consent dialog fix
This commit is contained in:
parent
b15a4e4773
commit
70551ed482
@ -1,7 +1,6 @@
|
||||
import error from '../error'
|
||||
import response from '../response'
|
||||
import model from '../model'
|
||||
import authorization from './code'
|
||||
import wrap from '../wrap'
|
||||
|
||||
module.exports = wrap(async (req, res, next) => {
|
||||
@ -116,22 +115,40 @@ module.exports = wrap(async (req, res, next) => {
|
||||
} else {
|
||||
consented = await model.user.consented(user.id, client.id, scope)
|
||||
}
|
||||
}
|
||||
|
||||
// Ask for consent
|
||||
if (!consented) return req.oauth2.decision(req, res, client, scope, user, redirectUri)
|
||||
}
|
||||
|
||||
// Consent pushed, ensure valid session
|
||||
if (req.method === 'POST' && req.session.csrf && !(req.body.csrf && req.body.csrf === req.session.csrf)) {
|
||||
throw new error.InvalidRequest('Invalid session')
|
||||
}
|
||||
|
||||
// Save consent
|
||||
if (!consented) {
|
||||
if (!req.body || (typeof req.body.decision) === 'undefined') {
|
||||
throw new error.InvalidRequest('No decision parameter passed')
|
||||
} else if (req.body.decision === '0') {
|
||||
throw new error.AccessDenied('User denied access to the resource')
|
||||
}
|
||||
console.debug('Decision check passed')
|
||||
|
||||
await model.user.consent(user.id, client.id, scope)
|
||||
}
|
||||
|
||||
for (const i in grantTypes) {
|
||||
let data = null
|
||||
switch (grantTypes[i]) {
|
||||
case 'authorization_code':
|
||||
data = await authorization.Code(req, res, client, scope, user, redirectUri, !consented)
|
||||
data = await model.code.create(model.user.getId(user), model.client.getId(client), scope, model.code.ttl)
|
||||
|
||||
resObj = Object.assign({ code: data }, resObj)
|
||||
|
||||
break
|
||||
case 'implicit':
|
||||
data = await authorization.Implicit(req, res, client, scope, user, redirectUri, !consented)
|
||||
data = await model.accessToken.create(model.user.getId(user),
|
||||
model.client.getId(client), scope, model.accessToken.ttl)
|
||||
|
||||
resObj = Object.assign({
|
||||
token_type: 'bearer',
|
||||
|
@ -1,31 +0,0 @@
|
||||
import error from '../../error'
|
||||
import model from '../../model'
|
||||
|
||||
module.exports = async (req, res, client, scope, user, redirectUri, consentRequested) => {
|
||||
let codeValue = null
|
||||
|
||||
if (req.method === 'POST' && req.session.csrf && !(req.body.csrf && req.body.csrf === req.session.csrf)) {
|
||||
throw new error.InvalidRequest('Invalid session')
|
||||
}
|
||||
|
||||
if (consentRequested) {
|
||||
if (!req.body || (typeof req.body.decision) === 'undefined') {
|
||||
throw new error.InvalidRequest('No decision parameter passed')
|
||||
} else if (req.body.decision === '0') {
|
||||
throw new error.AccessDenied('User denied access to the resource')
|
||||
}
|
||||
console.debug('Decision check passed')
|
||||
|
||||
await model.user.consent(user.id, client.id, scope)
|
||||
}
|
||||
|
||||
try {
|
||||
codeValue = await req.oauth2.model.code.create(req.oauth2.model.user.getId(user),
|
||||
req.oauth2.model.client.getId(client), scope, req.oauth2.model.code.ttl)
|
||||
} catch (err) {
|
||||
console.error(err)
|
||||
throw new error.ServerError('Failed to call code.create function')
|
||||
}
|
||||
|
||||
return codeValue
|
||||
}
|
@ -1,31 +0,0 @@
|
||||
import error from '../../error'
