Sign upLogin

passport-next/oauth2orize

View on GitHub
Star
lib/txn/session.js

Summary

Maintainability
A
1 hr
Test Coverage
/**
 * Module dependencies.
 */
var crypto = require('crypto')
  , AuthorizationError = require('../errors/authorizationerror')
  , BadRequestError = require('../errors/badrequesterror')
  , ForbiddenError = require('../errors/forbiddenerror');


function SessionStore() {
  this.legacy = true;
}

SessionStore.prototype.load = function(server, options, req, cb) {
  var field = options.transactionField || 'transaction_id'
    , key = options.sessionKey || 'authorize';
  
  if (!req.session) { return cb(new Error('OAuth2orize requires session support. Did you forget app.use(express.session(...))?')); }
  if (!req.session[key]) { return cb(new ForbiddenError('Unable to load OAuth 2.0 transactions from session')); }
  
  var query = req.query || {}
    , body = req.body || {}
    , tid = query[field] || body[field];

  if (!tid) { return cb(new BadRequestError('Missing required parameter: ' + field)); }
  var txn = req.session[key][tid];
  if (!txn) { return cb(new ForbiddenError('Unable to load OAuth 2.0 transaction: ' + tid)); }
  
  var self = this;
  server.deserializeClient(txn.client, function(err, client) {
    if (err) { return cb(err); }
    if (!client) {
      // At the time the request was initiated, the client was validated.
      // Since then, however, it has been invalidated.  The transaction will
      // be invalidated and no response will be sent to the client.
      self.remove(options, req, tid, function(err) {
        if (err) { return cb(err); }
        return cb(new AuthorizationError('Unauthorized client', 'unauthorized_client'));
      });
      return;
    }
  
    txn.transactionID = tid;
    txn.client = client;
    cb(null, txn);
  });
}

SessionStore.prototype.store = function(server, options, req, txn, cb) {
  var lenTxnID = options.idLength || 8
    , key = options.sessionKey || 'authorize';
    
  if (!req.session) { return cb(new Error('OAuth2orize requires session support. Did you forget app.use(express.session(...))?')); }
  
  server.serializeClient(txn.client, function(err, obj) {
    if (err) { return cb(err); }
    
    var tid = crypto.randomBytes(lenTxnID).toString('hex');
    txn.client = obj;
  
    // store transaction in session
    var txns = req.session[key] = req.session[key] || {};
    txns[tid] = txn;
  
    cb(null, tid);
  });
}

SessionStore.prototype.update = function(server, options, req, tid, txn, cb) {
  var key = options.sessionKey || 'authorize';
  
  server.serializeClient(txn.client, function(err, obj) {
    if (err) { return cb(err); }
    
    txn.client = obj;
  
    // store transaction in session
    var txns = req.session[key] = req.session[key] || {};
    txns[tid] = txn;
  
    cb(null, tid);
  });
}

SessionStore.prototype.remove = function(options, req, tid, cb) {
  var key = options.sessionKey || 'authorize';
  
  if (!req.session) { return cb(new Error('OAuth2orize requires session support. Did you forget app.use(express.session(...))?')); }
  
  if (req.session[key]) {
    delete req.session[key][tid];
  }
  
  cb();
}


module.exports = SessionStore;