2014-06-30 16:58:10 +04:00
|
|
|
var oauth2orize = require('oauth2orize'),
|
2014-07-02 18:22:18 +04:00
|
|
|
models = require('../models'),
|
|
|
|
utils = require('../utils'),
|
2014-08-20 13:28:55 +04:00
|
|
|
errors = require('../errors'),
|
2014-06-30 16:58:10 +04:00
|
|
|
|
|
|
|
oauth;
|
|
|
|
|
|
|
|
oauth = {
|
|
|
|
|
2015-05-30 23:18:26 +03:00
|
|
|
init: function init(oauthServer, resetSpamCounter) {
|
2014-06-30 16:58:10 +04:00
|
|
|
// remove all expired accesstokens on startup
|
|
|
|
models.Accesstoken.destroyAllExpired();
|
|
|
|
|
|
|
|
// remove all expired refreshtokens on startup
|
|
|
|
models.Refreshtoken.destroyAllExpired();
|
|
|
|
|
|
|
|
// Exchange user id and password for access tokens. The callback accepts the
|
|
|
|
// `client`, which is exchanging the user's name and password from the
|
|
|
|
// authorization request for verification. If these values are validated, the
|
|
|
|
// application issues an access token on behalf of the user who authorized the code.
|
2015-10-22 16:28:47 +03:00
|
|
|
oauthServer.exchange(oauth2orize.exchange.password({userProperty: 'client'}, function exchange(client, username, password, scope, done) {
|
2014-06-30 16:58:10 +04:00
|
|
|
// Validate the client
|
|
|
|
models.Client.forge({slug: client.slug})
|
|
|
|
.fetch()
|
2015-05-30 23:18:26 +03:00
|
|
|
.then(function then(client) {
|
2014-06-30 16:58:10 +04:00
|
|
|
if (!client) {
|
2014-08-20 13:28:55 +04:00
|
|
|
return done(new errors.NoPermissionError('Invalid client.'), false);
|
2014-06-30 16:58:10 +04:00
|
|
|
}
|
|
|
|
// Validate the user
|
2015-05-30 23:18:26 +03:00
|
|
|
return models.User.check({email: username, password: password}).then(function then(user) {
|
2014-09-10 08:06:24 +04:00
|
|
|
// Everything validated, return the access- and refreshtoken
|
2014-07-02 18:22:18 +04:00
|
|
|
var accessToken = utils.uid(256),
|
|
|
|
refreshToken = utils.uid(256),
|
2014-07-28 17:19:49 +04:00
|
|
|
accessExpires = Date.now() + utils.ONE_HOUR_MS,
|
2015-05-08 17:54:12 +03:00
|
|
|
refreshExpires = Date.now() + utils.ONE_WEEK_MS;
|
2014-06-30 16:58:10 +04:00
|
|
|
|
2015-05-30 23:18:26 +03:00
|
|
|
return models.Accesstoken.add(
|
|
|
|
{token: accessToken, user_id: user.id, client_id: client.id, expires: accessExpires}
|
|
|
|
).then(function then() {
|
|
|
|
return models.Refreshtoken.add(
|
|
|
|
{token: refreshToken, user_id: user.id, client_id: client.id, expires: refreshExpires}
|
|
|
|
);
|
|
|
|
}).then(function then() {
|
2014-08-05 14:58:58 +04:00
|
|
|
resetSpamCounter(username);
|
2014-07-28 17:19:49 +04:00
|
|
|
return done(null, accessToken, refreshToken, {expires_in: utils.ONE_HOUR_S});
|
2015-05-30 23:18:26 +03:00
|
|
|
}).catch(function handleError(error) {
|
2014-08-20 13:28:55 +04:00
|
|
|
return done(error, false);
|
2014-06-30 16:58:10 +04:00
|
|
|
});
|
2015-05-30 23:18:26 +03:00
|
|
|
}).catch(function handleError(error) {
|
2014-07-17 16:22:07 +04:00
|
|
|
return done(error);
|
2014-06-30 16:58:10 +04:00
|
|
|
});
|
|
|
|
});
|
|
|
|
}));
|
|
|
|
|
|
|
|
// Exchange the refresh token to obtain an access token. The callback accepts the
|
|
|
|
// `client`, which is exchanging a `refreshToken` previously issued by the server
|
2014-09-10 08:06:24 +04:00
|
|
|
// for verification. If these values are validated, the application issues an
|
2014-06-30 16:58:10 +04:00
|
|
|
// access token on behalf of the user who authorized the code.
|
2015-05-30 23:18:26 +03:00
|
|
|
oauthServer.exchange(oauth2orize.exchange.refreshToken(function exchange(client, refreshToken, scope, done) {
|
2014-06-30 16:58:10 +04:00
|
|
|
models.Refreshtoken.forge({token: refreshToken})
|
|
|
|
.fetch()
|
2015-05-30 23:18:26 +03:00
|
|
|
.then(function then(model) {
|
2014-06-30 16:58:10 +04:00
|
|
|
if (!model) {
|
2014-08-20 13:28:55 +04:00
|
|
|
return done(new errors.NoPermissionError('Invalid refresh token.'), false);
|
2014-06-30 16:58:10 +04:00
|
|
|
} else {
|
|
|
|
var token = model.toJSON(),
|
2014-07-02 18:22:18 +04:00
|
|
|
accessToken = utils.uid(256),
|
2014-07-28 17:19:49 +04:00
|
|
|
accessExpires = Date.now() + utils.ONE_HOUR_MS,
|
2015-05-08 17:54:12 +03:00
|
|
|
refreshExpires = Date.now() + utils.ONE_WEEK_MS;
|
2014-06-30 16:58:10 +04:00
|
|
|
|
|
|
|
if (token.expires > Date.now()) {
|
2014-07-28 17:19:49 +04:00
|
|
|
models.Accesstoken.add({
|
|
|
|
token: accessToken,
|
|
|
|
user_id: token.user_id,
|
|
|
|
client_id: token.client_id,
|
|
|
|
expires: accessExpires
|
2015-05-30 23:18:26 +03:00
|
|
|
}).then(function then() {
|
2014-07-28 17:19:49 +04:00
|
|
|
return models.Refreshtoken.edit({expires: refreshExpires}, {id: token.id});
|
2015-05-30 23:18:26 +03:00
|
|
|
}).then(function then() {
|
2014-07-28 17:19:49 +04:00
|
|
|
return done(null, accessToken, {expires_in: utils.ONE_HOUR_S});
|
2015-05-30 23:18:26 +03:00
|
|
|
}).catch(function handleError(error) {
|
2014-08-20 13:28:55 +04:00
|
|
|
return done(error, false);
|
2014-06-30 16:58:10 +04:00
|
|
|
});
|
|
|
|
} else {
|
2014-08-20 13:28:55 +04:00
|
|
|
done(new errors.UnauthorizedError('Refresh token expired.'), false);
|
2014-06-30 16:58:10 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}));
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2014-09-10 08:06:24 +04:00
|
|
|
module.exports = oauth;
|