|
||||
import model from '../../model'
|
||||
|
||||
module.exports = async (req, res, client, scope, user, redirectUri, consentRequested) => {
|
||||
let accessTokenValue = null
|
||||
|
||||
if (req.method === 'POST' && req.session.csrf && !(req.body.csrf && req.body.csrf === req.session.csrf)) {
|
||||
throw new error.InvalidRequest('Invalid session')
|
||||
}
|
||||
|
||||
if (consentRequested) {
|
||||
if (!req.body || (typeof req.body.decision) === 'undefined') {
|
||||
throw new error.InvalidRequest('No decision parameter passed')
|
||||
} else if (req.body.decision === '0') {
|
||||
throw new error.AccessDenied('User denied access to the resource')
|
||||
}
|
||||
console.debug('Decision check passed')
|
||||
|
||||
await model.user.consent(user.id, client.id, scope)
|
||||
}
|
||||
|
||||
try {
|
||||
accessTokenValue = await req.oauth2.model.accessToken.create(req.oauth2.model.user.getId(user),
|
||||
req.oauth2.model.client.getId(client), scope, req.oauth2.model.accessToken.ttl)
|
||||
} catch (err) {
|
||||
console.error(err)
|
||||
throw new error.ServerError('Failed to call accessToken.create function')
|
||||
}
|
||||
|
||||
return accessTokenValue
|
||||
}
|
@ -1,4 +0,0 @@
|
||||
module.exports = {
|
||||
Code: require('./code'),
|
||||
Implicit: require('./implicit')
|
||||
}
|
@ -33,7 +33,8 @@ module.exports = async (oauth2, client, providedCode, redirectUri) => {
|
||||
console.debug('Code fetched ', code)
|
||||
|
||||
try {
|
||||
await oauth2.model.refreshToken.removeByUserIdClientId(oauth2.model.code.getUserId(code), oauth2.model.code.getClientId(code))
|
||||
await oauth2.model.refreshToken.removeByUserIdClientId(oauth2.model.code.getUserId(code),
|
||||
oauth2.model.code.getClientId(code))
|
||||
} catch (err) {
|
||||
console.error(err)
|
||||
throw new error.ServerError('Failed to call refreshToken.removeByUserIdClientId function')
|
||||
@ -45,7 +46,8 @@ module.exports = async (oauth2, client, providedCode, redirectUri) => {
|
||||
console.debug('Client does not allow grant type refresh_token, skip creation')
|
||||
} else {
|
||||
try {
|
||||
respObj.refresh_token = await oauth2.model.refreshToken.create(oauth2.model.code.getUserId(code), oauth2.model.code.getClientId(code), oauth2.model.code.getScope(code))
|
||||
respObj.refresh_token = await oauth2.model.refreshToken.create(oauth2.model.code.getUserId(code),
|
||||
oauth2.model.code.getClientId(code), oauth2.model.code.getScope(code))
|
||||
} catch (err) {
|
||||
console.error(err)
|
||||
throw new error.ServerError('Failed to call refreshToken.create function')
|
||||
@ -53,7 +55,8 @@ module.exports = async (oauth2, client, providedCode, redirectUri) => {
|
||||
}
|
||||
|
||||
try {
|
||||
respObj.access_token = await oauth2.model.accessToken.create(oauth2.model.code.getUserId(code), oauth2.model.code.getClientId(code), oauth2.model.code.getScope(code), oauth2.model.accessToken.ttl)
|
||||
respObj.access_token = await oauth2.model.accessToken.create(oauth2.model.code.getUserId(code),
|
||||
oauth2.model.code.getClientId(code), oauth2.model.code.getScope(code), oauth2.model.accessToken.ttl)
|
||||
} catch (err) {
|
||||
console.error(err)
|
||||
throw new error.ServerError('Failed to call accessToken.create function')
|
||||
|
@ -17,7 +17,8 @@ module.exports = async (oauth2, client, wantScope) => {
|
||||
