Passing validated scope into generateAccessToken. oauthjs#620

dogomedia · Oct 12, 2020 · d1c2bda · d1c2bda
1 parent 66b92a4
commit d1c2bda
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 20 deletions.
diff --git a/lib/grant-types/authorization-code-grant-type.ts b/lib/grant-types/authorization-code-grant-type.ts
@@ -212,8 +212,8 @@ export class AuthorizationCodeGrantType extends AbstractGrantType {
     scope: string,
   ) {
     const accessScope = await this.validateScope(user, client, scope);
-    const accessToken = await this.generateAccessToken(client, user, scope);
-    const refreshToken = await this.generateRefreshToken(client, user, scope);
+    const accessToken = await this.generateAccessToken(client, user, accessScope);
+    const refreshToken = await this.generateRefreshToken(client, user, accessScope);
     const accessTokenExpiresAt = this.getAccessTokenExpiresAt();
     const refreshTokenExpiresAt = this.getRefreshTokenExpiresAt();
 

diff --git a/lib/grant-types/client-credentials-grant-type.ts b/lib/grant-types/client-credentials-grant-type.ts
@@ -65,7 +65,7 @@ export class ClientCredentialsGrantType extends AbstractGrantType {
 
   async saveToken(user: User, client: Client, scope: string) {
     const accessScope = await this.validateScope(user, client, scope);
-    const accessToken = await this.generateAccessToken(client, user, scope);
+    const accessToken = await this.generateAccessToken(client, user, accessScope);
     const accessTokenExpiresAt = this.getAccessTokenExpiresAt();
 
     const token = {

diff --git a/lib/grant-types/implicit-grant-type.ts b/lib/grant-types/implicit-grant-type.ts
@@ -48,14 +48,14 @@ export class ImplicitGrantType extends AbstractGrantType {
    */
 
   async saveToken(user: User, client: Client, scope: string) {
-    const validatedScope = await this.validateScope(user, client, scope);
-    const accessToken = await this.generateAccessToken(client, user, scope);
+    const accessScope = await this.validateScope(user, client, scope);
+    const accessToken = await this.generateAccessToken(client, user, accessScope);
     const accessTokenExpiresAt = this.getAccessTokenExpiresAt();
 
     const token = {
       accessToken,
       accessTokenExpiresAt,
-      scope: validatedScope,
+      scope: accessScope,
     } as Token;
 
     return this.model.saveToken(token, client, user);

diff --git a/lib/grant-types/password-grant-type.ts b/lib/grant-types/password-grant-type.ts
@@ -90,8 +90,8 @@ export class PasswordGrantType extends AbstractGrantType {
 
   async saveToken(user: User, client: Client, scope: string) {
     const accessScope = await this.validateScope(user, client, scope);
-    const accessToken = await this.generateAccessToken(client, user, scope);
-    const refreshToken = await this.generateRefreshToken(client, user, scope);
+    const accessToken = await this.generateAccessToken(client, user, accessScope);
+    const refreshToken = await this.generateRefreshToken(client, user, accessScope);
     const accessTokenExpiresAt = this.getAccessTokenExpiresAt();
     const refreshTokenExpiresAt = this.getRefreshTokenExpiresAt();
 

diff --git a/lib/grant-types/refresh-token-grant-type.ts b/lib/grant-types/refresh-token-grant-type.ts
@@ -135,15 +135,16 @@ export class RefreshTokenGrantType extends AbstractGrantType {
    */
 
   async saveToken(user: User, client: Client, scope: string) {
-    const accessToken = await this.generateAccessToken(client, user, scope);
-    const refreshToken = await this.generateRefreshToken(client, user, scope);
+    const accessScope = await this.validateScope(user, client, scope);
+    const accessToken = await this.generateAccessToken(client, user, accessScope);
+    const refreshToken = await this.generateRefreshToken(client, user, accessScope);
     const accessTokenExpiresAt = this.getAccessTokenExpiresAt();
     const refreshTokenExpiresAt = this.getRefreshTokenExpiresAt();
 
     const token: any = {
       accessToken,
       accessTokenExpiresAt,
-      scope,
+      scope: accessScope,
     };
 
     if (this.alwaysIssueNewRefreshToken !== false) {

diff --git a/test/unit/grant-types/refresh-token-grant-type.spec.ts b/test/unit/grant-types/refresh-token-grant-type.spec.ts
@@ -211,9 +211,6 @@ describe('RefreshTokenGrantType', () => {
           model.saveToken.firstCall.args[1].should.equal(client);
           model.saveToken.firstCall.args[2].should.equal(user);
           model.saveToken.firstCall.thisValue.should.equal(model);
-        })
-        .catch(() => {
-          should.fail('should.fail', '');
         });
     });
 
@@ -249,9 +246,6 @@ describe('RefreshTokenGrantType', () => {
           model.saveToken.firstCall.args[1].should.equal(client);
           model.saveToken.firstCall.args[2].should.equal(user);
           model.saveToken.firstCall.thisValue.should.equal(model);
-        })
-        .catch(() => {
-          should.fail('should.fail', '');
         });
     });
 
@@ -289,9 +283,6 @@ describe('RefreshTokenGrantType', () => {
           model.saveToken.firstCall.args[1].should.equal(client);
           model.saveToken.firstCall.args[2].should.equal(user);
           model.saveToken.firstCall.thisValue.should.equal(model);
-        })
-        .catch(() => {
-          should.fail('should.fail', '');
         });
     });
   });