From 3a7e19865854478259fac8168fd661686fe85b70 Mon Sep 17 00:00:00 2001 From: "daniel.santos" Date: Sat, 18 Dec 2021 18:27:51 -0300 Subject: [PATCH 01/86] refactor: Remove util.inherits #70 --- lib/errors/access-denied-error.js | 25 +- lib/errors/insufficient-scope-error.js | 25 +- lib/errors/invalid-argument-error.js | 25 +- lib/errors/invalid-client-error.js | 25 +- lib/errors/invalid-grant-error.js | 25 +- lib/errors/invalid-request-error.js | 25 +- lib/errors/invalid-scope-error.js | 25 +- lib/errors/invalid-token-error.js | 25 +- lib/errors/oauth-error.js | 46 +-- lib/errors/server-error.js | 25 +- lib/errors/unauthorized-client-error.js | 25 +- lib/errors/unauthorized-request-error.js | 25 +- lib/errors/unsupported-grant-type-error.js | 25 +- lib/errors/unsupported-response-type-error.js | 25 +- .../authorization-code-grant-type.js | 354 +++++++++--------- .../client-credentials-grant-type.js | 169 ++++----- lib/grant-types/password-grant-type.js | 209 +++++------ lib/grant-types/refresh-token-grant-type.js | 301 ++++++++------- 18 files changed, 686 insertions(+), 718 deletions(-) diff --git a/lib/errors/access-denied-error.js b/lib/errors/access-denied-error.js index ce5c0af4..aa29e78b 100644 --- a/lib/errors/access-denied-error.js +++ b/lib/errors/access-denied-error.js @@ -15,21 +15,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6749#section-4.1.2.1 */ -function AccessDeniedError(message, properties) { - properties = Object.assign({ - code: 400, - name: 'access_denied' - }, properties); - - OAuthError.call(this, message, properties); +class AccessDeniedError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'access_denied', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(AccessDeniedError, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/insufficient-scope-error.js b/lib/errors/insufficient-scope-error.js index a27ad681..5960b6a7 100644 --- a/lib/errors/insufficient-scope-error.js +++ b/lib/errors/insufficient-scope-error.js @@ -15,21 +15,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6750.html#section-3.1 */ -function InsufficientScopeError(message, properties) { - properties = Object.assign({ - code: 403, - name: 'insufficient_scope' - }, properties); - - OAuthError.call(this, message, properties); +class InsufficientScopeError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 403, + name: 'insufficient_scope', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(InsufficientScopeError, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/invalid-argument-error.js b/lib/errors/invalid-argument-error.js index 1958caa7..66730d91 100644 --- a/lib/errors/invalid-argument-error.js +++ b/lib/errors/invalid-argument-error.js @@ -11,21 +11,20 @@ const util = require('util'); * Constructor. */ -function InvalidArgumentError(message, properties) { - properties = Object.assign({ - code: 500, - name: 'invalid_argument' - }, properties); - - OAuthError.call(this, message, properties); +class InvalidArgumentError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 500, + name: 'invalid_argument', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(InvalidArgumentError, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/invalid-client-error.js b/lib/errors/invalid-client-error.js index 1513d572..5e4e5d25 100644 --- a/lib/errors/invalid-client-error.js +++ b/lib/errors/invalid-client-error.js @@ -16,21 +16,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6749#section-5.2 */ -function InvalidClientError(message, properties) { - properties = Object.assign({ - code: 400, - name: 'invalid_client' - }, properties); - - OAuthError.call(this, message, properties); +class InvalidClientError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'invalid_client', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(InvalidClientError, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/invalid-grant-error.js b/lib/errors/invalid-grant-error.js index 2c6a568a..4237053d 100644 --- a/lib/errors/invalid-grant-error.js +++ b/lib/errors/invalid-grant-error.js @@ -17,21 +17,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6749#section-5.2 */ -function InvalidGrantError(message, properties) { - properties = Object.assign({ - code: 400, - name: 'invalid_grant' - }, properties); - - OAuthError.call(this, message, properties); +class InvalidGrantError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'invalid_grant', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(InvalidGrantError, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/invalid-request-error.js b/lib/errors/invalid-request-error.js index 56e997ec..6efab4a0 100644 --- a/lib/errors/invalid-request-error.js +++ b/lib/errors/invalid-request-error.js @@ -16,21 +16,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6749#section-4.2.2.1 */ -function InvalidRequest(message, properties) { - properties = Object.assign({ - code: 400, - name: 'invalid_request' - }, properties); - - OAuthError.call(this, message, properties); +class InvalidRequest extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'invalid_request', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(InvalidRequest, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/invalid-scope-error.js b/lib/errors/invalid-scope-error.js index 2f5746d1..d0f28c63 100644 --- a/lib/errors/invalid-scope-error.js +++ b/lib/errors/invalid-scope-error.js @@ -15,21 +15,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6749#section-4.1.2.1 */ -function InvalidScopeError(message, properties) { - properties = Object.assign({ - code: 400, - name: 'invalid_scope' - }, properties); - - OAuthError.call(this, message, properties); +class InvalidScopeError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'invalid_scope', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(InvalidScopeError, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/invalid-token-error.js b/lib/errors/invalid-token-error.js index e79d9261..c7ad8b6e 100644 --- a/lib/errors/invalid-token-error.js +++ b/lib/errors/invalid-token-error.js @@ -15,21 +15,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6750#section-3.1 */ -function InvalidTokenError(message, properties) { - properties = Object.assign({ - code: 401, - name: 'invalid_token' - }, properties); - - OAuthError.call(this, message, properties); +class InvalidTokenError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 401, + name: 'invalid_token', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(InvalidTokenError, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/oauth-error.js b/lib/errors/oauth-error.js index a96a41fe..a1ff9ed9 100644 --- a/lib/errors/oauth-error.js +++ b/lib/errors/oauth-error.js @@ -9,33 +9,33 @@ const http = require('http'); * Constructor. */ -function OAuthError(messageOrError, properties) { - let message = messageOrError instanceof Error ? messageOrError.message : messageOrError; - const error = messageOrError instanceof Error ? messageOrError : null; - if (properties == null || !Object.entries(properties).length ) { - properties = {}; - } +class OAuthError extends Error { + constructor(messageOrError, properties) { + let message = messageOrError instanceof Error ? messageOrError.message : messageOrError; + const error = messageOrError instanceof Error ? messageOrError : null; + if (properties == null || !Object.entries(properties).length) { + properties = {}; + } - properties = Object.assign({ code: 500 }, properties); + properties = Object.assign({ code: 500 }, properties); - if (error) { - properties.inner = error; - } - if (!message || message.length === 0) { - message = http.STATUS_CODES[properties.code]; - } - this.code = this.status = this.statusCode = properties.code; - this.message = message; - for (const key in properties) { - if (key !== 'code') { - this[key] = properties[key]; - } - } - Error.captureStackTrace(this, OAuthError); + if (error) { + properties.inner = error; + } + if (!message || message.length === 0) { + message = http.STATUS_CODES[properties.code]; + } + this.code = this.status = this.statusCode = properties.code; + this.message = message; + for (const key in properties) { + if (key !== 'code') { + this[key] = properties[key]; + } + } + Error.captureStackTrace(this, OAuthError); + } } -util.inherits(OAuthError, Error); - /** * Export constructor. */ diff --git a/lib/errors/server-error.js b/lib/errors/server-error.js index aee958b7..86dc18f3 100644 --- a/lib/errors/server-error.js +++ b/lib/errors/server-error.js @@ -15,21 +15,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6749#section-4.1.2.1 */ -function ServerError(message, properties) { - properties = Object.assign({ - code: 503, - name: 'server_error' - }, properties); - - OAuthError.call(this, message, properties); +class ServerError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 503, + name: 'server_error', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(ServerError, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/unauthorized-client-error.js b/lib/errors/unauthorized-client-error.js index fde3cb5c..02def056 100644 --- a/lib/errors/unauthorized-client-error.js +++ b/lib/errors/unauthorized-client-error.js @@ -15,21 +15,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6749#section-4.1.2.1 */ -function UnauthorizedClientError(message, properties) { - properties = Object.assign({ - code: 400, - name: 'unauthorized_client' - }, properties); - - OAuthError.call(this, message, properties); +class UnauthorizedClientError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'unauthorized_client', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(UnauthorizedClientError, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/unauthorized-request-error.js b/lib/errors/unauthorized-request-error.js index e9604896..75481cf0 100644 --- a/lib/errors/unauthorized-request-error.js +++ b/lib/errors/unauthorized-request-error.js @@ -18,21 +18,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6750#section-3.1 */ -function UnauthorizedRequestError(message, properties) { - properties = Object.assign({ - code: 401, - name: 'unauthorized_request' - }, properties); - - OAuthError.call(this, message, properties); +class UnauthorizedRequestError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 401, + name: 'unauthorized_request', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(UnauthorizedRequestError, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/unsupported-grant-type-error.js b/lib/errors/unsupported-grant-type-error.js index 586a743b..682f65d7 100644 --- a/lib/errors/unsupported-grant-type-error.js +++ b/lib/errors/unsupported-grant-type-error.js @@ -15,21 +15,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6749#section-4.1.2.1 */ -function UnsupportedGrantTypeError(message, properties) { - properties = Object.assign({ - code: 400, - name: 'unsupported_grant_type' - }, properties); - - OAuthError.call(this, message, properties); +class UnsupportedGrantTypeError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'unsupported_grant_type', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(UnsupportedGrantTypeError, OAuthError); - /** * Export constructor. */ diff --git a/lib/errors/unsupported-response-type-error.js b/lib/errors/unsupported-response-type-error.js index 539551ec..5b95d45b 100644 --- a/lib/errors/unsupported-response-type-error.js +++ b/lib/errors/unsupported-response-type-error.js @@ -16,21 +16,20 @@ const util = require('util'); * @see https://tools.ietf.org/html/rfc6749#section-4.1.2.1 */ -function UnsupportedResponseTypeError(message, properties) { - properties = Object.assign({ - code: 400, - name: 'unsupported_response_type' - }, properties); - - OAuthError.call(this, message, properties); +class UnsupportedResponseTypeError extends OAuthError { + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'unsupported_response_type', + }, + properties + ); + + super(message, properties); + } } -/** - * Inherit prototype. - */ - -util.inherits(UnsupportedResponseTypeError, OAuthError); - /** * Export constructor. */ diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js index ed66eeab..c0590e22 100644 --- a/lib/grant-types/authorization-code-grant-type.js +++ b/lib/grant-types/authorization-code-grant-type.js @@ -18,187 +18,183 @@ const util = require('util'); * Constructor. */ -function AuthorizationCodeGrantType(options) { - options = options || {}; - - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } - - if (!options.model.getAuthorizationCode) { - throw new InvalidArgumentError('Invalid argument: model does not implement `getAuthorizationCode()`'); - } - - if (!options.model.revokeAuthorizationCode) { - throw new InvalidArgumentError('Invalid argument: model does not implement `revokeAuthorizationCode()`'); - } - - if (!options.model.saveToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); - } - - AbstractGrantType.call(this, options); +class AuthorizationCodeGrantType extends AbstractGrantType { + constructor(options = {}) { + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } + + if (!options.model.getAuthorizationCode) { + throw new InvalidArgumentError('Invalid argument: model does not implement `getAuthorizationCode()`'); + } + + if (!options.model.revokeAuthorizationCode) { + throw new InvalidArgumentError('Invalid argument: model does not implement `revokeAuthorizationCode()`'); + } + + if (!options.model.saveToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); + } + + super(options); + } + + /** + * Handle authorization code grant. + * + * @see https://tools.ietf.org/html/rfc6749#section-4.1.3 + */ + + handle(request, client) { + if (!request) { + throw new InvalidArgumentError('Missing parameter: `request`'); + } + + if (!client) { + throw new InvalidArgumentError('Missing parameter: `client`'); + } + + return Promise.bind(this) + .then(function () { + return this.getAuthorizationCode(request, client); + }) + .tap(function (code) { + return this.validateRedirectUri(request, code); + }) + .tap(function (code) { + return this.revokeAuthorizationCode(code); + }) + .then(function (code) { + return this.saveToken(code.user, client, code.authorizationCode, code.scope); + }); + } + + /** + * Get the authorization code. + */ + + getAuthorizationCode(request, client) { + if (!request.body.code) { + throw new InvalidRequestError('Missing parameter: `code`'); + } + + if (!isFormat.vschar(request.body.code)) { + throw new InvalidRequestError('Invalid parameter: `code`'); + } + return promisify(this.model.getAuthorizationCode, 1) + .call(this.model, request.body.code) + .then((code) => { + if (!code) { + throw new InvalidGrantError('Invalid grant: authorization code is invalid'); + } + + if (!code.client) { + throw new ServerError('Server error: `getAuthorizationCode()` did not return a `client` object'); + } + + if (!code.user) { + throw new ServerError('Server error: `getAuthorizationCode()` did not return a `user` object'); + } + + if (code.client.id !== client.id) { + throw new InvalidGrantError('Invalid grant: authorization code is invalid'); + } + + if (!(code.expiresAt instanceof Date)) { + throw new ServerError('Server error: `expiresAt` must be a Date instance'); + } + + if (code.expiresAt < new Date()) { + throw new InvalidGrantError('Invalid grant: authorization code has expired'); + } + + if (code.redirectUri && !isFormat.uri(code.redirectUri)) { + throw new InvalidGrantError('Invalid grant: `redirect_uri` is not a valid URI'); + } + + return code; + }); + } + + /** + * Validate the redirect URI. + * + * "The authorization server MUST ensure that the redirect_uri parameter is + * present if the redirect_uri parameter was included in the initial + * authorization request as described in Section 4.1.1, and if included + * ensure that their values are identical." + * + * @see https://tools.ietf.org/html/rfc6749#section-4.1.3 + */ + + validateRedirectUri(request, code) { + if (!code.redirectUri) { + return; + } + + const redirectUri = request.body.redirect_uri || request.query.redirect_uri; + + if (!isFormat.uri(redirectUri)) { + throw new InvalidRequestError('Invalid request: `redirect_uri` is not a valid URI'); + } + + if (redirectUri !== code.redirectUri) { + throw new InvalidRequestError('Invalid request: `redirect_uri` is invalid'); + } + } + + /** + * Revoke the authorization code. + * + * "The authorization code MUST expire shortly after it is issued to mitigate + * the risk of leaks. [...] If an authorization code is used more than once, + * the authorization server MUST deny the request." + * + * @see https://tools.ietf.org/html/rfc6749#section-4.1.2 + */ + + revokeAuthorizationCode(code) { + return promisify(this.model.revokeAuthorizationCode, 1) + .call(this.model, code) + .then((status) => { + if (!status) { + throw new InvalidGrantError('Invalid grant: authorization code is invalid'); + } + + return code; + }); + } + + /** + * Save token. + */ + + saveToken(user, client, authorizationCode, scope) { + const fns = [ + this.validateScope(user, client, scope), + this.generateAccessToken(client, user, scope), + this.generateRefreshToken(client, user, scope), + this.getAccessTokenExpiresAt(), + this.getRefreshTokenExpiresAt(), + ]; + + return Promise.all(fns) + .bind(this) + .spread(function (scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { + const token = { + accessToken: accessToken, + authorizationCode: authorizationCode, + accessTokenExpiresAt: accessTokenExpiresAt, + refreshToken: refreshToken, + refreshTokenExpiresAt: refreshTokenExpiresAt, + scope: scope, + }; + + return promisify(this.model.saveToken, 3).call(this.model, token, client, user); + }); + } } -/** - * Inherit prototype. - */ - -util.inherits(AuthorizationCodeGrantType, AbstractGrantType); - -/** - * Handle authorization code grant. - * - * @see https://tools.ietf.org/html/rfc6749#section-4.1.3 - */ - -AuthorizationCodeGrantType.prototype.handle = function(request, client) { - if (!request) { - throw new InvalidArgumentError('Missing parameter: `request`'); - } - - if (!client) { - throw new InvalidArgumentError('Missing parameter: `client`'); - } - - return Promise.bind(this) - .then(function() { - return this.getAuthorizationCode(request, client); - }) - .tap(function(code) { - return this.validateRedirectUri(request, code); - }) - .tap(function(code) { - return this.revokeAuthorizationCode(code); - }) - .then(function(code) { - return this.saveToken(code.user, client, code.authorizationCode, code.scope); - }); -}; - -/** - * Get the authorization code. - */ - -AuthorizationCodeGrantType.prototype.getAuthorizationCode = function(request, client) { - if (!request.body.code) { - throw new InvalidRequestError('Missing parameter: `code`'); - } - - if (!isFormat.vschar(request.body.code)) { - throw new InvalidRequestError('Invalid parameter: `code`'); - } - return promisify(this.model.getAuthorizationCode, 1).call(this.model, request.body.code) - .then(function(code) { - if (!code) { - throw new InvalidGrantError('Invalid grant: authorization code is invalid'); - } - - if (!code.client) { - throw new ServerError('Server error: `getAuthorizationCode()` did not return a `client` object'); - } - - if (!code.user) { - throw new ServerError('Server error: `getAuthorizationCode()` did not return a `user` object'); - } - - if (code.client.id !== client.id) { - throw new InvalidGrantError('Invalid grant: authorization code is invalid'); - } - - if (!(code.expiresAt instanceof Date)) { - throw new ServerError('Server error: `expiresAt` must be a Date instance'); - } - - if (code.expiresAt < new Date()) { - throw new InvalidGrantError('Invalid grant: authorization code has expired'); - } - - if (code.redirectUri && !isFormat.uri(code.redirectUri)) { - throw new InvalidGrantError('Invalid grant: `redirect_uri` is not a valid URI'); - } - - return code; - }); -}; - -/** - * Validate the redirect URI. - * - * "The authorization server MUST ensure that the redirect_uri parameter is - * present if the redirect_uri parameter was included in the initial - * authorization request as described in Section 4.1.1, and if included - * ensure that their values are identical." - * - * @see https://tools.ietf.org/html/rfc6749#section-4.1.3 - */ - -AuthorizationCodeGrantType.prototype.validateRedirectUri = function(request, code) { - if (!code.redirectUri) { - return; - } - - const redirectUri = request.body.redirect_uri || request.query.redirect_uri; - - if (!isFormat.uri(redirectUri)) { - throw new InvalidRequestError('Invalid request: `redirect_uri` is not a valid URI'); - } - - if (redirectUri !== code.redirectUri) { - throw new InvalidRequestError('Invalid request: `redirect_uri` is invalid'); - } -}; - -/** - * Revoke the authorization code. - * - * "The authorization code MUST expire shortly after it is issued to mitigate - * the risk of leaks. [...] If an authorization code is used more than once, - * the authorization server MUST deny the request." - * - * @see https://tools.ietf.org/html/rfc6749#section-4.1.2 - */ - -AuthorizationCodeGrantType.prototype.revokeAuthorizationCode = function(code) { - return promisify(this.model.revokeAuthorizationCode, 1).call(this.model, code) - .then(function(status) { - if (!status) { - throw new InvalidGrantError('Invalid grant: authorization code is invalid'); - } - - return code; - }); -}; - -/** - * Save token. - */ - -AuthorizationCodeGrantType.prototype.saveToken = function(user, client, authorizationCode, scope) { - const fns = [ - this.validateScope(user, client, scope), - this.generateAccessToken(client, user, scope), - this.generateRefreshToken(client, user, scope), - this.getAccessTokenExpiresAt(), - this.getRefreshTokenExpiresAt() - ]; - - return Promise.all(fns) - .bind(this) - .spread(function(scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { - const token = { - accessToken: accessToken, - authorizationCode: authorizationCode, - accessTokenExpiresAt: accessTokenExpiresAt, - refreshToken: refreshToken, - refreshTokenExpiresAt: refreshTokenExpiresAt, - scope: scope - }; - - return promisify(this.model.saveToken, 3).call(this.model, token, client, user); - }); -}; - /** * Export constructor. */ diff --git a/lib/grant-types/client-credentials-grant-type.js b/lib/grant-types/client-credentials-grant-type.js index d0af0fe5..ee9b631d 100644 --- a/lib/grant-types/client-credentials-grant-type.js +++ b/lib/grant-types/client-credentials-grant-type.js @@ -15,95 +15,90 @@ const util = require('util'); * Constructor. */ -function ClientCredentialsGrantType(options) { - options = options || {}; - - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } - - if (!options.model.getUserFromClient) { - throw new InvalidArgumentError('Invalid argument: model does not implement `getUserFromClient()`'); - } - - if (!options.model.saveToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); - } - - AbstractGrantType.call(this, options); +class ClientCredentialsGrantType extends AbstractGrantType { + constructor(options = {}) { + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } + + if (!options.model.getUserFromClient) { + throw new InvalidArgumentError('Invalid argument: model does not implement `getUserFromClient()`'); + } + + if (!options.model.saveToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); + } + + super(options); + } + + /** + * Handle client credentials grant. + * + * @see https://tools.ietf.org/html/rfc6749#section-4.4.2 + */ + + handle(request, client) { + if (!request) { + throw new InvalidArgumentError('Missing parameter: `request`'); + } + + if (!client) { + throw new InvalidArgumentError('Missing parameter: `client`'); + } + + const scope = this.getScope(request); + + return Promise.bind(this) + .then(function () { + return this.getUserFromClient(client); + }) + .then(function (user) { + return this.saveToken(user, client, scope); + }); + } + + /** + * Retrieve the user using client credentials. + */ + + getUserFromClient(client) { + return promisify(this.model.getUserFromClient, 1) + .call(this.model, client) + .then((user) => { + if (!user) { + throw new InvalidGrantError('Invalid grant: user credentials are invalid'); + } + + return user; + }); + } + + /** + * Save token. + */ + + saveToken(user, client, scope) { + const fns = [ + this.validateScope(user, client, scope), + this.generateAccessToken(client, user, scope), + this.getAccessTokenExpiresAt(client, user, scope), + ]; + + return Promise.all(fns) + .bind(this) + .spread(function (scope, accessToken, accessTokenExpiresAt) { + const token = { + accessToken: accessToken, + accessTokenExpiresAt: accessTokenExpiresAt, + scope: scope, + }; + + return promisify(this.model.saveToken, 3).call(this.model, token, client, user); + }); + } } -/** - * Inherit prototype. - */ - -util.inherits(ClientCredentialsGrantType, AbstractGrantType); - -/** - * Handle client credentials grant. - * - * @see https://tools.ietf.org/html/rfc6749#section-4.4.2 - */ - -ClientCredentialsGrantType.prototype.handle = function(request, client) { - if (!request) { - throw new InvalidArgumentError('Missing parameter: `request`'); - } - - if (!client) { - throw new InvalidArgumentError('Missing parameter: `client`'); - } - - const scope = this.getScope(request); - - return Promise.bind(this) - .then(function() { - return this.getUserFromClient(client); - }) - .then(function(user) { - return this.saveToken(user, client, scope); - }); -}; - -/** - * Retrieve the user using client credentials. - */ - -ClientCredentialsGrantType.prototype.getUserFromClient = function(client) { - return promisify(this.model.getUserFromClient, 1).call(this.model, client) - .then(function(user) { - if (!user) { - throw new InvalidGrantError('Invalid grant: user credentials are invalid'); - } - - return user; - }); -}; - -/** - * Save token. - */ - -ClientCredentialsGrantType.prototype.saveToken = function(user, client, scope) { - const fns = [ - this.validateScope(user, client, scope), - this.generateAccessToken(client, user, scope), - this.getAccessTokenExpiresAt(client, user, scope) - ]; - - return Promise.all(fns) - .bind(this) - .spread(function(scope, accessToken, accessTokenExpiresAt) { - const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, - scope: scope - }; - - return promisify(this.model.saveToken, 3).call(this.model, token, client, user); - }); -}; - /** * Export constructor. */ diff --git a/lib/grant-types/password-grant-type.js b/lib/grant-types/password-grant-type.js index b65f9e1f..16060ef5 100644 --- a/lib/grant-types/password-grant-type.js +++ b/lib/grant-types/password-grant-type.js @@ -17,115 +17,110 @@ const util = require('util'); * Constructor. */ -function PasswordGrantType(options) { - options = options || {}; - - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } - - if (!options.model.getUser) { - throw new InvalidArgumentError('Invalid argument: model does not implement `getUser()`'); - } - - if (!options.model.saveToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); - } - - AbstractGrantType.call(this, options); +class PasswordGrantType extends AbstractGrantType { + constructor(options = {}) { + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } + + if (!options.model.getUser) { + throw new InvalidArgumentError('Invalid argument: model does not implement `getUser()`'); + } + + if (!options.model.saveToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); + } + + super(options); + } + + /** + * Retrieve the user from the model using a username/password combination. + * + * @see https://tools.ietf.org/html/rfc6749#section-4.3.2 + */ + + handle(request, client) { + if (!request) { + throw new InvalidArgumentError('Missing parameter: `request`'); + } + + if (!client) { + throw new InvalidArgumentError('Missing parameter: `client`'); + } + + const scope = this.getScope(request); + + return Promise.bind(this) + .then(function () { + return this.getUser(request); + }) + .then(function (user) { + return this.saveToken(user, client, scope); + }); + } + + /** + * Get user using a username/password combination. + */ + + getUser(request) { + if (!request.body.username) { + throw new InvalidRequestError('Missing parameter: `username`'); + } + + if (!request.body.password) { + throw new InvalidRequestError('Missing parameter: `password`'); + } + + if (!isFormat.uchar(request.body.username)) { + throw new InvalidRequestError('Invalid parameter: `username`'); + } + + if (!isFormat.uchar(request.body.password)) { + throw new InvalidRequestError('Invalid parameter: `password`'); + } + + return promisify(this.model.getUser, 2) + .call(this.model, request.body.username, request.body.password) + .then((user) => { + if (!user) { + throw new InvalidGrantError('Invalid grant: user credentials are invalid'); + } + + return user; + }); + } + + /** + * Save token. + */ + + saveToken(user, client, scope) { + const fns = [ + this.validateScope(user, client, scope), + this.generateAccessToken(client, user, scope), + this.generateRefreshToken(client, user, scope), + this.getAccessTokenExpiresAt(), + this.getRefreshTokenExpiresAt(), + ]; + + return Promise.all(fns) + .bind(this) + .spread(function (scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { + const token = { + accessToken: accessToken, + accessTokenExpiresAt: accessTokenExpiresAt, + refreshToken: refreshToken, + refreshTokenExpiresAt: refreshTokenExpiresAt, + scope: scope, + }; + + return promisify(this.model.saveToken, 3).call(this.model, token, client, user); + }); + } } -/** - * Inherit prototype. - */ - -util.inherits(PasswordGrantType, AbstractGrantType); - -/** - * Retrieve the user from the model using a username/password combination. - * - * @see https://tools.ietf.org/html/rfc6749#section-4.3.2 - */ - -PasswordGrantType.prototype.handle = function(request, client) { - if (!request) { - throw new InvalidArgumentError('Missing parameter: `request`'); - } - - if (!client) { - throw new InvalidArgumentError('Missing parameter: `client`'); - } - - const scope = this.getScope(request); - - return Promise.bind(this) - .then(function() { - return this.getUser(request); - }) - .then(function(user) { - return this.saveToken(user, client, scope); - }); -}; - -/** - * Get user using a username/password combination. - */ - -PasswordGrantType.prototype.getUser = function(request) { - if (!request.body.username) { - throw new InvalidRequestError('Missing parameter: `username`'); - } - - if (!request.body.password) { - throw new InvalidRequestError('Missing parameter: `password`'); - } - - if (!isFormat.uchar(request.body.username)) { - throw new InvalidRequestError('Invalid parameter: `username`'); - } - - if (!isFormat.uchar(request.body.password)) { - throw new InvalidRequestError('Invalid parameter: `password`'); - } - - return promisify(this.model.getUser, 2).call(this.model, request.body.username, request.body.password) - .then(function(user) { - if (!user) { - throw new InvalidGrantError('Invalid grant: user credentials are invalid'); - } - - return user; - }); -}; - -/** - * Save token. - */ - -PasswordGrantType.prototype.saveToken = function(user, client, scope) { - const fns = [ - this.validateScope(user, client, scope), - this.generateAccessToken(client, user, scope), - this.generateRefreshToken(client, user, scope), - this.getAccessTokenExpiresAt(), - this.getRefreshTokenExpiresAt() - ]; - - return Promise.all(fns) - .bind(this) - .spread(function(scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { - const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, - refreshToken: refreshToken, - refreshTokenExpiresAt: refreshTokenExpiresAt, - scope: scope - }; - - return promisify(this.model.saveToken, 3).call(this.model, token, client, user); - }); -}; - /** * Export constructor. */ diff --git a/lib/grant-types/refresh-token-grant-type.js b/lib/grant-types/refresh-token-grant-type.js index c9a25df3..bd9d6071 100644 --- a/lib/grant-types/refresh-token-grant-type.js +++ b/lib/grant-types/refresh-token-grant-type.js @@ -18,161 +18,156 @@ const util = require('util'); * Constructor. */ -function RefreshTokenGrantType(options) { - options = options || {}; - - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } - - if (!options.model.getRefreshToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `getRefreshToken()`'); - } - - if (!options.model.revokeToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `revokeToken()`'); - } - - if (!options.model.saveToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); - } - - AbstractGrantType.call(this, options); +class RefreshTokenGrantType extends AbstractGrantType { + constructor(options = {}) { + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } + + if (!options.model.getRefreshToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `getRefreshToken()`'); + } + + if (!options.model.revokeToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `revokeToken()`'); + } + + if (!options.model.saveToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); + } + + super(options); + } + + /** + * Handle refresh token grant. + * + * @see https://tools.ietf.org/html/rfc6749#section-6 + */ + + handle(request, client) { + if (!request) { + throw new InvalidArgumentError('Missing parameter: `request`'); + } + + if (!client) { + throw new InvalidArgumentError('Missing parameter: `client`'); + } + + return Promise.bind(this) + .then(function () { + return this.getRefreshToken(request, client); + }) + .tap(function (token) { + return this.revokeToken(token); + }) + .then(function (token) { + return this.saveToken(token.user, client, token.scope); + }); + } + + /** + * Get refresh token. + */ + + getRefreshToken(request, client) { + if (!request.body.refresh_token) { + throw new InvalidRequestError('Missing parameter: `refresh_token`'); + } + + if (!isFormat.vschar(request.body.refresh_token)) { + throw new InvalidRequestError('Invalid parameter: `refresh_token`'); + } + + return promisify(this.model.getRefreshToken, 1) + .call(this.model, request.body.refresh_token) + .then((token) => { + if (!token) { + throw new InvalidGrantError('Invalid grant: refresh token is invalid'); + } + + if (!token.client) { + throw new ServerError('Server error: `getRefreshToken()` did not return a `client` object'); + } + + if (!token.user) { + throw new ServerError('Server error: `getRefreshToken()` did not return a `user` object'); + } + + if (token.client.id !== client.id) { + throw new InvalidGrantError('Invalid grant: refresh token is invalid'); + } + + if (token.refreshTokenExpiresAt && !(token.refreshTokenExpiresAt instanceof Date)) { + throw new ServerError('Server error: `refreshTokenExpiresAt` must be a Date instance'); + } + + if (token.refreshTokenExpiresAt && token.refreshTokenExpiresAt < new Date()) { + throw new InvalidGrantError('Invalid grant: refresh token has expired'); + } + + return token; + }); + } + + /** + * Revoke the refresh token. + * + * @see https://tools.ietf.org/html/rfc6749#section-6 + */ + + revokeToken(token) { + if (this.alwaysIssueNewRefreshToken === false) { + return Promise.resolve(token); + } + + return promisify(this.model.revokeToken, 1) + .call(this.model, token) + .then((status) => { + if (!status) { + throw new InvalidGrantError('Invalid grant: refresh token is invalid'); + } + + return token; + }); + } + + /** + * Save token. + */ + + saveToken(user, client, scope) { + const fns = [ + this.generateAccessToken(client, user, scope), + this.generateRefreshToken(client, user, scope), + this.getAccessTokenExpiresAt(), + this.getRefreshTokenExpiresAt(), + ]; + + return Promise.all(fns) + .bind(this) + .spread(function (accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { + const token = { + accessToken: accessToken, + accessTokenExpiresAt: accessTokenExpiresAt, + scope: scope, + }; + + if (this.alwaysIssueNewRefreshToken !== false) { + token.refreshToken = refreshToken; + token.refreshTokenExpiresAt = refreshTokenExpiresAt; + } + + return token; + }) + .then(function (token) { + return promisify(this.model.saveToken, 3) + .call(this.model, token, client, user) + .then((savedToken) => savedToken); + }); + } } -/** - * Inherit prototype. - */ - -util.inherits(RefreshTokenGrantType, AbstractGrantType); - -/** - * Handle refresh token grant. - * - * @see https://tools.ietf.org/html/rfc6749#section-6 - */ - -RefreshTokenGrantType.prototype.handle = function(request, client) { - if (!request) { - throw new InvalidArgumentError('Missing parameter: `request`'); - } - - if (!client) { - throw new InvalidArgumentError('Missing parameter: `client`'); - } - - return Promise.bind(this) - .then(function() { - return this.getRefreshToken(request, client); - }) - .tap(function(token) { - return this.revokeToken(token); - }) - .then(function(token) { - return this.saveToken(token.user, client, token.scope); - }); -}; - -/** - * Get refresh token. - */ - -RefreshTokenGrantType.prototype.getRefreshToken = function(request, client) { - if (!request.body.refresh_token) { - throw new InvalidRequestError('Missing parameter: `refresh_token`'); - } - - if (!isFormat.vschar(request.body.refresh_token)) { - throw new InvalidRequestError('Invalid parameter: `refresh_token`'); - } - - return promisify(this.model.getRefreshToken, 1).call(this.model, request.body.refresh_token) - .then(function(token) { - if (!token) { - throw new InvalidGrantError('Invalid grant: refresh token is invalid'); - } - - if (!token.client) { - throw new ServerError('Server error: `getRefreshToken()` did not return a `client` object'); - } - - if (!token.user) { - throw new ServerError('Server error: `getRefreshToken()` did not return a `user` object'); - } - - if (token.client.id !== client.id) { - throw new InvalidGrantError('Invalid grant: refresh token is invalid'); - } - - if (token.refreshTokenExpiresAt && !