add a sandbox option

README.md

@@ -20,12 +20,13 @@ unobtrusively integrated into any application or framework that supports
 The Dwolla authentication strategy authenticates users using a Dwolla account
 and OAuth 2.0 tokens.  The strategy requires a `verify` callback, which accepts
 these credentials and calls `done` providing a user, as well as `options`
-specifying a client ID, client secret, and callback URL.
+specifying a client ID, client secret, callback URL, and sandbox boolean.
 
     passport.use(new DwollaStrategy({
         clientID: DWOLLA_KEY,
         clientSecret: DWOLLA_SECRET,
-        callbackURL: "http://127.0.0.1:3000/auth/dwolla/callback"
+        callbackURL: "http://127.0.0.1:3000/auth/dwolla/callback",
+        sandbox: true
       },
       function(accessToken, refreshToken, profile, done) {
         User.findOrCreate({ dwollaId: profile.id }, function (err, user) {

lib/strategy.js

@@ -6,6 +6,10 @@ var util = require('util')
   , InternalOAuthError = require('passport-oauth2').InternalOAuthError;
 
 
+// Dwolla allows for sandbox
+var isSandbox = false;
+
+
 /**
  * `Strategy` constructor.
  *
@@ -21,13 +25,15 @@ var util = require('util')
  *   - `clientID`      your Dwolla application's client id
  *   - `clientSecret`  your Dwolla application's client secret
  *   - `callbackURL`   URL to which Dwolla will redirect the user after granting authorization
+ *   - `sandBox`       set to 'true' if and only if you are using the dwolla sandbox endpoint
  *
  * Examples:
  *
  *     passport.use(new DwollaStrategy({
  *         clientID: '123-456-789',
- *         clientSecret: 'shhh-its-a-secret'
- *         callbackURL: 'https://www.example.net/auth/dwolla/callback'
+ *         clientSecret: 'shhh-its-a-secret',
+ *         callbackURL: 'https://www.example.net/auth/dwolla/callback',
+ *         sandbox: true
  *       },
  *       function(accessToken, refreshToken, profile, done) {
  *         User.findOrCreate(..., function (err, user) {
@@ -42,8 +48,18 @@ var util = require('util')
  */
 function Strategy(options, verify) {
   options = options || {};
-  options.authorizationURL = options.authorizationURL || 'https://www.dwolla.com/oauth/v2/authenticate';
-  options.tokenURL = options.tokenURL || 'https://www.dwolla.com/oauth/v2/token';
+
+  if (options.sandbox || options.sandBox) {
+    isSandbox = true;
+  }
+
+  if (!isSandbox) {
+    options.authorizationURL = options.authorizationURL || 'https://www.dwolla.com/oauth/v2/authenticate';
+    options.tokenURL = options.tokenURL || 'https://www.dwolla.com/oauth/v2/token';
+  } else {
+    options.authorizationURL = options.authorizationURL || 'https://uat.dwolla.com/oauth/v2/authenticate';
+    options.tokenURL = options.tokenURL || 'https://uat.dwolla.com/oauth/v2/token';
+  }
 
   OAuth2Strategy.call(this, options, verify);
   this.name = 'dwolla';
@@ -72,7 +88,8 @@ util.inherits(Strategy, OAuth2Strategy);
  * @api protected
  */
 Strategy.prototype.userProfile = function(accessToken, done) {
-  this._oauth2.get('https://www.dwolla.com/oauth/rest/accountapi/accountinformation', accessToken, function (err, body, res) {
+  var usersEndpoint = isSandbox ? 'https://uat.dwolla.com/oauth/rest/users/' : 'https://www.dwolla.com/oauth/rest/users/';
+  this._oauth2.get(usersEndpoint, accessToken, function (err, body, res) {
     if (err) { return done(new InternalOAuthError('failed to fetch user profile', err)); }
 
     try {