From cc2cd3e62d8d7ec6a574b84d807c7331cdbae254 Mon Sep 17 00:00:00 2001 From: Francesco Stefanni Date: Wed, 8 Dec 2021 13:20:07 +0100 Subject: [PATCH 1/3] Scope is optional with authorization code grant --- .../authorization-code-grant-type.js | 2 +- .../authorization-code-grant-type_test.js | 31 +++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js index 8f21aeff..defa03f1 100644 --- a/lib/grant-types/authorization-code-grant-type.js +++ b/lib/grant-types/authorization-code-grant-type.js @@ -176,7 +176,7 @@ AuthorizationCodeGrantType.prototype.revokeAuthorizationCode = function(code) { AuthorizationCodeGrantType.prototype.saveToken = function(user, client, authorizationCode, scope) { const fns = [ - this.validateScope(user, client, scope), + scope ? this.validateScope(user, client, scope) : scope, this.generateAccessToken(client, user, scope), this.generateRefreshToken(client, user, scope), this.getAccessTokenExpiresAt(), diff --git a/test/unit/grant-types/authorization-code-grant-type_test.js b/test/unit/grant-types/authorization-code-grant-type_test.js index 83cc8543..ac17a84c 100644 --- a/test/unit/grant-types/authorization-code-grant-type_test.js +++ b/test/unit/grant-types/authorization-code-grant-type_test.js @@ -83,6 +83,37 @@ describe('AuthorizationCodeGrantType', function() { model.saveToken.firstCall.args[1].should.equal(client); model.saveToken.firstCall.args[2].should.equal(user); model.saveToken.firstCall.thisValue.should.equal(model); + handler.validateScope.callCount.should.equal(1); + }) + .catch(should.fail); + }); + }); + + describe('saveToken() - no scope', function() { + it('should call `model.saveToken()`', function() { + const client = {}; + const user = {}; + const model = { + getAuthorizationCode: function() {}, + revokeAuthorizationCode: function() {}, + saveToken: sinon.stub().returns(true), + validateScope: function(u, c, s){ return null; } + }; + const handler = new AuthorizationCodeGrantType({ accessTokenLifetime: 120, model: model }); + + sinon.stub(handler, 'generateAccessToken').returns(Promise.resolve('foo')); + sinon.stub(handler, 'generateRefreshToken').returns(Promise.resolve('bar')); + sinon.stub(handler, 'getAccessTokenExpiresAt').returns(Promise.resolve('biz')); + sinon.stub(handler, 'getRefreshTokenExpiresAt').returns(Promise.resolve('baz')); + + return handler.saveToken(user, client, 'foobar', null) + .then(function() { + model.saveToken.callCount.should.equal(1); + model.saveToken.firstCall.args.should.have.length(3); + model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', authorizationCode: 'foobar', accessTokenExpiresAt: 'biz', refreshToken: 'bar', refreshTokenExpiresAt: 'baz', scope: null }); + model.saveToken.firstCall.args[1].should.equal(client); + model.saveToken.firstCall.args[2].should.equal(user); + model.saveToken.firstCall.thisValue.should.equal(model); }) .catch(should.fail); }); From 78a4a80e4e2e3fec140a184b721c93485fb1db0c Mon Sep 17 00:00:00 2001 From: Francesco Stefanni Date: Sun, 12 Dec 2021 11:32:02 +0100 Subject: [PATCH 2/3] improved pr, according with comments --- lib/grant-types/abstract-grant-type.js | 2 +- .../authorization-code-grant-type.js | 51 +++++++++++-------- .../authorization-code-grant-type_test.js | 2 +- 3 files changed, 31 insertions(+), 24 deletions(-) diff --git a/lib/grant-types/abstract-grant-type.js b/lib/grant-types/abstract-grant-type.js index 4f73e559..e5b96867 100644 --- a/lib/grant-types/abstract-grant-type.js +++ b/lib/grant-types/abstract-grant-type.js @@ -104,7 +104,7 @@ AbstractGrantType.prototype.validateScope = function(user, client, scope) { return scope; }); } else { - return scope; + return Promise.resolve(scope); } }; diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js index defa03f1..630b665e 100644 --- a/lib/grant-types/authorization-code-grant-type.js +++ b/lib/grant-types/authorization-code-grant-type.js @@ -175,28 +175,35 @@ AuthorizationCodeGrantType.prototype.revokeAuthorizationCode = function(code) { */ AuthorizationCodeGrantType.prototype.saveToken = function(user, client, authorizationCode, scope) { - const fns = [ - scope ? this.validateScope(user, client, scope) : scope, - this.generateAccessToken(client, user, scope), - this.generateRefreshToken(client, user, scope), - this.getAccessTokenExpiresAt(), - this.getRefreshTokenExpiresAt() - ]; - - return Promise.all(fns) - .bind(this) - .spread(function(scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { - const token = { - accessToken: accessToken, - authorizationCode: authorizationCode, - accessTokenExpiresAt: accessTokenExpiresAt, - refreshToken: refreshToken, - refreshTokenExpiresAt: refreshTokenExpiresAt, - scope: scope - }; - - return promisify(this.model.saveToken, 3).call(this.model, token, client, user); - }); + const self = this; + function validateParamScope() { + if (!scope) return Promise.resolve(scope); + return self.validateScope(user, client, scope); + } + function doActualSave(validatedScope) { + const