(token.refreshTokenExpiresAt instanceof Date)) { - throw new ServerError('Server error: `refreshTokenExpiresAt` must be a Date instance'); - } - - if (token.refreshTokenExpiresAt && token.refreshTokenExpiresAt < new Date()) { - throw new InvalidGrantError('Invalid grant: refresh token has expired'); - } - - return token; - }); -}; - -/** - * Revoke the refresh token. - * - * @see https://tools.ietf.org/html/rfc6749#section-6 - */ - -RefreshTokenGrantType.prototype.revokeToken = function(token) { - if (this.alwaysIssueNewRefreshToken === false) { - return Promise.resolve(token); - } - - return promisify(this.model.revokeToken, 1).call(this.model, token) - .then(function(status) { - if (!status) { - throw new InvalidGrantError('Invalid grant: refresh token is invalid'); - } - - return token; - }); -}; - -/** - * Save token. - */ - -RefreshTokenGrantType.prototype.saveToken = function(user, client, scope) { - const fns = [ - this.generateAccessToken(client, user, scope), - this.generateRefreshToken(client, user, scope), - this.getAccessTokenExpiresAt(), - this.getRefreshTokenExpiresAt() - ]; - - return Promise.all(fns) - .bind(this) - .spread(function(accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { - const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, - scope: scope - }; - - if (this.alwaysIssueNewRefreshToken !== false) { - token.refreshToken = refreshToken; - token.refreshTokenExpiresAt = refreshTokenExpiresAt; - } - - return token; - }) - .then(function(token) { - return promisify(this.model.saveToken, 3).call(this.model, token, client, user) - .then(function(savedToken) { - return savedToken; - }); - }); -}; - /** * Export constructor. */ From 9460888cb8b1432d05a0edce110fc90925137c25 Mon Sep 17 00:00:00 2001 From: "daniel.santos" Date: Sat, 18 Dec 2021 20:21:19 -0300 Subject: [PATCH 02/86] refactor: Remove util.inherits #70 --- lib/errors/access-denied-error.js | 21 +- lib/errors/insufficient-scope-error.js | 21 +- lib/errors/invalid-argument-error.js | 21 +- lib/errors/invalid-client-error.js | 21 +- lib/errors/invalid-grant-error.js | 21 +- lib/errors/invalid-request-error.js | 21 +- lib/errors/invalid-scope-error.js | 21 +- lib/errors/invalid-token-error.js | 21 +- lib/errors/oauth-error.js | 45 ++- lib/errors/server-error.js | 21 +- lib/errors/unauthorized-client-error.js | 21 +- lib/errors/unauthorized-request-error.js | 21 +- lib/errors/unsupported-grant-type-error.js | 21 +- lib/errors/unsupported-response-type-error.js | 21 +- .../authorization-code-grant-type.js | 269 +++++++++--------- .../client-credentials-grant-type.js | 121 ++++---- lib/grant-types/password-grant-type.js | 153 +++++----- lib/grant-types/refresh-token-grant-type.js | 229 ++++++++------- 18 files changed, 536 insertions(+), 554 deletions(-) diff --git a/lib/errors/access-denied-error.js b/lib/errors/access-denied-error.js index aa29e78b..82092b8c 100644 --- a/lib/errors/access-denied-error.js +++ b/lib/errors/access-denied-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -16,17 +15,17 @@ const util = require('util'); */ class AccessDeniedError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'access_denied', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'access_denied', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/insufficient-scope-error.js b/lib/errors/insufficient-scope-error.js index 5960b6a7..fc5542de 100644 --- a/lib/errors/insufficient-scope-error.js +++ b/lib/errors/insufficient-scope-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -16,17 +15,17 @@ const util = require('util'); */ class InsufficientScopeError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 403, - name: 'insufficient_scope', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 403, + name: 'insufficient_scope', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/invalid-argument-error.js b/lib/errors/invalid-argument-error.js index 66730d91..ec0547a3 100644 --- a/lib/errors/invalid-argument-error.js +++ b/lib/errors/invalid-argument-error.js @@ -5,24 +5,23 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. */ class InvalidArgumentError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 500, - name: 'invalid_argument', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 500, + name: 'invalid_argument', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/invalid-client-error.js b/lib/errors/invalid-client-error.js index 5e4e5d25..daef881b 100644 --- a/lib/errors/invalid-client-error.js +++ b/lib/errors/invalid-client-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -17,17 +16,17 @@ const util = require('util'); */ class InvalidClientError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'invalid_client', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'invalid_client', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/invalid-grant-error.js b/lib/errors/invalid-grant-error.js index 4237053d..9d1a775d 100644 --- a/lib/errors/invalid-grant-error.js +++ b/lib/errors/invalid-grant-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -18,17 +17,17 @@ const util = require('util'); */ class InvalidGrantError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'invalid_grant', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'invalid_grant', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/invalid-request-error.js b/lib/errors/invalid-request-error.js index 6efab4a0..1cf0b352 100644 --- a/lib/errors/invalid-request-error.js +++ b/lib/errors/invalid-request-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -17,17 +16,17 @@ const util = require('util'); */ class InvalidRequest extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'invalid_request', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'invalid_request', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/invalid-scope-error.js b/lib/errors/invalid-scope-error.js index d0f28c63..52eca82c 100644 --- a/lib/errors/invalid-scope-error.js +++ b/lib/errors/invalid-scope-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -16,17 +15,17 @@ const util = require('util'); */ class InvalidScopeError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'invalid_scope', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'invalid_scope', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/invalid-token-error.js b/lib/errors/invalid-token-error.js index c7ad8b6e..b2d7861d 100644 --- a/lib/errors/invalid-token-error.js +++ b/lib/errors/invalid-token-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -16,17 +15,17 @@ const util = require('util'); */ class InvalidTokenError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 401, - name: 'invalid_token', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 401, + name: 'invalid_token', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/oauth-error.js b/lib/errors/oauth-error.js index a1ff9ed9..0c779dbd 100644 --- a/lib/errors/oauth-error.js +++ b/lib/errors/oauth-error.js @@ -3,37 +3,36 @@ /** * Module dependencies. */ -const util = require('util'); const http = require('http'); /** * Constructor. */ class OAuthError extends Error { - constructor(messageOrError, properties) { - let message = messageOrError instanceof Error ? messageOrError.message : messageOrError; - const error = messageOrError instanceof Error ? messageOrError : null; - if (properties == null || !Object.entries(properties).length) { - properties = {}; - } + constructor(messageOrError, properties) { + let message = messageOrError instanceof Error ? messageOrError.message : messageOrError; + const error = messageOrError instanceof Error ? messageOrError : null; + if (properties == null || !Object.entries(properties).length) { + properties = {}; + } - properties = Object.assign({ code: 500 }, properties); + properties = Object.assign({ code: 500 }, properties); - if (error) { - properties.inner = error; - } - if (!message || message.length === 0) { - message = http.STATUS_CODES[properties.code]; - } - this.code = this.status = this.statusCode = properties.code; - this.message = message; - for (const key in properties) { - if (key !== 'code') { - this[key] = properties[key]; - } - } - Error.captureStackTrace(this, OAuthError); - } + if (error) { + properties.inner = error; + } + if (!message || message.length === 0) { + message = http.STATUS_CODES[properties.code]; + } + this.code = this.status = this.statusCode = properties.code; + this.message = message; + for (const key in properties) { + if (key !== 'code') { + this[key] = properties[key]; + } + } + Error.captureStackTrace(this, OAuthError); + } } /** diff --git a/lib/errors/server-error.js b/lib/errors/server-error.js index 86dc18f3..5d1c83c3 100644 --- a/lib/errors/server-error.js +++ b/lib/errors/server-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -16,17 +15,17 @@ const util = require('util'); */ class ServerError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 503, - name: 'server_error', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 503, + name: 'server_error', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/unauthorized-client-error.js b/lib/errors/unauthorized-client-error.js index 02def056..d009a7b6 100644 --- a/lib/errors/unauthorized-client-error.js +++ b/lib/errors/unauthorized-client-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -16,17 +15,17 @@ const util = require('util'); */ class UnauthorizedClientError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'unauthorized_client', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'unauthorized_client', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/unauthorized-request-error.js b/lib/errors/unauthorized-request-error.js index 75481cf0..02fd9d67 100644 --- a/lib/errors/unauthorized-request-error.js +++ b/lib/errors/unauthorized-request-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -19,17 +18,17 @@ const util = require('util'); */ class UnauthorizedRequestError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 401, - name: 'unauthorized_request', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 401, + name: 'unauthorized_request', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/unsupported-grant-type-error.js b/lib/errors/unsupported-grant-type-error.js index 682f65d7..788edb01 100644 --- a/lib/errors/unsupported-grant-type-error.js +++ b/lib/errors/unsupported-grant-type-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -16,17 +15,17 @@ const util = require('util'); */ class UnsupportedGrantTypeError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'unsupported_grant_type', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'unsupported_grant_type', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/errors/unsupported-response-type-error.js b/lib/errors/unsupported-response-type-error.js index 5b95d45b..3d4f2fb3 100644 --- a/lib/errors/unsupported-response-type-error.js +++ b/lib/errors/unsupported-response-type-error.js @@ -5,7 +5,6 @@ */ const OAuthError = require('./oauth-error'); -const util = require('util'); /** * Constructor. @@ -17,17 +16,17 @@ const util = require('util'); */ class UnsupportedResponseTypeError extends OAuthError { - constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'unsupported_response_type', - }, - properties - ); + constructor(message, properties) { + properties = Object.assign( + { + code: 400, + name: 'unsupported_response_type', + }, + properties + ); - super(message, properties); - } + super(message, properties); + } } /** diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js index c0590e22..3dd49e75 100644 --- a/lib/grant-types/authorization-code-grant-type.js +++ b/lib/grant-types/authorization-code-grant-type.js @@ -12,111 +12,110 @@ const Promise = require('bluebird'); const promisify = require('promisify-any').use(Promise); const ServerError = require('../errors/server-error'); const isFormat = require('@node-oauth/formats'); -const util = require('util'); /** * Constructor. */ class AuthorizationCodeGrantType extends AbstractGrantType { - constructor(options = {}) { - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } + constructor(options = {}) { + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } - if (!options.model.getAuthorizationCode) { - throw new InvalidArgumentError('Invalid argument: model does not implement `getAuthorizationCode()`'); - } + if (!options.model.getAuthorizationCode) { + throw new InvalidArgumentError('Invalid argument: model does not implement `getAuthorizationCode()`'); + } - if (!options.model.revokeAuthorizationCode) { - throw new InvalidArgumentError('Invalid argument: model does not implement `revokeAuthorizationCode()`'); - } + if (!options.model.revokeAuthorizationCode) { + throw new InvalidArgumentError('Invalid argument: model does not implement `revokeAuthorizationCode()`'); + } - if (!options.model.saveToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); - } + if (!options.model.saveToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); + } - super(options); - } + super(options); + } - /** + /** * Handle authorization code grant. * * @see https://tools.ietf.org/html/rfc6749#section-4.1.3 */ - handle(request, client) { - if (!request) { - throw new InvalidArgumentError('Missing parameter: `request`'); - } - - if (!client) { - throw new InvalidArgumentError('Missing parameter: `client`'); - } - - return Promise.bind(this) - .then(function () { - return this.getAuthorizationCode(request, client); - }) - .tap(function (code) { - return this.validateRedirectUri(request, code); - }) - .tap(function (code) { - return this.revokeAuthorizationCode(code); - }) - .then(function (code) { - return this.saveToken(code.user, client, code.authorizationCode, code.scope); - }); - } - - /** + handle(request, client) { + if (!request) { + throw new InvalidArgumentError('Missing parameter: `request`'); + } + + if (!client) { + throw new InvalidArgumentError('Missing parameter: `client`'); + } + + return Promise.bind(this) + .then(function () { + return this.getAuthorizationCode(request, client); + }) + .tap(function (code) { + return this.validateRedirectUri(request, code); + }) + .tap(function (code) { + return this.revokeAuthorizationCode(code); + }) + .then(function (code) { + return this.saveToken(code.user, client, code.authorizationCode, code.scope); + }); + } + + /** * Get the authorization code. */ - getAuthorizationCode(request, client) { - if (!request.body.code) { - throw new InvalidRequestError('Missing parameter: `code`'); - } - - if (!isFormat.vschar(request.body.code)) { - throw new InvalidRequestError('Invalid parameter: `code`'); - } - return promisify(this.model.getAuthorizationCode, 1) - .call(this.model, request.body.code) - .then((code) => { - if (!code) { - throw new InvalidGrantError('Invalid grant: authorization code is invalid'); - } - - if (!code.client) { - throw new ServerError('Server error: `getAuthorizationCode()` did not return a `client` object'); - } - - if (!code.user) { - throw new ServerError('Server error: `getAuthorizationCode()` did not return a `user` object'); - } - - if (code.client.id !== client.id) { - throw new InvalidGrantError('Invalid grant: authorization code is invalid'); - } - - if (!(code.expiresAt instanceof Date)) { - throw new ServerError('Server error: `expiresAt` must be a Date instance'); - } - - if (code.expiresAt < new Date()) { - throw new InvalidGrantError('Invalid grant: authorization code has expired'); - } - - if (code.redirectUri && !isFormat.uri(code.redirectUri)) { - throw new InvalidGrantError('Invalid grant: `redirect_uri` is not a valid URI'); - } - - return code; - }); - } - - /** + getAuthorizationCode(request, client) { + if (!request.body.code) { + throw new InvalidRequestError('Missing parameter: `code`'); + } + + if (!isFormat.vschar(request.body.code)) { + throw new InvalidRequestError('Invalid parameter: `code`'); + } + return promisify(this.model.getAuthorizationCode, 1) + .call(this.model, request.body.code) + .then((code) => { + if (!code) { + throw new InvalidGrantError('Invalid grant: authorization code is invalid'); + } + + if (!code.client) { + throw new ServerError('Server error: `getAuthorizationCode()` did not return a `client` object'); + } + + if (!code.user) { + throw new ServerError('Server error: `getAuthorizationCode()` did not return a `user` object'); + } + + if (code.client.id !== client.id) { + throw new InvalidGrantError('Invalid grant: authorization code is invalid'); + } + + if (!(code.expiresAt instanceof Date)) { + throw new ServerError('Server error: `expiresAt` must be a Date instance'); + } + + if (code.expiresAt < new Date()) { + throw new InvalidGrantError('Invalid grant: authorization code has expired'); + } + + if (code.redirectUri && !isFormat.uri(code.redirectUri)) { + throw new InvalidGrantError('Invalid grant: `redirect_uri` is not a valid URI'); + } + + return code; + }); + } + + /** * Validate the redirect URI. * * "The authorization server MUST ensure that the redirect_uri parameter is @@ -127,23 +126,23 @@ class AuthorizationCodeGrantType extends AbstractGrantType { * @see https://tools.ietf.org/html/rfc6749#section-4.1.3 */ - validateRedirectUri(request, code) { - if (!code.redirectUri) { - return; - } + validateRedirectUri(request, code) { + if (!code.redirectUri) { + return; + } - const redirectUri = request.body.redirect_uri || request.query.redirect_uri; + const redirectUri = request.body.redirect_uri || request.query.redirect_uri; - if (!isFormat.uri(redirectUri)) { - throw new InvalidRequestError('Invalid request: `redirect_uri` is not a valid URI'); - } + if (!isFormat.uri(redirectUri)) { + throw new InvalidRequestError('Invalid request: `redirect_uri` is not a valid URI'); + } - if (redirectUri !== code.redirectUri) { - throw new InvalidRequestError('Invalid request: `redirect_uri` is invalid'); - } - } + if (redirectUri !== code.redirectUri) { + throw new InvalidRequestError('Invalid request: `redirect_uri` is invalid'); + } + } - /** + /** * Revoke the authorization code. * * "The authorization code MUST expire shortly after it is issued to mitigate @@ -153,50 +152,50 @@ class AuthorizationCodeGrantType extends AbstractGrantType { * @see https://tools.ietf.org/html/rfc6749#section-4.1.2 */ - revokeAuthorizationCode(code) { - return promisify(this.model.revokeAuthorizationCode, 1) - .call(this.model, code) - .then((status) => { - if (!status) { - throw new InvalidGrantError('Invalid grant: authorization code is invalid'); - } + revokeAuthorizationCode(code) { + return promisify(this.model.revokeAuthorizationCode, 1) + .call(this.model, code) + .then((status) => { + if (!status) { + throw new InvalidGrantError('Invalid grant: authorization code is invalid'); + } - return code; - }); - } + return code; + }); + } - /** + /** * Save token. */ - saveToken(user, client, authorizationCode, scope) { - const fns = [ - this.validateScope(user, client, scope), - this.generateAccessToken(client, user, scope), - this.generateRefreshToken(client, user, scope), - this.getAccessTokenExpiresAt(), - this.getRefreshTokenExpiresAt(), - ]; - - return Promise.all(fns) - .bind(this) - .spread(function (scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { - const token = { - accessToken: accessToken, - authorizationCode: authorizationCode, - accessTokenExpiresAt: accessTokenExpiresAt, - refreshToken: refreshToken, - refreshTokenExpiresAt: refreshTokenExpiresAt, - scope: scope, - }; - - return promisify(this.model.saveToken, 3).call(this.model, token, client, user); - }); - } + saveToken(user, client, authorizationCode, scope) { + const fns = [ + this.validateScope(user, client, scope), + this.generateAccessToken(client, user, scope), + this.generateRefreshToken(client, user, scope), + this.getAccessTokenExpiresAt(), + this.getRefreshTokenExpiresAt(), + ]; + + return Promise.all(fns) + .bind(this) + .spread(function (scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { + const token = { + accessToken: accessToken, + authorizationCode: authorizationCode, + accessTokenExpiresAt: accessTokenExpiresAt, + refreshToken: refreshToken, + refreshTokenExpiresAt: refreshTokenExpiresAt, + scope: scope, + }; + + return promisify(this.model.saveToken, 3).call(this.model, token, client, user); + }); + } } /** * Export constructor. */ -module.exports = AuthorizationCodeGrantType; +export default AuthorizationCodeGrantType; diff --git a/lib/grant-types/client-credentials-grant-type.js b/lib/grant-types/client-credentials-grant-type.js index ee9b631d..4b1aec5b 100644 --- a/lib/grant-types/client-credentials-grant-type.js +++ b/lib/grant-types/client-credentials-grant-type.js @@ -9,94 +9,93 @@ const InvalidArgumentError = require('../errors/invalid-argument-error'); const InvalidGrantError = require('../errors/invalid-grant-error'); const Promise = require('bluebird'); const promisify = require('promisify-any').use(Promise); -const util = require('util'); /** * Constructor. */ class ClientCredentialsGrantType extends AbstractGrantType { - constructor(options = {}) { - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } + constructor(options = {}) { + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } - if (!options.model.getUserFromClient) { - throw new InvalidArgumentError('Invalid argument: model does not implement `getUserFromClient()`'); - } + if (!options.model.getUserFromClient) { + throw new InvalidArgumentError('Invalid argument: model does not implement `getUserFromClient()`'); + } - if (!options.model.saveToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); - } + if (!options.model.saveToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); + } - super(options); - } + super(options); + } - /** + /** * Handle client credentials grant. * * @see https://tools.ietf.org/html/rfc6749#section-4.4.2 */ - handle(request, client) { - if (!request) { - throw new InvalidArgumentError('Missing parameter: `request`'); - } + handle(request, client) { + if (!request) { + throw new InvalidArgumentError('Missing parameter: `request`'); + } - if (!client) { - throw new InvalidArgumentError('Missing parameter: `client`'); - } + if (!client) { + throw new InvalidArgumentError('Missing parameter: `client`'); + } - const scope = this.getScope(request); + const scope = this.getScope(request); - return Promise.bind(this) - .then(function () { - return this.getUserFromClient(client); - }) - .then(function (user) { - return this.saveToken(user, client, scope); - }); - } + return Promise.bind(this) + .then(function () { + return this.getUserFromClient(client); + }) + .then(function (user) { + return this.saveToken(user, client, scope); + }); + } - /** + /** * Retrieve the user using client credentials. */ - getUserFromClient(client) { - return promisify(this.model.getUserFromClient, 1) - .call(this.model, client) - .then((user) => { - if (!user) { - throw new InvalidGrantError('Invalid grant: user credentials are invalid'); - } + getUserFromClient(client) { + return promisify(this.model.getUserFromClient, 1) + .call(this.model, client) + .then((user) => { + if (!user) { + throw new InvalidGrantError('Invalid grant: user credentials are invalid'); + } - return user; - }); - } + return user; + }); + } - /** + /** * Save token. */ - saveToken(user, client, scope) { - const fns = [ - this.validateScope(user, client, scope), - this.generateAccessToken(client, user, scope), - this.getAccessTokenExpiresAt(client, user, scope), - ]; - - return Promise.all(fns) - .bind(this) - .spread(function (scope, accessToken, accessTokenExpiresAt) { - const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, - scope: scope, - }; - - return promisify(this.model.saveToken, 3).call(this.model, token, client, user); - }); - } + saveToken(user, client, scope) { + const fns = [ + this.validateScope(user, client, scope), + this.generateAccessToken(client, user, scope), + this.getAccessTokenExpiresAt(client, user, scope), + ]; + + return Promise.all(fns) + .bind(this) + .spread(function (scope, accessToken, accessTokenExpiresAt) { + const token = { + accessToken: accessToken, + accessTokenExpiresAt: accessTokenExpiresAt, + scope: scope, + }; + + return promisify(this.model.saveToken, 3).call(this.model, token, client, user); + }); + } } /** diff --git a/lib/grant-types/password-grant-type.js b/lib/grant-types/password-grant-type.js index 16060ef5..3035cdda 100644 --- a/lib/grant-types/password-grant-type.js +++ b/lib/grant-types/password-grant-type.js @@ -11,114 +11,113 @@ const InvalidRequestError = require('../errors/invalid-request-error'); const Promise = require('bluebird'); const promisify = require('promisify-any').use(Promise); const isFormat = require('@node-oauth/formats'); -const util = require('util'); /** * Constructor. */ class PasswordGrantType extends AbstractGrantType { - constructor(options = {}) { - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } + constructor(options = {}) { + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } - if (!options.model.getUser) { - throw new InvalidArgumentError('Invalid argument: model does not implement `getUser()`'); - } + if (!options.model.getUser) { + throw new InvalidArgumentError('Invalid argument: model does not implement `getUser()`'); + } - if (!options.model.saveToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); - } + if (!options.model.saveToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); + } - super(options); - } + super(options); + } - /** + /** * Retrieve the user from the model using a username/password combination. * * @see https://tools.ietf.org/html/rfc6749#section-4.3.2 */ - handle(request, client) { - if (!request) { - throw new InvalidArgumentError('Missing parameter: `request`'); - } + handle(request, client) { + if (!request) { + throw new InvalidArgumentError('Missing parameter: `request`'); + } - if (!client) { - throw new InvalidArgumentError('Missing parameter: `client`'); - } + if (!client) { + throw new InvalidArgumentError('Missing parameter: `client`'); + } - const scope = this.getScope(request); + const scope = this.getScope(request); - return Promise.bind(this) - .then(function () { - return this.getUser(request); - }) - .then(function (user) { - return this.saveToken(user, client, scope); - }); - } + return Promise.bind(this) + .then(function () { + return this.getUser(request); + }) + .then(function (user) { + return this.saveToken(user, client, scope); + }); + } - /** + /** * Get user using a username/password combination. */ - getUser(request) { - if (!request.body.username) { - throw new InvalidRequestError('Missing parameter: `username`'); - } + getUser(request) { + if (!request.body.username) { + throw new InvalidRequestError('Missing parameter: `username`'); + } - if (!request.body.password) { - throw new InvalidRequestError('Missing parameter: `password`'); - } + if (!request.body.password) { + throw new InvalidRequestError('Missing parameter: `password`'); + } - if (!isFormat.uchar(request.body.username)) { - throw new InvalidRequestError('Invalid parameter: `username`'); - } + if (!isFormat.uchar(request.body.username)) { + throw new InvalidRequestError('Invalid parameter: `username`'); + } - if (!isFormat.uchar(request.body.password)) { - throw new InvalidRequestError('Invalid parameter: `password`'); - } + if (!isFormat.uchar(request.body.password)) { + throw new InvalidRequestError('Invalid parameter: `password`'); + } - return promisify(this.model.getUser, 2) - .call(this.model, request.body.username, request.body.password) - .then((user) => { - if (!user) { - throw new InvalidGrantError('Invalid grant: user credentials are invalid'); - } + return promisify(this.model.getUser, 2) + .call(this.model, request.body.username, request.body.password) + .then((user) => { + if (!user) { + throw new InvalidGrantError('Invalid grant: user credentials are invalid'); + } - return user; - }); - } + return user; + }); + } - /** + /** * Save token. */ - saveToken(user, client, scope) { - const fns = [ - this.validateScope(user, client, scope), - this.generateAccessToken(client, user, scope), - this.generateRefreshToken(client, user, scope), - this.getAccessTokenExpiresAt(), - this.getRefreshTokenExpiresAt(), - ]; - - return Promise.all(fns) - .bind(this) - .spread(function (scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { - const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, - refreshToken: refreshToken, - refreshTokenExpiresAt: refreshTokenExpiresAt, - scope: scope, - }; - - return promisify(this.model.saveToken, 3).call(this.model, token, client, user); - }); - } + saveToken(user, client, scope) { + const fns = [ + this.validateScope(user, client, scope), + this.generateAccessToken(client, user, scope), + this.generateRefreshToken(client, user, scope), + this.getAccessTokenExpiresAt(), + this.getRefreshTokenExpiresAt(), + ]; + + return Promise.all(fns) + .bind(this) + .spread(function (scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { + const token = { + accessToken: accessToken, + accessTokenExpiresAt: accessTokenExpiresAt, + refreshToken: refreshToken, + refreshTokenExpiresAt: refreshTokenExpiresAt, + scope: scope, + }; + + return promisify(this.model.saveToken, 3).call(this.model, token, client, user); + }); + } } /** diff --git a/lib/grant-types/refresh-token-grant-type.js b/lib/grant-types/refresh-token-grant-type.js index bd9d6071..35fd1901 100644 --- a/lib/grant-types/refresh-token-grant-type.js +++ b/lib/grant-types/refresh-token-grant-type.js @@ -12,160 +12,159 @@ const Promise = require('bluebird'); const promisify = require('promisify-any').use(Promise); const ServerError = require('../errors/server-error'); const isFormat = require('@node-oauth/formats'); -const util = require('util'); /** * Constructor. */ class RefreshTokenGrantType extends AbstractGrantType { - constructor(options = {}) { - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } + constructor(options = {}) { + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } - if (!options.model.getRefreshToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `getRefreshToken()`'); - } + if (!options.model.getRefreshToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `getRefreshToken()`'); + } - if (!options.model.revokeToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `revokeToken()`'); - } + if (!options.model.revokeToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `revokeToken()`'); + } - if (!options.model.saveToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); - } + if (!options.model.saveToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `saveToken()`'); + } - super(options); - } + super(options); + } - /** + /** * Handle refresh token grant. * * @see https://tools.ietf.org/html/rfc6749#section-6 */ - handle(request, client) { - if (!request) { - throw new InvalidArgumentError('Missing parameter: `request`'); - } - - if (!client) { - throw new InvalidArgumentError('Missing parameter: `client`'); - } - - return Promise.bind(this) - .then(function () { - return this.getRefreshToken(request, client); - }) - .tap(function (token) { - return this.revokeToken(token); - }) - .then(function (token) { - return this.saveToken(token.user, client, token.scope); - }); - } - - /** + handle(request, client) { + if (!request) { + throw new InvalidArgumentError('Missing parameter: `request`'); + } + + if (!client) { + throw new InvalidArgumentError('Missing parameter: `client`'); + } + + return Promise.bind(this) + .then(function () { + return this.getRefreshToken(request, client); + }) + .tap(function (token) { + return this.revokeToken(token); + }) + .then(function (token) { + return this.saveToken(token.user, client, token.scope); + }); + } + + /** * Get refresh token. */ - getRefreshToken(request, client) { - if (!request.body.refresh_token) { - throw new InvalidRequestError('Missing parameter: `refresh_token`'); - } + getRefreshToken(request, client) { + if (!request.body.refresh_token) { + throw new InvalidRequestError('Missing parameter: `refresh_token`'); + } - if (!isFormat.vschar(request.body.refresh_token)) { - throw new InvalidRequestError('Invalid parameter: `refresh_token`'); - } + if (!isFormat.vschar(request.body.refresh_token)) { + throw new InvalidRequestError('Invalid parameter: `refresh_token`'); + } - return promisify(this.model.getRefreshToken, 1) - .call(this.model, request.body.refresh_token) - .then((token) => { - if (!token) { - throw new InvalidGrantError('Invalid grant: refresh token is invalid'); - } + return promisify(this.model.getRefreshToken, 1) + .call(this.model, request.body.refresh_token) + .then((token) => { + if (!token) { + throw new InvalidGrantError('Invalid grant: refresh token is invalid'); + } - if (!token.client) { - throw new ServerError('Server error: `getRefreshToken()` did not return a `client` object'); - } + if (!token.client) { + throw new ServerError('Server error: `getRefreshToken()` did not return a `client` object'); + } - if (!token.user) { - throw new ServerError('Server error: `getRefreshToken()` did not return a `user` object'); - } + if (!token.user) { + throw new ServerError('Server error: `getRefreshToken()` did not return a `user` object'); + } - if (token.client.id !== client.id) { - throw new InvalidGrantError('Invalid grant: refresh token is invalid'); - } + if (token.client.id !== client.id) { + throw new InvalidGrantError('Invalid grant: refresh token is invalid'); + } - if (token.refreshTokenExpiresAt && !(token.refreshTokenExpiresAt instanceof Date)) { - throw new ServerError('Server error: `refreshTokenExpiresAt` must be a Date instance'); - } + if (token.refreshTokenExpiresAt && !(token.refreshTokenExpiresAt instanceof Date)) { + throw new ServerError('Server error: `refreshTokenExpiresAt` must be a Date instance'); + } - if (token.refreshTokenExpiresAt && token.refreshTokenExpiresAt < new Date()) { - throw new InvalidGrantError('Invalid grant: refresh token has expired'); - } + if (token.refreshTokenExpiresAt && token.refreshTokenExpiresAt < new Date()) { + throw new InvalidGrantError('Invalid grant: refresh token has expired'); + } - return token; - }); - } + return token; + }); + } - /** + /** * Revoke the refresh token. * * @see https://tools.ietf.org/html/rfc6749#section-6 */ - revokeToken(token) { - if (this.alwaysIssueNewRefreshToken === false) { - return Promise.resolve(token); - } + revokeToken(token) { + if (this.alwaysIssueNewRefreshToken === false) { + return Promise.resolve(token); + } - return promisify(this.model.revokeToken, 1) - .call(this.model, token) - .then((status) => { - if (!status) { - throw new InvalidGrantError('Invalid grant: refresh token is invalid'); - } + return promisify(this.model.revokeToken, 1) + .call(this.model, token) + .then((status) => { + if (!status) { + throw new InvalidGrantError('Invalid grant: refresh token is invalid'); + } - return token; - }); - } + return token; + }); + } - /** + /** * Save token. */ - saveToken(user, client, scope) { - const fns = [ - this.generateAccessToken(client, user, scope), - this.generateRefreshToken(client, user, scope), - this.getAccessTokenExpiresAt(), - this.getRefreshTokenExpiresAt(), - ]; - - return Promise.all(fns) - .bind(this) - .spread(function (accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { - const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, - scope: scope, - }; - - if (this.alwaysIssueNewRefreshToken !== false) { - token.refreshToken = refreshToken; - token.refreshTokenExpiresAt = refreshTokenExpiresAt; - } - - return token; - }) - .then(function (token) { - return promisify(this.model.saveToken, 3) - .call(this.model, token, client, user) - .then((savedToken) => savedToken); - }); - } + saveToken(user, client, scope) { + const fns = [ + this.generateAccessToken(client, user, scope), + this.generateRefreshToken(client, user, scope), + this.getAccessTokenExpiresAt(), + this.getRefreshTokenExpiresAt(), + ]; + + return Promise.all(fns) + .bind(this) + .spread(function (accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { + const token = { + accessToken: accessToken, + accessTokenExpiresAt: accessTokenExpiresAt, + scope: scope, + }; + + if (this.alwaysIssueNewRefreshToken !== false) { + token.refreshToken = refreshToken; + token.refreshTokenExpiresAt = refreshTokenExpiresAt; + } + + return token; + }) + .then(function (token) { + return promisify(this.model.saveToken, 3) + .call(this.model, token, client, user) + .then((savedToken) => savedToken); + }); + } } /** From 60afc1821507a23133b81a68825a59db914bd75a Mon Sep 17 00:00:00 2001 From: "daniel.santos" Date: Sat, 18 Dec 2021 21:58:57 -0300 Subject: [PATCH 03/86] refactor: Remove util.inherits #70 --- lib/errors/oauth-error.js | 4 + .../authorization-code-grant-type.js | 2 +- package-lock.json | 3348 ++++++++++++++++- package.json | 129 +- 4 files changed, 3416 insertions(+), 67 deletions(-) diff --git a/lib/errors/oauth-error.js b/lib/errors/oauth-error.js index 0c779dbd..9a3e63d3 100644 --- a/lib/errors/oauth-error.js +++ b/lib/errors/oauth-error.js @@ -24,6 +24,9 @@ class OAuthError extends Error { if (!message || message.length === 0) { message = http.STATUS_CODES[properties.code]; } + + super(message, properties); + this.code = this.status = this.statusCode = properties.code; this.message = message; for (const key in properties) { @@ -31,6 +34,7 @@ class OAuthError extends Error { this[key] = properties[key]; } } + Error.captureStackTrace(this, OAuthError); } } diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js index 3dd49e75..84aea4c7 100644 --- a/lib/grant-types/authorization-code-grant-type.js +++ b/lib/grant-types/authorization-code-grant-type.js @@ -198,4 +198,4 @@ class AuthorizationCodeGrantType extends AbstractGrantType { * Export constructor. */ -export default AuthorizationCodeGrantType; +module.exports = AuthorizationCodeGrantType; \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 19a704e2..b57cbf16 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,8 +1,3351 @@ { "name": "@node-oauth/oauth2-server", "version": "4.1.1", - "lockfileVersion": 1, + "lockfileVersion": 2, "requires": true, + "packages": { + "": { + "name": "@node-oauth/oauth2-server", + "version": "4.1.1", + "license": "MIT", + "dependencies": { + "@node-oauth/formats": "^1.0.0", + "basic-auth": "2.0.1", + "bluebird": "3.7.2", + "promisify-any": "2.0.1", + "type-is": "1.6.18" + }, + "devDependencies": { + "chai": "^4.3.4", + "eslint": "^8.0.0", + "mocha": "^9.1.2", + "nyc": "^15.1.0", + "sinon": "^12.0.1" + }, + "engines": { + "node": ">=12.0.0" + } + }, + "node_modules/@babel/code-frame": { + "version": "7.15.8", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.15.8.tgz", + "integrity": "sha512-2IAnmn8zbvC/jKYhq5Ki9I+DwjlrtMPUCH/CpHvqI4dNnlwHwsxoIhlc8WcYY5LSYknXQtAlFYuHfqAFCvQ4Wg==", + "dev": true, + "dependencies": { + "@babel/highlight": "^7.14.5" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/compat-data": { + "version": "7.15.0", + "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.15.0.tgz", + "integrity": "sha512-0NqAC1IJE0S0+lL1SWFMxMkz1pKCNCjI4tr2Zx4LJSXxCLAdr6KyArnY+sno5m3yH9g737ygOyPABDsnXkpxiA==", + "dev": true, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/core": { + "version": "7.15.8", + "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.15.8.tgz", + "integrity": "sha512-3UG9dsxvYBMYwRv+gS41WKHno4K60/9GPy1CJaH6xy3Elq8CTtvtjT5R5jmNhXfCYLX2mTw+7/aq5ak/gOE0og==", + "dev": true, + "dependencies": { + "@babel/code-frame": "^7.15.8", + "@babel/generator": "^7.15.8", + "@babel/helper-compilation-targets": "^7.15.4", + "@babel/helper-module-transforms": "^7.15.8", + "@babel/helpers": "^7.15.4", + "@babel/parser": "^7.15.8", + "@babel/template": "^7.15.4", + "@babel/traverse": "^7.15.4", + "@babel/types": "^7.15.6", + "convert-source-map": "^1.7.0", + "debug": "^4.1.0", + "gensync": "^1.0.0-beta.2", + "json5": "^2.1.2", + "semver": "^6.3.0", + "source-map": "^0.5.0" + }, + "engines": { + "node": ">=6.9.