refactor(oauth): create token statement (#90)

* refactor(oauth): create token statement without authCode * chore(oauth): better error messages and reference code * fix(oauth): fixed validateScope, scope and resource now mandatory parameters * chore: map in place of arrays for indexed objects --------- Co-authored-by: puria <[email protected]>
dyne · Mar 6, 2024 · 52eb061 · 52eb061
1 parent ff31bb0
commit 52eb061
Show file tree

Hide file tree

Showing 7 changed files with 247 additions and 239 deletions.
diff --git a/pkg/oauth/src/authenticateHandler.ts b/pkg/oauth/src/authenticateHandler.ts
@@ -91,20 +91,18 @@ export class AuthenticateHandler {
 			}
 
 			const scope = request.body.scope;
-			if (scope) {
-				const resource = request.body.resource;
-				if (!resource) throw new Error('Request is missing resource parameter');
+			const resource = request.body.resource;
+			if (!resource) throw new Error('Request is missing resource parameter');
 
-				const valid_scope = await this.verifyScope(scope, resource);
-				if (!valid_scope) throw new Error('Given scope is not valid');
-			}
+			const valid_scope = await this.verifyScope(scope, resource);
+			if (!valid_scope) throw new Error('Given scope is not valid');
 
 			const auth_url = this.authenticationUrl;
 			const url = auth_url + cl_id;
 
 			const response = await fetch(url);
 			if (!response.ok) {
-				throw new Error(`Error! status: ${response.status}`);
+				throw new Error(`Fetch to url ${url} failed with error status: ${response.status}`);
 			}
 
 			const result = await response.json();
@@ -174,7 +172,7 @@ export class AuthenticateHandler {
 		const url = resource + '/.well-known/openid-credential-issuer';
 		const response = await fetch(url);
 		if (!response.ok) {
-			throw new Error(`Error! status: ${response.status}`);
+			throw new Error(`Fetch to url ${url} failed with error status: ${response.status}`);
 		}
 		const result = await response.json();
 		const credentials_supported = result.credentials_supported;

diff --git a/pkg/oauth/src/authorizeHandler.ts b/pkg/oauth/src/authorizeHandler.ts
@@ -190,13 +190,12 @@ export class AuthorizeHandler {
 			const ResponseType = this.getResponseType(request);
 			const codeChallenge = this.getCodeChallenge(request);
 			const codeChallengeMethod = this.getCodeChallengeMethod(request);
-			if(typeof validScope !== 'string') validScope = "";
 
 			const code = await this.saveAuthorizationCode(
 				authorizationCode,
 				expiresAt,
 				uri,
-				[validScope],
+				validScope,
 				client,
 				user,
 				codeChallenge,
@@ -205,7 +204,7 @@ export class AuthorizeHandler {
 			if(!code) { throw Error("Failed to create the Authorization Code"); }
 
 			const base_uri = "urn:ietf:params:oauth:request_uri:";
-			const rand_uri = randomBytes(20).toString('base64');
+			const rand_uri = randomBytes(20).toString('hex');
 			const expires_in = 300;
 
 			const responseTypeInstance = new ResponseType(code.authorizationCode);
@@ -308,13 +307,12 @@ export class AuthorizeHandler {
 	 * Validate requested scope.
 	 */
 	async validateScope (user:User, client:Client, scope:string[], resource:string) {
-		// TODO: this should actually do something...
 		if (this.model.validateScope) {
 			const validatedScope = await this.model.validateScope(user, client, scope, resource);
 
-			// if (!validatedScope) {
-			// 	throw new InvalidScopeError('Invalid scope: Requested scope is invalid');
-			// }
+			if (!validatedScope) {
+				throw new InvalidScopeError('Invalid scope: Requested scope is invalid');
+			}
 
 			return validatedScope;
 		}

diff --git a/pkg/oauth/src/isFormat.ts b/pkg/oauth/src/isFormat.ts
@@ -1,3 +1,5 @@
+// Typescript of the code below
+//https://github.com/node-oauth/formats/blob/main/index.js
 
 const rules = {
 	NCHAR: /^[\u002D\u002E\u005F\w]+$/,