|
|
|
|
@ -151,7 +151,7 @@ class OAuth2Service extends SiteService {
|
|
|
|
|
var code = uuidv4();
|
|
|
|
|
var ac = new OAuth2AuthorizationCode({
|
|
|
|
|
code,
|
|
|
|
|
clientId: client._id,
|
|
|
|
|
client: client._id,
|
|
|
|
|
redirectUri,
|
|
|
|
|
user: user._id,
|
|
|
|
|
scopes: client.scopes,
|
|
|
|
|
@ -166,10 +166,21 @@ class OAuth2Service extends SiteService {
|
|
|
|
|
|
|
|
|
|
async processExchange (client, code, redirectUri, done) {
|
|
|
|
|
try {
|
|
|
|
|
const ac = await OAuth2AuthorizationCode.findOne({ code });
|
|
|
|
|
const ac = await OAuth2AuthorizationCode
|
|
|
|
|
.findOne({ code })
|
|
|
|
|
.populate([
|
|
|
|
|
{
|
|
|
|
|
path: 'client',
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
path: 'user',
|
|
|
|
|
select: 'username username_lc displayName picture',
|
|
|
|
|
},
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
this.log.debug('process OAuth2 exchange', { client, code, redirectUri });
|
|
|
|
|
if (!client._id.equals(ac.clientId)) {
|
|
|
|
|
this.log.alert('OAuth2 client ID mismatch', { provided: client.id, onfile: ac.clientId });
|
|
|
|
|
if (!client._id.equals(ac.client._id)) {
|
|
|
|
|
this.log.alert('OAuth2 client ID mismatch', { provided: client.id, onfile: ac.client._id });
|
|
|
|
|
return done(null, false);
|
|
|
|
|
}
|
|
|
|
|
if (redirectUri !== ac.redirectUri) {
|
|
|
|
|
@ -180,8 +191,8 @@ class OAuth2Service extends SiteService {
|
|
|
|
|
var token = uuidv4();
|
|
|
|
|
var at = new OAuth2AccessToken({
|
|
|
|
|
token,
|
|
|
|
|
user: ac.userId,
|
|
|
|
|
client: ac.clientId,
|
|
|
|
|
user: ac.user._id,
|
|
|
|
|
client: ac.client._id,
|
|
|
|
|
scope: ac.scope,
|
|
|
|
|
});
|
|
|
|
|
await at.save();
|
|
|
|
|
|
rob
2 years ago