end
+
+    it "builds from json without token_type, assumes Bearer (#4503)" do
+      token = AccessToken.from_json(%({
+        "access_token" : "foo",
+        "refresh_token" : "bar",
+        "scope" : "baz"
+        }))
+      token.should be_a(AccessToken::Bearer)
+      token.access_token.should eq("foo")
+    end
   end
 
   describe Mac do

diff --git a/src/oauth2/access_token/access_token.cr b/src/oauth2/access_token/access_token.cr
@@ -29,17 +29,15 @@ abstract class OAuth2::AccessToken
 
     access_token = access_token.not_nil!
 
-    if token_type
-      case token_type.downcase
-      when "bearer"
-        Bearer.new(access_token, expires_in, refresh_token, scope, extra)
-      when "mac"
-        Mac.new(access_token, expires_in, mac_algorithm.not_nil!, mac_key.not_nil!, refresh_token, scope, Time.now.epoch, extra)
-      else
-        raise "Uknown token_type in access token json: #{token_type}"
-      end
+    token_type ||= "bearer"
+
+    case token_type.downcase
+    when "bearer"
+      Bearer.new(access_token, expires_in, refresh_token, scope, extra)
+    when "mac"
+      Mac.new(access_token, expires_in, mac_algorithm.not_nil!, mac_key.not_nil!, refresh_token, scope, Time.now.epoch, extra)
     else
-      raise "Missing token_type in access token json"
+      raise "Uknown token_type in access token json: #{token_type}"
     end
   end