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/babel" + } + }, + "node_modules/@babel/generator": { + "version": "7.15.8", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.15.8.tgz", + "integrity": "sha512-ECmAKstXbp1cvpTTZciZCgfOt6iN64lR0d+euv3UZisU5awfRawOvg07Utn/qBGuH4bRIEZKrA/4LzZyXhZr8g==", + "dev": true, + "dependencies": { + "@babel/types": "^7.15.6", + "jsesc": "^2.5.1", + "source-map": "^0.5.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-compilation-targets": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.15.4.tgz", + "integrity": "sha512-rMWPCirulnPSe4d+gwdWXLfAXTTBj8M3guAf5xFQJ0nvFY7tfNAFnWdqaHegHlgDZOCT4qvhF3BYlSJag8yhqQ==", + "dev": true, + "dependencies": { + "@babel/compat-data": "^7.15.0", + "@babel/helper-validator-option": "^7.14.5", + "browserslist": "^4.16.6", + "semver": "^6.3.0" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-function-name": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.15.4.tgz", + "integrity": "sha512-Z91cOMM4DseLIGOnog+Z8OI6YseR9bua+HpvLAQ2XayUGU+neTtX+97caALaLdyu53I/fjhbeCnWnRH1O3jFOw==", + "dev": true, + "dependencies": { + "@babel/helper-get-function-arity": "^7.15.4", + "@babel/template": "^7.15.4", + "@babel/types": "^7.15.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-get-function-arity": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.15.4.tgz", + "integrity": "sha512-1/AlxSF92CmGZzHnC515hm4SirTxtpDnLEJ0UyEMgTMZN+6bxXKg04dKhiRx5Enel+SUA1G1t5Ed/yQia0efrA==", + "dev": true, + "dependencies": { + "@babel/types": "^7.15.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-hoist-variables": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.15.4.tgz", + "integrity": "sha512-VTy085egb3jUGVK9ycIxQiPbquesq0HUQ+tPO0uv5mPEBZipk+5FkRKiWq5apuyTE9FUrjENB0rCf8y+n+UuhA==", + "dev": true, + "dependencies": { + "@babel/types": "^7.15.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-member-expression-to-functions": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.15.4.tgz", + "integrity": "sha512-cokOMkxC/BTyNP1AlY25HuBWM32iCEsLPI4BHDpJCHHm1FU2E7dKWWIXJgQgSFiu4lp8q3bL1BIKwqkSUviqtA==", + "dev": true, + "dependencies": { + "@babel/types": "^7.15.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-imports": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.15.4.tgz", + "integrity": "sha512-jeAHZbzUwdW/xHgHQ3QmWR4Jg6j15q4w/gCfwZvtqOxoo5DKtLHk8Bsf4c5RZRC7NmLEs+ohkdq8jFefuvIxAA==", + "dev": true, + "dependencies": { + "@babel/types": "^7.15.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-transforms": { + "version": "7.15.8", + "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.15.8.tgz", + "integrity": "sha512-DfAfA6PfpG8t4S6npwzLvTUpp0sS7JrcuaMiy1Y5645laRJIp/LiLGIBbQKaXSInK8tiGNI7FL7L8UvB8gdUZg==", + "dev": true, + "dependencies": { + "@babel/helper-module-imports": "^7.15.4", + "@babel/helper-replace-supers": "^7.15.4", + "@babel/helper-simple-access": "^7.15.4", + "@babel/helper-split-export-declaration": "^7.15.4", + "@babel/helper-validator-identifier": "^7.15.7", + "@babel/template": "^7.15.4", + "@babel/traverse": "^7.15.4", + "@babel/types": "^7.15.6" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-optimise-call-expression": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.15.4.tgz", + "integrity": "sha512-E/z9rfbAOt1vDW1DR7k4SzhzotVV5+qMciWV6LaG1g4jeFrkDlJedjtV4h0i4Q/ITnUu+Pk08M7fczsB9GXBDw==", + "dev": true, + "dependencies": { + "@babel/types": "^7.15.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-replace-supers": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.15.4.tgz", + "integrity": "sha512-/ztT6khaXF37MS47fufrKvIsiQkx1LBRvSJNzRqmbyeZnTwU9qBxXYLaaT/6KaxfKhjs2Wy8kG8ZdsFUuWBjzw==", + "dev": true, + "dependencies": { + "@babel/helper-member-expression-to-functions": "^7.15.4", + "@babel/helper-optimise-call-expression": "^7.15.4", + "@babel/traverse": "^7.15.4", + "@babel/types": "^7.15.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-simple-access": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.15.4.tgz", + "integrity": "sha512-UzazrDoIVOZZcTeHHEPYrr1MvTR/K+wgLg6MY6e1CJyaRhbibftF6fR2KU2sFRtI/nERUZR9fBd6aKgBlIBaPg==", + "dev": true, + "dependencies": { + "@babel/types": "^7.15.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-split-export-declaration": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.15.4.tgz", + "integrity": "sha512-HsFqhLDZ08DxCpBdEVtKmywj6PQbwnF6HHybur0MAnkAKnlS6uHkwnmRIkElB2Owpfb4xL4NwDmDLFubueDXsw==", + "dev": true, + "dependencies": { + "@babel/types": "^7.15.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-identifier": { + "version": "7.15.7", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.15.7.tgz", + "integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w==", + "dev": true, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-option": { + "version": "7.14.5", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.14.5.tgz", + "integrity": "sha512-OX8D5eeX4XwcroVW45NMvoYaIuFI+GQpA2a8Gi+X/U/cDUIRsV37qQfF905F0htTRCREQIB4KqPeaveRJUl3Ow==", + "dev": true, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helpers": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.15.4.tgz", + "integrity": "sha512-V45u6dqEJ3w2rlryYYXf6i9rQ5YMNu4FLS6ngs8ikblhu2VdR1AqAd6aJjBzmf2Qzh6KOLqKHxEN9+TFbAkAVQ==", + "dev": true, + "dependencies": { + "@babel/template": "^7.15.4", + "@babel/traverse": "^7.15.4", + "@babel/types": "^7.15.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/highlight": { + "version": "7.14.5", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.14.5.tgz", + "integrity": "sha512-qf9u2WFWVV0MppaL877j2dBtQIDgmidgjGk5VIMw3OadXvYaXn66U1BFlH2t4+t3i+8PhedppRv+i40ABzd+gg==", + "dev": true, + "dependencies": { + "@babel/helper-validator-identifier": "^7.14.5", + "chalk": "^2.0.0", + "js-tokens": "^4.0.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/highlight/node_modules/ansi-styles": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", + "dev": true, + "dependencies": { + "color-convert": "^1.9.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/highlight/node_modules/chalk": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dev": true, + "dependencies": { + "ansi-styles": "^3.2.1", + "escape-string-regexp": "^1.0.5", + "supports-color": "^5.3.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/highlight/node_modules/color-convert": { + "version": "1.9.3", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dev": true, + "dependencies": { + "color-name": "1.1.3" + } + }, + "node_modules/@babel/highlight/node_modules/color-name": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", + "dev": true + }, + "node_modules/@babel/highlight/node_modules/escape-string-regexp": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=", + "dev": true, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/@babel/highlight/node_modules/has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", + "dev": true, + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/highlight/node_modules/supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dev": true, + "dependencies": { + "has-flag": "^3.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/parser": { + "version": "7.15.8", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.15.8.tgz", + "integrity": "sha512-BRYa3wcQnjS/nqI8Ac94pYYpJfojHVvVXJ97+IDCImX4Jc8W8Xv1+47enbruk+q1etOpsQNwnfFcNGw+gtPGxA==", + "dev": true, + "bin": { + "parser": "bin/babel-parser.js" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@babel/template": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.15.4.tgz", + "integrity": "sha512-UgBAfEa1oGuYgDIPM2G+aHa4Nlo9Lh6mGD2bDBGMTbYnc38vulXPuC1MGjYILIEmlwl6Rd+BPR9ee3gm20CBtg==", + "dev": true, + "dependencies": { + "@babel/code-frame": "^7.14.5", + "@babel/parser": "^7.15.4", + "@babel/types": "^7.15.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/traverse": { + "version": "7.15.4", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.15.4.tgz", + "integrity": "sha512-W6lQD8l4rUbQR/vYgSuCAE75ADyyQvOpFVsvPPdkhf6lATXAsQIG9YdtOcu8BB1dZ0LKu+Zo3c1wEcbKeuhdlA==", + "dev": true, + "dependencies": { + "@babel/code-frame": "^7.14.5", + "@babel/generator": "^7.15.4", + "@babel/helper-function-name": "^7.15.4", + "@babel/helper-hoist-variables": "^7.15.4", + "@babel/helper-split-export-declaration": "^7.15.4", + "@babel/parser": "^7.15.4", + "@babel/types": "^7.15.4", + "debug": "^4.1.0", + "globals": "^11.1.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/types": { + "version": "7.15.6", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.15.6.tgz", + "integrity": "sha512-BPU+7QhqNjmWyDO0/vitH/CuhpV8ZmK1wpKva8nuyNF5MJfuRNWMc+hc14+u9xT93kvykMdncrJT19h74uB1Ig==", + "dev": true, + "dependencies": { + "@babel/helper-validator-identifier": "^7.14.9", + "to-fast-properties": "^2.0.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@eslint/eslintrc": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.0.5.tgz", + "integrity": "sha512-BLxsnmK3KyPunz5wmCCpqy0YelEoxxGmH73Is+Z74oOTMtExcjkr3dDR6quwrjh1YspA8DH9gnX1o069KiS9AQ==", + "dev": true, + "dependencies": { + "ajv": "^6.12.4", + "debug": "^4.3.2", + "espree": "^9.2.0", + "globals": "^13.9.0", + "ignore": "^4.0.6", + "import-fresh": "^3.2.1", + "js-yaml": "^4.1.0", + "minimatch": "^3.0.4", + "strip-json-comments": "^3.1.1" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, + "node_modules/@eslint/eslintrc/node_modules/globals": { + "version": "13.12.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.12.0.tgz", + "integrity": "sha512-uS8X6lSKN2JumVoXrbUz+uG4BYG+eiawqm3qFcT7ammfbUHeCBoJMlHcec/S3krSk73/AE/f0szYFmgAA3kYZg==", + "dev": true, + "dependencies": { + "type-fest": "^0.20.2" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@eslint/eslintrc/node_modules/type-fest": { + "version": "0.20.2", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@humanwhocodes/config-array": { + "version": "0.9.2", + "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.9.2.tgz", + "integrity": "sha512-UXOuFCGcwciWckOpmfKDq/GyhlTf9pN/BzG//x8p8zTOFEcGuA68ANXheFS0AGvy3qgZqLBUkMs7hqzqCKOVwA==", + "dev": true, + "dependencies": { + "@humanwhocodes/object-schema": "^1.2.1", + "debug": "^4.1.1", + "minimatch": "^3.0.4" + }, + "engines": { + "node": ">=10.10.0" + } + }, + "node_modules/@humanwhocodes/object-schema": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==", + "dev": true + }, + "node_modules/@istanbuljs/load-nyc-config": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "integrity": "sha512-VjeHSlIzpv/NyD3N0YuHfXOPDIixcA1q2ZV98wsMqcYlPmv2n3Yb2lYP9XMElnaFVXg5A7YLTeLu6V84uQDjmQ==", + "dev": true, + "dependencies": { + "camelcase": "^5.3.1", + "find-up": "^4.1.0", + "get-package-type": "^0.1.0", + "js-yaml": "^3.13.1", + "resolve-from": "^5.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dev": true, + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/camelcase": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "dev": true, + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/schema": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/@node-oauth/formats": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@node-oauth/formats/-/formats-1.0.0.tgz", + "integrity": "sha512-DwSbLtdC8zC5B5gTJkFzJj5s9vr9SGzOgQvV9nH7tUVuMSScg0EswAczhjIapOmH3Y8AyP7C4Jv7b8+QJObWZA==" + }, + "node_modules/@sinonjs/commons": { + "version": "1.8.3", + "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz", + "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ==", + "dev": true, + "dependencies": { + "type-detect": "4.0.8" + } + }, + "node_modules/@sinonjs/fake-timers": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-8.1.0.tgz", + "integrity": "sha512-OAPJUAtgeINhh/TAlUID4QTs53Njm7xzddaVlEs/SXwgtiD1tW22zAB/W1wdqfrpmikgaWQ9Fw6Ws+hsiRm5Vg==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.7.0" + } + }, + "node_modules/@sinonjs/samsam": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-6.0.2.tgz", + "integrity": "sha512-jxPRPp9n93ci7b8hMfJOFDPRLFYadN6FSpeROFTR4UNF4i5b+EK6m4QXPO46BDhFgRy1JuS87zAnFOzCUwMJcQ==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.6.0", + "lodash.get": "^4.4.2", + "type-detect": "^4.0.8" + } + }, + "node_modules/@sinonjs/text-encoding": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.1.tgz", + "integrity": "sha512-+iTbntw2IZPb/anVDbypzfQa+ay64MW0Zo8aJ8gZPWMMK6/OubMVb6lUPMagqjOPnmtauXnFCACVl3O7ogjeqQ==", + "dev": true + }, + "node_modules/@ungap/promise-all-settled": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz", + "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", + "dev": true + }, + "node_modules/acorn": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.6.0.tgz", + "integrity": "sha512-U1riIR+lBSNi3IbxtaHOIKdH8sLFv3NYfNv8sg7ZsNhcfl4HF2++BfqqrNAxoCLQW1iiylOj76ecnaUxz+z9yw==", + "dev": true, + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-jsx": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", + "dev": true, + "peerDependencies": { + "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" + } + }, + "node_modules/aggregate-error": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", + "dev": true, + "dependencies": { + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "dev": true, + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ansi-colors": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/anymatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", + "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", + "dev": true, + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/append-transform": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/append-transform/-/append-transform-2.0.0.tgz", + "integrity": "sha512-7yeyCEurROLQJFv5Xj4lEGTy0borxepjFv1g22oAdqFu//SrAlDl1O1Nxx15SH1RoliUml6p8dwJW9jvZughhg==", + "dev": true, + "dependencies": { + "default-require-extensions": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/archy": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/archy/-/archy-1.0.0.tgz", + "integrity": "sha1-+cjBN1fMHde8N5rHeyxipcKGjEA=", + "dev": true + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true + }, + "node_modules/assertion-error": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==", + "dev": true, + "engines": { + "node": "*" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "node_modules/basic-auth": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz", + "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==", + "dependencies": { + "safe-buffer": "5.1.2" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/binary-extensions": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", + "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/bluebird": { + "version": "3.7.2", + "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz", + "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==" + }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, + "dependencies": { + "fill-range": "^7.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/browser-stdout": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==", + "dev": true + }, + "node_modules/browserslist": { + "version": "4.17.3", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.17.3.tgz", + "integrity": "sha512-59IqHJV5VGdcJZ+GZ2hU5n4Kv3YiASzW6Xk5g9tf5a/MAzGeFwgGWU39fVzNIOVcgB3+Gp+kiQu0HEfTVU/3VQ==", + "dev": true, + "dependencies": { + "caniuse-lite": "^1.0.30001264", + "electron-to-chromium": "^1.3.857", + "escalade": "^3.1.1", + "node-releases": "^1.1.77", + "picocolors": "^0.2.1" + }, + "bin": { + "browserslist": "cli.js" + }, + "engines": { + "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + } + }, + "node_modules/caching-transform": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/caching-transform/-/caching-transform-4.0.0.tgz", + "integrity": "sha512-kpqOvwXnjjN44D89K5ccQC+RUrsy7jB/XLlRrx0D7/2HNcTPqzsb6XgYoErwko6QsV184CA2YgS1fxDiiDZMWA==", + "dev": true, + "dependencies": { + "hasha": "^5.0.0", + "make-dir": "^3.0.0", + "package-hash": "^4.0.0", + "write-file-atomic": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/callsites": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/camelcase": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.2.0.tgz", + "integrity": "sha512-c7wVvbw3f37nuobQNtgsgG9POC9qMbNuMQmTCqZv23b6MIz0fcYpBiOlv9gEN/hdLdnZTDQhg6e9Dq5M1vKvfg==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/caniuse-lite": { + "version": "1.0.30001265", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001265.tgz", + "integrity": "sha512-YzBnspggWV5hep1m9Z6sZVLOt7vrju8xWooFAgN6BA5qvy98qPAPb7vNUzypFaoh2pb3vlfzbDO8tB57UPGbtw==", + "dev": true, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + } + }, + "node_modules/chai": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.4.tgz", + "integrity": "sha512-yS5H68VYOCtN1cjfwumDSuzn/9c+yza4f3reKXlE5rUg7SFcCEy90gJvydNgOYtblyf4Zi6jIWRnXOgErta0KA==", + "dev": true, + "dependencies": { + "assertion-error": "^1.1.0", + "check-error": "^1.0.2", + "deep-eql": "^3.0.1", + "get-func-name": "^2.0.0", + "pathval": "^1.1.1", + "type-detect": "^4.0.5" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/chalk/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/check-error": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz", + "integrity": "sha1-V00xLt2Iu13YkS6Sht1sCu1KrII=", + "dev": true, + "engines": { + "node": "*" + } + }, + "node_modules/chokidar": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.2.tgz", + "integrity": "sha512-ekGhOnNVPgT77r4K/U3GDhu+FQ2S8TnK/s2KbIGXi0SZWuwkZ2QNyfWdZW+TVfn84DpEP7rLeCt2UI6bJ8GwbQ==", + "dev": true, + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/chokidar/node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/clean-stack": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dev": true, + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, + "node_modules/co-bluebird": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/co-bluebird/-/co-bluebird-1.1.0.tgz", + "integrity": "sha1-yLnzqTIKftMJh9zKGlw8/1llXHw=", + "dependencies": { + "bluebird": "^2.10.0", + "co-use": "^1.1.0" + }, + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/co-bluebird/node_modules/bluebird": { + "version": "2.11.0", + "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-2.11.0.tgz", + "integrity": "sha1-U0uQM8AiyVecVro7Plpcqvu2UOE=" + }, + "node_modules/co-use": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/co-use/-/co-use-1.1.0.tgz", + "integrity": "sha1-xrs83xDLc17Kqdru2kbXJclKTmI=", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, + "node_modules/commondir": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz", + "integrity": "sha1-3dgA2gxmEnOTzKWVDqloo6rxJTs=", + "dev": true + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", + "dev": true + }, + "node_modules/convert-source-map": { + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.8.0.tgz", + "integrity": "sha512-+OQdjP49zViI/6i7nIJpA8rAl4sV/JdPfU9nZs3VqOwGIgizICvuN2ru6fMd+4llL0tar18UYJXfZ/TWtmhUjA==", + "dev": true, + "dependencies": { + "safe-buffer": "~5.1.1" + } + }, + "node_modules/cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "dev": true, + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/debug": { + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.2.tgz", + "integrity": "sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==", + "dev": true, + "dependencies": { + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/debug/node_modules/ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, + "node_modules/decamelize": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/deep-eql": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-3.0.1.tgz", + "integrity": "sha512-+QeIQyN5ZuO+3Uk5DYh6/1eKO0m0YmJFGNmFHGACpf1ClL1nmlV/p4gNgbl2pJGxgXb4faqo6UE+M5ACEMyVcw==", + "dev": true, + "dependencies": { + "type-detect": "^4.0.0" + }, + "engines": { + "node": ">=0.12" + } + }, + "node_modules/deep-is": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==", + "dev": true + }, + "node_modules/default-require-extensions": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/default-require-extensions/-/default-require-extensions-3.0.0.tgz", + "integrity": "sha512-ek6DpXq/SCpvjhpFsLFRVtIxJCRw6fUR42lYMVZuUMK7n8eMz4Uh5clckdBjEpLhn/gEBZo7hDJnJcwdKLKQjg==", + "dev": true, + "dependencies": { + "strip-bom": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/diff": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", + "dev": true, + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/doctrine": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==", + "dev": true, + "dependencies": { + "esutils": "^2.0.2" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/electron-to-chromium": { + "version": "1.3.867", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.867.tgz", + "integrity": "sha512-WbTXOv7hsLhjJyl7jBfDkioaY++iVVZomZ4dU6TMe/SzucV6mUAs2VZn/AehBwuZMiNEQDaPuTGn22YK5o+aDw==", + "dev": true + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true + }, + "node_modules/enquirer": { + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.3.6.tgz", + "integrity": "sha512-yjNnPr315/FjS4zIsUxYguYUPP2e1NK4d7E7ZOLiyYCcbFBiTMyID+2wvm2w6+pZ/odMA7cRkjhsPbltwBOrLg==", + "dev": true, + "dependencies": { + "ansi-colors": "^4.1.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/es6-error": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/es6-error/-/es6-error-4.1.1.tgz", + "integrity": "sha512-Um/+FxMr9CISWh0bi5Zv0iOD+4cFh5qLeks1qhAopKVAJw3drgKbKySikp7wGhDL0HPeaja0P5ULZrxLkniUVg==", + "dev": true + }, + "node_modules/escalade": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", + "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint": { + "version": "8.4.1", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.4.1.tgz", + "integrity": "sha512-TxU/p7LB1KxQ6+7aztTnO7K0i+h0tDi81YRY9VzB6Id71kNz+fFYnf5HD5UOQmxkzcoa0TlVZf9dpMtUv0GpWg==", + "dev": true, + "dependencies": { + "@eslint/eslintrc": "^1.0.5", + "@humanwhocodes/config-array": "^0.9.2", + "ajv": "^6.10.0", + "chalk": "^4.0.0", + "cross-spawn": "^7.0.2", + "debug": "^4.3.2", + "doctrine": "^3.0.0", + "enquirer": "^2.3.5", + "escape-string-regexp": "^4.0.0", + "eslint-scope": "^7.1.0", + "eslint-utils": "^3.0.0", + "eslint-visitor-keys": "^3.1.0", + "espree": "^9.2.0", + "esquery": "^1.4.0", + "esutils": "^2.0.2", + "fast-deep-equal": "^3.1.3", + "file-entry-cache": "^6.0.1", + "functional-red-black-tree": "^1.0.1", + "glob-parent": "^6.0.1", + "globals": "^13.6.0", + "ignore": "^4.0.6", + "import-fresh": "^3.0.0", + "imurmurhash": "^0.1.4", + "is-glob": "^4.0.0", + "js-yaml": "^4.1.0", + "json-stable-stringify-without-jsonify": "^1.0.1", + "levn": "^0.4.1", + "lodash.merge": "^4.6.2", + "minimatch": "^3.0.4", + "natural-compare": "^1.4.0", + "optionator": "^0.9.1", + "progress": "^2.0.0", + "regexpp": "^3.2.0", + "semver": "^7.2.1", + "strip-ansi": "^6.0.1", + "strip-json-comments": "^3.1.0", + "text-table": "^0.2.0", + "v8-compile-cache": "^2.0.3" + }, + "bin": { + "eslint": "bin/eslint.js" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint-scope": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.1.0.tgz", + "integrity": "sha512-aWwkhnS0qAXqNOgKOK0dJ2nvzEbhEvpy8OlJ9kZ0FeZnA6zpjv1/Vei+puGFFX7zkPCkHHXb7IDX3A+7yPrRWg==", + "dev": true, + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^5.2.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, + "node_modules/eslint-utils": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "integrity": "sha512-uuQC43IGctw68pJA1RgbQS8/NP7rch6Cwd4j3ZBtgo4/8Flj4eGE7ZYSZRN3iq5pVUv6GPdW5Z1RFleo84uLDA==", + "dev": true, + "dependencies": { + "eslint-visitor-keys": "^2.0.0" + }, + "engines": { + "node": "^10.0.0 || ^12.0.0 || >= 14.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/mysticatea" + }, + "peerDependencies": { + "eslint": ">=5" + } + }, + "node_modules/eslint-utils/node_modules/eslint-visitor-keys": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "integrity": "sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/eslint-visitor-keys": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.1.0.tgz", + "integrity": "sha512-yWJFpu4DtjsWKkt5GeNBBuZMlNcYVs6vRCLoCVEJrTjaSB6LC98gFipNK/erM2Heg/E8mIK+hXG/pJMLK+eRZA==", + "dev": true, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, + "node_modules/eslint/node_modules/globals": { + "version": "13.12.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.12.0.tgz", + "integrity": "sha512-uS8X6lSKN2JumVoXrbUz+uG4BYG+eiawqm3qFcT7ammfbUHeCBoJMlHcec/S3krSk73/AE/f0szYFmgAA3kYZg==", + "dev": true, + "dependencies": { + "type-fest": "^0.20.2" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint/node_modules/semver": { + "version": "7.3.5", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz", + "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==", + "dev": true, + "dependencies": { + "lru-cache": "^6.0.0" + }, + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/eslint/node_modules/type-fest": { + "version": "0.20.2", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/espree": { + "version": "9.2.0", + "resolved": "https://registry.npmjs.org/espree/-/espree-9.2.0.tgz", + "integrity": "sha512-oP3utRkynpZWF/F2x/HZJ+AGtnIclaR7z1pYPxy7NYM2fSO6LgK/Rkny8anRSPK/VwEA1eqm2squui0T7ZMOBg==", + "dev": true, + "dependencies": { + "acorn": "^8.6.0", + "acorn-jsx": "^5.3.1", + "eslint-visitor-keys": "^3.1.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, + "node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "dev": true, + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/esquery": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.4.0.tgz", + "integrity": "sha512-cCDispWt5vHHtwMY2YrAQ4ibFkAL8RbH5YGBnZBc90MolvvfkkQcJro/aZiAQUlQ3qgrYS6D6v8Gc5G5CQsc9w==", + "dev": true, + "dependencies": { + "estraverse": "^5.1.0" + }, + "engines": { + "node": ">=0.10" + } + }, + "node_modules/esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "dev": true, + "dependencies": { + "estraverse": "^5.2.0" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "dev": true, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "dev": true + }, + "node_modules/fast-json-stable-stringify": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==", + "dev": true + }, + "node_modules/fast-levenshtein": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=", + "dev": true + }, + "node_modules/file-entry-cache": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "integrity": "sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==", + "dev": true, + "dependencies": { + "flat-cache": "^3.0.4" + }, + "engines": { + "node": "^10.12.0 || >=12.0.0" + } + }, + "node_modules/fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/find-cache-dir": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-3.3.2.tgz", + "integrity": "sha512-wXZV5emFEjrridIgED11OoUKLxiYjAcqot/NJdAkOhlJ+vGzwhOAfcG5OX1jP+S0PcjEn8bdMJv+g2jwQ3Onig==", + "dev": true, + "dependencies": { + "commondir": "^1.0.1", + "make-dir": "^3.0.2", + "pkg-dir": "^4.1.0" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/avajs/find-cache-dir?sponsor=1" + } + }, + "node_modules/find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/flat": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==", + "dev": true, + "bin": { + "flat": "cli.js" + } + }, + "node_modules/flat-cache": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.0.4.tgz", + "integrity": "sha512-dm9s5Pw7Jc0GvMYbshN6zchCA9RgQlzzEZX3vylR9IqFfS8XciblUXOKfW6SiuJ0e13eDYZoZV5wdrev7P3Nwg==", + "dev": true, + "dependencies": { + "flatted": "^3.1.0", + "rimraf": "^3.0.2" + }, + "engines": { + "node": "^10.12.0 || >=12.0.0" + } + }, + "node_modules/flatted": { + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.2.4.tgz", + "integrity": "sha512-8/sOawo8tJ4QOBX8YlQBMxL8+RLZfxMQOif9o0KUKTNTjMYElWPE0r/m5VNFxTRd0NSw8qSy8dajrwX4RYI1Hw==", + "dev": true + }, + "node_modules/foreground-child": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-2.0.0.tgz", + "integrity": "sha512-dCIq9FpEcyQyXKCkyzmlPTFNgrCzPudOe+mhvJU5zAtlBnGVy2yKxtfsxK2tQBThwq225jcvBjpw1Gr40uzZCA==", + "dev": true, + "dependencies": { + "cross-spawn": "^7.0.0", + "signal-exit": "^3.0.2" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/fromentries": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/fromentries/-/fromentries-1.3.2.tgz", + "integrity": "sha512-cHEpEQHUg0f8XdtZCc2ZAhrHzKzT0MrFUTcvx+hfxYu7rGMDc5SKoXFh+n4YigxsHXRzc6OrCshdR1bWH6HHyg==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", + "dev": true + }, + "node_modules/fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/functional-red-black-tree": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", + "integrity": "sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc=", + "dev": true + }, + "node_modules/gensync": { + "version": "1.0.0-beta.2", + "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", + "dev": true, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "dev": true, + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, + "node_modules/get-func-name": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz", + "integrity": "sha1-6td0q+5y4gQJQzoGY2YCPdaIekE=", + "dev": true, + "engines": { + "node": "*" + } + }, + "node_modules/get-package-type": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==", + "dev": true, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/glob": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", + "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==", + "dev": true, + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/glob-parent": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "dev": true, + "dependencies": { + "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/globals": { + "version": "11.12.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==", + "dev": true, + "engines": { + "node": ">=4" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.8.tgz", + "integrity": "sha512-qkIilPUYcNhJpd33n0GBXTB1MMPp14TxEsEs0pTrsSVucApsYzW5V+Q8Qxhik6KU3evy+qkAAowTByymK0avdg==", + "dev": true + }, + "node_modules/growl": { + "version": "1.10.5", + "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz", + "integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==", + "dev": true, + "engines": { + "node": ">=4.x" + } + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/hasha": { + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/hasha/-/hasha-5.2.2.tgz", + "integrity": "sha512-Hrp5vIK/xr5SkeN2onO32H0MgNZ0f17HRNH39WfL0SYUNOTZ5Lz1TJ8Pajo/87dYGEFlLMm7mIc/k/s6Bvz9HQ==", + "dev": true, + "dependencies": { + "is-stream": "^2.0.0", + "type-fest": "^0.8.0" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/he": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "dev": true, + "bin": { + "he": "bin/he" + } + }, + "node_modules/html-escaper": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==", + "dev": true + }, + "node_modules/ignore": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==", + "dev": true, + "engines": { + "node": ">= 4" + } + }, + "node_modules/import-fresh": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "integrity": "sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==", + "dev": true, + "dependencies": { + "parent-module": "^1.0.0", + "resolve-from": "^4.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/import-fresh/node_modules/resolve-from": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==", + "dev": true, + "engines": { + "node": ">=4" + } + }, + "node_modules/imurmurhash": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o=", + "dev": true, + "engines": { + "node": ">=0.8.19" + } + }, + "node_modules/indent-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", + "dev": true, + "dependencies": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-generator": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-generator/-/is-generator-1.0.3.tgz", + "integrity": "sha1-wUwhBX7TbjKNuANHlmxpP4hjifM=" + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true, + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-plain-obj": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "dev": true, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-typedarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz", + "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=", + "dev": true + }, + "node_modules/is-unicode-supported": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-windows": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", + "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/isarray": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", + "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=", + "dev": true + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=", + "dev": true + }, + "node_modules/istanbul-lib-coverage": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.0.2.tgz", + "integrity": "sha512-o5+eTUYzCJ11/+JhW5/FUCdfsdoYVdQ/8I/OveE2XsjehYn5DdeSnNQAbjYaO8gQ6hvGTN6GM6ddQqpTVG5j8g==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/istanbul-lib-hook": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/istanbul-lib-hook/-/istanbul-lib-hook-3.0.0.tgz", + "integrity": "sha512-Pt/uge1Q9s+5VAZ+pCo16TYMWPBIl+oaNIjgLQxcX0itS6ueeaA+pEfThZpH8WxhFgCiEb8sAJY6MdUKgiIWaQ==", + "dev": true, + "dependencies": { + "append-transform": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/istanbul-lib-instrument": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-4.0.3.tgz", + "integrity": "sha512-BXgQl9kf4WTCPCCpmFGoJkz/+uhvm7h7PFKUYxh7qarQd3ER33vHG//qaE8eN25l07YqZPpHXU9I09l/RD5aGQ==", + "dev": true, + "dependencies": { + "@babel/core": "^7.7.5", + "@istanbuljs/schema": "^0.1.2", + "istanbul-lib-coverage": "^3.0.0", + "semver": "^6.3.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/istanbul-lib-processinfo": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/istanbul-lib-processinfo/-/istanbul-lib-processinfo-2.0.2.tgz", + "integrity": "sha512-kOwpa7z9hme+IBPZMzQ5vdQj8srYgAtaRqeI48NGmAQ+/5yKiHLV0QbYqQpxsdEF0+w14SoB8YbnHKcXE2KnYw==", + "dev": true, + "dependencies": { + "archy": "^1.0.0", + "cross-spawn": "^7.0.0", + "istanbul-lib-coverage": "^3.0.0-alpha.1", + "make-dir": "^3.0.0", + "p-map": "^3.0.0", + "rimraf": "^3.0.0", + "uuid": "^3.3.3" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/istanbul-lib-report": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.0.tgz", + "integrity": "sha512-wcdi+uAKzfiGT2abPpKZ0hSU1rGQjUQnLvtY5MpQ7QCTahD3VODhcu4wcfY1YtkGaDD5yuydOLINXsfbus9ROw==", + "dev": true, + "dependencies": { + "istanbul-lib-coverage": "^3.0.0", + "make-dir": "^3.0.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/istanbul-lib-report/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/istanbul-lib-source-maps": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "integrity": "sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==", + "dev": true, + "dependencies": { + "debug": "^4.1.1", + "istanbul-lib-coverage": "^3.0.0", + "source-map": "^0.6.1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/istanbul-lib-source-maps/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/istanbul-reports": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "integrity": "sha512-bFjUnc95rHjdCR63WMHUS7yfJJh8T9IPSWavvR02hhjVwezWALZ5axF9EqjmwZHpXqkzbgAMP8DmAtiyNxrdrQ==", + "dev": true, + "dependencies": { + "html-escaper": "^2.0.0", + "istanbul-lib-report": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "dev": true + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dev": true, + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/jsesc": { + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", + "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==", + "dev": true, + "bin": { + "jsesc": "bin/jsesc" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "dev": true + }, + "node_modules/json-stable-stringify-without-jsonify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=", + "dev": true + }, + "node_modules/json5": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.0.tgz", + "integrity": "sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA==", + "dev": true, + "dependencies": { + "minimist": "^1.2.5" + }, + "bin": { + "json5": "lib/cli.js" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/just-extend": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-4.2.1.tgz", + "integrity": "sha512-g3UB796vUFIY90VIv/WX3L2c8CS2MdWUww3CNrYmqza1Fg0DURc2K/O4YrnklBdQarSJ/y8JnJYDGc+1iumQjg==", + "dev": true + }, + "node_modules/levn": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==", + "dev": true, + "dependencies": { + "prelude-ls": "^1.2.1", + "type-check": "~0.4.