OAuth2 exchange updates

app/models/oauth2-client.js

@@ -12,10 +12,10 @@ const OAuth2ClientSchema = new Schema({
   created: { type: Date, default: Date.now, required: true },
   updated: { type: Date, default: Date.now, required: true },
   site: {
-    name: { type: String, required: true },
-    description: { type: String, required: true },
     domain: { type: String, required: true, index: 1 },
     domainKey: { type: String, required: true, index: 1 },
+    name: { type: String, required: true },
+    description: { type: String, required: true },
     company: { type: String, required: true },
   },
   secret: { type: String, required: true },

app/services/oauth2.js

@@ -161,23 +161,48 @@ class OAuth2Service extends SiteService {
     const NOW = new Date();
     const PASSWORD_LEN = parseInt(process.env.DTP_CORE_AUTH_PASSWORD_LEN || '64', 10);
 
-    const client = new OAuth2Client();
-    client.created = NOW;
-    client.updated = NOW;
-
-    client.site.name = striptags(clientDefinition.name);
-    client.site.description = striptags(clientDefinition.description);
-    client.site.domain = striptags(clientDefinition.domain);
-    client.site.domainKey = striptags(clientDefinition.domainKey);
-    client.site.company = striptags(clientDefinition.company);
-
-    client.secret = generatePassword(PASSWORD_LEN, false);
-    client.scopes = clientDefinition.coreAuth.redirectUri.map((scope) => striptags(scope));
-    client.redirectUri = striptags(clientDefinition.coreAuth.redirectUri);
-
-    await client.save();
+    // scrub up the input data to help prevent shenanigans
+    clientDefinition.name = striptags(clientDefinition.name);
+    clientDefinition.description = striptags(clientDefinition.description);
+    clientDefinition.domain = striptags(clientDefinition.domain);
+    clientDefinition.domainKey = striptags(clientDefinition.domainKey);
+
+    clientDefinition.company = striptags(clientDefinition.company);
+
+    clientDefinition.secret = generatePassword(PASSWORD_LEN, false);
+    clientDefinition.coreAuth.scopes = clientDefinition.coreAuth.scopes.map((scope) => striptags(scope));
+    clientDefinition.coreAuth.redirectUri = striptags(clientDefinition.coreAuth.redirectUri);
+
+    /*
+     * Use an upsert to either update or create the OAuth2 client record for the
+     * calling host.
+     */
+
+    const client = await OAuth2Client.updateOne(
+      {
+        'site.domain': clientDefinition.domain,
+        'site.domainKey': clientDefinition.domainKey,
+      },
+      {
+        $setOnInsert: {
+          created: NOW,
+          'site.domain': clientDefinition.domain,
+          'site.domainKey': clientDefinition.domainKey,
+        },
+        $set: {
+          updated: NOW,
+          'site.name': clientDefinition.name,
+          'site.description': clientDefinition.description,
+          'site.company': clientDefinition.company,
+          secret: clientDefinition.secret,
+          scopes: clientDefinition.coreAuth.scopes,
+          redirectUri: clientDefinition.coreAuth.redirectUri,
+        },
+      },
+      { upsert: true, returnDocument: true },
+    );
 
-    this.log.info('new OAuth2 client created', {
+    this.log.info('new OAuth2 client updated', {
       clientId: client._id,
       site: client.site.name,
       domain: client.site.domain,

app/views/admin/core-node/connect-result.pug

@@ -2,4 +2,4 @@ extends ../layouts/main
 block content
 
   h1 Core Connect Response
-  pre= JSON.stringify(txConnect, null, 2)
+  pre= JSON.stringify(txConnect.response, null, 2)