console.debug('Scope check passed ', scope)
|
||||
|
||||
try {
|
||||
resObj.access_token = await oauth2.model.accessToken.create(null, oauth2.model.client.getId(client), scope, oauth2.model.accessToken.ttl)
|
||||
resObj.access_token = await oauth2.model.accessToken.create(null, oauth2.model.client.getId(client),
|
||||
scope, oauth2.model.accessToken.ttl)
|
||||
} catch (err) {
|
||||
throw new error.ServerError('Failed to call accessToken.create function')
|
||||
}
|
||||
|
@ -38,7 +38,8 @@ module.exports = async (oauth2, client, username, password, scope) => {
|
||||
}
|
||||
|
||||
try {
|
||||
await oauth2.model.refreshToken.removeByUserIdClientId(oauth2.model.user.getId(user), oauth2.model.client.getId(client))
|
||||
await oauth2.model.refreshToken.removeByUserIdClientId(oauth2.model.user.getId(user),
|
||||
oauth2.model.client.getId(client))
|
||||
} catch (err) {
|
||||
throw new error.ServerError('Failed to call refreshToken.removeByUserIdClientId function')
|
||||
}
|
||||
@ -49,14 +50,16 @@ module.exports = async (oauth2, client, username, password, scope) => {
|
||||
console.debug('Client does not allow grant type refresh_token, skip creation')
|
||||
} else {
|
||||
try {
|
||||
resObj.refresh_token = await oauth2.model.refreshToken.create(oauth2.model.user.getId(user), oauth2.model.client.getId(client), scope)
|
||||
resObj.refresh_token = await oauth2.model.refreshToken.create(oauth2.model.user.getId(user),
|
||||
oauth2.model.client.getId(client), scope)
|
||||
} catch (err) {
|
||||
throw new error.ServerError('Failed to call refreshToken.create function')
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
resObj.access_token = await oauth2.model.accessToken.create(oauth2.model.user.getId(user), oauth2.model.client.getId(client), scope, oauth2.model.accessToken.ttl)
|
||||
resObj.access_token = await oauth2.model.accessToken.create(oauth2.model.user.getId(user),
|
||||
oauth2.model.client.getId(client), scope, oauth2.model.accessToken.ttl)
|
||||
} catch (err) {
|
||||
throw new error.ServerError('Failed to call accessToken.create function')
|
||||
}
|
||||
|
@ -25,8 +25,8 @@ module.exports = async (oauth2, client, pRefreshToken, scope) => {
|
||||
}
|
||||
|
||||
if (oauth2.model.refreshToken.getClientId(refreshToken) !== oauth2.model.client.getId(client)) {
|
||||
console.warn('Client "' + oauth2.model.client.getId(client) + '" tried to fetch a refresh token which belongs to client"' +
|
||||
oauth2.model.refreshToken.getClientId(refreshToken) + '"')
|
||||
console.warn('Client %s tried to fetch a refresh token which belongs to client %s!', oauth2.model.client.getId(client),
|
||||
oauth2.model.refreshToken.getClientId(refreshToken))
|
||||
throw new error.InvalidGrant('Refresh token not found')
|
||||
}
|
||||
|
||||
@ -41,7 +41,8 @@ module.exports = async (oauth2, client, pRefreshToken, scope) => {
|
||||
}
|
||||
|
||||
try {
|
||||
accessToken = await oauth2.model.accessToken.fetchByUserIdClientId(oauth2.model.user.getId(user), oauth2.model.client.getId(client))
|
||||
accessToken = await oauth2.model.accessToken.fetchByUserIdClientId(oauth2.model.user.getId(user),
|
||||
oauth2.model.client.getId(client))
|
||||
} catch (err) {
|
||||
throw new error.ServerError('Failed to call accessToken.fetchByUserIdClientId function')
|
||||
}
|
||||
|
Reference in New Issue
Block a user