coverage

outmoded · Sep 19, 2015 · 88628b7 · 88628b7
1 parent fb271c1
commit 88628b7
Show file tree

Hide file tree

Showing 5 changed files with 1,494 additions and 393 deletions.
diff --git a/lib/endpoints.js b/lib/endpoints.js
@@ -191,7 +191,7 @@ exports.rsvp = function (req, payload, options, callback) {
                         return callback(Boom.forbidden('Invalid application'));
                     }
 
-                    var ticketOptions = ticketOptions || {};
+                    var ticketOptions = options.ticket || {};
                     if (ext) {
                         ticketOptions = Hoek.shallow(ticketOptions);
                         ticketOptions.ext = ext;

diff --git a/lib/scope.js b/lib/scope.js
@@ -46,6 +46,10 @@ exports.validate = function (scope) {
 
 exports.isSubset = function (scope, subset) {
 
+    if (!scope) {
+        return false;
+    }
+
     if (scope.length < subset.length) {
         return false;
     }

diff --git a/lib/ticket.js b/lib/ticket.js
@@ -150,10 +150,22 @@ exports.reissue = function (parentTicket, grant, encryptionPassword, options, ca
         return fail(Boom.internal('Invalid options object'));
     }
 
-    if (options.scope &&
-        !Scope.isSubset(parentTicket.scope, options.scope)) {
+    if (parentTicket.scope) {
+        var error = Scope.validate(parentTicket.scope);
+        if (error) {
+            return fail(error);
+        }
+    }
 
-        return fail(Boom.forbidden('New scope is not a subset of the parent ticket scope'));
+    if (options.scope) {
+        error = Scope.validate(options.scope);
+        if (error) {
+            return fail(error);
+        }
+
+        if (!Scope.isSubset(parentTicket.scope, options.scope)) {
+            return fail(Boom.forbidden('New scope is not a subset of the parent ticket scope'));
+        }
     }
 
     if (options.issueTo &&