From 7d2ee1f522144ad2de30aae4d21d2eb1faca8112 Mon Sep 17 00:00:00 2001
From: rob <rob@digitaltelepresence.com>
Date: Sun, 3 Jul 2022 12:11:31 -0400
Subject: [PATCH] OAuth2 exchange updates

---
 app/models/oauth2-client.js                  |  4 +-
 app/services/oauth2.js                       | 57 ++++++++++++++------
 app/views/admin/core-node/connect-result.pug |  2 +-
 3 files changed, 44 insertions(+), 19 deletions(-)

diff --git a/app/models/oauth2-client.js b/app/models/oauth2-client.js
index 1db20bf..dda0431 100644
--- a/app/models/oauth2-client.js
+++ b/app/models/oauth2-client.js
@@ -12,10 +12,10 @@ const OAuth2ClientSchema = new Schema({
   created: { type: Date, default: Date.now, required: true },
   updated: { type: Date, default: Date.now, required: true },
   site: {
-    name: { type: String, required: true },
-    description: { type: String, required: true },
     domain: { type: String, required: true, index: 1 },
     domainKey: { type: String, required: true, index: 1 },
+    name: { type: String, required: true },
+    description: { type: String, required: true },
     company: { type: String, required: true },
   },
   secret: { type: String, required: true },
diff --git a/app/services/oauth2.js b/app/services/oauth2.js
index cbcdb7b..c581ec1 100644
--- a/app/services/oauth2.js
+++ b/app/services/oauth2.js
@@ -161,23 +161,48 @@ class OAuth2Service extends SiteService {
     const NOW = new Date();
     const PASSWORD_LEN = parseInt(process.env.DTP_CORE_AUTH_PASSWORD_LEN || '64', 10);
 
-    const client = new OAuth2Client();
-    client.created = NOW;
-    client.updated = NOW;
-
-    client.site.name = striptags(clientDefinition.name);
-    client.site.description = striptags(clientDefinition.description);
-    client.site.domain = striptags(clientDefinition.domain);
-    client.site.domainKey = striptags(clientDefinition.domainKey);
-    client.site.company = striptags(clientDefinition.company);
-
-    client.secret = generatePassword(PASSWORD_LEN, false);
-    client.scopes = clientDefinition.coreAuth.redirectUri.map((scope) => striptags(scope));
-    client.redirectUri = striptags(clientDefinition.coreAuth.redirectUri);
-
-    await client.save();
+    // scrub up the input data to help prevent shenanigans
+    clientDefinition.name = striptags(clientDefinition.name);
+    clientDefinition.description = striptags(clientDefinition.description);
+    clientDefinition.domain = striptags(clientDefinition.domain);
+    clientDefinition.domainKey = striptags(clientDefinition.domainKey);
+
+    clientDefinition.company = striptags(clientDefinition.company);
+
+    clientDefinition.secret = generatePassword(PASSWORD_LEN, false);
+    clientDefinition.coreAuth.scopes = clientDefinition.coreAuth.scopes.map((scope) => striptags(scope));
+    clientDefinition.coreAuth.redirectUri = striptags(clientDefinition.coreAuth.redirectUri);
+
+    /*
+     * Use an upsert to either update or create the OAuth2 client record for the
+     * calling host.
+     */
+
+    const client = await OAuth2Client.updateOne(
+      {
+        'site.domain': clientDefinition.domain,
+        'site.domainKey': clientDefinition.domainKey,
+      },
+      {
+        $setOnInsert: {
+          created: NOW,
+          'site.domain': clientDefinition.domain,
+          'site.domainKey': clientDefinition.domainKey,
+        },
+        $set: {
+          updated: NOW,
+          'site.name': clientDefinition.name,
+          'site.description': clientDefinition.description,
+          'site.company': clientDefinition.company,
+          secret: clientDefinition.secret,
+          scopes: clientDefinition.coreAuth.scopes,
+          redirectUri: clientDefinition.coreAuth.redirectUri,
+        },
+      },
+      { upsert: true, returnDocument: true },
+    );
 
-    this.log.info('new OAuth2 client created', {
+    this.log.info('new OAuth2 client updated', {
       clientId: client._id,
       site: client.site.name,
       domain: client.site.domain,
diff --git a/app/views/admin/core-node/connect-result.pug b/app/views/admin/core-node/connect-result.pug
index fc697f3..225650a 100644
--- a/app/views/admin/core-node/connect-result.pug
+++ b/app/views/admin/core-node/connect-result.pug
@@ -2,4 +2,4 @@ extends ../layouts/main
 block content
 
   h1 Core Connect Response
-  pre= JSON.stringify(txConnect, null, 2)
\ No newline at end of file
+  pre= JSON.stringify(txConnect.response, null, 2)
\ No newline at end of file