fns = [ + self.generateAccessToken(client, user, validatedScope), + self.generateRefreshToken(client, user, validatedScope), + self.getAccessTokenExpiresAt(), + self.getRefreshTokenExpiresAt() + ]; + + return Promise.all(fns) + .bind(self) + .spread(function(accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { + const token = { + accessToken: accessToken, + authorizationCode: authorizationCode, + accessTokenExpiresAt: accessTokenExpiresAt, + refreshToken: refreshToken, + refreshTokenExpiresAt: refreshTokenExpiresAt, + scope: validatedScope + }; + + return promisify(self.model.saveToken, 3).call(self.model, token, client, user); + }); + } + return validateParamScope().then(doActualSave); }; /** diff --git a/test/unit/grant-types/authorization-code-grant-type_test.js b/test/unit/grant-types/authorization-code-grant-type_test.js index ac17a84c..75635838 100644 --- a/test/unit/grant-types/authorization-code-grant-type_test.js +++ b/test/unit/grant-types/authorization-code-grant-type_test.js @@ -69,7 +69,7 @@ describe('AuthorizationCodeGrantType', function() { }; const handler = new AuthorizationCodeGrantType({ accessTokenLifetime: 120, model: model }); - sinon.stub(handler, 'validateScope').returns('foobiz'); + sinon.stub(handler, 'validateScope').returns(Promise.resolve('foobiz')); sinon.stub(handler, 'generateAccessToken').returns(Promise.resolve('foo')); sinon.stub(handler, 'generateRefreshToken').returns(Promise.resolve('bar')); sinon.stub(handler, 'getAccessTokenExpiresAt').returns(Promise.resolve('biz')); From dc2d841385e5299470286740ab1d4ac799b2d63f Mon Sep 17 00:00:00 2001 From: Francesco Stefanni Date: Sat, 18 Dec 2021 22:27:07 +0100 Subject: [PATCH 3/3] Rewriting by using await --- .../authorization-code-grant-type.js | 53 ++++++++----------- .../authorization-code-grant-type_test.js | 4 +- 2 files changed, 25 insertions(+), 32 deletions(-) diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js index 630b665e..06f93762 100644 --- a/lib/grant-types/authorization-code-grant-type.js +++ b/lib/grant-types/authorization-code-grant-type.js @@ -174,36 +174,29 @@ AuthorizationCodeGrantType.prototype.revokeAuthorizationCode = function(code) { * Save token. */ -AuthorizationCodeGrantType.prototype.saveToken = function(user, client, authorizationCode, scope) { - const self = this; - function validateParamScope() { - if (!scope) return Promise.resolve(scope); - return self.validateScope(user, client, scope); - } - function doActualSave(validatedScope) { - const fns = [ - self.generateAccessToken(client, user, validatedScope), - self.generateRefreshToken(client, user, validatedScope), - self.getAccessTokenExpiresAt(), - self.getRefreshTokenExpiresAt() - ]; - - return Promise.all(fns) - .bind(self) - .spread(function(accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { - const token = { - accessToken: accessToken, - authorizationCode: authorizationCode, - accessTokenExpiresAt: accessTokenExpiresAt, - refreshToken: refreshToken, - refreshTokenExpiresAt: refreshTokenExpiresAt, - scope: validatedScope - }; - - return promisify(self.model.saveToken, 3).call(self.model, token, client, user); - }); - } - return validateParamScope().then(doActualSave); +AuthorizationCodeGrantType.prototype.saveToken = async function(user, client, authorizationCode, scope) { + const validatedScope = !scope ? scope : await this.validateScope(user, client, scope); + const fns = [ + this.generateAccessToken(client, user, validatedScope), + this.generateRefreshToken(client, user, validatedScope), + this.getAccessTokenExpiresAt(), + this.getRefreshTokenExpiresAt() + ]; + + return Promise.all(fns) + .bind(this) + .spread(function(accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { + const token = { + accessToken: accessToken, + authorizationCode: authorizationCode, + accessTokenExpiresAt: accessTokenExpiresAt, + refreshToken: refreshToken, + refreshTokenExpiresAt: refreshTokenExpiresAt, + scope: validatedScope + }; + + return promisify(this.model.saveToken, 3).call(this.model, token, client, user); + }); }; /** diff --git a/test/integration/grant-types/authorization-code-grant-type_test.js b/test/integration/grant-types/authorization-code-grant-type_test.js index 6cddd53f..7d6feafe 100644 --- a/test/integration/grant-types/authorization-code-grant-type_test.js +++ b/test/integration/grant-types/authorization-code-grant-type_test.js @@ -91,7 +91,7 @@ describe('AuthorizationCodeGrantType integration', function() { e.message.should.equal('Missing parameter: `request`'); } }); - + it('should throw an error if `client` is invalid', function() { const client = {}; const model = { @@ -111,7 +111,7 @@ describe('AuthorizationCodeGrantType integration', function() { }); it('should throw an error if `client` is missing', function() { - + const model = { getAuthorizationCode: function() { return { authorizationCode: 12345, expiresAt: new Date(new Date() * 2), user: {} }; }, revokeAuthorizationCode: function() {},