|
|
|
@ -82,7 +82,7 @@ class OAuth2Service extends SiteService {
|
|
|
|
const client = await OAuth2Client
|
|
|
|
const client = await OAuth2Client
|
|
|
|
.findOne({ _id: clientId })
|
|
|
|
.findOne({ _id: clientId })
|
|
|
|
.lean();
|
|
|
|
.lean();
|
|
|
|
this.log.debug('OAuth2 client loaded', { clientId, client });
|
|
|
|
this.log.debug('OAuth2 client loaded', { clientId });
|
|
|
|
return done(null, client);
|
|
|
|
return done(null, client);
|
|
|
|
} catch (error) {
|
|
|
|
} catch (error) {
|
|
|
|
this.log.error('failed to deserialize OAuth2 client', { clientId, error });
|
|
|
|
this.log.error('failed to deserialize OAuth2 client', { clientId, error });
|
|
|
|
@ -139,6 +139,7 @@ class OAuth2Service extends SiteService {
|
|
|
|
});
|
|
|
|
});
|
|
|
|
return done(null, false);
|
|
|
|
return done(null, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
this.log.info('client authorization processed', { clientID });
|
|
|
|
return done(null, client, client.callbackUrl);
|
|
|
|
return done(null, client, client.callbackUrl);
|
|
|
|
} catch (error) {
|
|
|
|
} catch (error) {
|
|
|
|
this.log.error('failed to process OAuth2 authorize', { error });
|
|
|
|
this.log.error('failed to process OAuth2 authorize', { error });
|
|
|
|
@ -149,6 +150,7 @@ class OAuth2Service extends SiteService {
|
|
|
|
async processGrant (client, redirectUri, user, ares, done) {
|
|
|
|
async processGrant (client, redirectUri, user, ares, done) {
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
var code = uuidv4();
|
|
|
|
var code = uuidv4();
|
|
|
|
|
|
|
|
|
|
|
|
var ac = new OAuth2AuthorizationCode({
|
|
|
|
var ac = new OAuth2AuthorizationCode({
|
|
|
|
code,
|
|
|
|
code,
|
|
|
|
client: client._id,
|
|
|
|
client: client._id,
|
|
|
|
@ -157,6 +159,8 @@ class OAuth2Service extends SiteService {
|
|
|
|
scopes: client.scopes,
|
|
|
|
scopes: client.scopes,
|
|
|
|
});
|
|
|
|
});
|
|
|
|
await ac.save();
|
|
|
|
await ac.save();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
this.log.info('OAuth2 grant processed', { clientID: client._id, scopes: client.scopes });
|
|
|
|
return done(null, code);
|
|
|
|
return done(null, code);
|
|
|
|
} catch (error) {
|
|
|
|
} catch (error) {
|
|
|
|
this.log.error('failed to process OAuth2 grant', { error });
|
|
|
|
this.log.error('failed to process OAuth2 grant', { error });
|
|
|
|
@ -178,7 +182,6 @@ class OAuth2Service extends SiteService {
|
|
|
|
},
|
|
|
|
},
|
|
|
|
]);
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
|
|
this.log.debug('process OAuth2 exchange', { client, code, redirectUri });
|
|
|
|
|
|
|
|
if (!client._id.equals(ac.client._id)) {
|
|
|
|
if (!client._id.equals(ac.client._id)) {
|
|
|
|
this.log.alert('OAuth2 client ID mismatch', { provided: client.id, onfile: ac.client._id });
|
|
|
|
this.log.alert('OAuth2 client ID mismatch', { provided: client.id, onfile: ac.client._id });
|
|
|
|
return done(null, false);
|
|
|
|
return done(null, false);
|
|
|
|
@ -197,7 +200,7 @@ class OAuth2Service extends SiteService {
|
|
|
|
});
|
|
|
|
});
|
|
|
|
await at.save();
|
|
|
|
await at.save();
|
|
|
|
|
|
|
|
|
|
|
|
this.log.debug('OAuth2 grant exchanged for token', { client, code, token: at.token });
|
|
|
|
this.log.info('OAuth2 grant exchanged for token', { clientID: client._id });
|
|
|
|
return done(null, token);
|
|
|
|
return done(null, token);
|
|
|
|
} catch (error) {
|
|
|
|
} catch (error) {
|
|
|
|
this.log.error('failed to process OAuth2 exchange', { error });
|
|
|
|
this.log.error('failed to process OAuth2 exchange', { error });
|
|
|
|
|
rob
2 years ago