server/lib/oauth-model.ts

   1 import { OAuthClientInstance, UserInstance } from '../models'
   2 import { database as db } from '../initializers/database'
   3 import { logger } from '../helpers'
   4
   5 type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date }
   6
   7 // ---------------------------------------------------------------------------
   8
   9 function getAccessToken (bearerToken: string) {
  10   logger.debug('Getting access token (bearerToken: ' + bearerToken + ').')
  11
  12   return db.OAuthToken.getByTokenAndPopulateUser(bearerToken)
  13 }
  14
  15 function getClient (clientId: string, clientSecret: string) {
  16   logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').')
  17
  18   return db.OAuthClient.getByIdAndSecret(clientId, clientSecret)
  19 }
  20
  21 function getRefreshToken (refreshToken: string) {
  22   logger.debug('Getting RefreshToken (refreshToken: ' + refreshToken + ').')
  23
  24   return db.OAuthToken.getByRefreshTokenAndPopulateClient(refreshToken)
  25 }
  26
  27 function getUser (username: string, password: string) {
  28   logger.debug('Getting User (username: ' + username + ', password: ' + password + ').')
  29
  30   return db.User.getByUsername(username).then(function (user) {
  31     if (!user) return null
  32
  33     return user.isPasswordMatch(password).then(passwordMatch => {
  34       if (passwordMatch === false) return null
  35
  36       return user
  37     })
  38   })
  39 }
  40
  41 function revokeToken (token: TokenInfo) {
  42   return db.OAuthToken.getByRefreshTokenAndPopulateUser(token.refreshToken).then(function (tokenDB) {
  43     if (tokenDB) tokenDB.destroy()
  44
  45     /*
  46       * Thanks to https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/mongo-models.js
  47       * "As per the discussion we need set older date
  48       * revokeToken will expected return a boolean in future version
  49       * https://github.com/oauthjs/node-oauth2-server/pull/274
  50       * https://github.com/oauthjs/node-oauth2-server/issues/290"
  51     */
  52     const expiredToken = tokenDB
  53     expiredToken.refreshTokenExpiresAt = new Date('2015-05-28T06:59:53.000Z')
  54
  55     return expiredToken
  56   })
  57 }
  58
  59 function saveToken (token: TokenInfo, client: OAuthClientInstance, user: UserInstance) {
  60   logger.debug('Saving token ' + token.accessToken + ' for client ' + client.id + ' and user ' + user.id + '.')
  61
  62   const tokenToCreate = {
  63     accessToken: token.accessToken,
  64     accessTokenExpiresAt: token.accessTokenExpiresAt,
  65     refreshToken: token.refreshToken,
  66     refreshTokenExpiresAt: token.refreshTokenExpiresAt,
  67     oAuthClientId: client.id,
  68     userId: user.id
  69   }
  70
  71   return db.OAuthToken.create(tokenToCreate).then(tokenCreated => {
  72     const tokenToReturn = Object.assign(tokenCreated, { client, user })
  73
  74     return tokenToReturn
  75   })
  76 }
  77
  78 // ---------------------------------------------------------------------------
  79
  80 // See https://github.com/oauthjs/node-oauth2-server/wiki/Model-specification for the model specifications
  81 export {
  82   getAccessToken,
  83   getClient,
  84   getRefreshToken,
  85   getUser,
  86   revokeToken,
  87   saveToken
  88 }