2020-12-13 14:36:07 +00:00
|
|
|
import { ServerError, InvalidRequest, InvalidScope, InvalidClient } from '../../error'
|
2017-08-23 20:13:45 +00:00
|
|
|
|
2020-12-13 14:36:07 +00:00
|
|
|
export async function password (oauth2, client, username, password, scope) {
|
2017-08-23 20:13:45 +00:00
|
|
|
let user = null
|
2020-05-28 18:30:21 +00:00
|
|
|
const resObj = {
|
2017-08-23 20:13:45 +00:00
|
|
|
token_type: 'bearer'
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!username) {
|
2020-12-13 14:36:07 +00:00
|
|
|
throw new InvalidRequest('Username is mandatory for password grant type')
|
2017-08-23 20:13:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!password) {
|
2020-12-13 14:36:07 +00:00
|
|
|
throw new InvalidRequest('Password is mandatory for password grant type')
|
2017-08-23 20:13:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
scope = oauth2.model.client.transformScope(scope)
|
|
|
|
scope = oauth2.model.client.checkScope(client, scope)
|
|
|
|
if (!scope) {
|
2020-12-13 14:36:07 +00:00
|
|
|
throw new InvalidScope('Client does not allow access to this scope')
|
2017-08-23 20:13:45 +00:00
|
|
|
} else {
|
|
|
|
console.debug('Scope check passed: ', scope)
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
|
|
|
user = await oauth2.model.user.fetchByUsername(username)
|
|
|
|
} catch (err) {
|
2020-12-13 14:36:07 +00:00
|
|
|
throw new ServerError('Failed to call user.fetchByUsername function')
|
2017-08-23 20:13:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!user) {
|
2020-12-13 14:36:07 +00:00
|
|
|
throw new InvalidClient('User not found')
|
2017-08-23 20:13:45 +00:00
|
|
|
}
|
|
|
|
|
2020-05-28 18:30:21 +00:00
|
|
|
const valid = await oauth2.model.user.checkPassword(user, password)
|
2017-08-23 20:13:45 +00:00
|
|
|
if (!valid) {
|
2020-12-13 14:36:07 +00:00
|
|
|
throw new InvalidClient('Wrong password')
|
2017-08-23 20:13:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2020-06-15 16:47:03 +00:00
|
|
|
await oauth2.model.refreshToken.removeByUserIdClientId(oauth2.model.user.getId(user),
|
|
|
|
oauth2.model.client.getId(client))
|
2017-08-23 20:13:45 +00:00
|
|
|
} catch (err) {
|
2020-12-13 14:36:07 +00:00
|
|
|
throw new ServerError('Failed to call refreshToken.removeByUserIdClientId function')
|
2017-08-23 20:13:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
console.debug('Refresh token removed')
|
|
|
|
|
|
|
|
if (!oauth2.model.client.checkGrantType(client, 'refresh_token')) {
|
|
|
|
console.debug('Client does not allow grant type refresh_token, skip creation')
|
|
|
|
} else {
|
|
|
|
try {
|
2020-06-15 16:47:03 +00:00
|
|
|
resObj.refresh_token = await oauth2.model.refreshToken.create(oauth2.model.user.getId(user),
|
|
|
|
oauth2.model.client.getId(client), scope)
|
2017-08-23 20:13:45 +00:00
|
|
|
} catch (err) {
|
2020-12-13 14:36:07 +00:00
|
|
|
throw new ServerError('Failed to call refreshToken.create function')
|
2017-08-23 20:13:45 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2020-06-15 16:47:03 +00:00
|
|
|
resObj.access_token = await oauth2.model.accessToken.create(oauth2.model.user.getId(user),
|
|
|
|
oauth2.model.client.getId(client), scope, oauth2.model.accessToken.ttl)
|
2017-08-23 20:13:45 +00:00
|
|
|
} catch (err) {
|
2020-12-13 14:36:07 +00:00
|
|
|
throw new ServerError('Failed to call accessToken.create function')
|
2017-08-23 20:13:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resObj.expires_in = oauth2.model.accessToken.ttl
|
|
|
|
console.debug('Access token saved ', resObj.access_token)
|
|
|
|
|
|
|
|
return resObj
|
|
|
|
}
|