Merge branch 'development' into release-5.0.0

Author: jankapunkt

index.d.ts

@@ -269,6 +269,7 @@ declare namespace OAuth2Server {
 
         /**
          * Invoked during request authentication to check if the provided access token was authorized the requested scopes.
+         * Optional, if a custom authenticateHandler is used or if there is no scope part of the request.
          *
          */
         verifyScope(token: Token, scope: string | string[]): Promise<boolean>;

lib/grant-types/abstract-grant-type.js

@@ -9,99 +9,94 @@ const InvalidScopeError = require('../errors/invalid-scope-error');
 const isFormat = require('@node-oauth/formats');
 const tokenUtil = require('../utils/token-util');
 
-/**
- * Constructor.
- */
+class AbstractGrantType {
+  constructor (options) {
+    options = options || {};
 
-function AbstractGrantType(options) {
-  options = options || {};
+    if (!options.accessTokenLifetime) {
+      throw new InvalidArgumentError('Missing parameter: `accessTokenLifetime`');
+    }
 
-  if (!options.accessTokenLifetime) {
-    throw new InvalidArgumentError('Missing parameter: `accessTokenLifetime`');
-  }
+    if (!options.model) {
+      throw new InvalidArgumentError('Missing parameter: `model`');
+    }
 
-  if (!options.model) {
-    throw new InvalidArgumentError('Missing parameter: `model`');
+    this.accessTokenLifetime = options.accessTokenLifetime;
+    this.model = options.model;
+    this.refreshTokenLifetime = options.refreshTokenLifetime;
+    this.alwaysIssueNewRefreshToken = options.alwaysIssueNewRefreshToken;
   }
 
-  this.accessTokenLifetime = options.accessTokenLifetime;
-  this.model = options.model;
-  this.refreshTokenLifetime = options.refreshTokenLifetime;
-  this.alwaysIssueNewRefreshToken = options.alwaysIssueNewRefreshToken;
-}
-
-/**
- * Generate access token.
- */
+  /**
+   * Generate access token.
+   */
+  async generateAccessToken (client, user, scope) {
+    if (this.model.generateAccessToken) {
+      // We should not fall back to a random accessToken, if the model did not
+      // return a token, in order to prevent unintended token-issuing.
+      return this.model.generateAccessToken(client, user, scope);
+    }
 
-AbstractGrantType.prototype.generateAccessToken = async function(client, user, scope) {
-  if (this.model.generateAccessToken) {
-    // We should not fall back to a random accessToken, if the model did not
-    // return a token, in order to prevent unintended token-issuing.
-    return this.model.generateAccessToken(client, user, scope);
+    return tokenUtil.generateRandomToken();
   }
 
-  return tokenUtil.generateRandomToken();
-};
-
-/**
+  /**
  * Generate refresh token.
  */
+  async generateRefreshToken (client, user, scope) {
+    if (this.model.generateRefreshToken) {
+      // We should not fall back to a random refreshToken, if the model did not
+      // return a token, in order to prevent unintended token-issuing.
+      return this.model.generateRefreshToken(client, user, scope);
+    }
 
-AbstractGrantType.prototype.generateRefreshToken = async function(client, user, scope) {
-  if (this.model.generateRefreshToken) {
-    // We should not fall back to a random refreshToken, if the model did not
-    // return a token, in order to prevent unintended token-issuing.
-    return this.model.generateRefreshToken(client, user, scope);
+    return tokenUtil.generateRandomToken();
   }
 
-  return tokenUtil.generateRandomToken();
-};
-
-/**
+  /**
  * Get access token expiration date.
  */
+  getAccessTokenExpiresAt() {
+    return new Date(Date.now() + this.accessTokenLifetime * 1000);
+  }
 
-AbstractGrantType.prototype.getAccessTokenExpiresAt = function() {
-  return new Date(Date.now() + this.accessTokenLifetime * 1000);
-};
 
-/**
- * Get refresh token expiration date.
- */
 
-AbstractGrantType.prototype.getRefreshTokenExpiresAt = function() {
-  return new Date(Date.now() + this.refreshTokenLifetime * 1000);
-};
+  /**
+   * Get refresh token expiration date.
+   */
+  getRefreshTokenExpiresAt () {
+    return new Date(Date.now() + this.refreshTokenLifetime * 1000);
+  }
 