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lodash.flattendeep": { + "version": "4.4.0", + "resolved": "https://registry.npmjs.org/lodash.flattendeep/-/lodash.flattendeep-4.4.0.tgz", + "integrity": "sha1-+wMJF/hqMTTlvJvsDWngAT3f7bI=", + "dev": true + }, + "node_modules/lodash.get": { + "version": "4.4.2", + "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=", + "dev": true + }, + "node_modules/lodash.merge": { + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", + "dev": true + }, + "node_modules/log-symbols": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==", + "dev": true, + "dependencies": { + "chalk": "^4.1.0", + "is-unicode-supported": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dev": true, + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/make-dir": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz", + "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==", + "dev": true, + "dependencies": { + "semver": "^6.0.0" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/media-typer": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-db": { + "version": "1.50.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.50.0.tgz", + "integrity": "sha512-9tMZCDlYHqeERXEHO9f/hKfNXhre5dK2eE/krIvUjZbS2KPcqGDfNShIWS1uW9XOTKQKqK6qbeOci18rbfW77A==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.33", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.33.tgz", + "integrity": "sha512-plLElXp7pRDd0bNZHw+nMd52vRYjLwQjygaNg7ddJ2uJtTlmnTCjWuPKxVu6//AdaRuME84SvLW91sIkBqGT0g==", + "dependencies": { + "mime-db": "1.50.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/minimatch": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", + "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "dev": true, + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/minimist": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", + "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", + "dev": true + }, + "node_modules/mocha": { + "version": "9.1.2", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-9.1.2.tgz", + "integrity": "sha512-ta3LtJ+63RIBP03VBjMGtSqbe6cWXRejF9SyM9Zyli1CKZJZ+vfCTj3oW24V7wAphMJdpOFLoMI3hjJ1LWbs0w==", + "dev": true, + "dependencies": { + "@ungap/promise-all-settled": "1.1.2", + "ansi-colors": "4.1.1", + "browser-stdout": "1.3.1", + "chokidar": "3.5.2", + "debug": "4.3.2", + "diff": "5.0.0", + "escape-string-regexp": "4.0.0", + "find-up": "5.0.0", + "glob": "7.1.7", + "growl": "1.10.5", + "he": "1.2.0", + "js-yaml": "4.1.0", + "log-symbols": "4.1.0", + "minimatch": "3.0.4", + "ms": "2.1.3", + "nanoid": "3.1.25", + "serialize-javascript": "6.0.0", + "strip-json-comments": "3.1.1", + "supports-color": "8.1.1", + "which": "2.0.2", + "workerpool": "6.1.5", + "yargs": "16.2.0", + "yargs-parser": "20.2.4", + "yargs-unparser": "2.0.0" + }, + "bin": { + "_mocha": "bin/_mocha", + "mocha": "bin/mocha" + }, + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/mochajs" + } + }, + "node_modules/mocha/node_modules/glob": { + "version": "7.1.7", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.7.tgz", + "integrity": "sha512-OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ==", + "dev": true, + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true + }, + "node_modules/nanoid": { + "version": "3.1.25", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.25.tgz", + "integrity": "sha512-rdwtIXaXCLFAQbnfqDRnI6jaRHp9fTcYBjtFKE8eezcZ7LuLjhUaQGNeMXf1HmRoCH32CLz6XwX0TtxEOS/A3Q==", + "dev": true, + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/natural-compare": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "integrity": "sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=", + "dev": true + }, + "node_modules/nise": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/nise/-/nise-5.1.0.tgz", + "integrity": "sha512-W5WlHu+wvo3PaKLsJJkgPup2LrsXCcm7AWwyNZkUnn5rwPkuPBi3Iwk5SQtN0mv+K65k7nKKjwNQ30wg3wLAQQ==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.7.0", + "@sinonjs/fake-timers": "^7.0.4", + "@sinonjs/text-encoding": "^0.7.1", + "just-extend": "^4.0.2", + "path-to-regexp": "^1.7.0" + } + }, + "node_modules/nise/node_modules/@sinonjs/fake-timers": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-7.1.2.tgz", + "integrity": "sha512-iQADsW4LBMISqZ6Ci1dupJL9pprqwcVFTcOsEmQOEhW+KLCVn/Y4Jrvg2k19fIHCp+iFprriYPTdRcQR8NbUPg==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.7.0" + } + }, + "node_modules/node-preload": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/node-preload/-/node-preload-0.2.1.tgz", + "integrity": "sha512-RM5oyBy45cLEoHqCeh+MNuFAxO0vTFBLskvQbOKnEE7YTTSN4tbN8QWDIPQ6L+WvKsB/qLEGpYe2ZZ9d4W9OIQ==", + "dev": true, + "dependencies": { + "process-on-spawn": "^1.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/node-releases": { + "version": "1.1.77", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-1.1.77.tgz", + "integrity": "sha512-rB1DUFUNAN4Gn9keO2K1efO35IDK7yKHCdCaIMvFO7yUYmmZYeDjnGKle26G4rwj+LKRQpjyUUvMkPglwGCYNQ==", + "dev": true + }, + "node_modules/normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/nyc": { + "version": "15.1.0", + "resolved": "https://registry.npmjs.org/nyc/-/nyc-15.1.0.tgz", + "integrity": "sha512-jMW04n9SxKdKi1ZMGhvUTHBN0EICCRkHemEoE5jm6mTYcqcdas0ATzgUgejlQUHMvpnOZqGB5Xxsv9KxJW1j8A==", + "dev": true, + "dependencies": { + "@istanbuljs/load-nyc-config": "^1.0.0", + "@istanbuljs/schema": "^0.1.2", + "caching-transform": "^4.0.0", + "convert-source-map": "^1.7.0", + "decamelize": "^1.2.0", + "find-cache-dir": "^3.2.0", + "find-up": "^4.1.0", + "foreground-child": "^2.0.0", + "get-package-type": "^0.1.0", + "glob": "^7.1.6", + "istanbul-lib-coverage": "^3.0.0", + "istanbul-lib-hook": "^3.0.0", + "istanbul-lib-instrument": "^4.0.0", + "istanbul-lib-processinfo": "^2.0.2", + "istanbul-lib-report": "^3.0.0", + "istanbul-lib-source-maps": "^4.0.0", + "istanbul-reports": "^3.0.2", + "make-dir": "^3.0.0", + "node-preload": "^0.2.1", + "p-map": "^3.0.0", + "process-on-spawn": "^1.0.0", + "resolve-from": "^5.0.0", + "rimraf": "^3.0.0", + "signal-exit": "^3.0.2", + "spawn-wrap": "^2.0.0", + "test-exclude": "^6.0.0", + "yargs": "^15.0.2" + }, + "bin": { + "nyc": "bin/nyc.js" + }, + "engines": { + "node": ">=8.9" + } + }, + "node_modules/nyc/node_modules/camelcase": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/nyc/node_modules/cliui": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz", + "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==", + "dev": true, + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^6.2.0" + } + }, + "node_modules/nyc/node_modules/decamelize": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", + "integrity": "sha1-9lNNFRSCabIDUue+4m9QH5oZEpA=", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/nyc/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/nyc/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/nyc/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/nyc/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/nyc/node_modules/wrap-ansi": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/nyc/node_modules/y18n": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz", + "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==", + "dev": true + }, + "node_modules/nyc/node_modules/yargs": { + "version": "15.4.1", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz", + "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==", + "dev": true, + "dependencies": { + "cliui": "^6.0.0", + "decamelize": "^1.2.0", + "find-up": "^4.1.0", + "get-caller-file": "^2.0.1", + "require-directory": "^2.1.1", + "require-main-filename": "^2.0.0", + "set-blocking": "^2.0.0", + "string-width": "^4.2.0", + "which-module": "^2.0.0", + "y18n": "^4.0.0", + "yargs-parser": "^18.1.2" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/nyc/node_modules/yargs-parser": { + "version": "18.1.3", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz", + "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==", + "dev": true, + "dependencies": { + "camelcase": "^5.0.0", + "decamelize": "^1.2.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", + "dev": true, + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/optionator": { + "version": "0.9.1", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz", + "integrity": "sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==", + "dev": true, + "dependencies": { + "deep-is": "^0.1.3", + "fast-levenshtein": "^2.0.6", + "levn": "^0.4.1", + "prelude-ls": "^1.2.1", + "type-check": "^0.4.0", + "word-wrap": "^1.2.3" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-map": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/p-map/-/p-map-3.0.0.tgz", + "integrity": "sha512-d3qXVTF/s+W+CdJ5A29wywV2n8CQQYahlgz2bFiA+4eVNJbHJodPZ+/gXwPGh0bOqA+j8S+6+ckmvLGPk1QpxQ==", + "dev": true, + "dependencies": { + "aggregate-error": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/package-hash": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/package-hash/-/package-hash-4.0.0.tgz", + "integrity": "sha512-whdkPIooSu/bASggZ96BWVvZTRMOFxnyUG5PnTSGKoJE2gd5mbVNmR2Nj20QFzxYYgAXpoqC+AiXzl+UMRh7zQ==", + "dev": true, + "dependencies": { + "graceful-fs": "^4.1.15", + "hasha": "^5.0.0", + "lodash.flattendeep": "^4.4.0", + "release-zalgo": "^1.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/parent-module": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", + "dev": true, + "dependencies": { + "callsites": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/path-to-regexp": { + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz", + "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==", + "dev": true, + "dependencies": { + "isarray": "0.0.1" + } + }, + "node_modules/pathval": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "integrity": "sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==", + "dev": true, + "engines": { + "node": "*" + } + }, + "node_modules/picocolors": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-0.2.1.tgz", + "integrity": "sha512-cMlDqaLEqfSaW8Z7N5Jw+lyIW869EzT73/F5lhtY9cLGoVxSXznfgfXMO0Z5K0o0Q2TkTXq+0KFsdnSe3jDViA==", + "dev": true + }, + "node_modules/picomatch": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.0.tgz", + "integrity": "sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw==", + "dev": true, + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/pkg-dir": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", + "dev": true, + "dependencies": { + "find-up": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/pkg-dir/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/prelude-ls": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==", + "dev": true, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/process-on-spawn": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/process-on-spawn/-/process-on-spawn-1.0.0.tgz", + "integrity": "sha512-1WsPDsUSMmZH5LeMLegqkPDrsGgsWwk1Exipy2hvB0o/F0ASzbpIctSCcZIK1ykJvtTJULEH+20WOFjMvGnCTg==", + "dev": true, + "dependencies": { + "fromentries": "^1.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/progress": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", + "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==", + "dev": true, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/promisify-any": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/promisify-any/-/promisify-any-2.0.1.tgz", + "integrity": "sha1-QD4AqIE/F1JCq1D+M6afjuzkcwU=", + "dependencies": { + "bluebird": "^2.10.0", + "co-bluebird": "^1.1.0", + "is-generator": "^1.0.2" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/promisify-any/node_modules/bluebird": { + "version": "2.11.0", + "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-2.11.0.tgz", + "integrity": "sha1-U0uQM8AiyVecVro7Plpcqvu2UOE=" + }, + "node_modules/punycode": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", + "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/randombytes": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "dev": true, + "dependencies": { + "safe-buffer": "^5.1.0" + } + }, + "node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dev": true, + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, + "node_modules/regexpp": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "integrity": "sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==", + "dev": true, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/mysticatea" + } + }, + "node_modules/release-zalgo": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/release-zalgo/-/release-zalgo-1.0.0.tgz", + "integrity": "sha1-CXALflB0Mpc5Mw5TXFqQ+2eFFzA=", + "dev": true, + "dependencies": { + "es6-error": "^4.0.1" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/require-main-filename": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", + "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==", + "dev": true + }, + "node_modules/resolve-from": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/rimraf": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", + "dev": true, + "dependencies": { + "glob": "^7.1.3" + }, + "bin": { + "rimraf": "bin.js" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/safe-buffer": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" + }, + "node_modules/semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "dev": true, + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/serialize-javascript": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "integrity": "sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==", + "dev": true, + "dependencies": { + "randombytes": "^2.1.0" + } + }, + "node_modules/set-blocking": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", + "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=", + "dev": true + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dev": true, + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/signal-exit": { + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.5.tgz", + "integrity": "sha512-KWcOiKeQj6ZyXx7zq4YxSMgHRlod4czeBQZrPb8OKcohcqAXShm7E20kEMle9WBt26hFcAf0qLOcp5zmY7kOqQ==", + "dev": true + }, + "node_modules/sinon": { + "version": "12.0.1", + "resolved": "https://registry.npmjs.org/sinon/-/sinon-12.0.1.tgz", + "integrity": "sha512-iGu29Xhym33ydkAT+aNQFBINakjq69kKO6ByPvTsm3yyIACfyQttRTP03aBP/I8GfhFmLzrnKwNNkr0ORb1udg==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.8.3", + "@sinonjs/fake-timers": "^8.1.0", + "@sinonjs/samsam": "^6.0.2", + "diff": "^5.0.0", + "nise": "^5.1.0", + "supports-color": "^7.2.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/sinon" + } + }, + "node_modules/sinon/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/source-map": { + "version": "0.5.7", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", + "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/spawn-wrap": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/spawn-wrap/-/spawn-wrap-2.0.0.tgz", + "integrity": "sha512-EeajNjfN9zMnULLwhZZQU3GWBoFNkbngTUPfaawT4RkMiviTxcX0qfhVbGey39mfctfDHkWtuecgQ8NJcyQWHg==", + "dev": true, + "dependencies": { + "foreground-child": "^2.0.0", + "is-windows": "^1.0.2", + "make-dir": "^3.0.0", + "rimraf": "^3.0.0", + "signal-exit": "^3.0.2", + "which": "^2.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=", + "dev": true + }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-bom": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "integrity": "sha512-3xurFv5tEgii33Zi8Jtp55wEIILR9eh34FAW00PZf+JnSsTmV/ioewSgQl97JHvgjoRGwPShsWm+IdrxB35d0w==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "dev": true, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dev": true, + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/test-exclude": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "integrity": "sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==", + "dev": true, + "dependencies": { + "@istanbuljs/schema": "^0.1.2", + "glob": "^7.1.4", + "minimatch": "^3.0.4" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/text-table": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=", + "dev": true + }, + "node_modules/to-fast-properties": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", + "integrity": "sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=", + "dev": true, + "engines": { + "node": ">=4" + } + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/type-check": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==", + "dev": true, + "dependencies": { + "prelude-ls": "^1.2.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/type-detect": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==", + "dev": true, + "engines": { + "node": ">=4" + } + }, + "node_modules/type-fest": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/type-is": { + "version": "1.6.18", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "dependencies": { + "media-typer": "0.3.0", + "mime-types": "~2.1.24" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/typedarray-to-buffer": { + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz", + "integrity": "sha512-zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q==", + "dev": true, + "dependencies": { + "is-typedarray": "^1.0.0" + } + }, + "node_modules/uri-js": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "dev": true, + "dependencies": { + "punycode": "^2.1.0" + } + }, + "node_modules/uuid": { + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", + "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==", + "deprecated": "Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.", + "dev": true, + "bin": { + "uuid": "bin/uuid" + } + }, + "node_modules/v8-compile-cache": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.3.0.tgz", + "integrity": "sha512-l8lCEmLcLYZh4nbunNZvQCJc5pv7+RCwa8q/LdUx8u7lsWvPDKmpodJAJNwkAhJC//dFY48KuIEmjtd4RViDrA==", + "dev": true + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dev": true, + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/which-module": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz", + "integrity": "sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=", + "dev": true + }, + "node_modules/word-wrap": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz", + "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/workerpool": { + "version": "6.1.5", + "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.1.5.tgz", + "integrity": "sha512-XdKkCK0Zqc6w3iTxLckiuJ81tiD/o5rBE/m+nXpRCB+/Sq4DqkfXZ/x0jW02DG1tGsfUGXbTJyZDP+eu67haSw==", + "dev": true + }, + "node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "dev": true + }, + "node_modules/write-file-atomic": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-3.0.3.tgz", + "integrity": "sha512-AvHcyZ5JnSfq3ioSyjrBkH9yW4m7Ayk8/9My/DD9onKeu/94fwrMocemO2QAJFAlnnDN+ZDS+ZjAR5ua1/PV/Q==", + "dev": true, + "dependencies": { + "imurmurhash": "^0.1.4", + "is-typedarray": "^1.0.0", + "signal-exit": "^3.0.2", + "typedarray-to-buffer": "^3.1.5" + } + }, + "node_modules/y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "dev": true + }, + "node_modules/yargs": { + "version": "16.2.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", + "dev": true, + "dependencies": { + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.0", + "y18n": "^5.0.5", + "yargs-parser": "^20.2.2" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/yargs-parser": { + "version": "20.2.4", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/yargs-unparser": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==", + "dev": true, + "dependencies": { + "camelcase": "^6.0.0", + "decamelize": "^4.0.0", + "flat": "^5.0.2", + "is-plain-obj": "^2.1.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + } + }, "dependencies": { "@babel/code-frame": { "version": "7.15.8", @@ -493,7 +3836,8 @@ "version": "5.3.2", "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", - "dev": true + "dev": true, + "requires": {} }, "aggregate-error": { "version": "3.1.0", diff --git a/package.json b/package.json index c0deb377..6412497e 100644 --- a/package.json +++ b/package.json @@ -1,66 +1,67 @@ { - "name": "@node-oauth/oauth2-server", - "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", - "version": "4.1.1", - "keywords": [ - "oauth", - "oauth2" - ], - "contributors": [ - "Thom Seddon ", - "Lars F. Karlström ", - "Rui Marinho ", - "Tiago Ribeiro ", - "Michael Salinger ", - "Nuno Sousa", - "Max Truxa", - "Daniel Reguero" - ], - "main": "index.js", - "types": "index.d.ts", - "files": [ - "index.js", - "index.d.ts", - "lib" - ], - "dependencies": { - "@node-oauth/formats": "^1.0.0", - "basic-auth": "2.0.1", - "bluebird": "3.7.2", - "promisify-any": "2.0.1", - "type-is": "1.6.18" - }, - "devDependencies": { - "chai": "^4.3.4", - "eslint": "^8.0.0", - "mocha": "^9.1.2", - "nyc": "^15.1.0", - "sinon": "^12.0.1" - }, - "license": "MIT", - "engines": { - "node": ">=12.0.0" - }, - "scripts": { - "pretest": "./node_modules/.bin/eslint lib test index.js", - "test": "NODE_ENV=test ./node_modules/.bin/mocha 'test/**/*_test.js'", - "test-debug": "NODE_ENV=test ./node_modules/.bin/mocha --inspect --debug-brk 'test/**/*_test.js'", - "test:watch": "NODE_ENV=test ./node_modules/.bin/mocha --watch 'test/**/*_test.js'", - "test:coverage": "NODE_ENV=test nyc --reporter=html --reporter=text ./node_modules/.bin/mocha 'test/**/*_test.js'", - "lint": "npx eslint .", - "lint:fix": "npx eslint . --fix" - }, - "repository": { - "type": "git", - "url": "git+https://github.com/node-oauth/node-oauth2-server.git" - }, - "bugs": { - "url": "https://github.com/node-oauth/node-oauth2-server/issues" - }, - "homepage": "https://github.com/node-oauth/node-oauth2-server#readme", - "directories": { - "doc": "docs", - "lib": "lib", - "test": "test" + "name": "@node-oauth/oauth2-server", + "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", + "version": "4.1.1", + "keywords": [ + "oauth", + "oauth2" + ], + "contributors": [ + "Thom Seddon ", + "Lars F. Karlström ", + "Rui Marinho ", + "Tiago Ribeiro ", + "Michael Salinger ", + "Nuno Sousa", + "Max Truxa", + "Daniel Reguero" + ], + "main": "index.js", + "types": "index.d.ts", + "files": [ + "index.js", + "index.d.ts", + "lib" + ], + "dependencies": { + "@node-oauth/formats": "^1.0.0", + "basic-auth": "2.0.1", + "bluebird": "3.7.2", + "promisify-any": "2.0.1", + "type-is": "1.6.18" + }, + "devDependencies": { + "chai": "^4.3.4", + "eslint": "^8.0.0", + "mocha": "^9.1.2", + "nyc": "^15.1.0", + "sinon": "^12.0.1" + }, + "license": "MIT", + "engines": { + "node": ">=12.0.0" + }, + "scripts": { + "pretest": "./node_modules/.bin/eslint lib test index.js", + "test": "NODE_ENV=test ./node_modules/.bin/mocha 'test/**/*_test.js'", + "test-debug": "NODE_ENV=test ./node_modules/.bin/mocha --inspect --debug-brk 'test/**/*_test.js'", + "test:watch": "NODE_ENV=test ./node_modules/.bin/mocha --watch 'test/**/*_test.js'", + "test:coverage": "NODE_ENV=test nyc --reporter=html --reporter=text ./node_modules/.bin/mocha 'test/**/*_test.js'", + "lint": "npx eslint .", + "lint:fix": "npx eslint . --fix" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/node-oauth/node-oauth2-server.git" + }, + "bugs": { + "url": "https://github.com/node-oauth/node-oauth2-server/issues" + }, + "homepage": "https://github.com/node-oauth/node-oauth2-server#readme", + "directories": { + "doc": "docs", + "lib": "lib", + "test": "test" + } } -} + \ No newline at end of file From c73b5b26cfa59e4fbecf3391bb4b4d5b6329b01b Mon Sep 17 00:00:00 2001 From: "daniel.santos" Date: Sat, 18 Dec 2021 23:33:54 -0300 Subject: [PATCH 04/86] change Object.assign to spread operator --- lib/errors/access-denied-error.js | 12 +++++------- lib/errors/insufficient-scope-error.js | 12 +++++------- lib/errors/invalid-argument-error.js | 12 +++++------- lib/errors/invalid-client-error.js | 12 +++++------- lib/errors/invalid-grant-error.js | 12 +++++------- lib/errors/invalid-request-error.js | 12 +++++------- lib/errors/invalid-scope-error.js | 12 +++++------- lib/errors/invalid-token-error.js | 12 +++++------- lib/errors/oauth-error.js | 2 +- lib/errors/server-error.js | 12 +++++------- lib/errors/unauthorized-client-error.js | 12 +++++------- lib/errors/unauthorized-request-error.js | 12 +++++------- lib/errors/unsupported-grant-type-error.js | 12 +++++------- lib/errors/unsupported-response-type-error.js | 12 +++++------- 14 files changed, 66 insertions(+), 92 deletions(-) diff --git a/lib/errors/access-denied-error.js b/lib/errors/access-denied-error.js index 82092b8c..614235c7 100644 --- a/lib/errors/access-denied-error.js +++ b/lib/errors/access-denied-error.js @@ -16,13 +16,11 @@ const OAuthError = require('./oauth-error'); class AccessDeniedError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'access_denied', - }, - properties - ); + properties = { + code: 400, + name: 'access_denied', + ...properties + }; super(message, properties); } diff --git a/lib/errors/insufficient-scope-error.js b/lib/errors/insufficient-scope-error.js index fc5542de..3125c75e 100644 --- a/lib/errors/insufficient-scope-error.js +++ b/lib/errors/insufficient-scope-error.js @@ -16,13 +16,11 @@ const OAuthError = require('./oauth-error'); class InsufficientScopeError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 403, - name: 'insufficient_scope', - }, - properties - ); + properties = { + code: 403, + name: 'insufficient_scope', + ...properties + }; super(message, properties); } diff --git a/lib/errors/invalid-argument-error.js b/lib/errors/invalid-argument-error.js index ec0547a3..9c9cfc52 100644 --- a/lib/errors/invalid-argument-error.js +++ b/lib/errors/invalid-argument-error.js @@ -12,13 +12,11 @@ const OAuthError = require('./oauth-error'); class InvalidArgumentError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 500, - name: 'invalid_argument', - }, - properties - ); + properties = { + code: 500, + name: 'invalid_argument', + ...properties + }; super(message, properties); } diff --git a/lib/errors/invalid-client-error.js b/lib/errors/invalid-client-error.js index daef881b..a1874d82 100644 --- a/lib/errors/invalid-client-error.js +++ b/lib/errors/invalid-client-error.js @@ -17,13 +17,11 @@ const OAuthError = require('./oauth-error'); class InvalidClientError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'invalid_client', - }, - properties - ); + properties = { + code: 400, + name: 'invalid_client', + ...properties + }; super(message, properties); } diff --git a/lib/errors/invalid-grant-error.js b/lib/errors/invalid-grant-error.js index 9d1a775d..4beade93 100644 --- a/lib/errors/invalid-grant-error.js +++ b/lib/errors/invalid-grant-error.js @@ -18,13 +18,11 @@ const OAuthError = require('./oauth-error'); class InvalidGrantError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'invalid_grant', - }, - properties - ); + properties = { + code: 400, + name: 'invalid_grant', + ...properties + }; super(message, properties); } diff --git a/lib/errors/invalid-request-error.js b/lib/errors/invalid-request-error.js index 1cf0b352..0b861019 100644 --- a/lib/errors/invalid-request-error.js +++ b/lib/errors/invalid-request-error.js @@ -17,13 +17,11 @@ const OAuthError = require('./oauth-error'); class InvalidRequest extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'invalid_request', - }, - properties - ); + properties = { + code: 400, + name: 'invalid_request', + ...properties + }; super(message, properties); } diff --git a/lib/errors/invalid-scope-error.js b/lib/errors/invalid-scope-error.js index 52eca82c..fec5d826 100644 --- a/lib/errors/invalid-scope-error.js +++ b/lib/errors/invalid-scope-error.js @@ -16,13 +16,11 @@ const OAuthError = require('./oauth-error'); class InvalidScopeError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'invalid_scope', - }, - properties - ); + properties = { + code: 400, + name: 'invalid_scope', + ...properties + }; super(message, properties); } diff --git a/lib/errors/invalid-token-error.js b/lib/errors/invalid-token-error.js index b2d7861d..481717be 100644 --- a/lib/errors/invalid-token-error.js +++ b/lib/errors/invalid-token-error.js @@ -16,13 +16,11 @@ const OAuthError = require('./oauth-error'); class InvalidTokenError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 401, - name: 'invalid_token', - }, - properties - ); + properties = { + code: 401, + name: 'invalid_token', + ...properties + }; super(message, properties); } diff --git a/lib/errors/oauth-error.js b/lib/errors/oauth-error.js index 9a3e63d3..ac038d0e 100644 --- a/lib/errors/oauth-error.js +++ b/lib/errors/oauth-error.js @@ -16,7 +16,7 @@ class OAuthError extends Error { properties = {}; } - properties = Object.assign({ code: 500 }, properties); + properties = { code: 500, ...properties }; if (error) { properties.inner = error; diff --git a/lib/errors/server-error.js b/lib/errors/server-error.js index 5d1c83c3..2b9fc8c7 100644 --- a/lib/errors/server-error.js +++ b/lib/errors/server-error.js @@ -16,13 +16,11 @@ const OAuthError = require('./oauth-error'); class ServerError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 503, - name: 'server_error', - }, - properties - ); + properties = { + code: 503, + name: 'server_error', + ...properties + }; super(message, properties); } diff --git a/lib/errors/unauthorized-client-error.js b/lib/errors/unauthorized-client-error.js index d009a7b6..cf29c7c9 100644 --- a/lib/errors/unauthorized-client-error.js +++ b/lib/errors/unauthorized-client-error.js @@ -16,13 +16,11 @@ const OAuthError = require('./oauth-error'); class UnauthorizedClientError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'unauthorized_client', - }, - properties - ); + properties = { + code: 400, + name: 'unauthorized_client', + ...properties + }; super(message, properties); } diff --git a/lib/errors/unauthorized-request-error.js b/lib/errors/unauthorized-request-error.js index 02fd9d67..c861eab1 100644 --- a/lib/errors/unauthorized-request-error.js +++ b/lib/errors/unauthorized-request-error.js @@ -19,13 +19,11 @@ const OAuthError = require('./oauth-error'); class UnauthorizedRequestError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 401, - name: 'unauthorized_request', - }, - properties - ); + properties = { + code: 401, + name: 'unauthorized_request', + ...properties + }; super(message, properties); } diff --git a/lib/errors/unsupported-grant-type-error.js b/lib/errors/unsupported-grant-type-error.js index 788edb01..ac7a46c2 100644 --- a/lib/errors/unsupported-grant-type-error.js +++ b/lib/errors/unsupported-grant-type-error.js @@ -16,13 +16,11 @@ const OAuthError = require('./oauth-error'); class UnsupportedGrantTypeError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'unsupported_grant_type', - }, - properties - ); + properties = { + code: 400, + name: 'unsupported_grant_type', + ...properties + }; super(message, properties); } diff --git a/lib/errors/unsupported-response-type-error.js b/lib/errors/unsupported-response-type-error.js index 3d4f2fb3..c480e50e 100644 --- a/lib/errors/unsupported-response-type-error.js +++ b/lib/errors/unsupported-response-type-error.js @@ -17,13 +17,11 @@ const OAuthError = require('./oauth-error'); class UnsupportedResponseTypeError extends OAuthError { constructor(message, properties) { - properties = Object.assign( - { - code: 400, - name: 'unsupported_response_type', - }, - properties - ); + properties = { + code: 400, + name: 'unsupported_response_type', + ...properties + }; super(message, properties); } From 1d7b401094a5a157fefccce9f17b2439b2aafd62 Mon Sep 17 00:00:00 2001 From: "daniel.santos" Date: Sun, 19 Dec 2021 02:14:11 -0300 Subject: [PATCH 05/86] captureStackTrace removed from OAuthError constructor --- lib/errors/oauth-error.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/errors/oauth-error.js b/lib/errors/oauth-error.js index ac038d0e..b87e111f 100644 --- a/lib/errors/oauth-error.js +++ b/lib/errors/oauth-error.js @@ -34,8 +34,6 @@ class OAuthError extends Error { this[key] = properties[key]; } } - - Error.captureStackTrace(this, OAuthError); } } From 186d85fb63e90447e4c7162f413da1d6be666601 Mon Sep 17 00:00:00 2001 From: "daniel.santos" Date: Tue, 21 Dec 2021 00:36:52 -0300 Subject: [PATCH 06/86] fix super constructor call OAuthError --- lib/errors/oauth-error.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/errors/oauth-error.js b/lib/errors/oauth-error.js index b87e111f..fff9660f 100644 --- a/lib/errors/oauth-error.js +++ b/lib/errors/oauth-error.js @@ -10,8 +10,11 @@ const http = require('http'); class OAuthError extends Error { constructor(messageOrError, properties) { + super(messageOrError, properties); + let message = messageOrError instanceof Error ? messageOrError.message : messageOrError; const error = messageOrError instanceof Error ? messageOrError : null; + if (properties == null || !Object.entries(properties).length) { properties = {}; } @@ -21,14 +24,14 @@ class OAuthError extends Error { if (error) { properties.inner = error; } + if (!message || message.length === 0) { message = http.STATUS_CODES[properties.code]; } - super(message, properties); - this.code = this.status = this.statusCode = properties.code; this.message = message; + for (const key in properties) { if (key !== 'code') { this[key] = properties[key]; From ab48e15c99e5b9bdc7189538bc591b78c0aad58c Mon Sep 17 00:00:00 2001 From: "daniel.santos" Date: Tue, 21 Dec 2021 00:37:18 -0300 Subject: [PATCH 07/86] OAuthError unit test --- package.json | 2 +- test/unit/errors/oauth-error_test.js | 37 ++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 test/unit/errors/oauth-error_test.js diff --git a/package.json b/package.json index 6412497e..7953d00c 100644 --- a/package.json +++ b/package.json @@ -63,5 +63,5 @@ "lib": "lib", "test": "test" } - } +} \ No newline at end of file diff --git a/test/unit/errors/oauth-error_test.js b/test/unit/errors/oauth-error_test.js new file mode 100644 index 00000000..bad86f65 --- /dev/null +++ b/test/unit/errors/oauth-error_test.js @@ -0,0 +1,37 @@ +'use strict'; + +/** + * Module dependencies. + */ + +const { describe, it } = require('mocha'); +const should = require('chai').should(); +const OAuthError = require('../../../lib/errors/oauth-error'); + +/** + * Test `OAuthError`. + */ + +describe('OAuthError', function() { + describe('constructor()', function() { + it('should get `captureStackTrace`', function() { + + const errorFn = function () { throw new OAuthError('test', {name: 'test_error'}); }; + + try { + errorFn(); + + should.fail(); + } catch (e) { + + e.should.be.an.instanceOf(OAuthError); + e.message.should.equal('test'); + e.code.should.equal(500); + e.stack.should.not.be.null; + e.stack.should.not.be.undefined; + e.stack.should.include('oauth-error_test.js'); + e.stack.should.include('19'); //error lineNUmber + } + }); + }); +}); From c2e6409f56ccb089a71ba76a46516741712819e1 Mon Sep 17 00:00:00 2001 From: "daniel.santos" Date: Tue, 1 Feb 2022 18:43:03 -0300 Subject: [PATCH 08/86] revert package.json --- package.json | 129 +++++++++++++++++++++++++-------------------------- 1 file changed, 64 insertions(+), 65 deletions(-) diff --git a/package.json b/package.json index 7953d00c..c0deb377 100644 --- a/package.json +++ b/package.json @@ -1,67 +1,66 @@ { - "name": "@node-oauth/oauth2-server", - "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", - "version": "4.1.1", - "keywords": [ - "oauth", - "oauth2" - ], - "contributors": [ - "Thom Seddon ", - "Lars F. Karlström ", - "Rui Marinho ", - "Tiago Ribeiro ", - "Michael Salinger ", - "Nuno Sousa", - "Max Truxa", - "Daniel Reguero" - ], - "main": "index.js", - "types": "index.d.ts", - "files": [ - "index.js", - "index.d.ts", - "lib" - ], - "dependencies": { - "@node-oauth/formats": "^1.0.0", - "basic-auth": "2.0.1", - "bluebird": "3.7.2", - "promisify-any": "2.0.1", - "type-is": "1.6.18" - }, - "devDependencies": { - "chai": "^4.3.4", - "eslint": "^8.0.0", - "mocha": "^9.1.2", - "nyc": "^15.1.0", - "sinon": "^12.0.1" - }, - "license": "MIT", - "engines": { - "node": ">=12.0.0" - }, - "scripts": { - "pretest": "./node_modules/.bin/eslint lib test index.js", - "test": "NODE_ENV=test ./node_modules/.bin/mocha 'test/**/*_test.js'", - "test-debug": "NODE_ENV=test ./node_modules/.bin/mocha --inspect --debug-brk 'test/**/*_test.js'", - "test:watch": "NODE_ENV=test ./node_modules/.bin/mocha --watch 'test/**/*_test.js'", - "test:coverage": "NODE_ENV=test nyc --reporter=html --reporter=text ./node_modules/.bin/mocha 'test/**/*_test.js'", - "lint": "npx eslint .", - "lint:fix": "npx eslint . --fix" - }, - "repository": { - "type": "git", - "url": "git+https://github.com/node-oauth/node-oauth2-server.git" - }, - "bugs": { - "url": "https://github.com/node-oauth/node-oauth2-server/issues" - }, - "homepage": "https://github.com/node-oauth/node-oauth2-server#readme", - "directories": { - "doc": "docs", - "lib": "lib", - "test": "test" - } + "name": "@node-oauth/oauth2-server", + "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", + "version": "4.1.1", + "keywords": [ + "oauth", + "oauth2" + ], + "contributors": [ + "Thom Seddon ", + "Lars F. Karlström ", + "Rui Marinho ", + "Tiago Ribeiro ", + "Michael Salinger ", + "Nuno Sousa", + "Max Truxa", + "Daniel Reguero" + ], + "main": "index.js", + "types": "index.d.ts", + "files": [ + "index.js", + "index.d.ts", + "lib" + ], + "dependencies": { + "@node-oauth/formats": "^1.0.0", + "basic-auth": "2.0.1", + "bluebird": "3.7.2", + "promisify-any": "2.0.1", + "type-is": "1.6.18" + }, + "devDependencies": { + "chai": "^4.3.4", + "eslint": "^8.0.0", + "mocha": "^9.1.2", + "nyc": "^15.1.0", + "sinon": "^12.0.1" + }, + "license": "MIT", + "engines": { + "node": ">=12.0.0" + }, + "scripts": { + "pretest": "./node_modules/.bin/eslint lib test index.js", + "test": "NODE_ENV=test ./node_modules/.bin/mocha 'test/**/*_test.js'", + "test-debug": "NODE_ENV=test ./node_modules/.bin/mocha --inspect --debug-brk 'test/**/*_test.js'", + "test:watch": "NODE_ENV=test ./node_modules/.bin/mocha --watch 'test/**/*_test.js'", + "test:coverage": "NODE_ENV=test nyc --reporter=html --reporter=text ./node_modules/.bin/mocha 'test/**/*_test.js'", + "lint": "npx eslint .", + "lint:fix": "npx eslint . --fix" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/node-oauth/node-oauth2-server.git" + }, + "bugs": { + "url": "https://github.com/node-oauth/node-oauth2-server/issues" + }, + "homepage": "https://github.com/node-oauth/node-oauth2-server#readme", + "directories": { + "doc": "docs", + "lib": "lib", + "test": "test" + } } - \ No newline at end of file From e00a6304e475d770bbb364eff2c55489e736d5b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20K=C3=BCster?