setInterval(function () { db.accessTokens.removeExpired(function(err) { if(err) { console.error("Error removing expired tokens"); } }); }, config.db.timeToCheckExpiredTokens * 1000);
db.authorizationCodes.delete(code, function (err, result) { if (err) { return done(err); } if(result != undefined && result === 0) { //This condition can result because of a "race condition" that can occur naturally when you're making //two very fast calls to the authorization server to exchange authorization codes. So, we check for // the result and if it's not undefined and the result is zero, then we have already deleted the // authorization code return done(null, false); } var token = utils.uid(config.token.accessTokenLength); db.accessTokens.save(token, config.token.calculateExpirationDate(), authCode.userID, authCode.clientID, authCode.scope, function (err) { if (err) { return done(err); } var refreshToken = null; //I mimic openid connect's offline scope to determine if we send //a refresh token or not if (authCode.scope && authCode.scope.indexOf("offline_access") === 0) { refreshToken = utils.uid(config.token.refreshTokenLength); db.refreshTokens.save(refreshToken, authCode.userID, authCode.clientID, authCode.scope, function (err) { if (err) { return done(err); } return done(null, token, refreshToken, {expires_in: config.token.expiresIn}); }); } else { return done(null, token, refreshToken, {expires_in: config.token.expiresIn}); } }); });
function (req, res) { if (req.query.access_token) { db.accessTokens.find(req.query.access_token, function (err, token) { if (err || !token) { res.status(400); res.json({error: "invalid_token"}); } else if (new Date() > token.expirationDate) { res.status(400); res.json({error: "invalid_token"}); } else { db.clients.find(token.clientID, function (err, client) { if (err || !client) { res.status(400); res.json({error: "invalid_token"}); } else { if (token.expirationDate) { var expirationLeft = Math.floor((token.expirationDate.getTime() - new Date().getTime()) / 1000); if (expirationLeft <= 0) { res.json({error: "invalid_token"}); } else { res.json({audience: client.clientId, expires_in: expirationLeft}); } } else { res.json({audience: client.clientId}); } } }); } }); } else { res.status(400); res.json({error: "invalid_token"}); } }
db.users.findByUsername(username, function (err, user) { if (err) { return done(err); } if (!user) { return done(null, false); } if (password !== user.password) { return done(null, false); } var token = utils.uid(config.token.accessTokenLength); db.accessTokens.save(token, config.token.calculateExpirationDate(), user.id, client.id, scope, function (err) { if (err) { return done(err); } var refreshToken = null; //I mimic openid connect's offline scope to determine if we send //a refresh token or not if (scope && scope.indexOf("offline_access") === 0) { refreshToken = utils.uid(config.token.refreshTokenLength); db.refreshTokens.save(refreshToken, user.id, client.id, scope, function (err) { if (err) { return done(err); } return done(null, token, refreshToken, {expires_in: config.token.expiresIn}); }); } else { return done(null, token, refreshToken, {expires_in: config.token.expiresIn}); } }); });
server.grant(oauth2orize.grant.token(function (client, user, ares, done) { var token = utils.uid(config.token.accessTokenLength); db.accessTokens.save(token, config.token.calculateExpirationDate(), user.id, client.id, client.scope, function (err) { if (err) { return done(err); } return done(null, token, {expires_in: config.token.expiresIn}); }); }));
server.exchange(oauth2orize.exchange.clientCredentials(function(client, scope, done) { var token = utils.uid(config.token.accessTokenLength); //Pass in a null for user id since there is no user when using this grant type db.accessTokens.save(token, config.token.calculateExpirationDate(), null, client.id, scope, function (err) { if (err) { return done(err); } return done(null, token, null, {expires_in: config.token.expiresIn}); }); }));
dbTokens.accessTokens.find('someMadeUpAccessTokenLookAtMe', function (err, token) { assert.equal(token.userID, 'madeUpUser'); assert.equal(token.clientID, 'madeUpClient'); assert.equal(token.scope, 'madeUpScope'); dbTokens.accessTokens.delete('someMadeUpAccessTokenLookAtMe', function (err) { dbTokens.accessTokens.find('someMadeUpAccessTokenLookAtMe', function (err, token) { assert.equal(token, null); done(); }); }); });
function (accessToken, done) { db.accessTokens.find(accessToken, function (err, token) { if (err) { return done(err); } if (!token) { return done(null, false); } if (new Date() > token.expirationDate) { db.accessTokens.delete(accessToken, function (err) { return done(err); }); } else { if (token.userID !== null) { db.users.find(token.userID, function (err, user) { if (err) { return done(err); } if (!user) { return done(null, false); } // to keep this example simple, restricted scopes are not implemented, // and this is just for illustrative purposes var info = {scope: '*'}; return done(null, user, info); }); } else { //The request came from a client only since userID is null //therefore the client is passed back instead of a user db.clients.find(token.clientID, function (err, client) { if (err) { return done(err); } if (!client) { return done(null, false); } // to keep this example simple, restricted scopes are not implemented, // and this is just for illustrative purposes var info = {scope: '*'}; return done(null, client, info); }); } } }); }
db.refreshTokens.find(refreshToken, function (err, authCode) { if (err) { return done(err); } if (!authCode) { return done(null, false); } if (client.id !== authCode.clientID) { return done(null, false); } var token = utils.uid(config.token.accessTokenLength); db.accessTokens.save(token, config.token.calculateExpirationDate(), authCode.userID, authCode.clientID, authCode.scope, function (err) { if (err) { return done(err); } return done(null, token, null, {expires_in: config.token.expiresIn}); }); });
it('should save an access token, then delete it correctly', function (done) { dbTokens.accessTokens.save('someMadeUpAccessTokenLookAtMe', new Date(), "madeUpUser", "madeUpClient", "madeUpScope" , function (err) { dbTokens.accessTokens.find('someMadeUpAccessTokenLookAtMe', function (err, token) { assert.equal(token.userID, 'madeUpUser'); assert.equal(token.clientID, 'madeUpClient'); assert.equal(token.scope, 'madeUpScope'); dbTokens.accessTokens.delete('someMadeUpAccessTokenLookAtMe', function (err) { dbTokens.accessTokens.find('someMadeUpAccessTokenLookAtMe', function (err, token) { assert.equal(token, null); done(); }); }); }); } ); });
it('should remove all tokens', function (done) { dbTokens.accessTokens.removeAll(function () { done(); }); });
dbTokens.accessTokens.delete('someMadeUpAccessTokenLookAtMe', function (err) { dbTokens.accessTokens.find('someMadeUpAccessTokenLookAtMe', function (err, token) { assert.equal(token, null); done(); }); });
it('should not find any empty access tokens', function (done) { dbTokens.accessTokens.find('', function(token) { assert.equal(token, null); }); done(); });