-/**
- * Get scope from the request body.
- */
+  /**
+   * Get scope from the request body.
+   */
+  getScope (request) {
+    if (!isFormat.nqschar(request.body.scope)) {
+      throw new InvalidArgumentError('Invalid parameter: `scope`');
+    }
 
-AbstractGrantType.prototype.getScope = function(request) {
-  if (!isFormat.nqschar(request.body.scope)) {
-    throw new InvalidArgumentError('Invalid parameter: `scope`');
+    return request.body.scope;
   }
 
-  return request.body.scope;
-};
+  /**
+   * Validate requested scope.
+   */
+  async validateScope (user, client, scope) {
+    if (this.model.validateScope) {
+      const validatedScope = await this.model.validateScope(user, client, scope);
 
-/**
- * Validate requested scope.
- */
-AbstractGrantType.prototype.validateScope = async function(user, client, scope) {
-  if (this.model.validateScope) {
-    const validatedScope = await this.model.validateScope(user, client, scope);
+      if (!validatedScope) {
+        throw new InvalidScopeError('Invalid scope: Requested scope is invalid');
+      }
 
-    if (!validatedScope) {
-      throw new InvalidScopeError('Invalid scope: Requested scope is invalid');
+      return validatedScope;
+    } else {
+      return scope;
     }
-
-    return validatedScope;
-  } else {
-    return scope;
   }
-};
+}
 
 /**
  * Export constructor.

lib/grant-types/authorization-code-grant-type.js

@@ -53,8 +53,8 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
     }
 
     const code = await this.getAuthorizationCode(request, client);
-    await this.validateRedirectUri(request, code);
     await this.revokeAuthorizationCode(code);
+    await this.validateRedirectUri(request, code);
 
     return this.saveToken(code.user, client, code.authorizationCode, code.scope);
   }
@@ -187,10 +187,10 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
 	 * Save token.
 	 */
 
-  async saveToken(user, client, authorizationCode, scope) {
-    const validatedScope = await this.validateScope(user, client, scope);
-    const accessToken = await this.generateAccessToken(client, user, scope);
-    const refreshToken = await this.generateRefreshToken(client, user, scope);
+  async saveToken(user, client, authorizationCode, requestedScope) {
+    const validatedScope = await this.validateScope(user, client, requestedScope);
+    const accessToken = await this.generateAccessToken(client, user, validatedScope);
+    const refreshToken = await this.generateRefreshToken(client, user, validatedScope);
     const accessTokenExpiresAt = await this.getAccessTokenExpiresAt();
     const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt();
 

lib/grant-types/client-credentials-grant-type.js

@@ -68,10 +68,10 @@ class ClientCredentialsGrantType extends AbstractGrantType {
 	 * Save token.
 	 */
 
-  async saveToken(user, client, scope) {
-    const validatedScope = await this.validateScope(user, client, scope);
-    const accessToken = await this.generateAccessToken(client, user, scope);
-    const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(client, user, scope);
+  async saveToken(user, client, requestedScope) {
+    const validatedScope = await this.validateScope(user, client, requestedScope);
+    const accessToken = await this.generateAccessToken(client, user, validatedScope);
+    const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(client, user, validatedScope);
     const token = {
       accessToken,
       accessTokenExpiresAt,

lib/grant-types/password-grant-type.js

@@ -86,10 +86,10 @@ class PasswordGrantType extends AbstractGrantType {
 	 * Save token.
 	 */
 
-  async saveToken(user, client, scope) {
-    const validatedScope = await this.validateScope(user, client, scope);
-    const accessToken = await this.generateAccessToken(client, user, scope);
-    const refreshToken = await this.generateRefreshToken(client, user, scope);
+  async saveToken(user, client, requestedScope) {
+    const validatedScope = await this.validateScope(user, client, requestedScope);
+    const accessToken = await this.generateAccessToken(client, user, validatedScope);
+    const refreshToken = await this.generateRefreshToken(client, user, validatedScope);
     const accessTokenExpiresAt = await this.getAccessTokenExpiresAt();
     const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt();
 

lib/grant-types/refresh-token-grant-type.js

@@ -132,7 +132,7 @@ class RefreshTokenGrantType extends AbstractGrantType {
     const token = {
       accessToken,
       accessTokenExpiresAt,
-      scope: scope,
+      scope,
     };
 
     if (this.alwaysIssueNewRefreshToken !== false) {