= Date: Thu, 8 Jun 2023 08:37:14 +0200 Subject: [PATCH 09/86] Update authorization-code-grant-type.js --- .../authorization-code-grant-type.js | 33 +++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js index 85b1622e..73dec6d3 100644 --- a/lib/grant-types/authorization-code-grant-type.js +++ b/lib/grant-types/authorization-code-grant-type.js @@ -12,7 +12,6 @@ const Promise = require('bluebird'); const promisify = require('promisify-any').use(Promise); const ServerError = require('../errors/server-error'); const isFormat = require('@node-oauth/formats'); -const util = require('util'); const pkce = require('../pkce/pkce'); /** @@ -113,6 +112,36 @@ class AuthorizationCodeGrantType extends AbstractGrantType { throw new InvalidGrantError('Invalid grant: `redirect_uri` is not a valid URI'); } + // optional: PKCE code challenge + + if (code.codeChallenge) { + if (!request.body.code_verifier) { + throw new InvalidGrantError('Missing parameter: `code_verifier`'); + } + + const hash = pkce.getHashForCodeChallenge({ + method: code.codeChallengeMethod, + verifier: request.body.code_verifier + }); + + if (!hash) { + // notice that we assume that codeChallengeMethod is already + // checked at an earlier stage when being read from + // request.body.code_challenge_method + throw new ServerError('Server error: `getAuthorizationCode()` did not return a valid `codeChallengeMethod` property'); + } + + if (code.codeChallenge !== hash) { + throw new InvalidGrantError('Invalid grant: code verifier is invalid'); + } + } + else { + if (request.body.code_verifier) { + // No code challenge but code_verifier was passed in. + throw new InvalidGrantError('Invalid grant: code verifier is invalid'); + } + } + return code; }); } @@ -201,4 +230,4 @@ class AuthorizationCodeGrantType extends AbstractGrantType { * Export constructor. */ -module.exports = AuthorizationCodeGrantType; \ No newline at end of file +module.exports = AuthorizationCodeGrantType; From 126ceff377fd4ea595025f4211b580407d5d32a9 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Fri, 9 Jun 2023 08:36:14 +0200 Subject: [PATCH 10/86] breaking(deps): remove bluebird and promisify-any --- .mocharc.yml | 2 +- lib/grant-types/abstract-grant-type.js | 35 ++- .../authorization-code-grant-type.js | 203 +++++++--------- .../client-credentials-grant-type.js | 50 ++-- lib/grant-types/password-grant-type.js | 67 ++---- lib/grant-types/refresh-token-grant-type.js | 129 +++++----- lib/handlers/authenticate-handler.js | 116 +++++---- lib/handlers/authorize-handler.js | 225 +++++++++--------- lib/handlers/token-handler.js | 110 ++++----- lib/server.js | 19 +- lib/utils/token-util.js | 10 +- package.json | 2 - .../grant-types/abstract-grant-type_test.js | 1 - .../authorization-code-grant-type_test.js | 93 ++------ .../client-credentials-grant-type_test.js | 32 +-- .../grant-types/password-grant-type_test.js | 71 ++---- .../refresh-token-grant-type_test.js | 68 +----- .../handlers/authenticate-handler_test.js | 69 ++---- .../handlers/authorize-handler_test.js | 91 ++----- .../handlers/token-handler_test.js | 56 ++--- test/integration/server_test.js | 114 +++------ test/integration/utils/token-util_test.js | 10 +- .../authorization-code-grant-type_test.js | 1 - test/unit/handlers/authorize-handler_test.js | 1 - test/unit/server_test.js | 1 - 25 files changed, 574 insertions(+), 1002 deletions(-) diff --git a/.mocharc.yml b/.mocharc.yml index 83fda38c..1b4a955a 100644 --- a/.mocharc.yml +++ b/.mocharc.yml @@ -1,6 +1,6 @@ recursive: true reporter: "spec" -retries: 1 +retries: 0 slow: 20 timeout: 2000 ui: "bdd" diff --git a/lib/grant-types/abstract-grant-type.js b/lib/grant-types/abstract-grant-type.js index d9894b6a..4fd02437 100644 --- a/lib/grant-types/abstract-grant-type.js +++ b/lib/grant-types/abstract-grant-type.js @@ -6,8 +6,6 @@ const InvalidArgumentError = require('../errors/invalid-argument-error'); const InvalidScopeError = require('../errors/invalid-scope-error'); -const Promise = require('bluebird'); -const promisify = require('promisify-any').use(Promise); const isFormat = require('@node-oauth/formats'); const tokenUtil = require('../utils/token-util'); @@ -36,12 +34,10 @@ function AbstractGrantType(options) { * Generate access token. */ -AbstractGrantType.prototype.generateAccessToken = function(client, user, scope) { +AbstractGrantType.prototype.generateAccessToken = async function(client, user, scope) { if (this.model.generateAccessToken) { - return promisify(this.model.generateAccessToken, 3).call(this.model, client, user, scope) - .then(function(accessToken) { - return accessToken || tokenUtil.generateRandomToken(); - }); + const accessToken = await this.model.generateAccessToken(client, user, scope); + return accessToken || tokenUtil.generateRandomToken(); } return tokenUtil.generateRandomToken(); @@ -51,12 +47,10 @@ AbstractGrantType.prototype.generateAccessToken = function(client, user, scope) * Generate refresh token. */ -AbstractGrantType.prototype.generateRefreshToken = function(client, user, scope) { +AbstractGrantType.prototype.generateRefreshToken = async function(client, user, scope) { if (this.model.generateRefreshToken) { - return promisify(this.model.generateRefreshToken, 3).call(this.model, client, user, scope) - .then(function(refreshToken) { - return refreshToken || tokenUtil.generateRandomToken(); - }); + const refreshToken = await this.model.generateRefreshToken(client, user, scope); + return refreshToken || tokenUtil.generateRandomToken(); } return tokenUtil.generateRandomToken(); @@ -93,16 +87,15 @@ AbstractGrantType.prototype.getScope = function(request) { /** * Validate requested scope. */ -AbstractGrantType.prototype.validateScope = function(user, client, scope) { +AbstractGrantType.prototype.validateScope = async function(user, client, scope) { if (this.model.validateScope) { - return promisify(this.model.validateScope, 3).call(this.model, user, client, scope) - .then(function (scope) { - if (!scope) { - throw new InvalidScopeError('Invalid scope: Requested scope is invalid'); - } - - return scope; - }); + const validatedScope = await this.model.validateScope(user, client, scope); + + if (!validatedScope) { + throw new InvalidScopeError('Invalid scope: Requested scope is invalid'); + } + + return validatedScope; } else { return scope; } diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js index 73dec6d3..2101462b 100644 --- a/lib/grant-types/authorization-code-grant-type.js +++ b/lib/grant-types/authorization-code-grant-type.js @@ -8,8 +8,6 @@ const AbstractGrantType = require('./abstract-grant-type'); const InvalidArgumentError = require('../errors/invalid-argument-error'); const InvalidGrantError = require('../errors/invalid-grant-error'); const InvalidRequestError = require('../errors/invalid-request-error'); -const Promise = require('bluebird'); -const promisify = require('promisify-any').use(Promise); const ServerError = require('../errors/server-error'); const isFormat = require('@node-oauth/formats'); const pkce = require('../pkce/pkce'); @@ -45,7 +43,7 @@ class AuthorizationCodeGrantType extends AbstractGrantType { * @see https://tools.ietf.org/html/rfc6749#section-4.1.3 */ - handle(request, client) { + async handle(request, client) { if (!request) { throw new InvalidArgumentError('Missing parameter: `request`'); } @@ -54,26 +52,18 @@ class AuthorizationCodeGrantType extends AbstractGrantType { throw new InvalidArgumentError('Missing parameter: `client`'); } - return Promise.bind(this) - .then(function () { - return this.getAuthorizationCode(request, client); - }) - .tap(function (code) { - return this.validateRedirectUri(request, code); - }) - .tap(function (code) { - return this.revokeAuthorizationCode(code); - }) - .then(function (code) { - return this.saveToken(code.user, client, code.authorizationCode, code.scope); - }); + const code = await this.getAuthorizationCode(request, client); + await this.validateRedirectUri(request, code); + await this.revokeAuthorizationCode(code); + + return this.saveToken(code.user, client, code.authorizationCode, code.scope); } /** * Get the authorization code. */ - getAuthorizationCode(request, client) { + async getAuthorizationCode(request, client) { if (!request.body.code) { throw new InvalidRequestError('Missing parameter: `code`'); } @@ -81,69 +71,68 @@ class AuthorizationCodeGrantType extends AbstractGrantType { if (!isFormat.vschar(request.body.code)) { throw new InvalidRequestError('Invalid parameter: `code`'); } - return promisify(this.model.getAuthorizationCode, 1) - .call(this.model, request.body.code) - .then((code) => { - if (!code) { - throw new InvalidGrantError('Invalid grant: authorization code is invalid'); - } - - if (!code.client) { - throw new ServerError('Server error: `getAuthorizationCode()` did not return a `client` object'); - } - - if (!code.user) { - throw new ServerError('Server error: `getAuthorizationCode()` did not return a `user` object'); - } - - if (code.client.id !== client.id) { - throw new InvalidGrantError('Invalid grant: authorization code is invalid'); - } - - if (!(code.expiresAt instanceof Date)) { - throw new ServerError('Server error: `expiresAt` must be a Date instance'); - } - - if (code.expiresAt < new Date()) { - throw new InvalidGrantError('Invalid grant: authorization code has expired'); - } - - if (code.redirectUri && !isFormat.uri(code.redirectUri)) { - throw new InvalidGrantError('Invalid grant: `redirect_uri` is not a valid URI'); - } - - // optional: PKCE code challenge - - if (code.codeChallenge) { - if (!request.body.code_verifier) { - throw new InvalidGrantError('Missing parameter: `code_verifier`'); - } - - const hash = pkce.getHashForCodeChallenge({ - method: code.codeChallengeMethod, - verifier: request.body.code_verifier - }); - - if (!hash) { - // notice that we assume that codeChallengeMethod is already - // checked at an earlier stage when being read from - // request.body.code_challenge_method - throw new ServerError('Server error: `getAuthorizationCode()` did not return a valid `codeChallengeMethod` property'); - } - - if (code.codeChallenge !== hash) { - throw new InvalidGrantError('Invalid grant: code verifier is invalid'); - } - } - else { - if (request.body.code_verifier) { - // No code challenge but code_verifier was passed in. - throw new InvalidGrantError('Invalid grant: code verifier is invalid'); - } - } - - return code; + + const code = await this.model.getAuthorizationCode(request.body.code); + + if (!code) { + throw new InvalidGrantError('Invalid grant: authorization code is invalid'); + } + + if (!code.client) { + throw new ServerError('Server error: `getAuthorizationCode()` did not return a `client` object'); + } + + if (!code.user) { + throw new ServerError('Server error: `getAuthorizationCode()` did not return a `user` object'); + } + + if (code.client.id !== client.id) { + throw new InvalidGrantError('Invalid grant: authorization code is invalid'); + } + + if (!(code.expiresAt instanceof Date)) { + throw new ServerError('Server error: `expiresAt` must be a Date instance'); + } + + if (code.expiresAt < new Date()) { + throw new InvalidGrantError('Invalid grant: authorization code has expired'); + } + + if (code.redirectUri && !isFormat.uri(code.redirectUri)) { + throw new InvalidGrantError('Invalid grant: `redirect_uri` is not a valid URI'); + } + + // optional: PKCE code challenge + + if (code.codeChallenge) { + if (!request.body.code_verifier) { + throw new InvalidGrantError('Missing parameter: `code_verifier`'); + } + + const hash = pkce.getHashForCodeChallenge({ + method: code.codeChallengeMethod, + verifier: request.body.code_verifier }); + + if (!hash) { + // notice that we assume that codeChallengeMethod is already + // checked at an earlier stage when being read from + // request.body.code_challenge_method + throw new ServerError('Server error: `getAuthorizationCode()` did not return a valid `codeChallengeMethod` property'); + } + + if (code.codeChallenge !== hash) { + throw new InvalidGrantError('Invalid grant: code verifier is invalid'); + } + } + else { + if (request.body.code_verifier) { + // No code challenge but code_verifier was passed in. + throw new InvalidGrantError('Invalid grant: code verifier is invalid'); + } + } + + return code; } /** @@ -183,16 +172,14 @@ class AuthorizationCodeGrantType extends AbstractGrantType { * @see https://tools.ietf.org/html/rfc6749#section-4.1.2 */ - revokeAuthorizationCode(code) { - return promisify(this.model.revokeAuthorizationCode, 1) - .call(this.model, code) - .then((status) => { - if (!status) { - throw new InvalidGrantError('Invalid grant: authorization code is invalid'); - } + async revokeAuthorizationCode(code) { + const status = await this.model.revokeAuthorizationCode(code); - return code; - }); + if (!status) { + throw new InvalidGrantError('Invalid grant: authorization code is invalid'); + } + + return code; } @@ -200,29 +187,23 @@ class AuthorizationCodeGrantType extends AbstractGrantType { * Save token. */ - saveToken(user, client, authorizationCode, scope) { - const fns = [ - this.validateScope(user, client, scope), - this.generateAccessToken(client, user, scope), - this.generateRefreshToken(client, user, scope), - this.getAccessTokenExpiresAt(), - this.getRefreshTokenExpiresAt(), - ]; - - return Promise.all(fns) - .bind(this) - .spread(function (scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { - const token = { - accessToken: accessToken, - authorizationCode: authorizationCode, - accessTokenExpiresAt: accessTokenExpiresAt, - refreshToken: refreshToken, - refreshTokenExpiresAt: refreshTokenExpiresAt, - scope: scope, - }; - - return promisify(this.model.saveToken, 3).call(this.model, token, client, user); - }); + async saveToken(user, client, authorizationCode, scope) { + const validatedScope = await this.validateScope(user, client, scope); + const accessToken = await this.generateAccessToken(client, user, scope); + const refreshToken = await this.generateRefreshToken(client, user, scope); + const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(); + const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt(); + + const token = { + accessToken: accessToken, + authorizationCode: authorizationCode, + accessTokenExpiresAt: accessTokenExpiresAt, + refreshToken: refreshToken, + refreshTokenExpiresAt: refreshTokenExpiresAt, + scope: validatedScope, + }; + + return this.model.saveToken(token, client, user); } } diff --git a/lib/grant-types/client-credentials-grant-type.js b/lib/grant-types/client-credentials-grant-type.js index 4b1aec5b..a4ae1ed0 100644 --- a/lib/grant-types/client-credentials-grant-type.js +++ b/lib/grant-types/client-credentials-grant-type.js @@ -7,8 +7,6 @@ const AbstractGrantType = require('./abstract-grant-type'); const InvalidArgumentError = require('../errors/invalid-argument-error'); const InvalidGrantError = require('../errors/invalid-grant-error'); -const Promise = require('bluebird'); -const promisify = require('promisify-any').use(Promise); /** * Constructor. @@ -37,7 +35,7 @@ class ClientCredentialsGrantType extends AbstractGrantType { * @see https://tools.ietf.org/html/rfc6749#section-4.4.2 */ - handle(request, client) { + async handle(request, client) { if (!request) { throw new InvalidArgumentError('Missing parameter: `request`'); } @@ -47,54 +45,44 @@ class ClientCredentialsGrantType extends AbstractGrantType { } const scope = this.getScope(request); + const user = this.getUserFromClient(client); - return Promise.bind(this) - .then(function () { - return this.getUserFromClient(client); - }) - .then(function (user) { - return this.saveToken(user, client, scope); - }); + return this.saveToken(user, client, scope); } /** * Retrieve the user using client credentials. */ - getUserFromClient(client) { - return promisify(this.model.getUserFromClient, 1) - .call(this.model, client) - .then((user) => { - if (!user) { - throw new InvalidGrantError('Invalid grant: user credentials are invalid'); - } + async getUserFromClient(client) { + const user = await this.model.getUserFromClient(client); - return user; - }); + if (!user) { + throw new InvalidGrantError('Invalid grant: user credentials are invalid'); + } + + return user; } /** * Save token. */ - saveToken(user, client, scope) { + async saveToken(user, client, scope) { const fns = [ this.validateScope(user, client, scope), this.generateAccessToken(client, user, scope), this.getAccessTokenExpiresAt(client, user, scope), ]; - return Promise.all(fns) - .bind(this) - .spread(function (scope, accessToken, accessTokenExpiresAt) { - const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, - scope: scope, - }; - - return promisify(this.model.saveToken, 3).call(this.model, token, client, user); - }); + const [validatedScope, accessToken, accessTokenExpiresAt] = await Promise.all(fns); + const token = { + accessToken: accessToken, + accessTokenExpiresAt: accessTokenExpiresAt, + scope: validatedScope, + }; + + return this.model.saveToken(token, client, user); } } diff --git a/lib/grant-types/password-grant-type.js b/lib/grant-types/password-grant-type.js index 3035cdda..f13b68aa 100644 --- a/lib/grant-types/password-grant-type.js +++ b/lib/grant-types/password-grant-type.js @@ -8,8 +8,6 @@ const AbstractGrantType = require('./abstract-grant-type'); const InvalidArgumentError = require('../errors/invalid-argument-error'); const InvalidGrantError = require('../errors/invalid-grant-error'); const InvalidRequestError = require('../errors/invalid-request-error'); -const Promise = require('bluebird'); -const promisify = require('promisify-any').use(Promise); const isFormat = require('@node-oauth/formats'); /** @@ -39,7 +37,7 @@ class PasswordGrantType extends AbstractGrantType { * @see https://tools.ietf.org/html/rfc6749#section-4.3.2 */ - handle(request, client) { + async handle(request, client) { if (!request) { throw new InvalidArgumentError('Missing parameter: `request`'); } @@ -49,21 +47,16 @@ class PasswordGrantType extends AbstractGrantType { } const scope = this.getScope(request); + const user = await this.getUser(request); - return Promise.bind(this) - .then(function () { - return this.getUser(request); - }) - .then(function (user) { - return this.saveToken(user, client, scope); - }); + return this.saveToken(user, client, scope); } /** * Get user using a username/password combination. */ - getUser(request) { + async getUser(request) { if (!request.body.username) { throw new InvalidRequestError('Missing parameter: `username`'); } @@ -80,43 +73,35 @@ class PasswordGrantType extends AbstractGrantType { throw new InvalidRequestError('Invalid parameter: `password`'); } - return promisify(this.model.getUser, 2) - .call(this.model, request.body.username, request.body.password) - .then((user) => { - if (!user) { - throw new InvalidGrantError('Invalid grant: user credentials are invalid'); - } + const user = await this.model.getUser(request.body.username, request.body.password); - return user; - }); + if (!user) { + throw new InvalidGrantError('Invalid grant: user credentials are invalid'); + } + + return user; } /** * Save token. */ - saveToken(user, client, scope) { - const fns = [ - this.validateScope(user, client, scope), - this.generateAccessToken(client, user, scope), - this.generateRefreshToken(client, user, scope), - this.getAccessTokenExpiresAt(), - this.getRefreshTokenExpiresAt(), - ]; - - return Promise.all(fns) - .bind(this) - .spread(function (scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { - const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, - refreshToken: refreshToken, - refreshTokenExpiresAt: refreshTokenExpiresAt, - scope: scope, - }; - - return promisify(this.model.saveToken, 3).call(this.model, token, client, user); - }); + async saveToken(user, client, scope) { + const validatedScope = await this.validateScope(user, client, scope); + const accessToken = await this.generateAccessToken(client, user, scope); + const refreshToken = await this.generateRefreshToken(client, user, scope); + const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(); + const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt(); + + const token = { + accessToken: accessToken, + accessTokenExpiresAt: accessTokenExpiresAt, + refreshToken: refreshToken, + refreshTokenExpiresAt: refreshTokenExpiresAt, + scope: validatedScope, + }; + + return this.model.saveToken(token, client, user); } } diff --git a/lib/grant-types/refresh-token-grant-type.js b/lib/grant-types/refresh-token-grant-type.js index d94caca9..b9e89a27 100644 --- a/lib/grant-types/refresh-token-grant-type.js +++ b/lib/grant-types/refresh-token-grant-type.js @@ -8,8 +8,6 @@ const AbstractGrantType = require('./abstract-grant-type'); const InvalidArgumentError = require('../errors/invalid-argument-error'); const InvalidGrantError = require('../errors/invalid-grant-error'); const InvalidRequestError = require('../errors/invalid-request-error'); -const Promise = require('bluebird'); -const promisify = require('promisify-any').use(Promise); const ServerError = require('../errors/server-error'); const isFormat = require('@node-oauth/formats'); @@ -44,7 +42,7 @@ class RefreshTokenGrantType extends AbstractGrantType { * @see https://tools.ietf.org/html/rfc6749#section-6 */ - handle(request, client) { + async handle(request, client) { if (!request) { throw new InvalidArgumentError('Missing parameter: `request`'); } @@ -53,23 +51,18 @@ class RefreshTokenGrantType extends AbstractGrantType { throw new InvalidArgumentError('Missing parameter: `client`'); } - return Promise.bind(this) - .then(function () { - return this.getRefreshToken(request, client); - }) - .tap(function (token) { - return this.revokeToken(token); - }) - .then(function (token) { - return this.saveToken(token.user, client, token.scope); - }); + let token; + token = await this.getRefreshToken(request, client); + token = await this.revokeToken(token); + + return this.saveToken(token.user, client, token.scope); } /** * Get refresh token. */ - getRefreshToken(request, client) { + async getRefreshToken(request, client) { if (!request.body.refresh_token) { throw new InvalidRequestError('Missing parameter: `refresh_token`'); } @@ -78,35 +71,33 @@ class RefreshTokenGrantType extends AbstractGrantType { throw new InvalidRequestError('Invalid parameter: `refresh_token`'); } - return promisify(this.model.getRefreshToken, 1) - .call(this.model, request.body.refresh_token) - .then((token) => { - if (!token) { - throw new InvalidGrantError('Invalid grant: refresh token is invalid'); - } + const token = await this.model.getRefreshToken(request.body.refresh_token); + + if (!token) { + throw new InvalidGrantError('Invalid grant: refresh token is invalid'); + } - if (!token.client) { - throw new ServerError('Server error: `getRefreshToken()` did not return a `client` object'); - } + if (!token.client) { + throw new ServerError('Server error: `getRefreshToken()` did not return a `client` object'); + } - if (!token.user) { - throw new ServerError('Server error: `getRefreshToken()` did not return a `user` object'); - } + if (!token.user) { + throw new ServerError('Server error: `getRefreshToken()` did not return a `user` object'); + } - if (token.client.id !== client.id) { - throw new InvalidGrantError('Invalid grant: refresh token was issued to another client'); - } + if (token.client.id !== client.id) { + throw new InvalidGrantError('Invalid grant: refresh token was issued to another client'); + } - if (token.refreshTokenExpiresAt && !(token.refreshTokenExpiresAt instanceof Date)) { - throw new ServerError('Server error: `refreshTokenExpiresAt` must be a Date instance'); - } + if (token.refreshTokenExpiresAt && !(token.refreshTokenExpiresAt instanceof Date)) { + throw new ServerError('Server error: `refreshTokenExpiresAt` must be a Date instance'); + } - if (token.refreshTokenExpiresAt && token.refreshTokenExpiresAt < new Date()) { - throw new InvalidGrantError('Invalid grant: refresh token has expired'); - } + if (token.refreshTokenExpiresAt && token.refreshTokenExpiresAt < new Date()) { + throw new InvalidGrantError('Invalid grant: refresh token has expired'); + } - return token; - }); + return token; } /** @@ -115,55 +106,41 @@ class RefreshTokenGrantType extends AbstractGrantType { * @see https://tools.ietf.org/html/rfc6749#section-6 */ - revokeToken(token) { + async revokeToken(token) { if (this.alwaysIssueNewRefreshToken === false) { - return Promise.resolve(token); + return token; } - return promisify(this.model.revokeToken, 1) - .call(this.model, token) - .then((status) => { - if (!status) { - throw new InvalidGrantError('Invalid grant: refresh token is invalid or could not be revoked'); - } + const status = await this.model.revokeToken(token); + + if (!status) { + throw new InvalidGrantError('Invalid grant: refresh token is invalid or could not be revoked'); + } - return token; - }); + return token; } /** * Save token. */ - saveToken(user, client, scope) { - const fns = [ - this.generateAccessToken(client, user, scope), - this.generateRefreshToken(client, user, scope), - this.getAccessTokenExpiresAt(), - this.getRefreshTokenExpiresAt(), - ]; - - return Promise.all(fns) - .bind(this) - .spread(function (accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) { - const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, - scope: scope, - }; - - if (this.alwaysIssueNewRefreshToken !== false) { - token.refreshToken = refreshToken; - token.refreshTokenExpiresAt = refreshTokenExpiresAt; - } - - return token; - }) - .then(function (token) { - return promisify(this.model.saveToken, 3) - .call(this.model, token, client, user) - .then((savedToken) => savedToken); - }); + async saveToken(user, client, scope) { + const accessToken = await this.generateAccessToken(client, user, scope); + const refreshToken = await this.generateRefreshToken(client, user, scope); + const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(); + const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt(); + const token = { + accessToken: accessToken, + accessTokenExpiresAt: accessTokenExpiresAt, + scope: scope, + }; + + if (this.alwaysIssueNewRefreshToken !== false) { + token.refreshToken = refreshToken; + token.refreshTokenExpiresAt = refreshTokenExpiresAt; + } + + return this.model.saveToken(token, client, user); } } diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js index 7724742b..1da50f95 100644 --- a/lib/handlers/authenticate-handler.js +++ b/lib/handlers/authenticate-handler.js @@ -9,8 +9,6 @@ const InvalidRequestError = require('../errors/invalid-request-error'); const InsufficientScopeError = require('../errors/insufficient-scope-error'); const InvalidTokenError = require('../errors/invalid-token-error'); const OAuthError = require('../errors/oauth-error'); -const Promise = require('bluebird'); -const promisify = require('promisify-any').use(Promise); const Request = require('../request'); const Response = require('../response'); const ServerError = require('../errors/server-error'); @@ -54,7 +52,7 @@ function AuthenticateHandler(options) { * Authenticate Handler. */ -AuthenticateHandler.prototype.handle = function(request, response) { +AuthenticateHandler.prototype.handle = async function(request, response) { if (!(request instanceof Request)) { throw new InvalidArgumentError('Invalid argument: `request` must be an instance of Request'); } @@ -63,47 +61,41 @@ AuthenticateHandler.prototype.handle = function(request, response) { throw new InvalidArgumentError('Invalid argument: `response` must be an instance of Response'); } - return Promise.bind(this) - .then(function() { - return this.getTokenFromRequest(request); - }) - .then(function(token) { - return this.getAccessToken(token); - }) - .tap(function(token) { - return this.validateAccessToken(token); - }) - .tap(function(token) { - if (!this.scope) { - return; - } - - return this.verifyScope(token); - }) - .tap(function(token) { - return this.updateResponse(response, token); - }) - .catch(function(e) { - // Include the "WWW-Authenticate" response header field if the client - // lacks any authentication information. - // - // @see https://tools.ietf.org/html/rfc6750#section-3.1 - if (e instanceof UnauthorizedRequestError) { - response.set('WWW-Authenticate', 'Bearer realm="Service"'); - } else if (e instanceof InvalidRequestError) { - response.set('WWW-Authenticate', 'Bearer realm="Service",error="invalid_request"'); - } else if (e instanceof InvalidTokenError) { - response.set('WWW-Authenticate', 'Bearer realm="Service",error="invalid_token"'); - } else if (e instanceof InsufficientScopeError) { - response.set('WWW-Authenticate', 'Bearer realm="Service",error="insufficient_scope"'); - } - - if (!(e instanceof OAuthError)) { - throw new ServerError(e); - } - - throw e; - }); + try { + const requestToken = await this.getTokenFromRequest(request); + + let accessToken; + accessToken = await this.getAccessToken(requestToken); + accessToken = await this.validateAccessToken(accessToken); + + if (this.scope) { + await this.verifyScope(accessToken); + } + + this.updateResponse(response, accessToken); + + return accessToken; + } catch (e) { + // Include the "WWW-Authenticate" response header field if the client + // lacks any authentication information. + // + // @see https://tools.ietf.org/html/rfc6750#section-3.1 + if (e instanceof UnauthorizedRequestError) { + response.set('WWW-Authenticate', 'Bearer realm="Service"'); + } else if (e instanceof InvalidRequestError) { + response.set('WWW-Authenticate', 'Bearer realm="Service",error="invalid_request"'); + } else if (e instanceof InvalidTokenError) { + response.set('WWW-Authenticate', 'Bearer realm="Service",error="invalid_token"'); + } else if (e instanceof InsufficientScopeError) { + response.set('WWW-Authenticate', 'Bearer realm="Service",error="insufficient_scope"'); + } + + if (!(e instanceof OAuthError)) { + throw new ServerError(e); + } + + throw e; + } }; /** @@ -202,19 +194,18 @@ AuthenticateHandler.prototype.getTokenFromRequestBody = function(request) { * Get the access token from the model. */ -AuthenticateHandler.prototype.getAccessToken = function(token) { - return promisify(this.model.getAccessToken, 1).call(this.model, token) - .then(function(accessToken) { - if (!accessToken) { - throw new InvalidTokenError('Invalid token: access token is invalid'); - } +AuthenticateHandler.prototype.getAccessToken = async function(token) { + const accessToken = await this.model.getAccessToken(token); + + if (!accessToken) { + throw new InvalidTokenError('Invalid token: access token is invalid'); + } - if (!accessToken.user) { - throw new ServerError('Server error: `getAccessToken()` did not return a `user` object'); - } + if (!accessToken.user) { + throw new ServerError('Server error: `getAccessToken()` did not return a `user` object'); + } - return accessToken; - }); + return accessToken; }; /** @@ -237,15 +228,14 @@ AuthenticateHandler.prototype.validateAccessToken = function(accessToken) { * Verify scope. */ -AuthenticateHandler.prototype.verifyScope = function(accessToken) { - return promisify(this.model.verifyScope, 2).call(this.model, accessToken, this.scope) - .then(function(scope) { - if (!scope) { - throw new InsufficientScopeError('Insufficient scope: authorized scope is insufficient'); - } +AuthenticateHandler.prototype.verifyScope = async function(accessToken) { + const scope = await this.model.verifyScope(accessToken, this.scope); + + if (!scope) { + throw new InsufficientScopeError('Insufficient scope: authorized scope is insufficient'); + } - return scope; - }); + return scope; }; /** diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index 57413e92..49d5515d 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -12,8 +12,6 @@ const InvalidRequestError = require('../errors/invalid-request-error'); const InvalidScopeError = require('../errors/invalid-scope-error'); const UnsupportedResponseTypeError = require('../errors/unsupported-response-type-error'); const OAuthError = require('../errors/oauth-error'); -const Promise = require('bluebird'); -const promisify = require('promisify-any').use(Promise); const Request = require('../request'); const Response = require('../response'); const ServerError = require('../errors/server-error'); @@ -69,7 +67,7 @@ function AuthorizeHandler(options) { * Authorize Handler. */ -AuthorizeHandler.prototype.handle = function(request, response) { +AuthorizeHandler.prototype.handle = async function(request, response) { if (!(request instanceof Request)) { throw new InvalidArgumentError('Invalid argument: `request` must be an instance of Request'); } @@ -78,72 +76,65 @@ AuthorizeHandler.prototype.handle = function(request, response) { throw new InvalidArgumentError('Invalid argument: `response` must be an instance of Response'); } - const fns = [ - this.getAuthorizationCodeLifetime(), - this.getClient(request), - this.getUser(request, response) - ]; - - return Promise.all(fns) - .bind(this) - .spread(function(expiresAt, client, user) { - const uri = this.getRedirectUri(request, client); - let scope; - let state; - let ResponseType; - - return Promise.bind(this) - .then(function() { - state = this.getState(request); - if (request.query.allowed === 'false' || request.body.allowed === 'false') { - throw new AccessDeniedError('Access denied: user denied access to application'); - } - }) - .then(function() { - const requestedScope = this.getScope(request); - - return this.validateScope(user, client, requestedScope); - }) - .then(function(validScope) { - scope = validScope; - - return this.generateAuthorizationCode(client, user, scope); - }) - .then(function(authorizationCode) { - ResponseType = this.getResponseType(request); - const codeChallenge = this.getCodeChallenge(request); - const codeChallengeMethod = this.getCodeChallengeMethod(request); - - return this.saveAuthorizationCode(authorizationCode, expiresAt, scope, client, uri, user, codeChallenge, codeChallengeMethod); - }) - .then(function(code) { - const responseType = new ResponseType(code.authorizationCode); - const redirectUri = this.buildSuccessRedirectUri(uri, responseType); - - this.updateResponse(response, redirectUri, state); - - return code; - }) - .catch(function(e) { - if (!(e instanceof OAuthError)) { - e = new ServerError(e); - } - const redirectUri = this.buildErrorRedirectUri(uri, e); - - this.updateResponse(response, redirectUri, state); - - throw e; - }); - }); + const expiresAt = await this.getAuthorizationCodeLifetime(); + const client = await this.getClient(request); + const user = await this.getUser(request, response); + + let uri; + let state; + + try { + uri = this.getRedirectUri(request, client); + state = this.getState(request); + + if (request.query.allowed === 'false' || request.body.allowed === 'false') { + throw new AccessDeniedError('Access denied: user denied access to application'); + } + + const requestedScope = this.getScope(request); + const validScope = await this.validateScope(user, client, requestedScope); + const authorizationCode = this.generateAuthorizationCode(client, user, validScope); + + const ResponseType = this.getResponseType(request); + const codeChallenge = this.getCodeChallenge(request); + const codeChallengeMethod = this.getCodeChallengeMethod(request); + const code = await this.saveAuthorizationCode( + authorizationCode, + expiresAt, + validScope, + client, + uri, + user, + codeChallenge, + codeChallengeMethod + ); + + const responseTypeInstance = new ResponseType(code.authorizationCode); + const redirectUri = this.buildSuccessRedirectUri(uri, responseTypeInstance); + + this.updateResponse(response, redirectUri, state); + + return code; + } catch (err) { + let e = err; + + if (!