This repository has been archived on 2022-11-26. You can view files and clone it, but cannot push or open issues or pull requests.
IcyNet.eu/server/api/oauth2/controller/code/code.js

33 lines
1.0 KiB
JavaScript
Raw Normal View History

2017-08-23 20:13:45 +00:00
import error from '../../error'
import model from '../../model'
module.exports = async (req, res, client, scope, user, redirectUri, createAllowFuture) => {
let codeValue = null
2017-08-23 22:25:52 +00:00
if (req.method === 'POST' && req.session.csrf && !(req.body.csrf && req.body.csrf === req.session.csrf)) {
throw new error.InvalidRequest('Invalid session')
}
2017-08-23 20:13:45 +00:00
if (createAllowFuture) {
2017-08-24 10:52:12 +00:00
if (!req.body || (typeof req.body['decision']) === undefined) {
2017-08-23 20:13:45 +00:00
throw new error.InvalidRequest('No decision parameter passed')
} else if (req.body['decision'] === '0') {
throw new error.AccessDenied('User denied access to the resource')
} else {
console.debug('Decision check passed')
}
await model.user.allowClient(user.id, client.id, scope)
}
try {
codeValue = await req.oauth2.model.code.create(req.oauth2.model.user.getId(user),
req.oauth2.model.client.getId(client), scope, req.oauth2.model.code.ttl)
} catch (err) {
console.error(err)
throw new error.ServerError('Failed to call code.create function')
}
return codeValue
}