|
|
|
@ -167,10 +167,13 @@ class OAuth2Service extends SiteService {
|
|
|
|
|
async processExchange (client, code, redirectUri, done) {
|
|
|
|
|
try {
|
|
|
|
|
const ac = await OAuth2AuthorizationCode.findOne({ code });
|
|
|
|
|
this.log.debug('process OAuth2 exchange', { client, code, redirectUri });
|
|
|
|
|
if (client.id !== ac.clientId) {
|
|
|
|
|
this.log.alert('OAuth2 client ID mismatch', { provided: client.id, onfile: ac.clientId });
|
|
|
|
|
return done(null, false);
|
|
|
|
|
}
|
|
|
|
|
if (redirectUri !== ac.redirectUri) {
|
|
|
|
|
this.log.alert('OAuth2 redirect mismatch', { provided: redirectUri, onfile: ac.redirectUri });
|
|
|
|
|
return done(null, false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -183,6 +186,7 @@ class OAuth2Service extends SiteService {
|
|
|
|
|
});
|
|
|
|
|
await at.save();
|
|
|
|
|
|
|
|
|
|
this.log.debug('OAuth2 grant exchanged for token', { client, code, token: at.token });
|
|
|
|
|
return done(null, token);
|
|
|
|
|
} catch (error) {
|
|
|
|
|
this.log.error('failed to process OAuth2 exchange', { error });
|
|
|
|
|