IcyNet.eu/server/api/oauth2/controller/token.js

import * as tokens from './tokens'
import {
  InvalidRequest,
  InvalidClient,
  UnauthorizedClient,
  UnsupportedGrantType
} from '../error'
import { data as dataResponse, error as errorResponse } from '../response'
import wrap from '../wrap'

export const token = wrap(async (req, res) => {
  let clientId = null
  let clientSecret = null
  let grantType = null

  if (req.body.client_id && req.body.client_secret) {
    clientId = req.body.client_id
    clientSecret = req.body.client_secret
    console.debug('Client credentials parsed from body parameters', clientId, clientSecret)
  } else {
    if (!req.headers || !req.headers.authorization) {
      throw new InvalidRequest('No authorization header passed')
    }

    let pieces = req.headers.authorization.split(' ', 2)
    if (!pieces || pieces.length !== 2) {
      throw new InvalidRequest('Authorization header is corrupted')
    }

    if (pieces[0] !== 'Basic') {
      throw new InvalidRequest('Unsupported authorization method:', pieces[0])
    }

    pieces = Buffer.from(pieces[1], 'base64').toString('ascii').split(':', 2)
    if (!pieces || pieces.length !== 2) {
      throw new InvalidRequest('Authorization header has corrupted data')
    }

    clientId = pieces[0]
    clientSecret = pieces[1]
    console.debug('Client credentials parsed from basic auth header:', clientId, clientSecret)
  }

  if (!req.body.grant_type) {
    throw new InvalidRequest('Request body does not contain grant_type parameter')
  }

  grantType = req.body.grant_type
  console.debug('Parameter grant_type is', grantType)

  const client = await req.oauth2.model.client.fetchById(clientId)

  if (!client) {
    throw new InvalidClient('Client not found')
  }

  const valid = req.oauth2.model.client.checkSecret(client, clientSecret)
  if (!valid) {
    throw new UnauthorizedClient('Invalid client secret')
  }

  if (!req.oauth2.model.client.checkGrantType(client, grantType) && grantType !== 'refresh_token') {
    throw new UnauthorizedClient('Invalid grant type for the client')
  } else {
    console.debug('Grant type check passed')
  }

  let evt
  try {
    switch (grantType) {
    case 'authorization_code':
      evt = await tokens.authorizationCode(req.oauth2, client, req.body.code, req.body.redirect_uri)
      break
    case 'password':
      evt = await tokens.password(req.oauth2, client, req.body.username, req.body.password, req.body.scope)
      break
    case 'client_credentials':
      evt = await tokens.clientCredentials(req.oauth2, client, req.body.scope)
      break
    case 'refresh_token':
      evt = await tokens.refreshToken(req.oauth2, client, req.body.refresh_token, req.body.scope)
      break
    default:
      throw new UnsupportedGrantType('Grant type does not match any supported type')
    }

    if (evt) {
      dataResponse(req, res, evt)
    }
  } catch (e) {
    errorResponse(req, res, e)
  }
})
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`import * as tokens from './tokens'`
some weird old code cleanup that was left hanging, /shrug 2021-02-09 16:46:04 +00:00			`import {`
			`InvalidRequest,`
			`InvalidClient,`
			`UnauthorizedClient,`
			`UnsupportedGrantType`
			`} from '../error'`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`import { data as dataResponse, error as errorResponse } from '../response'`
Clean up OAuth2 provider code, support multiple request types in preparation for OIDC 2020-06-05 15:18:23 +00:00			`import wrap from '../wrap'`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`export const token = wrap(async (req, res) => {`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`let clientId = null`
			`let clientSecret = null`
			`let grantType = null`

			`if (req.body.client_id && req.body.client_secret) {`
			`clientId = req.body.client_id`
			`clientSecret = req.body.client_secret`
			`console.debug('Client credentials parsed from body parameters', clientId, clientSecret)`
			`} else {`
			`if (!req.headers \|\| !req.headers.authorization) {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new InvalidRequest('No authorization header passed')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`

			`let pieces = req.headers.authorization.split(' ', 2)`
			`if (!pieces \|\| pieces.length !== 2) {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new InvalidRequest('Authorization header is corrupted')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`

			`if (pieces[0] !== 'Basic') {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new InvalidRequest('Unsupported authorization method:', pieces[0])`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`

lint everything using standard 2017-08-24 16:23:03 +00:00			`pieces = Buffer.from(pieces[1], 'base64').toString('ascii').split(':', 2)`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`if (!pieces \|\| pieces.length !== 2) {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new InvalidRequest('Authorization header has corrupted data')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`

			`clientId = pieces[0]`
			`clientSecret = pieces[1]`
			`console.debug('Client credentials parsed from basic auth header:', clientId, clientSecret)`
			`}`

			`if (!req.body.grant_type) {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new InvalidRequest('Request body does not contain grant_type parameter')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`

			`grantType = req.body.grant_type`
			`console.debug('Parameter grant_type is', grantType)`

Maintenance commit. 2020-05-28 18:30:21 +00:00			`const client = await req.oauth2.model.client.fetchById(clientId)`
lint everything using standard 2017-08-24 16:23:03 +00:00
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`if (!client) {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new InvalidClient('Client not found')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`

Maintenance commit. 2020-05-28 18:30:21 +00:00			`const valid = req.oauth2.model.client.checkSecret(client, clientSecret)`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`if (!valid) {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new UnauthorizedClient('Invalid client secret')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`

			`if (!req.oauth2.model.client.checkGrantType(client, grantType) && grantType !== 'refresh_token') {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new UnauthorizedClient('Invalid grant type for the client')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`} else {`
			`console.debug('Grant type check passed')`
			`}`

			`let evt`
			`try {`
			`switch (grantType) {`
some weird old code cleanup that was left hanging, /shrug 2021-02-09 16:46:04 +00:00			`case 'authorization_code':`
			`evt = await tokens.authorizationCode(req.oauth2, client, req.body.code, req.body.redirect_uri)`
			`break`
			`case 'password':`
			`evt = await tokens.password(req.oauth2, client, req.body.username, req.body.password, req.body.scope)`
			`break`
			`case 'client_credentials':`
			`evt = await tokens.clientCredentials(req.oauth2, client, req.body.scope)`
			`break`
			`case 'refresh_token':`
			`evt = await tokens.refreshToken(req.oauth2, client, req.body.refresh_token, req.body.scope)`
			`break`
			`default:`
			`throw new UnsupportedGrantType('Grant type does not match any supported type')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`

			`if (evt) {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`dataResponse(req, res, evt)`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`
			`} catch (e) {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`errorResponse(req, res, e)`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`
			`})`