(e instanceof OAuthError)) { + e = new ServerError(e); + } + const redirectUri = this.buildErrorRedirectUri(uri, e); + this.updateResponse(response, redirectUri, state); + + throw e; + } }; /** * Generate authorization code. */ -AuthorizeHandler.prototype.generateAuthorizationCode = function(client, user, scope) { +AuthorizeHandler.prototype.generateAuthorizationCode = async function(client, user, scope) { if (this.model.generateAuthorizationCode) { - return promisify(this.model.generateAuthorizationCode, 3).call(this.model, client, user, scope); + return this.model.generateAuthorizationCode(client, user, scope); } return tokenUtil.generateRandomToken(); }; @@ -163,7 +154,7 @@ AuthorizeHandler.prototype.getAuthorizationCodeLifetime = function() { * Get the client from the model. */ -AuthorizeHandler.prototype.getClient = function(request) { +AuthorizeHandler.prototype.getClient = async function(request) { const self = this; const clientId = request.body.client_id || request.query.client_id; @@ -180,54 +171,51 @@ AuthorizeHandler.prototype.getClient = function(request) { if (redirectUri && !isFormat.uri(redirectUri)) { throw new InvalidRequestError('Invalid request: `redirect_uri` is not a valid URI'); } - return promisify(this.model.getClient, 2).call(this.model, clientId, null) - .then(function(client) { - if (!client) { - throw new InvalidClientError('Invalid client: client credentials are invalid'); - } - - if (!client.grants) { - throw new InvalidClientError('Invalid client: missing client `grants`'); - } - - if (!Array.isArray(client.grants) || !client.grants.includes('authorization_code')) { - throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid'); - } - - if (!client.redirectUris || 0 === client.redirectUris.length) { - throw new InvalidClientError('Invalid client: missing client `redirectUri`'); - } - - if (redirectUri) { - return self.validateRedirectUri(redirectUri, client) - .then(function(valid) { - if (!valid) { - throw new InvalidClientError('Invalid client: `redirect_uri` does not match client value'); - } - return client; - }); - } else { - return client; - } - }); + + const client = await this.model.getClient(clientId, null); + + if (!client) { + throw new InvalidClientError('Invalid client: client credentials are invalid'); + } + + if (!client.grants) { + throw new InvalidClientError('Invalid client: missing client `grants`'); + } + + if (!Array.isArray(client.grants) || !client.grants.includes('authorization_code')) { + throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid'); + } + + if (!client.redirectUris || 0 === client.redirectUris.length) { + throw new InvalidClientError('Invalid client: missing client `redirectUri`'); + } + + if (redirectUri) { + const valid = await self.validateRedirectUri(redirectUri, client); + + if (!valid) { + throw new InvalidClientError('Invalid client: `redirect_uri` does not match client value'); + } + } + + return client; }; /** * Validate requested scope. */ -AuthorizeHandler.prototype.validateScope = function(user, client, scope) { +AuthorizeHandler.prototype.validateScope = async function(user, client, scope) { if (this.model.validateScope) { - return promisify(this.model.validateScope, 3).call(this.model, user, client, scope) - .then(function (scope) { - if (!scope) { - throw new InvalidScopeError('Invalid scope: Requested scope is invalid'); - } - - return scope; - }); - } else { - return Promise.resolve(scope); + const validatedScope = await this.model.validateScope(user, client, scope); + + if (!validatedScope) { + throw new InvalidScopeError('Invalid scope: Requested scope is invalid'); + } + + return validatedScope; } + + return scope; }; /** @@ -267,17 +255,21 @@ AuthorizeHandler.prototype.getState = function(request) { * Get user by calling the authenticate middleware. */ -AuthorizeHandler.prototype.getUser = function(request, response) { +AuthorizeHandler.prototype.getUser = async function(request, response) { if (this.authenticateHandler instanceof AuthenticateHandler) { - return this.authenticateHandler.handle(request, response).get('user'); + const handled = await this.authenticateHandler.handle(request, response); + return handled + ? handled.user + : undefined; } - return promisify(this.authenticateHandler.handle, 2)(request, response).then(function(user) { - if (!user) { - throw new ServerError('Server error: `handle()` did not return a `user` object'); - } - return user; - }); + const user = await this.authenticateHandler.handle(request, response); + + if (!user) { + throw new ServerError('Server error: `handle()` did not return a `user` object'); + } + + return user; }; /** @@ -292,7 +284,7 @@ AuthorizeHandler.prototype.getRedirectUri = function(request, client) { * Save authorization code. */ -AuthorizeHandler.prototype.saveAuthorizationCode = function(authorizationCode, expiresAt, scope, client, redirectUri, user, codeChallenge, codeChallengeMethod) { +AuthorizeHandler.prototype.saveAuthorizationCode = async function(authorizationCode, expiresAt, scope, client, redirectUri, user, codeChallenge, codeChallengeMethod) { let code = { authorizationCode: authorizationCode, expiresAt: expiresAt, @@ -306,13 +298,14 @@ AuthorizeHandler.prototype.saveAuthorizationCode = function(authorizationCode, e codeChallengeMethod: codeChallengeMethod }, code); } - return promisify(this.model.saveAuthorizationCode, 3).call(this.model, code, client, user); + + return this.model.saveAuthorizationCode(code, client, user); }; -AuthorizeHandler.prototype.validateRedirectUri = function(redirectUri, client) { +AuthorizeHandler.prototype.validateRedirectUri = async function(redirectUri, client) { if (this.model.validateRedirectUri) { - return promisify(this.model.validateRedirectUri, 2).call(this.model, redirectUri, client); + return this.model.validateRedirectUri(redirectUri, client); } return Promise.resolve(client.redirectUris.includes(redirectUri)); diff --git a/lib/handlers/token-handler.js b/lib/handlers/token-handler.js index 0f0c57a2..4630c4f0 100644 --- a/lib/handlers/token-handler.js +++ b/lib/handlers/token-handler.js @@ -9,8 +9,6 @@ const InvalidArgumentError = require('../errors/invalid-argument-error'); const InvalidClientError = require('../errors/invalid-client-error'); const InvalidRequestError = require('../errors/invalid-request-error'); const OAuthError = require('../errors/oauth-error'); -const Promise = require('bluebird'); -const promisify = require('promisify-any').use(Promise); const Request = require('../request'); const Response = require('../response'); const ServerError = require('../errors/server-error'); @@ -68,7 +66,7 @@ function TokenHandler(options) { * Token Handler. */ -TokenHandler.prototype.handle = function(request, response) { +TokenHandler.prototype.handle = async function(request, response) { if (!(request instanceof Request)) { throw new InvalidArgumentError('Invalid argument: `request` must be an instance of Request'); } @@ -85,35 +83,33 @@ TokenHandler.prototype.handle = function(request, response) { return Promise.reject(new InvalidRequestError('Invalid request: content must be application/x-www-form-urlencoded')); } - return Promise.bind(this) - .then(function() { - return this.getClient(request, response); - }) - .then(function(client) { - return this.handleGrantType(request, client); - }) - .tap(function(data) { - const model = new TokenModel(data, {allowExtendedTokenAttributes: this.allowExtendedTokenAttributes}); - const tokenType = this.getTokenType(model); - - this.updateSuccessResponse(response, tokenType); - }).catch(function(e) { - if (!(e instanceof OAuthError)) { - e = new ServerError(e); - } - - this.updateErrorResponse(response, e); - - throw e; - }); + try { + const client = await this.getClient(request, response); + const data = await this.handleGrantType(request, client); + const model = new TokenModel(data, { allowExtendedTokenAttributes: this.allowExtendedTokenAttributes }); + const tokenType = this.getTokenType(model); + + this.updateSuccessResponse(response, tokenType); + + return data; + } catch (err) { + let e = err; + + if (!(e instanceof OAuthError)) { + e = new ServerError(e); + } + + this.updateErrorResponse(response, e); + throw e; + } }; /** * Get the client from the model. */ -TokenHandler.prototype.getClient = function(request, response) { - const credentials = this.getClientCredentials(request); +TokenHandler.prototype.getClient = async function(request, response) { + const credentials = await this.getClientCredentials(request); const grantType = request.body.grant_type; const codeVerifier = request.body.code_verifier; const isPkce = pkce.isPKCERequest({ grantType, codeVerifier }); @@ -134,35 +130,34 @@ TokenHandler.prototype.getClient = function(request, response) { throw new InvalidRequestError('Invalid parameter: `client_secret`'); } - return promisify(this.model.getClient, 2).call(this.model, credentials.clientId, credentials.clientSecret) - .then(function(client) { - if (!client) { - throw new InvalidClientError('Invalid client: client is invalid'); - } - - if (!client.grants) { - throw new ServerError('Server error: missing client `grants`'); - } - - if (!(client.grants instanceof Array)) { - throw new ServerError('Server error: `grants` must be an array'); - } - - return client; - }) - .catch(function(e) { - // Include the "WWW-Authenticate" response header field if the client - // attempted to authenticate via the "Authorization" request header. - // - // @see https://tools.ietf.org/html/rfc6749#section-5.2. - if ((e instanceof InvalidClientError) && request.get('authorization')) { - response.set('WWW-Authenticate', 'Basic realm="Service"'); - - throw new InvalidClientError(e, { code: 401 }); - } - - throw e; - }); + try { + const client = await this.model.getClient(credentials.clientId, credentials.clientSecret); + + if (!client) { + throw new InvalidClientError('Invalid client: client is invalid'); + } + + if (!client.grants) { + throw new ServerError('Server error: missing client `grants`'); + } + + if (!(client.grants instanceof Array)) { + throw new ServerError('Server error: `grants` must be an array'); + } + + return client; + } catch (e) { + // Include the "WWW-Authenticate" response header field if the client + // attempted to authenticate via the "Authorization" request header. + // + // @see https://tools.ietf.org/html/rfc6749#section-5.2. + if ((e instanceof InvalidClientError) && request.get('authorization')) { + response.set('WWW-Authenticate', 'Basic realm="Service"'); + throw new InvalidClientError(e, { code: 401 }); + } + + throw e; + } }; /** @@ -206,7 +201,7 @@ TokenHandler.prototype.getClientCredentials = function(request) { * Handle grant type. */ -TokenHandler.prototype.handleGrantType = function(request, client) { +TokenHandler.prototype.handleGrantType = async function(request, client) { const grantType = request.body.grant_type; if (!grantType) { @@ -236,8 +231,7 @@ TokenHandler.prototype.handleGrantType = function(request, client) { alwaysIssueNewRefreshToken: this.alwaysIssueNewRefreshToken }; - return new Type(options) - .handle(request, client); + return new Type(options).handle(request, client); }; /** diff --git a/lib/server.js b/lib/server.js index 53bbd2aa..aca56d2a 100644 --- a/lib/server.js +++ b/lib/server.js @@ -25,9 +25,10 @@ function OAuth2Server(options) { /** * Authenticate a token. + * Note, that callback will soon be deprecated! */ -OAuth2Server.prototype.authenticate = function(request, response, options, callback) { +OAuth2Server.prototype.authenticate = function(request, response, options) { if (typeof options === 'string') { options = {scope: options}; } @@ -38,31 +39,27 @@ OAuth2Server.prototype.authenticate = function(request, response, options, callb allowBearerTokensInQueryString: false }, this.options, options); - return new AuthenticateHandler(options) - .handle(request, response) - .nodeify(callback); + return new AuthenticateHandler(options).handle(request, response); }; /** * Authorize a request. */ -OAuth2Server.prototype.authorize = function(request, response, options, callback) { +OAuth2Server.prototype.authorize = function(request, response, options) { options = Object.assign({ allowEmptyState: false, authorizationCodeLifetime: 5 * 60 // 5 minutes. }, this.options, options); - return new AuthorizeHandler(options) - .handle(request, response) - .nodeify(callback); + return new AuthorizeHandler(options).handle(request, response); }; /** * Create a token. */ -OAuth2Server.prototype.token = function(request, response, options, callback) { +OAuth2Server.prototype.token = function(request, response, options) { options = Object.assign({ accessTokenLifetime: 60 * 60, // 1 hour. refreshTokenLifetime: 60 * 60 * 24 * 14, // 2 weeks. @@ -70,9 +67,7 @@ OAuth2Server.prototype.token = function(request, response, options, callback) { requireClientAuthentication: {} // defaults to true for all grant types }, this.options, options); - return new TokenHandler(options) - .handle(request, response) - .nodeify(callback); + return new TokenHandler(options).handle(request, response); }; /** diff --git a/lib/utils/token-util.js b/lib/utils/token-util.js index 8626daca..a1d6937e 100644 --- a/lib/utils/token-util.js +++ b/lib/utils/token-util.js @@ -4,7 +4,7 @@ * Module dependencies. */ -const randomBytes = require('bluebird').promisify(require('crypto').randomBytes); +const randomBytes = require('crypto').randomBytes; const { createHash } = require('../utils/crypto-util'); /** @@ -17,10 +17,8 @@ module.exports = { * Generate random token. */ - generateRandomToken: function() { - return randomBytes(256).then(function(buffer) { - return createHash({ data: buffer, encoding: 'hex' }); - }); + generateRandomToken: async function() { + const buffer = randomBytes(256); + return createHash({ data: buffer, encoding: 'hex' }); } - }; diff --git a/package.json b/package.json index e95a0ce1..2c26e6b4 100644 --- a/package.json +++ b/package.json @@ -27,8 +27,6 @@ "dependencies": { "@node-oauth/formats": "1.0.0", "basic-auth": "2.0.1", - "bluebird": "3.7.2", - "promisify-any": "2.0.1", "type-is": "1.6.18" }, "devDependencies": { diff --git a/test/integration/grant-types/abstract-grant-type_test.js b/test/integration/grant-types/abstract-grant-type_test.js index a6c4d2be..5d9aa7a1 100644 --- a/test/integration/grant-types/abstract-grant-type_test.js +++ b/test/integration/grant-types/abstract-grant-type_test.js @@ -6,7 +6,6 @@ const AbstractGrantType = require('../../../lib/grant-types/abstract-grant-type'); const InvalidArgumentError = require('../../../lib/errors/invalid-argument-error'); -const Promise = require('bluebird'); const Request = require('../../../lib/request'); const should = require('chai').should(); diff --git a/test/integration/grant-types/authorization-code-grant-type_test.js b/test/integration/grant-types/authorization-code-grant-type_test.js index 6cddd53f..85c007f5 100644 --- a/test/integration/grant-types/authorization-code-grant-type_test.js +++ b/test/integration/grant-types/authorization-code-grant-type_test.js @@ -8,7 +8,6 @@ const AuthorizationCodeGrantType = require('../../../lib/grant-types/authorizati const InvalidArgumentError = require('../../../lib/errors/invalid-argument-error'); const InvalidGrantError = require('../../../lib/errors/invalid-grant-error'); const InvalidRequestError = require('../../../lib/errors/invalid-request-error'); -const Promise = require('bluebird'); const Request = require('../../../lib/request'); const ServerError = require('../../../lib/errors/server-error'); const should = require('chai').should(); @@ -74,7 +73,7 @@ describe('AuthorizationCodeGrantType integration', function() { }); describe('handle()', function() { - it('should throw an error if `request` is missing', function() { + it('should throw an error if `request` is missing', async function() { const model = { getAuthorizationCode: function() {}, revokeAuthorizationCode: function() {}, @@ -83,9 +82,7 @@ describe('AuthorizationCodeGrantType integration', function() { const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); try { - grantType.handle(); - - should.fail(); + await grantType.handle(); } catch (e) { e.should.be.an.instanceOf(InvalidArgumentError); e.message.should.equal('Missing parameter: `request`'); @@ -129,7 +126,7 @@ describe('AuthorizationCodeGrantType integration', function() { } }); - it('should return a token', function() { + it('should return a token', async function() { const client = { id: 'foobar' }; const token = {}; const model = { @@ -141,11 +138,8 @@ describe('AuthorizationCodeGrantType integration', function() { const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.handle(request, client) - .then(function(data) { - data.should.equal(token); - }) - .catch(should.fail); + const data = await grantType.handle(request, client); + data.should.equal(token); }); it('should support promises', function() { @@ -173,23 +167,10 @@ describe('AuthorizationCodeGrantType integration', function() { grantType.handle(request, client).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const client = { id: 'foobar' }; - const model = { - getAuthorizationCode: function(code, callback) { callback(null, { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() * 2), user: {} }); }, - revokeAuthorizationCode: function(code, callback) { callback(null, { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() / 2), user: {} }); }, - saveToken: function(tokenToSave, client, user, callback) { callback(null, tokenToSave); } - }; - const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); - const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - - grantType.handle(request, client).should.be.an.instanceOf(Promise); - }); }); describe('getAuthorizationCode()', function() { - it('should throw an error if the request body does not contain `code`', function() { + it('should throw an error if the request body does not contain `code`', async function() { const client = {}; const model = { getAuthorizationCode: function() {}, @@ -200,16 +181,14 @@ describe('AuthorizationCodeGrantType integration', function() { const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - grantType.getAuthorizationCode(request, client); - - should.fail(); + await grantType.getAuthorizationCode(request, client); } catch (e) { e.should.be.an.instanceOf(InvalidRequestError); e.message.should.equal('Missing parameter: `code`'); } }); - it('should throw an error if `code` is invalid', function() { + it('should throw an error if `code` is invalid', async function() { const client = {}; const model = { getAuthorizationCode: function() {}, @@ -220,8 +199,7 @@ describe('AuthorizationCodeGrantType integration', function() { const request = new Request({ body: { code: 'ø倣‰' }, headers: {}, method: {}, query: {} }); try { - grantType.getAuthorizationCode(request, client); - + await grantType.getAuthorizationCode(request, client); should.fail(); } catch (e) { e.should.be.an.instanceOf(InvalidRequestError); @@ -229,7 +207,7 @@ describe('AuthorizationCodeGrantType integration', function() { } }); - it('should throw an error if `authorizationCode` is missing', function() { + it('should throw an error if `authorizationCode` is missing', async function() { const client = {}; const model = { getAuthorizationCode: function() {}, @@ -239,12 +217,13 @@ describe('AuthorizationCodeGrantType integration', function() { const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getAuthorizationCode(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(InvalidGrantError); - e.message.should.equal('Invalid grant: authorization code is invalid'); - }); + try { + await grantType.getAuthorizationCode(request, client); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidGrantError); + e.message.should.equal('Invalid grant: authorization code is invalid'); + } }); it('should throw an error if `authorizationCode.client` is missing', function() { @@ -406,20 +385,6 @@ describe('AuthorizationCodeGrantType integration', function() { grantType.getAuthorizationCode(request, client).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const authorizationCode = { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() * 2), user: {} }; - const client = { id: 'foobar' }; - const model = { - getAuthorizationCode: function(code, callback) { callback(null, authorizationCode); }, - revokeAuthorizationCode: function() {}, - saveToken: function() {} - }; - const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); - const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - - grantType.getAuthorizationCode(request, client).should.be.an.instanceOf(Promise); - }); }); describe('validateRedirectUri()', function() { @@ -523,18 +488,6 @@ describe('AuthorizationCodeGrantType integration', function() { grantType.revokeAuthorizationCode(authorizationCode).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const authorizationCode = { authorizationCode: 12345, client: {}, expiresAt: new Date(new Date() / 2), user: {} }; - const model = { - getAuthorizationCode: function() {}, - revokeAuthorizationCode: function(code, callback) { callback(null, authorizationCode); }, - saveToken: function() {} - }; - const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); - - grantType.revokeAuthorizationCode(authorizationCode).should.be.an.instanceOf(Promise); - }); }); describe('saveToken()', function() { @@ -578,17 +531,5 @@ describe('AuthorizationCodeGrantType integration', function() { grantType.saveToken(token).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const token = {}; - const model = { - getAuthorizationCode: function() {}, - revokeAuthorizationCode: function() {}, - saveToken: function(tokenToSave, client, user, callback) { callback(null, token); } - }; - const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); - - grantType.saveToken(token).should.be.an.instanceOf(Promise); - }); }); }); diff --git a/test/integration/grant-types/client-credentials-grant-type_test.js b/test/integration/grant-types/client-credentials-grant-type_test.js index b13df086..20c2da4a 100644 --- a/test/integration/grant-types/client-credentials-grant-type_test.js +++ b/test/integration/grant-types/client-credentials-grant-type_test.js @@ -7,7 +7,6 @@ const ClientCredentialsGrantType = require('../../../lib/grant-types/client-credentials-grant-type'); const InvalidArgumentError = require('../../../lib/errors/invalid-argument-error'); const InvalidGrantError = require('../../../lib/errors/invalid-grant-error'); -const Promise = require('bluebird'); const Request = require('../../../lib/request'); const should = require('chai').should(); @@ -56,7 +55,7 @@ describe('ClientCredentialsGrantType integration', function() { }); describe('handle()', function() { - it('should throw an error if `request` is missing', function() { + it('should throw an error if `request` is missing', async function() { const model = { getUserFromClient: function() {}, saveToken: function() {} @@ -64,7 +63,7 @@ describe('ClientCredentialsGrantType integration', function() { const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); try { - grantType.handle(); + await grantType.handle(); should.fail(); } catch (e) { @@ -73,7 +72,7 @@ describe('ClientCredentialsGrantType integration', function() { } }); - it('should throw an error if `client` is missing', function() { + it('should throw an error if `client` is missing', async function() { const model = { getUserFromClient: function() {}, saveToken: function() {} @@ -82,7 +81,7 @@ describe('ClientCredentialsGrantType integration', function() { const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - grantType.handle(request); + await grantType.handle(request); should.fail(); } catch (e) { @@ -189,18 +188,6 @@ describe('ClientCredentialsGrantType integration', function() { grantType.getUserFromClient(request, {}).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const user = { email: 'foo@bar.com' }; - const model = { - getUserFromClient: function(userId, callback) { callback(null, user); }, - saveToken: function() {} - }; - const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); - const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); - - grantType.getUserFromClient(request, {}).should.be.an.instanceOf(Promise); - }); }); describe('saveToken()', function() { @@ -241,16 +228,5 @@ describe('ClientCredentialsGrantType integration', function() { grantType.saveToken(token).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const token = {}; - const model = { - getUserFromClient: function() {}, - saveToken: function(tokenToSave, client, user, callback) { callback(null, token); } - }; - const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 123, model: model }); - - grantType.saveToken(token).should.be.an.instanceOf(Promise); - }); }); }); diff --git a/test/integration/grant-types/password-grant-type_test.js b/test/integration/grant-types/password-grant-type_test.js index a8c4cdaa..11dc3a3e 100644 --- a/test/integration/grant-types/password-grant-type_test.js +++ b/test/integration/grant-types/password-grant-type_test.js @@ -8,7 +8,6 @@ const InvalidArgumentError = require('../../../lib/errors/invalid-argument-error const InvalidGrantError = require('../../../lib/errors/invalid-grant-error'); const InvalidRequestError = require('../../../lib/errors/invalid-request-error'); const PasswordGrantType = require('../../../lib/grant-types/password-grant-type'); -const Promise = require('bluebird'); const Request = require('../../../lib/request'); const should = require('chai').should(); @@ -57,7 +56,7 @@ describe('PasswordGrantType integration', function() { }); describe('handle()', function() { - it('should throw an error if `request` is missing', function() { + it('should throw an error if `request` is missing', async function() { const model = { getUser: function() {}, saveToken: function() {} @@ -65,7 +64,7 @@ describe('PasswordGrantType integration', function() { const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); try { - grantType.handle(); + await grantType.handle(); should.fail(); } catch (e) { @@ -74,7 +73,7 @@ describe('PasswordGrantType integration', function() { } }); - it('should throw an error if `client` is missing', function() { + it('should throw an error if `client` is missing', async function() { const model = { getUser: function() {}, saveToken: function() {} @@ -82,7 +81,7 @@ describe('PasswordGrantType integration', function() { const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); try { - grantType.handle({}); + await grantType.handle({}); should.fail(); } catch (e) { @@ -109,7 +108,7 @@ describe('PasswordGrantType integration', function() { .catch(should.fail); }); - it('should support promises', function() { + it('should support promises', async function() { const client = { id: 'foobar' }; const token = {}; const model = { @@ -119,10 +118,11 @@ describe('PasswordGrantType integration', function() { const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); - grantType.handle(request, client).should.be.an.instanceOf(Promise); + const result = await grantType.handle(request, client); + result.should.deep.equal({}); }); - it('should support non-promises', function() { + it('should support non-promises', async function() { const client = { id: 'foobar' }; const token = {}; const model = { @@ -132,25 +132,13 @@ describe('PasswordGrantType integration', function() { const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); - grantType.handle(request, client).should.be.an.instanceOf(Promise); - }); - - it('should support callbacks', function() { - const client = { id: 'foobar' }; - const token = {}; - const model = { - getUser: function(username, password, callback) { callback(null, {}); }, - saveToken: function(tokenToSave, client, user, callback) { callback(null, token); } - }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); - const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); - - grantType.handle(request, client).should.be.an.instanceOf(Promise); + const result = await grantType.handle(request, client); + result.should.deep.equal({}); }); }); describe('getUser()', function() { - it('should throw an error if the request body does not contain `username`', function() { + it('should throw an error if the request body does not contain `username`', async function() { const model = { getUser: function() {}, saveToken: function() {} @@ -159,7 +147,7 @@ describe('PasswordGrantType integration', function() { const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - grantType.getUser(request); + await grantType.getUser(request); should.fail(); } catch (e) { @@ -168,7 +156,7 @@ describe('PasswordGrantType integration', function() { } }); - it('should throw an error if the request body does not contain `password`', function() { + it('should throw an error if the request body does not contain `password`', async function() { const model = { getUser: function() {}, saveToken: function() {} @@ -177,7 +165,7 @@ describe('PasswordGrantType integration', function() { const request = new Request({ body: { username: 'foo' }, headers: {}, method: {}, query: {} }); try { - grantType.getUser(request); + await grantType.getUser(request); should.fail(); } catch (e) { @@ -186,7 +174,7 @@ describe('PasswordGrantType integration', function() { } }); - it('should throw an error if `username` is invalid', function() { + it('should throw an error if `username` is invalid', async function() { const model = { getUser: function() {}, saveToken: function() {} @@ -195,7 +183,7 @@ describe('PasswordGrantType integration', function() { const request = new Request({ body: { username: '\r\n', password: 'foobar' }, headers: {}, method: {}, query: {} }); try { - grantType.getUser(request); + await grantType.getUser(request); should.fail(); } catch (e) { @@ -204,7 +192,7 @@ describe('PasswordGrantType integration', function() { } }); - it('should throw an error if `password` is invalid', function() { + it('should throw an error if `password` is invalid', async function() { const model = { getUser: function() {}, saveToken: function() {} @@ -213,7 +201,7 @@ describe('PasswordGrantType integration', function() { const request = new Request({ body: { username: 'foobar', password: '\r\n' }, headers: {}, method: {}, query: {} }); try { - grantType.getUser(request); + await grantType.getUser(request); should.fail(); } catch (e) { @@ -277,18 +265,6 @@ describe('PasswordGrantType integration', function() { grantType.getUser(request).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const user = { email: 'foo@bar.com' }; - const model = { - getUser: function(username, password, callback) { callback(null, user); }, - saveToken: function() {} - }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); - const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); - - grantType.getUser(request).should.be.an.instanceOf(Promise); - }); }); describe('saveToken()', function() { @@ -329,16 +305,5 @@ describe('PasswordGrantType integration', function() { grantType.saveToken(token).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const token = {}; - const model = { - getUser: function() {}, - saveToken: function(tokenToSave, client, user, callback) { callback(null, token); } - }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); - - grantType.saveToken(token).should.be.an.instanceOf(Promise); - }); }); }); diff --git a/test/integration/grant-types/refresh-token-grant-type_test.js b/test/integration/grant-types/refresh-token-grant-type_test.js index 83c7489f..32736067 100644 --- a/test/integration/grant-types/refresh-token-grant-type_test.js +++ b/test/integration/grant-types/refresh-token-grant-type_test.js @@ -7,7 +7,6 @@ const InvalidArgumentError = require('../../../lib/errors/invalid-argument-error'); const InvalidGrantError = require('../../../lib/errors/invalid-grant-error'); const InvalidRequestError = require('../../../lib/errors/invalid-request-error'); -const Promise = require('bluebird'); const RefreshTokenGrantType = require('../../../lib/grant-types/refresh-token-grant-type'); const Request = require('../../../lib/request'); const ServerError = require('../../../lib/errors/server-error'); @@ -74,7 +73,7 @@ describe('RefreshTokenGrantType integration', function() { }); describe('handle()', function() { - it('should throw an error if `request` is missing', function() { + it('should throw an error if `request` is missing', async function() { const model = { getRefreshToken: function() {}, revokeToken: function() {}, @@ -83,7 +82,7 @@ describe('RefreshTokenGrantType integration', function() { const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); try { - grantType.handle(); + await grantType.handle(); should.fail(); } catch (e) { @@ -92,7 +91,7 @@ describe('RefreshTokenGrantType integration', function() { } }); - it('should throw an error if `client` is missing', function() { + it('should throw an error if `client` is missing', async function() { const model = { getRefreshToken: function() {}, revokeToken: function() {}, @@ -102,7 +101,7 @@ describe('RefreshTokenGrantType integration', function() { const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - grantType.handle(request); + await grantType.handle(request); should.fail(); } catch (e) { @@ -154,23 +153,10 @@ describe('RefreshTokenGrantType integration', function() { grantType.handle(request, client).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const client = { id: 123 }; - const model = { - getRefreshToken: function(refreshToken, callback) { callback(null, { accessToken: 'foo', client: { id: 123 }, user: {} }); }, - revokeToken: function(refreshToken, callback) { callback(null, { accessToken: 'foo', client: {}, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }); }, - saveToken: function(tokenToSave, client, user, callback) { callback(null,{ accessToken: 'foo', client: {}, user: {} }); } - }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); - const request = new Request({ body: { refresh_token: 'foobar' }, headers: {}, method: {}, query: {} }); - - grantType.handle(request, client).should.be.an.instanceOf(Promise); - }); }); describe('getRefreshToken()', function() { - it('should throw an error if the `refreshToken` parameter is missing from the request body', function() { + it('should throw an error if the `refreshToken` parameter is missing from the request body', async function() { const client = {}; const model = { getRefreshToken: function() {}, @@ -181,7 +167,7 @@ describe('RefreshTokenGrantType integration', function() { const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - grantType.getRefreshToken(request, client); + await grantType.getRefreshToken(request, client); should.fail(); } catch (e) { @@ -266,7 +252,7 @@ describe('RefreshTokenGrantType integration', function() { }); }); - it('should throw an error if `refresh_token` contains invalid characters', function() { + it('should throw an error if `refresh_token` contains invalid characters', async function() { const client = {}; const model = { getRefreshToken: function() { @@ -279,7 +265,7 @@ describe('RefreshTokenGrantType integration', function() { const request = new Request({ body: { refresh_token: 'ø倣‰' }, headers: {}, method: {}, query: {} }); try { - grantType.getRefreshToken(request, client); + await grantType.getRefreshToken(request, client); should.fail(); } catch (e) { @@ -394,20 +380,6 @@ describe('RefreshTokenGrantType integration', function() { grantType.getRefreshToken(request, client).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const client = { id: 123 }; - const token = { accessToken: 'foo', client: { id: 123 }, user: {} }; - const model = { - getRefreshToken: function(refreshToken, callback) { callback(null, token); }, - revokeToken: function() {}, - saveToken: function() {} - }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); - const request = new Request({ body: { refresh_token: 'foobar' }, headers: {}, method: {}, query: {} }); - - grantType.getRefreshToken(request, client).should.be.an.instanceOf(Promise); - }); }); describe('revokeToken()', function() { @@ -466,18 +438,6 @@ describe('RefreshTokenGrantType integration', function() { grantType.revokeToken(token).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const token = { accessToken: 'foo', client: {}, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }; - const model = { - getRefreshToken: function() {}, - revokeToken: function(refreshToken, callback) { callback(null, token); }, - saveToken: function() {} - }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); - - grantType.revokeToken(token).should.be.an.instanceOf(Promise); - }); }); describe('saveToken()', function() { @@ -520,17 +480,5 @@ describe('RefreshTokenGrantType integration', function() { grantType.saveToken(token).