Skip to content

Commit

Permalink
Tmp — auth service changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@XVincentX
XVincentX committed Oct 26, 2017
1 parent 4cea5a4 commit ee4bcc1
Show file tree
Hide file tree
Showing 7 changed files with 164 additions and 163 deletions.
6 changes: 3 additions & 3 deletions lib/policies/basic-auth/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,11 @@ function authenticateBasic (req, clientId, clientSecret, done) {
}

return authService.authenticateCredential(clientId, clientSecret, credentialType)
.then(consumer => {
if (!consumer) {
.then(([consumer, credentialId]) => {
if (!consumer || !credentialId) {
return done(null, false);
}
return authService.authorizeCredential(clientId, credentialType, endpointScopes || requestedScopes)
return authService.authorizeCredential(credentialId, credentialType, endpointScopes || requestedScopes)
.then(authorized => {
if (!authorized) {
return done(null, false);
Expand Down
4 changes: 2 additions & 2 deletions lib/policies/key-auth/keyauth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ const services = require('../../services/index');
const logger = require('../../logger').policy;
const authService = services.auth;
const credentialType = 'key-auth';
passport.use(new LocalAPIKeyStrategy({passReqToCallback: true}, (req, apikey, done) => {
passport.use(new LocalAPIKeyStrategy({ passReqToCallback: true }, (req, apikey, done) => {
// key will look like "h1243h1kl23h4kjh:asfasqwerqw"
if (!apikey) {
return done(null, false);
Expand All @@ -16,7 +16,7 @@ passport.use(new LocalAPIKeyStrategy({passReqToCallback: true}, (req, apikey, do
// after authentication req.user is populated
// and after authorization req.account is filled in
authService.authenticateCredential(keyParts[0], keyParts[1], credentialType)
.then(consumer => {
.then(([consumer, credentialId]) => {
if (!consumer) {
return done(null, false);
}
Expand Down
156 changes: 78 additions & 78 deletions lib/policies/oauth2/oauth2-server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ server.deserializeClient((consumer, done) => {
const id = consumer.id;

return authService.validateConsumer(id)
.then(foundConsumer => {
if (!foundConsumer) return done(null, false);
return done(null, consumer);
})
.catch(err => done(err));
.then(foundConsumer => {
if (!foundConsumer) return done(null, false);
return done(null, consumer);
})
.catch(err => done(err));
});

// Register supported grant types.
Expand All @@ -63,10 +63,10 @@ server.grant(oauth2orize.grant.code((consumer, redirectUri, user, ares, done) =>
if (consumer.authorizedScopes) code.scopes = consumer.authorizedScopes;

return authCodeService.save(code)
.then((codeObj) => {
return done(null, codeObj.id);
})
.catch(err => done(err));
.then((codeObj) => {
return done(null, codeObj.id);
})
.catch(err => done(err));
}));

// Grant implicit authorization. The callback takes the `client` requesting
Expand All @@ -86,10 +86,10 @@ server.grant(oauth2orize.grant.token((consumer, authenticatedUser, ares, done) =
if (consumer.authorizedScopes) tokenCriteria.scopes = consumer.authorizedScopes;

return tokenService.findOrSave(tokenCriteria)
.then(token => {
return done(null, token.access_token);
})
.catch(err => done(err));
.then(token => {
return done(null, token.access_token);
})
.catch(err => done(err));
}));

// Exchange authorization codes for access tokens. The callback accepts the
Expand All @@ -106,25 +106,25 @@ server.exchange(oauth2orize.exchange.code((consumer, code, redirectUri, done) =>
};

authCodeService.find(codeCriteria)
.then(codeObj => {
if (!codeObj) {
return done(null, false);
}
.then(codeObj => {
if (!codeObj) {
return done(null, false);
}

const tokenCriteria = {
consumerId: consumer.id,
authenticatedUserId: codeObj.userId,
authType: 'oauth2'
};
const tokenCriteria = {
consumerId: consumer.id,
authenticatedUserId: codeObj.userId,
authType: 'oauth2'
};

if (codeObj.scopes) tokenCriteria.scopes = codeObj.scopes;
if (codeObj.scopes) tokenCriteria.scopes = codeObj.scopes;

return tokenService.findOrSave(tokenCriteria, { includeRefreshToken: true })
.then(token => {
return done(null, token.access_token, token.refresh_token);
});
})
.catch(err => done(err));
return tokenService.findOrSave(tokenCriteria, { includeRefreshToken: true })
.then(token => {
return done(null, token.access_token, token.refresh_token);
});
})
.catch(err => done(err));
}));

