33 lines
1.1 KiB
JavaScript
33 lines
1.1 KiB
JavaScript
import error from '../../error'
|
|
import model from '../../model'
|
|
|
|
module.exports = async (req, res, client, scope, user, redirectUri, createAllowFuture) => {
|
|
let accessTokenValue = null
|
|
|
|
if (req.method === 'POST' && req.session.csrf && !(req.body.csrf && req.body.csrf === req.session.csrf)) {
|
|
throw new error.InvalidRequest('Invalid session')
|
|
}
|
|
|
|
if (createAllowFuture) {
|
|
if (!req.body || (typeof req.body['decision']) === undefined) {
|
|
throw new error.InvalidRequest('No decision parameter passed')
|
|
} else if (req.body['decision'] === '0') {
|
|
throw new error.AccessDenied('User denied access to the resource')
|
|
} else {
|
|
console.debug('Decision check passed')
|
|
}
|
|
|
|
await model.user.allowClient(user.id, client.id, scope)
|
|
}
|
|
|
|
try {
|
|
accessTokenValue = await req.oauth2.model.accessToken.create(req.oauth2.model.user.getId(user),
|
|
req.oauth2.model.client.getId(client), scope, req.oauth2.model.accessToken.ttl)
|
|
} catch (err) {
|
|
console.error(err)
|
|
throw new error.ServerError('Failed to call accessToken.create function')
|
|
}
|
|
|
|
return accessTokenValue
|
|
}
|