98 lines
3 KiB
JavaScript
98 lines
3 KiB
JavaScript
/**
|
|
* Module dependencies.
|
|
*/
|
|
var utils = require('../utils')
|
|
, AuthorizationError = require('../errors/authorizationerror')
|
|
, BadRequestError = require('../errors/badrequesterror')
|
|
, ForbiddenError = require('../errors/forbiddenerror');
|
|
|
|
|
|
function SessionStore() {
|
|
this.legacy = true;
|
|
}
|
|
|
|
SessionStore.prototype.load = function(server, options, req, cb) {
|
|
var field = options.transactionField || 'transaction_id'
|
|
, key = options.sessionKey || 'authorize';
|
|
|
|
if (!req.session) { return cb(new Error('OAuth2orize requires session support. Did you forget app.use(express.session(...))?')); }
|
|
if (!req.session[key]) { return cb(new ForbiddenError('Unable to load OAuth 2.0 transactions from session')); }
|
|
|
|
var query = req.query || {}
|
|
, body = req.body || {}
|
|
, tid = query[field] || body[field];
|
|
|
|
if (!tid) { return cb(new BadRequestError('Missing required parameter: ' + field)); }
|
|
var txn = req.session[key][tid];
|
|
if (!txn) { return cb(new ForbiddenError('Unable to load OAuth 2.0 transaction: ' + tid)); }
|
|
|
|
var self = this;
|
|
server.deserializeClient(txn.client, function(err, client) {
|
|
if (err) { return cb(err); }
|
|
if (!client) {
|
|
// At the time the request was initiated, the client was validated.
|
|
// Since then, however, it has been invalidated. The transaction will
|
|
// be invalidated and no response will be sent to the client.
|
|
self.remove(options, req, tid, function(err) {
|
|
if (err) { return cb(err); }
|
|
return cb(new AuthorizationError('Unauthorized client', 'unauthorized_client'));
|
|
});
|
|
return;
|
|
}
|
|
|
|
txn.transactionID = tid;
|
|
txn.client = client;
|
|
cb(null, txn);
|
|
});
|
|
}
|
|
|
|
SessionStore.prototype.store = function(server, options, req, txn, cb) {
|
|
var lenTxnID = options.idLength || 8
|
|
, key = options.sessionKey || 'authorize';
|
|
|
|
if (!req.session) { return cb(new Error('OAuth2orize requires session support. Did you forget app.use(express.session(...))?')); }
|
|
|
|
server.serializeClient(txn.client, function(err, obj) {
|
|
if (err) { return cb(err); }
|
|
|
|
var tid = utils.uid(lenTxnID);
|
|
txn.client = obj;
|
|
|
|
// store transaction in session
|
|
var txns = req.session[key] = req.session[key] || {};
|
|
txns[tid] = txn;
|
|
|
|
cb(null, tid);
|
|
});
|
|
}
|
|
|
|
SessionStore.prototype.update = function(server, options, req, tid, txn, cb) {
|
|
var key = options.sessionKey || 'authorize';
|
|
|
|
server.serializeClient(txn.client, function(err, obj) {
|
|
if (err) { return cb(err); }
|
|
|
|
txn.client = obj;
|
|
|
|
// store transaction in session
|
|
var txns = req.session[key] = req.session[key] || {};
|
|
txns[tid] = txn;
|
|
|
|
cb(null, tid);
|
|
});
|
|
}
|
|
|
|
SessionStore.prototype.remove = function(options, req, tid, cb) {
|
|
var key = options.sessionKey || 'authorize';
|
|
|
|
if (!req.session) { return cb(new Error('OAuth2orize requires session support. Did you forget app.use(express.session(...))?')); }
|
|
|
|
if (req.session[key]) {
|
|
delete req.session[key][tid];
|
|
}
|
|
|
|
cb();
|
|
}
|
|
|
|
|
|
module.exports = SessionStore;
|