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const token = {}; - const model = { - getRefreshToken: function() {}, - revokeToken: function() {}, - saveToken: function(tokenToSave, client, user, callback) { callback(null, token); } - }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); - - grantType.saveToken(token).should.be.an.instanceOf(Promise); - }); }); }); diff --git a/test/integration/handlers/authenticate-handler_test.js b/test/integration/handlers/authenticate-handler_test.js index 151ada32..d8bf7284 100644 --- a/test/integration/handlers/authenticate-handler_test.js +++ b/test/integration/handlers/authenticate-handler_test.js @@ -10,7 +10,6 @@ const InvalidArgumentError = require('../../../lib/errors/invalid-argument-error const InvalidRequestError = require('../../../lib/errors/invalid-request-error'); const InsufficientScopeError = require('../../../lib/errors/insufficient-scope-error'); const InvalidTokenError = require('../../../lib/errors/invalid-token-error'); -const Promise = require('bluebird'); const Request = require('../../../lib/request'); const Response = require('../../../lib/response'); const ServerError = require('../../../lib/errors/server-error'); @@ -102,11 +101,11 @@ describe('AuthenticateHandler integration', function() { }); describe('handle()', function() { - it('should throw an error if `request` is missing', function() { + it('should throw an error if `request` is missing', async function() { const handler = new AuthenticateHandler({ model: { getAccessToken: function() {} } }); try { - handler.handle(); + await handler.handle(); should.fail(); } catch (e) { @@ -115,7 +114,7 @@ describe('AuthenticateHandler integration', function() { } }); - it('should set the `WWW-Authenticate` header if an unauthorized request error is thrown', function() { + it('should set the `WWW-Authenticate` header if an unauthorized request error is thrown', async function() { const model = { getAccessToken: function() { throw new UnauthorizedRequestError(); @@ -125,11 +124,12 @@ describe('AuthenticateHandler integration', function() { const request = new Request({ body: {}, headers: { 'Authorization': 'Bearer foo' }, method: {}, query: {} }); const response = new Response({ body: {}, headers: {} }); - return handler.handle(request, response) - .then(should.fail) - .catch(function() { - response.get('WWW-Authenticate').should.equal('Bearer realm="Service"'); - }); + try { + await handler.handle(request, response); + should.fail(); + } catch (e) { + response.get('WWW-Authenticate').should.equal('Bearer realm="Service"'); + } }); it('should set the `WWW-Authenticate` header if an InvalidRequestError is thrown', function() { @@ -250,7 +250,7 @@ describe('AuthenticateHandler integration', function() { }); describe('getTokenFromRequest()', function() { - it('should throw an error if more than one authentication method is used', function() { + it('should throw an error if more than one authentication method is used', async function() { const handler = new AuthenticateHandler({ model: { getAccessToken: function() {} } }); const request = new Request({ body: {}, @@ -260,7 +260,7 @@ describe('AuthenticateHandler integration', function() { }); try { - handler.getTokenFromRequest(request); + await handler.getTokenFromRequest(request); should.fail(); } catch (e) { @@ -269,12 +269,12 @@ describe('AuthenticateHandler integration', function() { } }); - it('should throw an error if `accessToken` is missing', function() { + it('should throw an error if `accessToken` is missing', async function() { const handler = new AuthenticateHandler({ model: { getAccessToken: function() {} } }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - handler.getTokenFromRequest(request); + await handler.getTokenFromRequest(request); should.fail(); } catch (e) { @@ -285,7 +285,7 @@ describe('AuthenticateHandler integration', function() { }); describe('getTokenFromRequestHeader()', function() { - it('should throw an error if the token is malformed', function() { + it('should throw an error if the token is malformed', async function() { const handler = new AuthenticateHandler({ model: { getAccessToken: function() {} } }); const request = new Request({ body: {}, @@ -297,7 +297,7 @@ describe('AuthenticateHandler integration', function() { }); try { - handler.getTokenFromRequestHeader(request); + await handler.getTokenFromRequestHeader(request); should.fail(); } catch (e) { @@ -324,11 +324,11 @@ describe('AuthenticateHandler integration', function() { }); describe('getTokenFromRequestQuery()', function() { - it('should throw an error if the query contains a token', function() { + it('should throw an error if the query contains a token', async function() { const handler = new AuthenticateHandler({ model: { getAccessToken: function() {} } }); try { - handler.getTokenFromRequestQuery(); + await handler.getTokenFromRequestQuery(); should.fail(); } catch (e) { @@ -345,7 +345,7 @@ describe('AuthenticateHandler integration', function() { }); describe('getTokenFromRequestBody()', function() { - it('should throw an error if the method is `GET`', function() { + it('should throw an error if the method is `GET`', async function() { const handler = new AuthenticateHandler({ model: { getAccessToken: function() {} } }); const request = new Request({ body: { access_token: 'foo' }, @@ -355,7 +355,7 @@ describe('AuthenticateHandler integration', function() { }); try { - handler.getTokenFromRequestBody(request); + await handler.getTokenFromRequestBody(request); should.fail(); } catch (e) { @@ -364,7 +364,7 @@ describe('AuthenticateHandler integration', function() { } }); - it('should throw an error if the media type is not `application/x-www-form-urlencoded`', function() { + it('should throw an error if the media type is not `application/x-www-form-urlencoded`', async function() { const handler = new AuthenticateHandler({ model: { getAccessToken: function() {} } }); const request = new Request({ body: { access_token: 'foo' }, @@ -374,7 +374,7 @@ describe('AuthenticateHandler integration', function() { }); try { - handler.getTokenFromRequestBody(request); + await handler.getTokenFromRequestBody(request); should.fail(); } catch (e) { @@ -464,26 +464,15 @@ describe('AuthenticateHandler integration', function() { handler.getAccessToken('foo').should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const model = { - getAccessToken: function(token, callback) { - callback(null, { user: {} }); - } - }; - const handler = new AuthenticateHandler({ model: model }); - - handler.getAccessToken('foo').should.be.an.instanceOf(Promise); - }); }); describe('validateAccessToken()', function() { - it('should throw an error if `accessToken` is expired', function() { + it('should throw an error if `accessToken` is expired', async function() { const accessToken = { accessTokenExpiresAt: new Date(new Date() / 2) }; const handler = new AuthenticateHandler({ model: { getAccessToken: function() {} } }); try { - handler.validateAccessToken(accessToken); + await handler.validateAccessToken(accessToken); should.fail(); } catch (e) { @@ -544,18 +533,6 @@ describe('AuthenticateHandler integration', function() { handler.verifyScope('foo').should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const model = { - getAccessToken: function() {}, - verifyScope: function(token, scope, callback) { - callback(null, true); - } - }; - const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: 'foo' }); - - handler.verifyScope('foo').should.be.an.instanceOf(Promise); - }); }); describe('updateResponse()', function() { diff --git a/test/integration/handlers/authorize-handler_test.js b/test/integration/handlers/authorize-handler_test.js index b91408a1..8a5eb659 100644 --- a/test/integration/handlers/authorize-handler_test.js +++ b/test/integration/handlers/authorize-handler_test.js @@ -13,7 +13,6 @@ const InvalidClientError = require('../../../lib/errors/invalid-client-error'); const InvalidRequestError = require('../../../lib/errors/invalid-request-error'); const InvalidScopeError = require('../../../lib/errors/invalid-scope-error'); const UnsupportedResponseTypeError = require('../../../lib/errors/unsupported-response-type-error'); -const Promise = require('bluebird'); const Request = require('../../../lib/request'); const Response = require('../../../lib/response'); const ServerError = require('../../../lib/errors/server-error'); @@ -122,7 +121,7 @@ describe('AuthorizeHandler integration', function() { }); describe('handle()', function() { - it('should throw an error if `request` is missing', function() { + it('should throw an error if `request` is missing', async function() { const model = { getAccessToken: function() {}, getClient: function() {}, @@ -131,7 +130,7 @@ describe('AuthorizeHandler integration', function() { const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); try { - handler.handle(); + await handler.handle(); should.fail(); } catch (e) { @@ -140,7 +139,7 @@ describe('AuthorizeHandler integration', function() { } }); - it('should throw an error if `response` is missing', function() { + it('should throw an error if `response` is missing', async function() { const model = { getAccessToken: function() {}, getClient: function() {}, @@ -150,7 +149,7 @@ describe('AuthorizeHandler integration', function() { const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - handler.handle(request); + await handler.handle(request); should.fail(); } catch (e) { @@ -695,25 +694,10 @@ describe('AuthorizeHandler integration', function() { handler.validateRedirectUri('http://example.com/a', { }).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const model = { - getAccessToken: function() {}, - getClient: function() {}, - saveAuthorizationCode: function() {}, - validateRedirectUri: function(redirectUri, client, callback) { - callback(null, false); - } - }; - - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); - - handler.validateRedirectUri('http://example.com/a', { }).should.be.an.instanceOf(Promise); - }); }); describe('getClient()', function() { - it('should throw an error if `client_id` is missing', function() { + it('should throw an error if `client_id` is missing', async function() { const model = { getAccessToken: function() {}, getClient: function() {}, @@ -723,7 +707,7 @@ describe('AuthorizeHandler integration', function() { const request = new Request({ body: { response_type: 'code' }, headers: {}, method: {}, query: {} }); try { - handler.getClient(request); + await handler.getClient(request); should.fail(); } catch (e) { @@ -732,7 +716,7 @@ describe('AuthorizeHandler integration', function() { } }); - it('should throw an error if `client_id` is invalid', function() { + it('should throw an error if `client_id` is invalid', async function() { const model = { getAccessToken: function() {}, getClient: function() {}, @@ -742,7 +726,7 @@ describe('AuthorizeHandler integration', function() { const request = new Request({ body: { client_id: 'ø倣‰', response_type: 'code' }, headers: {}, method: {}, query: {} }); try { - handler.getClient(request); + await handler.getClient(request); should.fail(); } catch (e) { @@ -751,7 +735,7 @@ describe('AuthorizeHandler integration', function() { } }); - it('should throw an error if `client.redirectUri` is invalid', function() { + it('should throw an error if `client.redirectUri` is invalid', async function() { const model = { getAccessToken: function() {}, getClient: function() {}, @@ -761,7 +745,7 @@ describe('AuthorizeHandler integration', function() { const request = new Request({ body: { client_id: 12345, response_type: 'code', redirect_uri: 'foobar' }, headers: {}, method: {}, query: {} }); try { - handler.getClient(request); + await handler.getClient(request); should.fail(); } catch (e) { @@ -899,26 +883,6 @@ describe('AuthorizeHandler integration', function() { handler.getClient(request).should.be.an.instanceOf(Promise); }); - it('should support callbacks', function() { - const model = { - getAccessToken: function() {}, - getClient: function(clientId, clientSecret, callback) { - should.equal(clientSecret, null); - callback(null, { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }); - }, - saveAuthorizationCode: function() {} - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); - const request = new Request({ - body: { client_id: 12345 }, - headers: {}, - method: {}, - query: {} - }); - - handler.getClient(request).should.be.an.instanceOf(Promise); - }); - describe('with `client_id` in the request query', function() { it('should return a client', function() { const client = { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; @@ -942,7 +906,7 @@ describe('AuthorizeHandler integration', function() { }); describe('getScope()', function() { - it('should throw an error if `scope` is invalid', function() { + it('should throw an error if `scope` is invalid', async function() { const model = { getAccessToken: function() {}, getClient: function() {}, @@ -952,7 +916,7 @@ describe('AuthorizeHandler integration', function() { const request = new Request({ body: { scope: 'ø倣‰' }, headers: {}, method: {}, query: {} }); try { - handler.getScope(request); + await handler.getScope(request); should.fail(); } catch (e) { @@ -991,7 +955,7 @@ describe('AuthorizeHandler integration', function() { }); describe('getState()', function() { - it('should throw an error if `allowEmptyState` is false and `state` is missing', function() { + it('should throw an error if `allowEmptyState` is false and `state` is missing', async function() { const model = { getAccessToken: function() {}, getClient: function() {}, @@ -1001,7 +965,7 @@ describe('AuthorizeHandler integration', function() { const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - handler.getState(request); + await handler.getState(request); should.fail(); } catch (e) { @@ -1022,7 +986,7 @@ describe('AuthorizeHandler integration', function() { should.equal(state, undefined); }); - it('should throw an error if `state` is invalid', function() { + it('should throw an error if `state` is invalid', async function() { const model = { getAccessToken: function() {}, getClient: function() {}, @@ -1032,7 +996,7 @@ describe('AuthorizeHandler integration', function() { const request = new Request({ body: {}, headers: {}, method: {}, query: { state: 'ø倣‰' } }); try { - handler.getState(request); + await handler.getState(request); should.fail(); } catch (e) { @@ -1157,23 +1121,10 @@ describe('AuthorizeHandler integration', function() { handler.saveAuthorizationCode('foo', 'bar', 'biz', 'baz').should.be.an.instanceOf(Promise); }); - - it('should support callbacks when calling `model.saveAuthorizationCode()`', function() { - const model = { - getAccessToken: function() {}, - getClient: function() {}, - saveAuthorizationCode: function(code, client, user, callback) { - return callback(null, true); - } - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); - - handler.saveAuthorizationCode('foo', 'bar', 'biz', 'baz').should.be.an.instanceOf(Promise); - }); }); describe('getResponseType()', function() { - it('should throw an error if `response_type` is missing', function() { + it('should throw an error if `response_type` is missing', async function() { const model = { getAccessToken: function() {}, getClient: function() {}, @@ -1183,7 +1134,7 @@ describe('AuthorizeHandler integration', function() { const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - handler.getResponseType(request); + await handler.getResponseType(request); should.fail(); } catch (e) { @@ -1192,7 +1143,7 @@ describe('AuthorizeHandler integration', function() { } }); - it('should throw an error if `response_type` is not `code`', function() { + it('should throw an error if `response_type` is not `code`', async function() { const model = { getAccessToken: function() {}, getClient: function() {}, @@ -1202,7 +1153,7 @@ describe('AuthorizeHandler integration', function() { const request = new Request({ body: { response_type: 'foobar' }, headers: {}, method: {}, query: {} }); try { - handler.getResponseType(request); + await handler.getResponseType(request); should.fail(); } catch (e) { @@ -1326,7 +1277,7 @@ describe('AuthorizeHandler integration', function() { const request = new Request({ body: {code_challenge_method: 'foo'}, headers: {}, method: {}, query: {} }); try { - handler.getCodeChallengeMethod(request); + await handler.getCodeChallengeMethod(request); should.fail(); } catch (e) { diff --git a/test/integration/handlers/token-handler_test.js b/test/integration/handlers/token-handler_test.js index 0cb60c39..fd8f7693 100644 --- a/test/integration/handlers/token-handler_test.js +++ b/test/integration/handlers/token-handler_test.js @@ -11,7 +11,6 @@ const InvalidClientError = require('../../../lib/errors/invalid-client-error'); const InvalidGrantError = require('../../../lib/errors/invalid-grant-error'); const InvalidRequestError = require('../../../lib/errors/invalid-request-error'); const PasswordGrantType = require('../../../lib/grant-types/password-grant-type'); -const Promise = require('bluebird'); const Request = require('../../../lib/request'); const Response = require('../../../lib/response'); const ServerError = require('../../../lib/errors/server-error'); @@ -149,7 +148,7 @@ describe('TokenHandler integration', function() { }); describe('handle()', function() { - it('should throw an error if `request` is missing', function() { + it('should throw an error if `request` is missing', async function() { const model = { getClient: function() {}, saveToken: function() {} @@ -157,7 +156,7 @@ describe('TokenHandler integration', function() { const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); try { - handler.handle(); + await handler.handle(); should.fail(); } catch (e) { @@ -166,7 +165,7 @@ describe('TokenHandler integration', function() { } }); - it('should throw an error if `response` is missing', function() { + it('should throw an error if `response` is missing', async function() { const model = { getClient: function() {}, saveToken: function() {} @@ -175,7 +174,7 @@ describe('TokenHandler integration', function() { const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - handler.handle(request); + await handler.handle(request); should.fail(); } catch (e) { @@ -402,7 +401,7 @@ describe('TokenHandler integration', function() { describe('getClient()', function() { - it('should throw an error if `clientId` is invalid', function() { + it('should throw an error if `clientId` is invalid', async function() { const model = { getClient: function() {}, saveToken: function() {} @@ -411,7 +410,7 @@ describe('TokenHandler integration', function() { const request = new Request({ body: { client_id: 'ø倣‰', client_secret: 'foo' }, headers: {}, method: {}, query: {} }); try { - handler.getClient(request); + await handler.getClient(request); should.fail(); } catch (e) { @@ -420,7 +419,7 @@ describe('TokenHandler integration', function() { } }); - it('should throw an error if `clientSecret` is invalid', function() { + it('should throw an error if `clientSecret` is invalid', async function() { const model = { getClient: function() {}, saveToken: function() {} @@ -429,7 +428,7 @@ describe('TokenHandler integration', function() { const request = new Request({ body: { client_id: 'foo', client_secret: 'ø倣‰' }, headers: {}, method: {}, query: {} }); try { - handler.getClient(request); + await handler.getClient(request); should.fail(); } catch (e) { @@ -607,21 +606,10 @@ describe('TokenHandler integration', function() { handler.getClient(request).should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function() { - const model = { - getClient: function(clientId, clientSecret, callback) { callback(null, { grants: [] }); }, - saveToken: function() {} - }; - const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); - const request = new Request({ body: { client_id: 12345, client_secret: 'secret' }, headers: {}, method: {}, query: {} }); - - handler.getClient(request).should.be.an.instanceOf(Promise); - }); }); describe('getClientCredentials()', function() { - it('should throw an error if `client_id` is missing', function() { + it('should throw an error if `client_id` is missing', async function() { const model = { getClient: function() {}, saveToken: function() {} @@ -630,7 +618,7 @@ describe('TokenHandler integration', function() { const request = new Request({ body: { client_secret: 'foo' }, headers: {}, method: {}, query: {} }); try { - handler.getClientCredentials(request); + await handler.getClientCredentials(request); should.fail(); } catch (e) { @@ -639,7 +627,7 @@ describe('TokenHandler integration', function() { } }); - it('should throw an error if `client_secret` is missing', function() { + it('should throw an error if `client_secret` is missing', async function() { const model = { getClient: function() {}, saveToken: function() {} @@ -648,7 +636,7 @@ describe('TokenHandler integration', function() { const request = new Request({ body: { client_id: 'foo' }, headers: {}, method: {}, query: {} }); try { - handler.getClientCredentials(request); + await handler.getClientCredentials(request); should.fail(); } catch (e) { @@ -708,7 +696,7 @@ describe('TokenHandler integration', function() { }); describe('handleGrantType()', function() { - it('should throw an error if `grant_type` is missing', function() { + it('should throw an error if `grant_type` is missing', async function() { const model = { getClient: function() {}, saveToken: function() {} @@ -717,7 +705,7 @@ describe('TokenHandler integration', function() { const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - handler.handleGrantType(request); + await handler.handleGrantType(request); should.fail(); } catch (e) { @@ -726,7 +714,7 @@ describe('TokenHandler integration', function() { } }); - it('should throw an error if `grant_type` is invalid', function() { + it('should throw an error if `grant_type` is invalid', async function() { const model = { getClient: function() {}, saveToken: function() {} @@ -735,7 +723,7 @@ describe('TokenHandler integration', function() { const request = new Request({ body: { grant_type: '~foo~' }, headers: {}, method: {}, query: {} }); try { - handler.handleGrantType(request); + await handler.handleGrantType(request); should.fail(); } catch (e) { @@ -744,7 +732,7 @@ describe('TokenHandler integration', function() { } }); - it('should throw an error if `grant_type` is unsupported', function() { + it('should throw an error if `grant_type` is unsupported', async function() { const model = { getClient: function() {}, saveToken: function() {} @@ -753,7 +741,7 @@ describe('TokenHandler integration', function() { const request = new Request({ body: { grant_type: 'foobar' }, headers: {}, method: {}, query: {} }); try { - handler.handleGrantType(request); + await handler.handleGrantType(request); should.fail(); } catch (e) { @@ -762,7 +750,7 @@ describe('TokenHandler integration', function() { } }); - it('should throw an error if `grant_type` is unauthorized', function() { + it('should throw an error if `grant_type` is unauthorized', async function() { const client = { grants: ['client_credentials'] }; const model = { getClient: function() {}, @@ -772,7 +760,7 @@ describe('TokenHandler integration', function() { const request = new Request({ body: { grant_type: 'password' }, headers: {}, method: {}, query: {} }); try { - handler.handleGrantType(request, client); + await handler.handleGrantType(request, client); should.fail(); } catch (e) { @@ -784,8 +772,8 @@ describe('TokenHandler integration', function() { it('should throw an invalid grant error if a non-oauth error is thrown', function() { const client = { grants: ['password'] }; const model = { - getClient: function(clientId, password, callback) { callback(null, client); }, - getUser: function(uid, pwd, callback) { callback(); }, + getClient: function(clientId, password) { return client; }, + getUser: function(uid, pwd) {}, saveToken: function() {} }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); diff --git a/test/integration/server_test.js b/test/integration/server_test.js index db105444..cb717c76 100644 --- a/test/integration/server_test.js +++ b/test/integration/server_test.js @@ -5,7 +5,6 @@ */ const InvalidArgumentError = require('../../lib/errors/invalid-argument-error'); -const Promise = require('bluebird'); const Request = require('../../lib/request'); const Response = require('../../lib/response'); const Server = require('../../lib/server'); @@ -37,7 +36,7 @@ describe('Server integration', function() { }); describe('authenticate()', function() { - it('should set the default `options`', function() { + it('should set the default `options`', async function() { const model = { getAccessToken: function() { return { @@ -50,35 +49,19 @@ describe('Server integration', function() { const request = new Request({ body: {}, headers: { 'Authorization': 'Bearer foo' }, method: {}, query: {} }); const response = new Response({ body: {}, headers: {} }); - return server.authenticate(request, response) - .then(function() { - this.addAcceptedScopesHeader.should.be.true; - this.addAuthorizedScopesHeader.should.be.true; - this.allowBearerTokensInQueryString.should.be.false; - }) - .catch(should.fail); + try { + await server.authenticate(request, response); + } catch (e) { + server.addAcceptedScopesHeader.should.be.true; + server.addAuthorizedScopesHeader.should.be.true; + server.allowBearerTokensInQueryString.should.be.false; + should.fail(); + } }); it('should return a promise', function() { const model = { - getAccessToken: function(token, callback) { - callback(null, { - user: {}, - accessTokenExpiresAt: new Date(new Date().getTime() + 10000) - }); - } - }; - const server = new Server({ model: model }); - const request = new Request({ body: {}, headers: { 'Authorization': 'Bearer foo' }, method: {}, query: {} }); - const response = new Response({ body: {}, headers: {} }); - const handler = server.authenticate(request, response); - - handler.should.be.an.instanceOf(Promise); - }); - - it('should support callbacks', function(next) { - const model = { - getAccessToken: function() { + getAccessToken: async function(token) { return { user: {}, accessTokenExpiresAt: new Date(new Date().getTime() + 10000) @@ -88,13 +71,14 @@ describe('Server integration', function() { const server = new Server({ model: model }); const request = new Request({ body: {}, headers: { 'Authorization': 'Bearer foo' }, method: {}, query: {} }); const response = new Response({ body: {}, headers: {} }); + const handler = server.authenticate(request, response); - server.authenticate(request, response, null, next); + handler.should.be.an.instanceOf(Promise); }); }); describe('authorize()', function() { - it('should set the default `options`', function() { + it('should set the default `options`', async function() { const model = { getAccessToken: function() { return { @@ -113,12 +97,13 @@ describe('Server integration', function() { const request = new Request({ body: { client_id: 1234, client_secret: 'secret', response_type: 'code' }, headers: { 'Authorization': 'Bearer foo' }, method: {}, query: { state: 'foobar' } }); const response = new Response({ body: {}, headers: {} }); - return server.authorize(request, response) - .then(function() { - this.allowEmptyState.should.be.false; - this.authorizationCodeLifetime.should.equal(300); - }) - .catch(should.fail); + try { + await server.authorize(request, response); + } catch (e) { + server.allowEmptyState.should.be.false; + server.authorizationCodeLifetime.should.equal(300); + should.fail(); + } }); it('should return a promise', function() { @@ -143,32 +128,10 @@ describe('Server integration', function() { handler.should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function(next) { - const model = { - getAccessToken: function() { - return { - user: {}, - accessTokenExpiresAt: new Date(new Date().getTime() + 10000) - }; - }, - getClient: function() { - return { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; - }, - saveAuthorizationCode: function() { - return { authorizationCode: 123 }; - } - }; - const server = new Server({ model: model }); - const request = new Request({ body: { client_id: 1234, client_secret: 'secret', response_type: 'code' }, headers: { 'Authorization': 'Bearer foo' }, method: {}, query: { state: 'foobar' } }); - const response = new Response({ body: {}, headers: {} }); - - server.authorize(request, response, null, next); - }); }); describe('token()', function() { - it('should set the default `options`', function() { + it('should set the default `options`', async function() { const model = { getClient: function() { return { grants: ['password'] }; @@ -185,12 +148,13 @@ describe('Server integration', function() { const request = new Request({ body: { client_id: 1234, client_secret: 'secret', grant_type: 'password', username: 'foo', password: 'pass', scope: 'foo' }, headers: { 'content-type': 'application/x-www-form-urlencoded', 'transfer-encoding': 'chunked' }, method: 'POST', query: {} }); const response = new Response({ body: {}, headers: {} }); - return server.token(request, response) - .then(function() { - this.accessTokenLifetime.should.equal(3600); - this.refreshTokenLifetime.should.equal(1209600); - }) - .catch(should.fail); + try { + await server.token(request, response); + } catch (e) { + server.accessTokenLifetime.should.equal(3600); + server.refreshTokenLifetime.should.equal(1209600); + should.fail(); + } }); it('should return a promise', function() { @@ -212,27 +176,5 @@ describe('Server integration', function() { handler.should.be.an.instanceOf(Promise); }); - - it('should support callbacks', function(next) { - const model = { - getClient: function() { - return { grants: ['password'] }; - }, - getUser: function() { - return {}; - }, - saveToken: function() { - return { accessToken: 1234, client: {}, user: {} }; - }, - validateScope: function() { - return 'foo'; - } - }; - const server = new Server({ model: model }); - const request = new Request({ body: { client_id: 1234, client_secret: 'secret', grant_type: 'password', username: 'foo', password: 'pass', scope: 'foo' }, headers: { 'content-type': 'application/x-www-form-urlencoded', 'transfer-encoding': 'chunked' }, method: 'POST', query: {} }); - const response = new Response({ body: {}, headers: {} }); - - server.token(request, response, null, next); - }); }); }); diff --git a/test/integration/utils/token-util_test.js b/test/integration/utils/token-util_test.js index d4f368ea..edf9c7e9 100644 --- a/test/integration/utils/token-util_test.js +++ b/test/integration/utils/token-util_test.js @@ -5,7 +5,6 @@ */ const TokenUtil = require('../../../lib/utils/token-util'); -const should = require('chai').should(); /** * Test `TokenUtil` integration. @@ -13,12 +12,9 @@ const should = require('chai').should(); describe('TokenUtil integration', function() { describe('generateRandomToken()', function() { - it('should return a sha-256 token', function() { - return TokenUtil.generateRandomToken() - .then(function(token) { - token.should.be.a.sha256(); - }) - .catch(should.fail); + it('should return a sha-256 token', async function() { + const token = await TokenUtil.generateRandomToken(); + token.should.be.a.sha256(); }); }); }); diff --git a/test/unit/grant-types/authorization-code-grant-type_test.js b/test/unit/grant-types/authorization-code-grant-type_test.js index 7672ed48..c3502bee 100644 --- a/test/unit/grant-types/authorization-code-grant-type_test.js +++ b/test/unit/grant-types/authorization-code-grant-type_test.js @@ -7,7 +7,6 @@ const AuthorizationCodeGrantType = require('../../../lib/grant-types/authorization-code-grant-type'); const InvalidGrantError = require('../../../lib/errors/invalid-grant-error'); const ServerError = require('../../../lib/errors/server-error'); -const Promise = require('bluebird'); const Request = require('../../../lib/request'); const sinon = require('sinon'); const should = require('chai').should(); diff --git a/test/unit/handlers/authorize-handler_test.js b/test/unit/handlers/authorize-handler_test.js index 0038c7c4..91ab651e 100644 --- a/test/unit/handlers/authorize-handler_test.js +++ b/test/unit/handlers/authorize-handler_test.js @@ -7,7 +7,6 @@ const AuthorizeHandler = require('../../../lib/handlers/authorize-handler'); const Request = require('../../../lib/request'); const Response = require('../../../lib/response'); -const Promise = require('bluebird'); const sinon = require('sinon'); const should = require('chai').should(); diff --git a/test/unit/server_test.js b/test/unit/server_test.js index 3987df77..df685213 100644 --- a/test/unit/server_test.js +++ b/test/unit/server_test.js @@ -6,7 +6,6 @@ const AuthenticateHandler = require('../../lib/handlers/authenticate-handler'); const AuthorizeHandler = require('../../lib/handlers/authorize-handler'); -const Promise = require('bluebird'); const Server = require('../../lib/server'); const TokenHandler = require('../../lib/handlers/token-handler'); const sinon = require('sinon'); From 5454497abd1219b88219dcacaa9c4917fc529b5f Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Fri, 9 Jun 2023 08:51:09 +0200 Subject: [PATCH 11/86] docs: add 5.0.0 to changelog --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f85f8456..608cb59c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ ## Changelog +## 5.0.0 + +- removed `bluebird` and `promisify-any` +- uses native Promises and `async/await` everywhere +- drop support for Node 14 (EOL), setting Node 16 as `engine` in `package.json` +- this is a breaking change, because **it removes callback support** for + `OAuthServer` and your model implementation. + ## 4.2.0 ### Fixed - fix(core): Bearer regular expression matching in authenticate handler #105 From 085b13d49040646c48af0fbf4b1f8ba21e24e40d Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Fri, 9 Jun 2023 08:51:22 +0200 Subject: [PATCH 12/86] docs: add 5.x note to readme --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 1b14f038..b60607f8 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,13 @@ Most users should refer to our [Express (active)](https://github.com/node-oauth/ More examples can be found here: https://github.com/14gasher/oauth-example +## Version 5 notes + +Beginning with version `5.x` we removed dual support for callbacks and promises. +With this version there is only support for Promises / async/await. + +With this version we also bumped the `engine` to Node 16 as 14 is now deprecated. + ## Migrating from OAuthJs and 3.x Version 4.x should not be hard-breaking, however, there were many improvements and fixes that may From 2627848af9b0b4f3a4f64b47ad0e07bdc19c7db5 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Fri, 9 Jun 2023 08:51:36 +0200 Subject: [PATCH 13/86] docs: add 5.x to security policy --- SECURITY.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index f0cc8ef8..5bc4f6a9 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -5,11 +5,12 @@ Use this section to tell people about which versions of your project are currently being supported with security updates. -| Version | Supported | -| ------- | ------------------ | -| 4.x.x | :white_check_mark: | -| 3.x.x | :white_check_mark: but only very critical security issues | -| < 3 | :x: | +| Version | Supported | +|---------|--------------------------------------------------| +| 5.x.x | :white_check_mark: | +| 4.x.x | :white_check_mark: but only high severity issues | +| 3.x.x | :x: | +| < 3 | :x: | ## Reporting a Vulnerability From cf2adbac8f5335b6fa4714a6d13a0cbecb0bcb6f Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Fri, 9 Jun 2023 08:52:06 +0200 Subject: [PATCH 14/86] build(core): bump node 14 to 16 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2c26e6b4..c3bd5e8a 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,7 @@ }, "license": "MIT", "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" }, "scripts": { "pretest": "./node_modules/.bin/eslint lib test index.js", From 2563e7b7afe33e21ca06d675ae30b0635b39295c Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Tue, 13 Jun 2023 15:22:07 +0200 Subject: [PATCH 15/86] fix: replace Promise. calls in async functions with native behaviour --- lib/grant-types/client-credentials-grant-type.js | 10 +++------- lib/handlers/authorize-handler.js | 2 +- lib/handlers/token-handler.js | 4 ++-- 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/lib/grant-types/client-credentials-grant-type.js b/lib/grant-types/client-credentials-grant-type.js index a4ae1ed0..e2db3f7c 100644 --- a/lib/grant-types/client-credentials-grant-type.js +++ b/lib/grant-types/client-credentials-grant-type.js @@ -69,13 +69,9 @@ class ClientCredentialsGrantType extends AbstractGrantType { */ async saveToken(user, client, scope) { - const fns = [ - this.validateScope(user, client, scope), - this.generateAccessToken(client, user, scope), - this.getAccessTokenExpiresAt(client, user, scope), - ]; - - const [validatedScope, accessToken, accessTokenExpiresAt] = await Promise.all(fns); + const validatedScope = await this.validateScope(user, client, scope); + const accessToken = await this.generateAccessToken(client, user, scope); + const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(client, user, scope); const token = { accessToken: accessToken, accessTokenExpiresAt: accessTokenExpiresAt, diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index 49d5515d..75d1b2e6 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -308,7 +308,7 @@ AuthorizeHandler.prototype.validateRedirectUri = async function(redirectUri, cli return this.model.validateRedirectUri(redirectUri, client); } - return Promise.resolve(client.redirectUris.includes(redirectUri)); + return client.redirectUris.includes(redirectUri); }; /** * Get response type. diff --git a/lib/handlers/token-handler.js b/lib/handlers/token-handler.js index 4630c4f0..468d8102 100644 --- a/lib/handlers/token-handler.js +++ b/lib/handlers/token-handler.js @@ -76,11 +76,11 @@ TokenHandler.prototype.handle = async function(request, response) { } if (request.method !