resolve merge conflict

sambacha · Feb 14, 2018 · c33a2cd · c33a2cd
1 parent bc7211b
commit c33a2cd
Show file tree

Hide file tree

Showing 9 changed files with 536 additions and 283 deletions.
diff --git a/lib/grant-types/implicit-grant-type.js b/lib/grant-types/implicit-grant-type.js
@@ -0,0 +1,87 @@
+'use strict';
+
+/**
+ * Module dependencies.
+ */
+
+var AbstractGrantType = require('./abstract-grant-type');
+var InvalidArgumentError = require('../errors/invalid-argument-error');
+var Promise = require('bluebird');
+var util = require('util');
+
+/**
+ * Constructor.
+ */
+
+function ImplicitGrantType(options) {
+  options = options || {};
+
+  if (!options.model) {
+    throw new InvalidArgumentError('Missing parameter: `model`');
+  }
+
+  if (!options.model.saveToken) {
+    throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`');
+  }
+
+  if (!options.user) {
+    throw new InvalidArgumentError('Missing parameter: `user`');
+  }
+
+  this.scope = options.scope;
+  this.user = options.user;
+
+  AbstractGrantType.call(this, options);
+}
+
+/**
+ * Inherit prototype.
+ */
+
+util.inherits(ImplicitGrantType, AbstractGrantType);
+
+/**
+ * Handle implicit token grant.
+ */
+
+ImplicitGrantType.prototype.handle = function(request, client) {
+  if (!request) {
+    throw new InvalidArgumentError('Missing parameter: `request`');
+  }
+
+  if (!client) {
+    throw new InvalidArgumentError('Missing parameter: `client`');
+  }
+
+  return this.saveToken(this.user, client, this.scope);
+};
+
+/**
+ * Save token.
+ */
+
+ImplicitGrantType.prototype.saveToken = function(user, client, scope) {
+  var fns = [
+    this.validateScope(user, client, scope),
+    this.generateAccessToken(),
+    this.getAccessTokenExpiresAt()
+  ];
+
+  return Promise.all(fns)
+    .bind(this)
+    .spread(function(scope, accessToken, accessTokenExpiresAt) {
+      var token = {
+        accessToken: accessToken,
+        accessTokenExpiresAt: accessTokenExpiresAt,
+        scope: scope
+      };
+
+      return this.model.saveToken(token, client, user);
+    });
+};
+
+/**
+ * Export constructor.
+ */
+
+module.exports = ImplicitGrantType;
diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js
@@ -20,7 +20,6 @@ var Response = require('../response');
 var ServerError = require('../errors/server-error');
 var UnauthorizedClientError = require('../errors/unauthorized-client-error');
 var is = require('../validator/is');
-var tokenUtil = require('../utils/token-util');
 var url = require('url');
 
 /**
@@ -43,10 +42,6 @@ function AuthorizeHandler(options) {
     throw new InvalidArgumentError('Invalid argument: authenticateHandler does not implement `handle()`');
   }
 
-  if (!options.authorizationCodeLifetime) {
-    throw new InvalidArgumentError('Missing parameter: `authorizationCodeLifetime`');
-  }
-
   if (!options.model) {
     throw new InvalidArgumentError('Missing parameter: `model`');
   }
@@ -55,13 +50,9 @@ function AuthorizeHandler(options) {
     throw new InvalidArgumentError('Invalid argument: model does not implement `getClient()`');
   }
 
-  if (!options.model.saveAuthorizationCode) {
-    throw new InvalidArgumentError('Invalid argument: model does not implement `saveAuthorizationCode()`');
-  }
-
+  this.options = options;
   this.allowEmptyState = options.allowEmptyState;
   this.authenticateHandler = options.authenticateHandler || new AuthenticateHandler(options);
-  this.authorizationCodeLifetime = options.authorizationCodeLifetime;
   this.model = options.model;
 }
 
@@ -86,79 +77,52 @@ AuthorizeHandler.prototype.handle = function(request, response) {
   this.model.request = request;
 
   var fns = [
-    this.getAuthorizationCodeLifetime(),
     this.getClient(request),
     this.getUser(request, response)
   ];
 
   return Promise.all(fns)
     .bind(this)
-    .spread(function(expiresAt, client, user) {
-      var uri = this.getRedirectUri(request, client);
+    .spread(function(client, user) {
       var scope;
       var state;
-      var ResponseType;
+      var responseType = this.getResponseType(request, client);
+      var uri = this.getRedirectUri(request, client);
 
-      return Promise.bind(this)
+      return Promise
+        .bind(this)
         .then(function() {
           var requestedScope = this.getScope(request);
 
           return this.validateScope(user, client, requestedScope);
         })
         .then(function(validScope) {
           scope = validScope;
-
-          return this.generateAuthorizationCode(client, user, scope);
-        })
-        .then(function(authorizationCode) {
           state = this.getState(request);
-          ResponseType = this.getResponseType(request);
 