// Exchange user id and password for access tokens. The callback accepts the
Expand All @@ -135,38 +135,38 @@ server.exchange(oauth2orize.exchange.code((consumer, code, redirectUri, done) =>
server.exchange(oauth2orize.exchange.password((consumer, username, password, scopes, done) => {
// Validate the consumer
return authService.validateConsumer(consumer.id)
.then(consumer => {
if (!consumer) return done(null, false);
.then(consumer => {
if (!consumer) return done(null, false);

return authService.authenticateCredential(username, password, 'oauth2')
.then(user => {
let scopeAuthorizationPromise;
return authService.authenticateCredential(username, password, 'oauth2')
.then(([user, credentialId]) => {
let scopeAuthorizationPromise;

if (!user) return done(null, false);
if (!user) return done(null, false);

if (scopes) {
scopeAuthorizationPromise = authService.authorizeCredential(consumer.id, 'oauth2', scopes);
} else scopeAuthorizationPromise = Promise.resolve(true);
if (scopes) {
scopeAuthorizationPromise = authService.authorizeCredential(consumer.id, 'oauth2', scopes);
} else scopeAuthorizationPromise = Promise.resolve(true);

return scopeAuthorizationPromise
.then(authorized => {
if (!authorized) return done(null, false);
return scopeAuthorizationPromise
.then(authorized => {
if (!authorized) return done(null, false);

const tokenCriteria = {
consumerId: consumer.id,
authenticatedUser: user.id
};
const tokenCriteria = {
consumerId: consumer.id,
authenticatedUser: user.id
};

if (scopes) tokenCriteria.scopes = scopes;
if (scopes) tokenCriteria.scopes = scopes;

return tokenService.findOrSave(tokenCriteria, { includeRefreshToken: true })
.then(token => {
return done(null, token.access_token, token.refresh_token);
});
});
})
.catch(err => done(err));
});
return tokenService.findOrSave(tokenCriteria, { includeRefreshToken: true })
.then(token => {
return done(null, token.access_token, token.refresh_token);
});
});
})
.catch(err => done(err));
});
}));

// Exchange the client id and password/secret for an access token. The callback accepts the
Expand All @@ -187,21 +187,21 @@ server.exchange(oauth2orize.exchange.clientCredentials((consumer, scopes, done)
} else scopeAuthorizationPromise = Promise.resolve(true);

return scopeAuthorizationPromise
.then(authorized => {
if (!authorized) return done(null, false);
.then(authorized => {
if (!authorized) return done(null, false);

const tokenCriteria = {
consumerId: consumer.id,
authType: 'oauth2'
};
const tokenCriteria = {
consumerId: consumer.id,
authType: 'oauth2'
};

if (scopes) tokenCriteria.scopes = scopes;
if (scopes) tokenCriteria.scopes = scopes;

return tokenService.findOrSave(tokenCriteria)
.then(token => {
return done(null, token.access_token);
return tokenService.findOrSave(tokenCriteria)
.then(token => {
return done(null, token.access_token);
});
});
});
})
.catch(err => done(err));
}));
Expand Down Expand Up @@ -248,24 +248,24 @@ module.exports.authorization = [
login.ensureLoggedIn(),
server.authorization((areq, done) => {
return authService.validateConsumer(areq.clientID)
.then(consumer => {
if (!consumer || consumer.redirectUri !== areq.redirectURI) return done(null, false);

if (!areq.scope) {
return done(null, consumer, areq.redirectURI);
}
.then(consumer => {
if (!consumer || consumer.redirectUri !== areq.redirectURI) return done(null, false);

return authService.authorizeCredential(areq.clientID, 'oauth2', areq.scope)
.then(authorized => {
if (!authorized) {
return done(null, false);
if (!areq.scope) {
return done(null, consumer, areq.redirectURI);
}

consumer.authorizedScopes = areq.scope;
return authService.authorizeCredential(areq.clientID, 'oauth2', areq.scope)
.then(authorized => {
if (!authorized) {
return done(null, false);
}

return done(null, consumer, areq.redirectURI);
consumer.authorizedScopes = areq.scope;

return done(null, consumer, areq.redirectURI);
});
});
});
}),
(request, response) => {
response.set('transaction_id', request.oauth2.transactionID);
Expand Down
16 changes: 10 additions & 6 deletions lib/policies/oauth2/oauth2.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,12 +123,14 @@ function authenticateBasic (req, clientId, clientSecret, done) {
}

return authService.authenticateCredential(clientId, clientSecret, credentialType)
.then(consumer => {
if (!consumer) {
.then((result) => {
if (!result) {
return done(null, false);
}

return authService.authorizeCredential(clientId, credentialType, endpointScopes || requestedScopes)
const [consumer, credentialId] = result;

return authService.authorizeCredential(credentialId, credentialType, endpointScopes || requestedScopes)
.then(authorized => {
if (!authorized) {
return done(null, false);
Expand All @@ -146,12 +148,14 @@ function authenticateLocal (req, clientId, clientSecret, done) {
const credentialType = 'basic-auth';

return authService.authenticateCredential(clientId, clientSecret, credentialType)
.then(consumer => {
if (!consumer) {
.then((result) => {
if (!result) {
return done(null, false);
}

return authService.authorizeCredential(clientId, credentialType)
const [consumer, credentialId] = result;

return authService.authorizeCredential(credentialId, credentialType)
.then(authorized => {
if (!authorized) {
return done(null, false);
Expand Down
Loading

0 comments on commit ee4bcc1

Please sign in to comment.