support standard prompt query parameter

This commit is contained in:
Evert Prants 2022-09-16 18:24:42 +03:00
parent 20c0771bf0
commit ef4a5abac9
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
3 changed files with 22 additions and 3 deletions

View File

@ -1,6 +1,6 @@
{ {
"name": "@icynet/oauth2-provider", "name": "@icynet/oauth2-provider",
"version": "1.0.5", "version": "1.0.6",
"description": "OAuth2.0 Provider for Icy Network", "description": "OAuth2.0 Provider for Icy Network",
"main": "dist/index.js", "main": "dist/index.js",
"types": "dist/index.d.ts", "types": "dist/index.d.ts",

View File

@ -5,6 +5,7 @@ import {
UnauthorizedClient, UnauthorizedClient,
InvalidScope, InvalidScope,
AccessDenied, AccessDenied,
InteractionRequired,
} from '../model/error'; } from '../model/error';
import { OAuth2User } from '../model/model'; import { OAuth2User } from '../model/model';
import { data as dataResponse } from '../utils/response'; import { data as dataResponse } from '../utils/response';
@ -137,22 +138,31 @@ export const authorization = wrap(async (req, res) => {
req.oauth2.logger.debug('User fetched from request'); req.oauth2.logger.debug('User fetched from request');
} }
const prompt = ((req.query.prompt || '') as string).split(' ');
let resObj: Record<string, string | number> = {}; let resObj: Record<string, string | number> = {};
let consented = false; let consented = false;
if (req.method === 'GET') { if (req.method === 'GET') {
// Check if the user has already consented to this client with this scope // Check if the user has already consented to this client with this scope
// TODO: reevaluate security implications
consented = await oauth2.model.user.consented( consented = await oauth2.model.user.consented(
oauth2.model.user.getId(user), oauth2.model.user.getId(user),
oauth2.model.client.getId(client), oauth2.model.client.getId(client),
scope scope
); );
if (!consented && prompt.includes('none')) {
throw new InteractionRequired('Interaction required!');
}
// Ask for consent // Ask for consent
if (!consented) if (!consented || (
prompt.includes('login') ||
prompt.includes('consent') ||
prompt.includes('select_account')
)) {
return oauth2.decision(req, res, client, scope, user, redirectUri); return oauth2.decision(req, res, client, scope, user, redirectUri);
} }
}
// Save consent // Save consent
if (!consented) { if (!consented) {

View File

@ -92,3 +92,12 @@ export class UnsupportedResponseType extends OAuth2Error {
super('unsupported_response_type', msg, 400); super('unsupported_response_type', msg, 400);
} }
} }
export class InteractionRequired extends OAuth2Error {
public name = 'OAuth2InteractionRequired';
public logLevel = 'info';
constructor(msg: string) {
super('interaction_required', msg, 400);
}
}