-          return this.saveAuthorizationCode(authorizationCode, expiresAt, scope, client, uri, user);
+          return responseType.handle(request, client, user, uri, scope);
         })
-        .then(function(code) {
-          var responseType = new ResponseType(code.authorizationCode);
+        .then(function(codeOrAccessToken) {
           var redirectUri = this.buildSuccessRedirectUri(uri, responseType);
 
-          this.updateResponse(response, redirectUri, state);
+          this.updateResponse(response, redirectUri, responseType, state);
 
-          return code;
+          return codeOrAccessToken;
         })
         .catch(function(e) {
           if (!(e instanceof OAuthError)) {
             e = new ServerError(e);
           }
-          var redirectUri = this.buildErrorRedirectUri(uri, e);
 
-          this.updateResponse(response, redirectUri, state);
+          var redirectUri = this.buildErrorRedirectUri(uri, responseType, e);
+
+          this.updateResponse(response, redirectUri, responseType, state);
 
           throw e;
         });
     });
 };
 
-/**
- * Generate authorization code.
- */
-
-AuthorizeHandler.prototype.generateAuthorizationCode = function(client, user, scope) {
-  if (this.model.generateAuthorizationCode) {
-    return promisify(this.model.generateAuthorizationCode, 3).call(this.model, client, user, scope);
-  }
-  return tokenUtil.generateRandomToken();
-};
-
-/**
- * Get authorization code lifetime.
- */
-
-AuthorizeHandler.prototype.getAuthorizationCodeLifetime = function() {
-  var expires = new Date();
-
-  expires.setSeconds(expires.getSeconds() + this.authorizationCodeLifetime);
-  return expires;
-};
-
 /**
  * Get the client from the model.
  */
@@ -279,25 +243,12 @@ AuthorizeHandler.prototype.getRedirectUri = function(request, client) {
   return request.body.redirect_uri || request.query.redirect_uri || client.redirectUris[0];
 };
 
-/**
- * Save authorization code.
- */
-
-AuthorizeHandler.prototype.saveAuthorizationCode = function(authorizationCode, expiresAt, scope, client, redirectUri, user) {
-  var code = {
-    authorizationCode: authorizationCode,
-    expiresAt: expiresAt,
-    redirectUri: redirectUri,
-    scope: scope
-  };
-  return promisify(this.model.saveAuthorizationCode, 3).call(this.model, code, client, user);
-};
 
 /**
  * Get response type.
  */
 
-AuthorizeHandler.prototype.getResponseType = function(request) {
+AuthorizeHandler.prototype.getResponseType = function(request, client) {
   var responseType = request.body.response_type || request.query.response_type;
 
   if (!responseType) {
@@ -308,30 +259,39 @@ AuthorizeHandler.prototype.getResponseType = function(request) {
     throw new UnsupportedResponseTypeError('Unsupported response type: `response_type` is not supported');
   }
 
-  return responseTypes[responseType];
+  if (!_.contains(['code', 'token'], responseType)) {
+    throw new InvalidRequestError('Invalid parameter: `response_type`');
+  }
+
+  if (!_.contains(client.grants, 'implicit') && responseType === 'token') {
+    throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid');
+  }
+
+  var Type = responseTypes[responseType];
+
+  return new Type(this.options);
 };
 
 /**
  * Build a successful response that redirects the user-agent to the client-provided url.
  */
 
 AuthorizeHandler.prototype.buildSuccessRedirectUri = function(redirectUri, responseType) {
-  return responseType.buildRedirectUri(redirectUri);
+  var uri = url.parse(redirectUri);
+  return responseType.buildRedirectUri(uri);
 };
 
 /**
  * Build an error response that redirects the user-agent to the client-provided url.
  */
 
-AuthorizeHandler.prototype.buildErrorRedirectUri = function(redirectUri, error) {
+AuthorizeHandler.prototype.buildErrorRedirectUri = function(redirectUri, responseType, error) {
   var uri = url.parse(redirectUri);
 
-  uri.query = {
-    error: error.name
-  };
+  uri = responseType.setRedirectUriParam(uri, 'error', error.name);
 
   if (error.message) {
-    uri.query.error_description = error.message;
+    uri = responseType.setRedirectUriParam(uri, 'error_description', error.message);
   }
 
   return uri;
@@ -341,11 +301,9 @@ AuthorizeHandler.prototype.buildErrorRedirectUri = function(redirectUri, error)
  * Update response with the redirect uri and the state parameter, if available.
  */
 
-AuthorizeHandler.prototype.updateResponse = function(response, redirectUri, state) {
-  redirectUri.query = redirectUri.query || {};
-
+AuthorizeHandler.prototype.updateResponse = function(response, redirectUri, responseType, state) {
   if (state) {
-    redirectUri.query.state = state;
+    redirectUri = responseType.setRedirectUriParam(redirectUri, 'state', state);
   }
 
   response.redirect(url.format(redirectUri));