setInterval(function () {
db.accessTokens.removeExpired(function(err) {
if(err) {
console.error("Error removing expired tokens");
}
});
}, config.db.timeToCheckExpiredTokens * 1000);
db.authorizationCodes.delete(code, function (err, result) {
if (err) {
return done(err);
}
if(result != undefined && result === 0) {
//This condition can result because of a "race condition" that can occur naturally when you're making
//two very fast calls to the authorization server to exchange authorization codes. So, we check for
// the result and if it's not undefined and the result is zero, then we have already deleted the
// authorization code
return done(null, false);
}
var token = utils.uid(config.token.accessTokenLength);
db.accessTokens.save(token, config.token.calculateExpirationDate(), authCode.userID, authCode.clientID, authCode.scope, function (err) {
if (err) {
return done(err);
}
var refreshToken = null;
//I mimic openid connect's offline scope to determine if we send
//a refresh token or not
if (authCode.scope && authCode.scope.indexOf("offline_access") === 0) {
refreshToken = utils.uid(config.token.refreshTokenLength);
db.refreshTokens.save(refreshToken, authCode.userID, authCode.clientID, authCode.scope, function (err) {
if (err) {
return done(err);
}
return done(null, token, refreshToken, {expires_in: config.token.expiresIn});
});
} else {
return done(null, token, refreshToken, {expires_in: config.token.expiresIn});
}
});
});
function (req, res) {
if (req.query.access_token) {
db.accessTokens.find(req.query.access_token, function (err, token) {
if (err || !token) {
res.status(400);
res.json({error: "invalid_token"});
} else if (new Date() > token.expirationDate) {
res.status(400);
res.json({error: "invalid_token"});
}
else {
db.clients.find(token.clientID, function (err, client) {
if (err || !client) {
res.status(400);
res.json({error: "invalid_token"});
} else {
if (token.expirationDate) {
var expirationLeft = Math.floor((token.expirationDate.getTime() - new Date().getTime()) / 1000);
if (expirationLeft <= 0) {
res.json({error: "invalid_token"});
} else {
res.json({audience: client.clientId, expires_in: expirationLeft});
}
} else {
res.json({audience: client.clientId});
}
}
});
}
});
} else {
res.status(400);
res.json({error: "invalid_token"});
}
}
db.users.findByUsername(username, function (err, user) {
if (err) {
return done(err);
}
if (!user) {
return done(null, false);
}
if (password !== user.password) {
return done(null, false);
}
var token = utils.uid(config.token.accessTokenLength);
db.accessTokens.save(token, config.token.calculateExpirationDate(), user.id, client.id, scope, function (err) {
if (err) {
return done(err);
}
var refreshToken = null;
//I mimic openid connect's offline scope to determine if we send
//a refresh token or not
if (scope && scope.indexOf("offline_access") === 0) {
refreshToken = utils.uid(config.token.refreshTokenLength);
db.refreshTokens.save(refreshToken, user.id, client.id, scope, function (err) {
if (err) {
return done(err);
}
return done(null, token, refreshToken, {expires_in: config.token.expiresIn});
});
} else {
return done(null, token, refreshToken, {expires_in: config.token.expiresIn});
}
});
});
server.grant(oauth2orize.grant.token(function (client, user, ares, done) {
var token = utils.uid(config.token.accessTokenLength);
db.accessTokens.save(token, config.token.calculateExpirationDate(), user.id, client.id, client.scope, function (err) {
if (err) {
return done(err);
}
return done(null, token, {expires_in: config.token.expiresIn});
});
}));
server.exchange(oauth2orize.exchange.clientCredentials(function(client, scope, done) {
var token = utils.uid(config.token.accessTokenLength);
//Pass in a null for user id since there is no user when using this grant type
db.accessTokens.save(token, config.token.calculateExpirationDate(), null, client.id, scope, function (err) {
if (err) {
return done(err);
}
return done(null, token, null, {expires_in: config.token.expiresIn});
});
}));
dbTokens.accessTokens.find('someMadeUpAccessTokenLookAtMe', function (err, token) {
assert.equal(token.userID, 'madeUpUser');
assert.equal(token.clientID, 'madeUpClient');
assert.equal(token.scope, 'madeUpScope');
dbTokens.accessTokens.delete('someMadeUpAccessTokenLookAtMe', function (err) {
dbTokens.accessTokens.find('someMadeUpAccessTokenLookAtMe', function (err, token) {
assert.equal(token, null);
done();
});
});
});
function (accessToken, done) {
db.accessTokens.find(accessToken, function (err, token) {
if (err) {
return done(err);
}
if (!token) {
return done(null, false);
}
if (new Date() > token.expirationDate) {
db.accessTokens.delete(accessToken, function (err) {
return done(err);
});
} else {
if (token.userID !== null) {
db.users.find(token.userID, function (err, user) {
if (err) {
return done(err);
}
if (!user) {
return done(null, false);
}
// to keep this example simple, restricted scopes are not implemented,
// and this is just for illustrative purposes
var info = {scope: '*'};
return done(null, user, info);
});
} else {
//The request came from a client only since userID is null
//therefore the client is passed back instead of a user
db.clients.find(token.clientID, function (err, client) {
if (err) {
return done(err);
}
if (!client) {
return done(null, false);
}
// to keep this example simple, restricted scopes are not implemented,
// and this is just for illustrative purposes
var info = {scope: '*'};
return done(null, client, info);
});
}
}
});
}
db.refreshTokens.find(refreshToken, function (err, authCode) {
if (err) {
return done(err);
}
if (!authCode) {
return done(null, false);
}
if (client.id !== authCode.clientID) {
return done(null, false);
}
var token = utils.uid(config.token.accessTokenLength);
db.accessTokens.save(token, config.token.calculateExpirationDate(), authCode.userID, authCode.clientID, authCode.scope, function (err) {
if (err) {
return done(err);
}
return done(null, token, null, {expires_in: config.token.expiresIn});
});
});
it('should save an access token, then delete it correctly', function (done) {
dbTokens.accessTokens.save('someMadeUpAccessTokenLookAtMe',
new Date(),
"madeUpUser",
"madeUpClient",
"madeUpScope"
, function (err) {
dbTokens.accessTokens.find('someMadeUpAccessTokenLookAtMe', function (err, token) {
assert.equal(token.userID, 'madeUpUser');
assert.equal(token.clientID, 'madeUpClient');
assert.equal(token.scope, 'madeUpScope');
dbTokens.accessTokens.delete('someMadeUpAccessTokenLookAtMe', function (err) {
dbTokens.accessTokens.find('someMadeUpAccessTokenLookAtMe', function (err, token) {
assert.equal(token, null);
done();
});
});
});
}
);
});
it('should remove all tokens', function (done) {
dbTokens.accessTokens.removeAll(function () {
done();
});
});
dbTokens.accessTokens.delete('someMadeUpAccessTokenLookAtMe', function (err) {
dbTokens.accessTokens.find('someMadeUpAccessTokenLookAtMe', function (err, token) {
assert.equal(token, null);
done();
});
});
it('should not find any empty access tokens', function (done) {
dbTokens.accessTokens.find('', function(token) {
assert.equal(token, null);
});
done();
});