}, function (e, r, b) {
if (e) {
return done(e);
}
r.statusCode.should.equal(errors.forbidden().status);
should.exist(b);
should.exist(b.code);
should.exist(b.message);
b.code.should.equal(errors.forbidden().data.code);
done();
});
}, function (err, client) {
if (err) {
log.error('clients:find-one', err);
return next(errors.serverError());
}
if (!client) {
return next(errors.unauthorized());
}
var location = req.body.location;
var to = client.to;
if (to.indexOf(location) === -1) {
return next(errors.forbidden());
}
Tokens.findOne({
user: req.user.id,
client: client.id
}, function (err, token) {
if (err) {
log.error('tokens:find-one', err);
return next(errors.serverError());
}
var expires;
if (token) {
expires = token.accessibility();
if (expires > MIN_ACCESSIBILITY) {
res.send({
id: token.id,
access_token: token.access,
refresh_token: token.refresh,
expires_in: expires
});
return;
}
}
model.create(req.ctx, function (err, token) {
if (err) {
log.error('tokens:create', err);
return next(errors.serverError());
}
res.send({
id: token.id,
access_token: token.access,
refresh_token: token.refresh,
expires_in: token.accessible
});
});
});
});
serandi.update(Users)(req, res, function (err) {
if (err) {
return next(err);
}
var data = req.body;
if (data.email !== req.user.email) {
return next(errors.forbidden());
}
if (!data.password) {
return next();
}
serandi.otp({
name: 'accounts-update',
user: req.ctx.id
})(req, res, next);
});