|
|
@ -91,29 +91,29 @@ class OAuth2Service extends SiteService {
|
|
|
|
res.render('oauth2/authorize-dialog');
|
|
|
|
res.render('oauth2/authorize-dialog');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
async processAuthorize (clientID, redirectURI, done) {
|
|
|
|
async processAuthorize (clientID, redirectUri, done) {
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
const client = await OAuth2Client.findOne({ clientID });
|
|
|
|
const client = await OAuth2Client.findOne({ clientID });
|
|
|
|
if (!client) {
|
|
|
|
if (!client) {
|
|
|
|
return done(null, false);
|
|
|
|
return done(null, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (client.redirectUri !== redirectURI) {
|
|
|
|
if (client.redirectUri !== redirectUri) {
|
|
|
|
return done(null, false);
|
|
|
|
return done(null, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return done(null, client, client.redirectURI);
|
|
|
|
return done(null, client, client.redirectUri);
|
|
|
|
} catch (error) {
|
|
|
|
} catch (error) {
|
|
|
|
this.log.error('failed to process OAuth2 authorize', { error });
|
|
|
|
this.log.error('failed to process OAuth2 authorize', { error });
|
|
|
|
return done(error);
|
|
|
|
return done(error);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
async processGrant (client, redirectURI, user, ares, done) {
|
|
|
|
async processGrant (client, redirectUri, user, ares, done) {
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
var code = uuidv4();
|
|
|
|
var code = uuidv4();
|
|
|
|
var ac = new OAuth2AuthorizationCode({
|
|
|
|
var ac = new OAuth2AuthorizationCode({
|
|
|
|
code,
|
|
|
|
code,
|
|
|
|
clientId: client.id,
|
|
|
|
clientId: client.id,
|
|
|
|
redirectURI,
|
|
|
|
redirectUri,
|
|
|
|
user: user.id,
|
|
|
|
user: user.id,
|
|
|
|
scope: ares.scope,
|
|
|
|
scope: ares.scope,
|
|
|
|
});
|
|
|
|
});
|
|
|
@ -125,13 +125,13 @@ class OAuth2Service extends SiteService {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
async processExchange (client, code, redirectURI, done) {
|
|
|
|
async processExchange (client, code, redirectUri, done) {
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
const ac = await OAuth2AuthorizationCode.findOne({ code });
|
|
|
|
const ac = await OAuth2AuthorizationCode.findOne({ code });
|
|
|
|
if (client.id !== ac.clientId) {
|
|
|
|
if (client.id !== ac.clientId) {
|
|
|
|
return done(null, false);
|
|
|
|
return done(null, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (redirectURI !== ac.redirectUri) {
|
|
|
|
if (redirectUri !== ac.redirectUri) {
|
|
|
|
return done(null, false);
|
|
|
|
return done(null, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -172,7 +172,8 @@ class OAuth2Service extends SiteService {
|
|
|
|
client.site.company = striptags(clientDefinition.company);
|
|
|
|
client.site.company = striptags(clientDefinition.company);
|
|
|
|
|
|
|
|
|
|
|
|
client.secret = generatePassword(PASSWORD_LEN, false);
|
|
|
|
client.secret = generatePassword(PASSWORD_LEN, false);
|
|
|
|
client.redirectURI = clientDefinition.redirectURI;
|
|
|
|
client.scopes = clientDefinition.coreAuth.redirectUri.map((scope) => striptags(scope));
|
|
|
|
|
|
|
|
client.redirectUri = striptags(clientDefinition.coreAuth.redirectUri);
|
|
|
|
|
|
|
|
|
|
|
|
await client.save();
|
|
|
|
await client.save();
|
|
|
|
|
|
|
|
|
|
|
@ -191,6 +192,20 @@ class OAuth2Service extends SiteService {
|
|
|
|
.lean();
|
|
|
|
.lean();
|
|
|
|
return client;
|
|
|
|
return client;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
async getClientByDomain (domain) {
|
|
|
|
|
|
|
|
const client = await OAuth2Client
|
|
|
|
|
|
|
|
.findOne({ 'site.domain': domain })
|
|
|
|
|
|
|
|
.lean();
|
|
|
|
|
|
|
|
return client;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
async getClientByDomainKey (domainKey) {
|
|
|
|
|
|
|
|
const client = await OAuth2Client
|
|
|
|
|
|
|
|
.findOne({ 'site.domainKey': domainKey })
|
|
|
|
|
|
|
|
.lean();
|
|
|
|
|
|
|
|
return client;
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
module.exports = {
|
|
|
|