consent dialog fix

This commit is contained in:
Evert Prants 2020-06-15 19:47:03 +03:00
parent b15a4e4773
commit 70551ed482
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
8 changed files with 40 additions and 81 deletions

View File

@ -1,7 +1,6 @@
import error from '../error'
import response from '../response'
import model from '../model'
import authorization from './code'
import wrap from '../wrap'
module.exports = wrap(async (req, res, next) => {
@ -116,22 +115,40 @@ module.exports = wrap(async (req, res, next) => {
} else {
consented = await model.user.consented(user.id, client.id, scope)
}
}
// Ask for consent
if (!consented) return req.oauth2.decision(req, res, client, scope, user, redirectUri)
}
// Consent pushed, ensure valid session
if (req.method === 'POST' && req.session.csrf && !(req.body.csrf && req.body.csrf === req.session.csrf)) {
throw new error.InvalidRequest('Invalid session')
}
// Save consent
if (!consented) {
if (!req.body || (typeof req.body.decision) === 'undefined') {
throw new error.InvalidRequest('No decision parameter passed')
} else if (req.body.decision === '0') {
throw new error.AccessDenied('User denied access to the resource')
}
console.debug('Decision check passed')
await model.user.consent(user.id, client.id, scope)
}
for (const i in grantTypes) {
let data = null
switch (grantTypes[i]) {
case 'authorization_code':
data = await authorization.Code(req, res, client, scope, user, redirectUri, !consented)
data = await model.code.create(model.user.getId(user), model.client.getId(client), scope, model.code.ttl)
resObj = Object.assign({ code: data }, resObj)
break
case 'implicit':
data = await authorization.Implicit(req, res, client, scope, user, redirectUri, !consented)
data = await model.accessToken.create(model.user.getId(user),
model.client.getId(client), scope, model.accessToken.ttl)
resObj = Object.assign({
token_type: 'bearer',

View File

@ -1,31 +0,0 @@
import error from '../../error'
import model from '../../model'
module.exports = async (req, res, client, scope, user, redirectUri, consentRequested) => {
let codeValue = null
if (req.method === 'POST' && req.session.csrf && !(req.body.csrf && req.body.csrf === req.session.csrf)) {
throw new error.InvalidRequest('Invalid session')
}
if (consentRequested) {
if (!req.body || (typeof req.body.decision) === 'undefined') {
throw new error.InvalidRequest('No decision parameter passed')
} else if (req.body.decision === '0') {
throw new error.AccessDenied('User denied access to the resource')
}
console.debug('Decision check passed')
await model.user.consent(user.id, client.id, scope)
}
try {
codeValue = await req.oauth2.model.code.create(req.oauth2.model.user.getId(user),
req.oauth2.model.client.getId(client), scope, req.oauth2.model.code.ttl)
} catch (err) {
console.error(err)
throw new error.ServerError('Failed to call code.create function')
}
return codeValue
}

View File

@ -1,31 +0,0 @@
import error from '../../error'
import model from '../../model'
module.exports = async (req, res, client, scope, user, redirectUri, consentRequested) => {
let accessTokenValue = null
if (req.method === 'POST' && req.session.csrf && !(req.body.csrf && req.body.csrf === req.session.csrf)) {
throw new error.InvalidRequest('Invalid session')
}
if (consentRequested) {
if (!req.body || (typeof req.body.decision) === 'undefined') {
throw new error.InvalidRequest('No decision parameter passed')
} else if (req.body.decision === '0') {
throw new error.AccessDenied('User denied access to the resource')
}
console.debug('Decision check passed')
await model.user.consent(user.id, client.id, scope)
}
try {
accessTokenValue = await req.oauth2.model.accessToken.create(req.oauth2.model.user.getId(user),
req.oauth2.model.client.getId(client), scope, req.oauth2.model.accessToken.ttl)
} catch (err) {
console.error(err)
throw new error.ServerError('Failed to call accessToken.create function')
}
return accessTokenValue
}

View File

@ -1,4 +0,0 @@
module.exports = {
Code: require('./code'),
Implicit: require('./implicit')
}

