This repository has been archived on 2022-11-26. You can view files and clone it, but cannot push or open issues or pull requests.
IcyNet.eu/server/api/oauth2/controller/code/implicit.js

33 lines
1.1 KiB
JavaScript
Raw Normal View History

2017-08-23 20:13:45 +00:00
import error from '../../error'
import model from '../../model'
module.exports = async (req, res, client, scope, user, redirectUri, createAllowFuture) => {
let accessTokenValue = null
2017-08-23 22:25:52 +00:00
if (req.method === 'POST' && req.session.csrf && !(req.body.csrf && req.body.csrf === req.session.csrf)) {
throw new error.InvalidRequest('Invalid session')
}
2017-08-23 20:13:45 +00:00
if (createAllowFuture) {
2017-08-24 16:23:03 +00:00
if (!req.body || (typeof req.body['decision']) === 'undefined') {
2017-08-23 20:13:45 +00:00
throw new error.InvalidRequest('No decision parameter passed')
2017-08-23 22:25:52 +00:00
} else if (req.body['decision'] === '0') {
2017-08-23 20:13:45 +00:00
throw new error.AccessDenied('User denied access to the resource')
} else {
console.debug('Decision check passed')
}
await model.user.allowClient(user.id, client.id, scope)
}
try {
accessTokenValue = await req.oauth2.model.accessToken.create(req.oauth2.model.user.getId(user),
req.oauth2.model.client.getId(client), scope, req.oauth2.model.accessToken.ttl)
} catch (err) {
2017-08-23 22:25:52 +00:00
console.error(err)
2017-08-23 20:13:45 +00:00
throw new error.ServerError('Failed to call accessToken.create function')
}
return accessTokenValue
}