View File

@ -33,7 +33,8 @@ module.exports = async (oauth2, client, providedCode, redirectUri) => {
console.debug('Code fetched ', code)
try {
await oauth2.model.refreshToken.removeByUserIdClientId(oauth2.model.code.getUserId(code), oauth2.model.code.getClientId(code))
await oauth2.model.refreshToken.removeByUserIdClientId(oauth2.model.code.getUserId(code),
oauth2.model.code.getClientId(code))
} catch (err) {
console.error(err)
throw new error.ServerError('Failed to call refreshToken.removeByUserIdClientId function')
@ -45,7 +46,8 @@ module.exports = async (oauth2, client, providedCode, redirectUri) => {
console.debug('Client does not allow grant type refresh_token, skip creation')
} else {
try {
respObj.refresh_token = await oauth2.model.refreshToken.create(oauth2.model.code.getUserId(code), oauth2.model.code.getClientId(code), oauth2.model.code.getScope(code))
respObj.refresh_token = await oauth2.model.refreshToken.create(oauth2.model.code.getUserId(code),
oauth2.model.code.getClientId(code), oauth2.model.code.getScope(code))
} catch (err) {
console.error(err)
throw new error.ServerError('Failed to call refreshToken.create function')
@ -53,7 +55,8 @@ module.exports = async (oauth2, client, providedCode, redirectUri) => {
}
try {
respObj.access_token = await oauth2.model.accessToken.create(oauth2.model.code.getUserId(code), oauth2.model.code.getClientId(code), oauth2.model.code.getScope(code), oauth2.model.accessToken.ttl)
respObj.access_token = await oauth2.model.accessToken.create(oauth2.model.code.getUserId(code),
oauth2.model.code.getClientId(code), oauth2.model.code.getScope(code), oauth2.model.accessToken.ttl)
} catch (err) {
console.error(err)
throw new error.ServerError('Failed to call accessToken.create function')

View File

@ -17,7 +17,8 @@ module.exports = async (oauth2, client, wantScope) => {
console.debug('Scope check passed ', scope)
try {
resObj.access_token = await oauth2.model.accessToken.create(null, oauth2.model.client.getId(client), scope, oauth2.model.accessToken.ttl)
resObj.access_token = await oauth2.model.accessToken.create(null, oauth2.model.client.getId(client),
scope, oauth2.model.accessToken.ttl)
} catch (err) {
throw new error.ServerError('Failed to call accessToken.create function')
}

View File

@ -38,7 +38,8 @@ module.exports = async (oauth2, client, username, password, scope) => {
}
try {
await oauth2.model.refreshToken.removeByUserIdClientId(oauth2.model.user.getId(user), oauth2.model.client.getId(client))
await oauth2.model.refreshToken.removeByUserIdClientId(oauth2.model.user.getId(user),
oauth2.model.client.getId(client))
} catch (err) {
throw new error.ServerError('Failed to call refreshToken.removeByUserIdClientId function')
}
@ -49,14 +50,16 @@ module.exports = async (oauth2, client, username, password, scope) => {
console.debug('Client does not allow grant type refresh_token, skip creation')
} else {
try {
resObj.refresh_token = await oauth2.model.refreshToken.create(oauth2.model.user.getId(user), oauth2.model.client.getId(client), scope)
resObj.refresh_token = await oauth2.model.refreshToken.create(oauth2.model.user.getId(user),
oauth2.model.client.getId(client), scope)
} catch (err) {
throw new error.ServerError('Failed to call refreshToken.create function')
}
}
try {
resObj.access_token = await oauth2.model.accessToken.create(oauth2.model.user.getId(user), oauth2.model.client.getId(client), scope, oauth2.model.accessToken.ttl)
resObj.access_token = await oauth2.model.accessToken.create(oauth2.model.user.getId(user),
oauth2.model.client.getId(client), scope, oauth2.model.accessToken.ttl)
} catch (err) {
throw new error.ServerError('Failed to call accessToken.create function')
}

View File

@ -25,8 +25,8 @@ module.exports = async (oauth2, client, pRefreshToken, scope) => {
}
if (oauth2.model.refreshToken.getClientId(refreshToken) !== oauth2.model.client.getId(client)) {
console.warn('Client "' + oauth2.model.client.getId(client) + '" tried to fetch a refresh token which belongs to client"' +
oauth2.model.refreshToken.getClientId(refreshToken) + '"')
console.warn('Client %s tried to fetch a refresh token which belongs to client %s!', oauth2.model.client.getId(client),
oauth2.model.refreshToken.getClientId(refreshToken))
throw new error.InvalidGrant('Refresh token not found')
}
@ -41,7 +41,8 @@ module.exports = async (oauth2, client, pRefreshToken, scope) => {
}
try {
accessToken = await oauth2.model.accessToken.fetchByUserIdClientId(oauth2.model.user.getId(user), oauth2.model.client.getId(client))
accessToken = await oauth2.model.accessToken.fetchByUserIdClientId(oauth2.model.user.getId(user),
oauth2.model.client.getId(client))
} catch (err) {
throw new error.ServerError('Failed to call accessToken.fetchByUserIdClientId function')
}