== 'POST') { - return Promise.reject(new InvalidRequestError('Invalid request: method must be POST')); + throw new InvalidRequestError('Invalid request: method must be POST'); } if (!request.is('application/x-www-form-urlencoded')) { - return Promise.reject(new InvalidRequestError('Invalid request: content must be application/x-www-form-urlencoded')); + throw new InvalidRequestError('Invalid request: content must be application/x-www-form-urlencoded'); } try { From e1fdc23e652dff163cb8d07d5bd272204fc8666b Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Tue, 13 Jun 2023 15:35:35 +0200 Subject: [PATCH 16/86] fix(tests): replace Promise. calls with native async behaviour where applicable --- .../grant-types/abstract-grant-type_test.js | 8 ++++---- .../authorization-code-grant-type_test.js | 8 ++++---- .../client-credentials-grant-type_test.js | 4 ++-- .../grant-types/password-grant-type_test.js | 6 +++--- .../grant-types/refresh-token-grant-type_test.js | 12 ++++++------ .../handlers/authenticate-handler_test.js | 4 ++-- .../handlers/authorize-handler_test.js | 16 ++++++++-------- test/integration/handlers/token-handler_test.js | 2 +- 8 files changed, 30 insertions(+), 30 deletions(-) diff --git a/test/integration/grant-types/abstract-grant-type_test.js b/test/integration/grant-types/abstract-grant-type_test.js index 5d9aa7a1..e874509f 100644 --- a/test/integration/grant-types/abstract-grant-type_test.js +++ b/test/integration/grant-types/abstract-grant-type_test.js @@ -70,8 +70,8 @@ describe('AbstractGrantType integration', function() { it('should support promises', function() { const model = { - generateAccessToken: function() { - return Promise.resolve({}); + generateAccessToken: async function() { + return {}; } }; const handler = new AbstractGrantType({ accessTokenLifetime: 123, model: model, refreshTokenLifetime: 456 }); @@ -104,8 +104,8 @@ describe('AbstractGrantType integration', function() { it('should support promises', function() { const model = { - generateRefreshToken: function() { - return Promise.resolve({}); + generateRefreshToken: async function() { + return {}; } }; const handler = new AbstractGrantType({ accessTokenLifetime: 123, model: model, refreshTokenLifetime: 456 }); diff --git a/test/integration/grant-types/authorization-code-grant-type_test.js b/test/integration/grant-types/authorization-code-grant-type_test.js index 85c007f5..a4d69c40 100644 --- a/test/integration/grant-types/authorization-code-grant-type_test.js +++ b/test/integration/grant-types/authorization-code-grant-type_test.js @@ -145,7 +145,7 @@ describe('AuthorizationCodeGrantType integration', function() { it('should support promises', function() { const client = { id: 'foobar' }; const model = { - getAuthorizationCode: function() { return Promise.resolve({ authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() * 2), user: {} }); }, + getAuthorizationCode: function() { return { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() * 2), user: {} }; }, revokeAuthorizationCode: function() { return true; }, saveToken: function() {} }; @@ -362,7 +362,7 @@ describe('AuthorizationCodeGrantType integration', function() { const authorizationCode = { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() * 2), user: {} }; const client = { id: 'foobar' }; const model = { - getAuthorizationCode: function() { return Promise.resolve(authorizationCode); }, + getAuthorizationCode: async function() { return authorizationCode; }, revokeAuthorizationCode: function() {}, saveToken: function() {} }; @@ -469,7 +469,7 @@ describe('AuthorizationCodeGrantType integration', function() { const authorizationCode = { authorizationCode: 12345, client: {}, expiresAt: new Date(new Date() / 2), user: {} }; const model = { getAuthorizationCode: function() {}, - revokeAuthorizationCode: function() { return Promise.resolve(true); }, + revokeAuthorizationCode: async function() { return true; }, saveToken: function() {} }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); @@ -513,7 +513,7 @@ describe('AuthorizationCodeGrantType integration', function() { const model = { getAuthorizationCode: function() {}, revokeAuthorizationCode: function() {}, - saveToken: function() { return Promise.resolve(token); } + saveToken: async function() { return token; } }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); diff --git a/test/integration/grant-types/client-credentials-grant-type_test.js b/test/integration/grant-types/client-credentials-grant-type_test.js index 20c2da4a..83de9f9a 100644 --- a/test/integration/grant-types/client-credentials-grant-type_test.js +++ b/test/integration/grant-types/client-credentials-grant-type_test.js @@ -168,7 +168,7 @@ describe('ClientCredentialsGrantType integration', function() { it('should support promises', function() { const user = { email: 'foo@bar.com' }; const model = { - getUserFromClient: function() { return Promise.resolve(user); }, + getUserFromClient: async function() { return user; }, saveToken: function() {} }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); @@ -211,7 +211,7 @@ describe('ClientCredentialsGrantType integration', function() { const token = {}; const model = { getUserFromClient: function() {}, - saveToken: function() { return Promise.resolve(token); } + saveToken: async function() { return token; } }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 123, model: model }); diff --git a/test/integration/grant-types/password-grant-type_test.js b/test/integration/grant-types/password-grant-type_test.js index 11dc3a3e..04452ee0 100644 --- a/test/integration/grant-types/password-grant-type_test.js +++ b/test/integration/grant-types/password-grant-type_test.js @@ -113,7 +113,7 @@ describe('PasswordGrantType integration', function() { const token = {}; const model = { getUser: function() { return {}; }, - saveToken: function() { return Promise.resolve(token); } + saveToken: async function() { return token; } }; const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); @@ -245,7 +245,7 @@ describe('PasswordGrantType integration', function() { it('should support promises', function() { const user = { email: 'foo@bar.com' }; const model = { - getUser: function() { return Promise.resolve(user); }, + getUser: async function() { return user; }, saveToken: function() {} }; const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); @@ -288,7 +288,7 @@ describe('PasswordGrantType integration', function() { const token = {}; const model = { getUser: function() {}, - saveToken: function() { return Promise.resolve(token); } + saveToken: async function() { return token; } }; const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); diff --git a/test/integration/grant-types/refresh-token-grant-type_test.js b/test/integration/grant-types/refresh-token-grant-type_test.js index 32736067..fede3776 100644 --- a/test/integration/grant-types/refresh-token-grant-type_test.js +++ b/test/integration/grant-types/refresh-token-grant-type_test.js @@ -131,9 +131,9 @@ describe('RefreshTokenGrantType integration', function() { it('should support promises', function() { const client = { id: 123 }; const model = { - getRefreshToken: function() { return Promise.resolve({ accessToken: 'foo', client: { id: 123 }, user: {} }); }, - revokeToken: function() { return Promise.resolve({ accessToken: 'foo', client: {}, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }); }, - saveToken: function() { return Promise.resolve({ accessToken: 'foo', client: {}, user: {} }); } + getRefreshToken: async function() { return { accessToken: 'foo', client: { id: 123 }, user: {} }; }, + revokeToken: async function() { return { accessToken: 'foo', client: {}, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }; }, + saveToken: async function() { return { accessToken: 'foo', client: {}, user: {} }; } }; const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { refresh_token: 'foobar' }, headers: {}, method: {}, query: {} }); @@ -357,7 +357,7 @@ describe('RefreshTokenGrantType integration', function() { const client = { id: 123 }; const token = { accessToken: 'foo', client: { id: 123 }, user: {} }; const model = { - getRefreshToken: function() { return Promise.resolve(token); }, + getRefreshToken: async function() { return token; }, revokeToken: function() {}, saveToken: function() {} }; @@ -419,7 +419,7 @@ describe('RefreshTokenGrantType integration', function() { const token = { accessToken: 'foo', client: {}, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }; const model = { getRefreshToken: function() {}, - revokeToken: function() { return Promise.resolve(token); }, + revokeToken: async function() { return token; }, saveToken: function() {} }; const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); @@ -462,7 +462,7 @@ describe('RefreshTokenGrantType integration', function() { const model = { getRefreshToken: function() {}, revokeToken: function() {}, - saveToken: function() { return Promise.resolve(token); } + saveToken: async function() { return token; } }; const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); diff --git a/test/integration/handlers/authenticate-handler_test.js b/test/integration/handlers/authenticate-handler_test.js index d8bf7284..c069ed9f 100644 --- a/test/integration/handlers/authenticate-handler_test.js +++ b/test/integration/handlers/authenticate-handler_test.js @@ -445,8 +445,8 @@ describe('AuthenticateHandler integration', function() { it('should support promises', function() { const model = { - getAccessToken: function() { - return Promise.resolve({ user: {} }); + getAccessToken: async function() { + return { user: {} }; } }; const handler = new AuthenticateHandler({ model: model }); diff --git a/test/integration/handlers/authorize-handler_test.js b/test/integration/handlers/authorize-handler_test.js index 8a5eb659..5da1b393 100644 --- a/test/integration/handlers/authorize-handler_test.js +++ b/test/integration/handlers/authorize-handler_test.js @@ -612,8 +612,8 @@ describe('AuthorizeHandler integration', function() { it('should support promises', function() { const model = { - generateAuthorizationCode: function() { - return Promise.resolve({}); + generateAuthorizationCode: async function() { + return {}; }, getAccessToken: function() {}, getClient: function() {}, @@ -670,8 +670,8 @@ describe('AuthorizeHandler integration', function() { getAccessToken: function() {}, getClient: function() {}, saveAuthorizationCode: function() {}, - validateRedirectUri: function() { - return Promise.resolve(true); + validateRedirectUri: async function() { + return true; } }; @@ -848,8 +848,8 @@ describe('AuthorizeHandler integration', function() { it('should support promises', function() { const model = { getAccessToken: function() {}, - getClient: function() { - return Promise.resolve({ grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }); + getClient: async function() { + return { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; }, saveAuthorizationCode: function() {} }; @@ -1100,8 +1100,8 @@ describe('AuthorizeHandler integration', function() { const model = { getAccessToken: function() {}, getClient: function() {}, - saveAuthorizationCode: function() { - return Promise.resolve({}); + saveAuthorizationCode: async function() { + return {}; } }; const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); diff --git a/test/integration/handlers/token-handler_test.js b/test/integration/handlers/token-handler_test.js index fd8f7693..4477c7b8 100644 --- a/test/integration/handlers/token-handler_test.js +++ b/test/integration/handlers/token-handler_test.js @@ -587,7 +587,7 @@ describe('TokenHandler integration', function() { it('should support promises', function() { const model = { - getClient: function() { return Promise.resolve({ grants: [] }); }, + getClient: async function() { return { grants: [] }; }, saveToken: function() {} }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); From 18c6663f17735163d360dba41409aed4b59f5229 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 18:58:50 +0000 Subject: [PATCH 17/86] build(deps-dev): bump sinon from 15.1.0 to 15.2.0 Bumps [sinon](https://github.com/sinonjs/sinon) from 15.1.0 to 15.2.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](https://github.com/sinonjs/sinon/compare/v15.1.0...v15.2.0) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e95a0ce1..7e9c0f48 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "eslint": "8.42.0", "mocha": "10.2.0", "nyc": "15.1.0", - "sinon": "15.1.0" + "sinon": "15.2.0" }, "license": "MIT", "engines": { From 9b687233329b3999502341fda4030d4093da7666 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Thu, 22 Jun 2023 12:54:52 +0200 Subject: [PATCH 18/86] relase(pre): 5.0.0-rc.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c3bd5e8a..63d03ab6 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@node-oauth/oauth2-server", "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", - "version": "4.3.0", + "version": "5.0.0-rc.0", "keywords": [ "oauth", "oauth2" From 1e8a156ae00b4a055490d8ef374f596f5d1ed08c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jul 2023 18:42:13 +0000 Subject: [PATCH 19/86] build(deps-dev): bump eslint from 8.42.0 to 8.44.0 Bumps [eslint](https://github.com/eslint/eslint) from 8.42.0 to 8.44.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v8.42.0...v8.44.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e95a0ce1..6fb23203 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "devDependencies": { "chai": "4.3.7", - "eslint": "8.42.0", + "eslint": "8.44.0", "mocha": "10.2.0", "nyc": "15.1.0", "sinon": "15.1.0" From 8dd11feddd63c653a5a5b357a3ee4b5b9fa59b58 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 10 Jul 2023 15:14:41 +0200 Subject: [PATCH 20/86] fix(pkce): get code_challenge and _method from query if not present in body --- lib/handlers/authorize-handler.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index 75d1b2e6..471cdfb1 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -369,7 +369,7 @@ AuthorizeHandler.prototype.updateResponse = function(response, redirectUri, stat }; AuthorizeHandler.prototype.getCodeChallenge = function(request) { - return request.body.code_challenge; + return request.body.code_challenge || request.query.code_challenge; }; /** @@ -380,7 +380,7 @@ AuthorizeHandler.prototype.getCodeChallenge = function(request) { * (see https://www.rfc-editor.org/rfc/rfc7636#section-4.4) */ AuthorizeHandler.prototype.getCodeChallengeMethod = function(request) { - const algorithm = request.body.code_challenge_method; + const algorithm = request.body.code_challenge_method || request.query.code_challenge_method; if (algorithm && !pkce.isValidMethod(algorithm)) { throw new InvalidRequestError(`Invalid request: transform algorithm '${algorithm}' not supported`); From 7ca480e9da685607a31cc0828ded242918b488ca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Jul 2023 18:10:49 +0000 Subject: [PATCH 21/86] build(deps-dev): bump eslint from 8.42.0 to 8.46.0 Bumps [eslint](https://github.com/eslint/eslint) from 8.42.0 to 8.46.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v8.42.0...v8.46.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e95a0ce1..3431b72c 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "devDependencies": { "chai": "4.3.7", - "eslint": "8.42.0", + "eslint": "8.46.0", "mocha": "10.2.0", "nyc": "15.1.0", "sinon": "15.1.0" From 69cdd2c1e9ebe83056bf50ff72e692626044ccc5 Mon Sep 17 00:00:00 2001 From: Maximilian Gaedig <38767445+MaximilianGaedig@users.noreply.github.com> Date: Wed, 2 Aug 2023 13:17:59 +0200 Subject: [PATCH 22/86] Fix generateAuthorizationCode not being awaited --- lib/handlers/authorize-handler.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index 471cdfb1..65168324 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -93,7 +93,7 @@ AuthorizeHandler.prototype.handle = async function(request, response) { const requestedScope = this.getScope(request); const validScope = await this.validateScope(user, client, requestedScope); - const authorizationCode = this.generateAuthorizationCode(client, user, validScope); + const authorizationCode = await this.generateAuthorizationCode(client, user, validScope); const ResponseType = this.getResponseType(request); const codeChallenge = this.getCodeChallenge(request); From f198623a91e1d1c877a08c43793209708863fa80 Mon Sep 17 00:00:00 2001 From: Maximilian Gaedig Date: Wed, 2 Aug 2023 15:54:07 +0200 Subject: [PATCH 23/86] Update authorization_code test --- test/integration/handlers/authorize-handler_test.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/test/integration/handlers/authorize-handler_test.js b/test/integration/handlers/authorize-handler_test.js index 5da1b393..17df3160 100644 --- a/test/integration/handlers/authorize-handler_test.js +++ b/test/integration/handlers/authorize-handler_test.js @@ -563,8 +563,9 @@ describe('AuthorizeHandler integration', function() { getClient: function() { return client; }, - saveAuthorizationCode: function() { - return { authorizationCode: 12345, client: client }; + generateAuthorizationCode: async () => 'some-code', + saveAuthorizationCode: async function(code) { + return { authorizationCode: code.authorizationCode, client: client }; } }; const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); @@ -586,7 +587,7 @@ describe('AuthorizeHandler integration', function() { return handler.handle(request, response) .then(function(data) { data.should.eql({ - authorizationCode: 12345, + authorizationCode: 'some-code', client: client }); }) From f869d3976fad97847a46fbdcd22982f78d0d0b0f Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Wed, 2 Aug 2023 16:14:17 +0200 Subject: [PATCH 24/86] fix(ci): install oauth2-server from current ref in actions --- .github/workflows/tests-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests-release.yml b/.github/workflows/tests-release.yml index da006a27..31db09b2 100644 --- a/.github/workflows/tests-release.yml +++ b/.github/workflows/tests-release.yml @@ -113,7 +113,7 @@ jobs: - run: | cd github/testing/express npm i - npm install ../../../ + npm install https://github.com/node-oauth/node-oauth2-server.git#${{ github.ref_name }} npm run test # todo repeat with other adapters From aeffa489f1d6b9556466663db1604277d194ac3a Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Wed, 2 Aug 2023 16:38:28 +0200 Subject: [PATCH 25/86] docs: update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 608cb59c..81b82f07 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - drop support for Node 14 (EOL), setting Node 16 as `engine` in `package.json` - this is a breaking change, because **it removes callback support** for `OAuthServer` and your model implementation. +- fixed missing await in calling generateAuthorizationCode in AuthorizeHandler ## 4.2.0 ### Fixed From 7ebf3aa50983f8832ecb3e8e1a861638f20b65e0 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Wed, 2 Aug 2023 16:38:48 +0200 Subject: [PATCH 26/86] types: update supported version to 5.0.0 --- index.d.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.d.ts b/index.d.ts index 777bda80..0892195c 100644 --- a/index.d.ts +++ b/index.d.ts @@ -1,4 +1,4 @@ -// Type definitions for Node OAuth2 Server 4.0 +// Type definitions for Node OAuth2 Server 5.0 // Definitions by: Robbie Van Gorkom , // Charles Irick , // Daniel Fischer , From 471af8833804a4052761f8aea70ca55e5253c979 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Wed, 2 Aug 2023 17:00:01 +0200 Subject: [PATCH 27/86] release: 5.0.0-rc.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 63d03ab6..1d548630 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@node-oauth/oauth2-server", "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", - "version": "5.0.0-rc.0", + "version": "5.0.0-rc.1", "keywords": [ "oauth", "oauth2" From bf2dae9b56207e1acc2a23e9755a64713173fcb1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Aug 2023 18:10:00 +0000 Subject: [PATCH 28/86] build(deps-dev): bump sinon from 15.1.0 to 15.2.0 Bumps [sinon](https://github.com/sinonjs/sinon) from 15.1.0 to 15.2.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](https://github.com/sinonjs/sinon/compare/v15.1.0...v15.2.0) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e95a0ce1..7e9c0f48 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "eslint": "8.42.0", "mocha": "10.2.0", "nyc": "15.1.0", - "sinon": "15.1.0" + "sinon": "15.2.0" }, "license": "MIT", "engines": { From 68d01ad67ea71e20baeb3d505d1ec928448a13af Mon Sep 17 00:00:00 2001 From: Shrihari Prakash Date: Fri, 4 Aug 2023 12:26:00 +0530 Subject: [PATCH 29/86] Marked verifyScope function as optional in model types. --- index.d.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.d.ts b/index.d.ts index 777bda80..cf6f51b8 100644 --- a/index.d.ts +++ b/index.d.ts @@ -279,7 +279,7 @@ declare namespace OAuth2Server { * Invoked during request authentication to check if the provided access token was authorized the requested scopes. * */ - verifyScope(token: Token, scope: string | string[], callback?: Callback): Promise; + verifyScope?(token: Token, scope: string | string[], callback?: Callback): Promise; } interface AuthorizationCodeModel extends BaseModel, RequestAuthenticationModel { From 6c4f73ac46a13229a4918772d79335f1673b125c Mon Sep 17 00:00:00 2001 From: Shrihari Prakash Date: Fri, 4 Aug 2023 12:53:20 +0530 Subject: [PATCH 30/86] Fix PR comments. --- index.d.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/index.d.ts b/index.d.ts index cf6f51b8..7fb609e3 100644 --- a/index.d.ts +++ b/index.d.ts @@ -277,6 +277,7 @@ declare namespace OAuth2Server { /** * Invoked during request authentication to check if the provided access token was authorized the requested scopes. + * Optional, if a custom authenticateHandler is used or if there is no scope part of the request. * */ verifyScope?(token: Token, scope: string | string[], callback?: Callback): Promise; From 3bffe8bf192e9b06ff865563c3997bca4d316d21 Mon Sep 17 00:00:00 2001 From: Shrihari Prakash Date: Fri, 4 Aug 2023 14:13:03 +0530 Subject: [PATCH 31/86] Removed callback support in typings. --- index.d.ts | 54 +++++++++++++++++++++++------------------------------- 1 file changed, 23 insertions(+), 31 deletions(-) diff --git a/index.d.ts b/index.d.ts index 0892195c..ae50814d 100644 --- a/index.d.ts +++ b/index.d.ts @@ -23,8 +23,7 @@ declare class OAuth2Server { authenticate( request: OAuth2Server.Request, response: OAuth2Server.Response, - options?: OAuth2Server.AuthenticateOptions, - callback?: OAuth2Server.Callback + options?: OAuth2Server.AuthenticateOptions ): Promise; /** @@ -33,8 +32,7 @@ declare class OAuth2Server { authorize( request: OAuth2Server.Request, response: OAuth2Server.Response, - options?: OAuth2Server.AuthorizeOptions, - callback?: OAuth2Server.Callback + options?: OAuth2Server.AuthorizeOptions ): Promise; /** @@ -43,8 +41,7 @@ declare class OAuth2Server { token( request: OAuth2Server.Request, response: OAuth2Server.Response, - options?: OAuth2Server.TokenOptions, - callback?: OAuth2Server.Callback + options?: OAuth2Server.TokenOptions ): Promise; } @@ -238,11 +235,6 @@ declare namespace OAuth2Server { extendedGrantTypes?: { [key: string]: typeof AbstractGrantType } | undefined; } - /** - * Represents a generic callback structure for model callbacks - */ - type Callback = (err?: any, result?: T) => void; - /** * For returning falsey parameters in cases of failure */ @@ -253,19 +245,19 @@ declare namespace OAuth2Server { * Invoked to generate a new access token. * */ - generateAccessToken?(client: Client, user: User, scope: string | string[], callback?: Callback): Promise; + generateAccessToken?(client: Client, user: User, scope: string | string[]): Promise; /** * Invoked to retrieve a client using a client id or a client id/client secret combination, depending on the grant type. * */ - getClient(clientId: string, clientSecret: string, callback?: Callback): Promise; + getClient(clientId: string, clientSecret: string): Promise; /** * Invoked to save an access token and optionally a refresh token, depending on the grant type. * */ - saveToken(token: Token, client: Client, user: User, callback?: Callback): Promise; + saveToken(token: Token, client: Client, user: User): Promise; } interface RequestAuthenticationModel { @@ -273,13 +265,13 @@ declare namespace OAuth2Server { * Invoked to retrieve an existing access token previously saved through Model#saveToken(). * */ - getAccessToken(accessToken: string, callback?: Callback): Promise; + getAccessToken(accessToken: string): Promise; /** * Invoked during request authentication to check if the provided access token was authorized the requested scopes. * */ - verifyScope(token: Token, scope: string | string[], callback?: Callback): Promise; + verifyScope(token: Token, scope: string | string[]): Promise; } interface AuthorizationCodeModel extends BaseModel, RequestAuthenticationModel { @@ -287,19 +279,19 @@ declare namespace OAuth2Server { * Invoked to generate a new refresh token. * */ - generateRefreshToken?(client: Client, user: User, scope: string | string[], callback?: Callback): Promise; + generateRefreshToken?(client: Client, user: User, scope: string | string[]): Promise; /** * Invoked to generate a new authorization code. * */ - generateAuthorizationCode?(client: Client, user: User, scope: string | string[], callback?: Callback): Promise; + generateAuthorizationCode?(client: Client, user: User, scope: string | string[]): Promise; /** * Invoked to retrieve an existing authorization code previously saved through Model#saveAuthorizationCode(). * */ - getAuthorizationCode(authorizationCode: string, callback?: Callback): Promise; + getAuthorizationCode(authorizationCode: string): Promise; /** * Invoked to save an authorization code. @@ -308,20 +300,20 @@ declare namespace OAuth2Server { saveAuthorizationCode( code: Pick, client: Client, - user: User, - callback?: Callback): Promise; + user: User + ): Promise; /** * Invoked to revoke an authorization code. * */ - revokeAuthorizationCode(code: AuthorizationCode, callback?: Callback): Promise; + revokeAuthorizationCode(code: AuthorizationCode): Promise; /** * Invoked to check if the requested scope is valid for a particular client/user combination. * */ - validateScope?(user: User, client: Client, scope: string | string[], callback?: Callback): Promise; + validateScope?(user: User, client: Client, scope: string | string[]): Promise; /** * Invoked to check if the provided `redirectUri` is valid for a particular `client`. @@ -335,19 +327,19 @@ declare namespace OAuth2Server { * Invoked to generate a new refresh token. * */ - generateRefreshToken?(client: Client, user: User, scope: string | string[], callback?: Callback): Promise; + generateRefreshToken?(client: Client, user: User, scope: string | string[]): Promise; /** * Invoked to retrieve a user using a username/password combination. * */ - getUser(username: string, password: string, callback?: Callback): Promise; + getUser(username: string, password: string): Promise; /** * Invoked to check if the requested scope is valid for a particular client/user combination. * */ - validateScope?(user: User, client: Client, scope: string | string[], callback?: Callback): Promise; + validateScope?(user: User, client: Client, scope: string | string[]): Promise; } interface RefreshTokenModel extends BaseModel, RequestAuthenticationModel { @@ -355,19 +347,19 @@ declare namespace OAuth2Server { * Invoked to generate a new refresh token. * */ - generateRefreshToken?(client: Client, user: User, scope: string | string[], callback?: Callback): Promise; + generateRefreshToken?(client: Client, user: User, scope: string | string[]): Promise; /** * Invoked to retrieve an existing refresh token previously saved through Model#saveToken(). * */ - getRefreshToken(refreshToken: string, callback?: Callback): Promise; + getRefreshToken(refreshToken: string): Promise; /** * Invoked to revoke a refresh token. * */ - revokeToken(token: RefreshToken | Token, callback?: Callback): Promise; + revokeToken(token: RefreshToken | Token): Promise; } interface ClientCredentialsModel extends BaseModel, RequestAuthenticationModel { @@ -375,13 +367,13 @@ declare namespace OAuth2Server { * Invoked to retrieve the user associated with the specified client. * */ - getUserFromClient(client: Client, callback?: Callback): Promise; + getUserFromClient(client: Client): Promise; /** * Invoked to check if the requested scope is valid for a particular client/user combination. * */ - validateScope?(user: User, client: Client, scope: string | string[], callback?: Callback): Promise; + validateScope?(user: User, client: Client, scope: string | string[]): Promise; } interface ExtensionModel extends BaseModel, RequestAuthenticationModel {} From f6db51a36c82b5ce808e8c779bbb54720e43ec4b Mon Sep 17 00:00:00 2001 From: Shrihari Prakash Date: Tue, 15 Aug 2023 13:53:13 +0530 Subject: [PATCH 32/86] Fixed getUserFromClient not awaited. --- lib/grant-types/client-credentials-grant-type.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/grant-types/client-credentials-grant-type.js b/lib/grant-types/client-credentials-grant-type.js index e2db3f7c..211628d3 100644 --- a/lib/grant-types/client-credentials-grant-type.js +++ b/lib/grant-types/client-credentials-grant-type.js @@ -45,7 +45,7 @@ class ClientCredentialsGrantType extends AbstractGrantType { } const scope = this.getScope(request); - const user = this.getUserFromClient(client); + const user = await this.getUserFromClient(client); return this.saveToken(user, client, scope); } From bfc4e8fa16c777f9ca142437f3890bb786a5a03f Mon Sep 17 00:00:00 2001 From: Shrihari Prakash Date: Tue, 15 Aug 2023 17:05:24 +0530 Subject: [PATCH 33/86] Added tests. --- .../client-credentials-grant-type_test.js | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/test/integration/grant-types/client-credentials-grant-type_test.js b/test/integration/grant-types/client-credentials-grant-type_test.js index 83de9f9a..1a70874e 100644 --- a/test/integration/grant-types/client-credentials-grant-type_test.js +++ b/test/integration/grant-types/client-credentials-grant-type_test.js @@ -93,14 +93,21 @@ describe('ClientCredentialsGrantType integration', function() { it('should return a token', function() { const token = {}; const model = { - getUserFromClient: function() { return {}; }, - saveToken: function() { return token; }, + getUserFromClient: async function(client) { + client.foo.should.equal('bar'); + return { id: '123'}; + }, + saveToken: async function(_token, client, user) { + client.foo.should.equal('bar'); + user.id.should.equal('123'); + return token; + }, validateScope: function() { return 'foo'; } }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); - return grantType.handle(request, {}) + return grantType.handle(request, { foo: 'bar' }) .then(function(data) { data.should.equal(token); }) From c6682a62835086a7ac0a11990fe0ac087358ceeb Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Tue, 15 Aug 2023 14:04:07 +0200 Subject: [PATCH 34/86] publish 5.0.0-rc.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1d548630..c11f9a15 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@node-oauth/oauth2-server", "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", - "version": "5.0.0-rc.1", + "version": "5.0.0-rc.2", "keywords": [ "oauth", "oauth2" From e4e2834753921481d9b49854668917392f7f7908 Mon Sep 17 00:00:00 2001 From: Michael Newman Date: Wed, 16 Aug 2023 12:33:22 -0700 Subject: [PATCH 35/86] Convert TokenModel to an ES6 class and extract utils function for calculating lifetime --- lib/models/token-model.js | 99 ++++++++++++++++------------ lib/utils/date-util.js | 13 ++++ test/unit/models/token-model_test.js | 33 ++++++++++ test/unit/utils/date-util__test.js | 26 ++++++++ 4 files changed, 129 insertions(+), 42 deletions(-) create mode 100644 lib/utils/date-util.js create mode 100644 test/unit/utils/date-util__test.js diff --git a/lib/models/token-model.js b/lib/models/token-model.js index 473c7ace..40dee37c 100644 --- a/lib/models/token-model.js +++ b/lib/models/token-model.js @@ -3,63 +3,78 @@ /** * Module dependencies. */ - const InvalidArgumentError = require('../errors/invalid-argument-error'); +const { getLifetimeFromExpiresAt } = require('../utils/date-util'); /** - * Constructor. + * The core model attributes allowed when allowExtendedTokenAttributes is false. */ +const modelAttributes = new Set([ + 'accessToken', + 'accessTokenExpiresAt', + 'refreshToken', + 'refreshTokenExpiresAt', + 'scope', + 'client', + 'user' +]); + +class TokenModel { + constructor(data = {}, options = {}) { + const { + accessToken, + accessTokenExpiresAt, + refreshToken, + refreshTokenExpiresAt, + scope, + client, + user, + } = data; + + if (!accessToken) { + throw new InvalidArgumentError('Missing parameter: `accessToken`'); + } -const modelAttributes = ['accessToken', 'accessTokenExpiresAt', 'refreshToken', 'refreshTokenExpiresAt', 'scope', 'client', 'user']; - -function TokenModel(data, options) { - data = data || {}; + if (!client) { + throw new InvalidArgumentError('Missing parameter: `client`'); + } - if (!data.accessToken) { - throw new InvalidArgumentError('Missing parameter: `accessToken`'); - } + if (!user) { + throw new InvalidArgumentError('Missing parameter: `user`'); + } - if (!data.client) { - throw new InvalidArgumentError('Missing parameter: `client`'); - } + if (accessTokenExpiresAt && !(accessTokenExpiresAt instanceof Date)) { + throw new InvalidArgumentError('Invalid parameter: `accessTokenExpiresAt`'); + } - if (!data.user) { - throw new InvalidArgumentError('Missing parameter: `user`'); - } + if (refreshTokenExpiresAt && !(refreshTokenExpiresAt instanceof Date)) { + throw new InvalidArgumentError('Invalid parameter: `refreshTokenExpiresAt`'); + } - if (data.accessTokenExpiresAt && !(data.accessTokenExpiresAt instanceof Date)) { - throw new InvalidArgumentError('Invalid parameter: `accessTokenExpiresAt`'); - } + this.accessToken = accessToken; + this.accessTokenExpiresAt = accessTokenExpiresAt; + this.client = client; + this.refreshToken = refreshToken; + this.refreshTokenExpiresAt = refreshTokenExpiresAt; + this.scope = scope; + this.user = user; - if (data.refreshTokenExpiresAt && !(data.refreshTokenExpiresAt instanceof Date)) { - throw new InvalidArgumentError('Invalid parameter: `refreshTokenExpiresAt`'); - } + if (accessTokenExpiresAt) { + this.accessTokenLifetime = getLifetimeFromExpiresAt(accessTokenExpiresAt); + } - this.accessToken = data.accessToken; - this.accessTokenExpiresAt = data.accessTokenExpiresAt; - this.client = data.client; - this.refreshToken = data.refreshToken; - this.refreshTokenExpiresAt = data.refreshTokenExpiresAt; - this.scope = data.scope; - this.user = data.user; + const { allowExtendedTokenAttributes } = options; - if (options && options.allowExtendedTokenAttributes) { - this.customAttributes = {}; + if (allowExtendedTokenAttributes) { + this.customAttributes = {}; - for (const key in data) { - if ( Object.prototype.hasOwnProperty.call(data, key) && (modelAttributes.indexOf(key) < 0)) { - this.customAttributes[key] = data[key]; - } + Object.keys(data).forEach(key => { + if (!modelAttributes.has(key)) { + this.customAttributes[key] = data[key]; + } + }); } } - - if(this.accessTokenExpiresAt) { - this.accessTokenLifetime = Math.floor((this.accessTokenExpiresAt - new Date()) / 1000); - } } -/** - * Export constructor. - */ - module.exports = TokenModel; diff --git a/lib/utils/date-util.js b/lib/utils/date-util.js new file mode 100644 index 00000000..4071a11f --- /dev/null +++ b/lib/utils/date-util.js @@ -0,0 +1,13 @@ +'use strict'; + +/** + * @param expiresAt {Date} The date at which something (e.g. a token) expires. + * @return {number} The number of seconds until the expiration date. + */ +function getLifetimeFromExpiresAt(expiresAt) { + return Math.floor((expiresAt - new Date()) / 1000); +} + +module.exports = { + getLifetimeFromExpiresAt, +}; diff --git a/test/unit/models/token-model_test.js b/test/unit/models/token-model_test.js index 7dcac615..19c00bf8 100644 --- a/test/unit/models/token-model_test.js +++ b/test/unit/models/token-model_test.js @@ -22,5 +22,38 @@ describe('Model', function() { model.accessTokenLifetime.should.a('number'); model.accessTokenLifetime.should.be.approximately(3600, 2); }); + + it('should throw if the required arguments are not provided', () => { + should.throw(() => { + new TokenModel({}); + }); + }); + + it('should ignore custom attributes if allowExtendedTokenAttributes is not specified as true', () => { + const model = new TokenModel({ + accessToken: 'token', + client: 'client', + user: 'user', + myCustomAttribute: 'myCustomValue' + }); + + should.not.exist(model['myCustomAttribute']); + should.not.exist(model['customAttributes']); + }); + + it('should set custom attributes on the customAttributes field if allowExtendedTokenAttributes is specified as true', () => { + const model = new TokenModel({ + accessToken: 'token', + client: 'client', + user: 'user', + myCustomAttribute: 'myCustomValue' + }, { + allowExtendedTokenAttributes: true + }); + + should.not.exist(model['myCustomAttribute']); + model['customAttributes'].should.be.an('object'); + model['customAttributes']['myCustomAttribute'].should.equal('myCustomValue'); + }); }); }); diff --git a/test/unit/utils/date-util__test.js b/test/unit/utils/date-util__test.js new file mode 100644 index 00000000..47b8e7d5 --- /dev/null +++ b/test/unit/utils/date-util__test.js @@ -0,0 +1,26 @@ +const dateUtil = require('../../../lib/utils/date-util'); + +const sinon = require('sinon'); +require('chai').should(); + +describe('DateUtil', function() { + describe('getLifetimeFromExpiresAt', () => { + const now = new Date('2023-01-01T00:00:00.000Z'); + + beforeEach(() => { + sinon.useFakeTimers(now); + }); + + it('should convert a valid expiration date into seconds from now', () => { + const expiresAt = new Date('2023-01-01T00:00:10.000Z'); + const lifetime = dateUtil.getLifetimeFromExpiresAt(expiresAt); + + lifetime.should.be.a('number'); + lifetime.should.be.approximately(10, 2); + }); + + afterEach(() => { + sinon.restore(); + }); + }); +}); From 704d917c95661c65a555f9f55570b6751c63ea9b Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Thu, 17 Aug 2023 13:53:56 +0200 Subject: [PATCH 36/86] tests(compliance): added client credential workflow compliance tests --- .../client-credential-workflow_test.js | 142 ++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100644 test/compliance/client-credential-workflow_test.js diff --git a/test/compliance/client-credential-workflow_test.js b/test/compliance/client-credential-workflow_test.js new file mode 100644 index 00000000..6b7a2898 --- /dev/null +++ b/test/compliance/client-credential-workflow_test.js @@ -0,0 +1,142 @@ +/** + * 4.4. Client Credentials Grant + * + * The client can request an access token using only its client + * credentials (or other supported means of authentication) when the + * client is requesting access to the protected resources under its + * control, or those of another resource owner that have been previously + * arranged with the authorization server (the method of which is beyond + * the scope of this specification). + * + * The client credentials grant type MUST only be used by confidential + * clients. + * + * @see https://www.rfc-editor.org/rfc/rfc6749#section-4.4 + */ + +const OAuth2Server = require('../..'); +const DB = require('../helpers/db'); +const createModel = require('../helpers/model'); +const createRequest = require('../helpers/request'); +const Response = require('../../lib/response'); + +require('chai').should(); + +const db = new DB(); +// this user represents requests in the name of an external server +// TODO: we should discuss, if we can make user optional for client credential workflows +// as it's not desired to have an extra fake-user representing a server just to pass validation +const userDoc = { id: 'machine2-123456789', name: 'machine2' }; +db.saveUser(userDoc); + +const oAuth2Server = new OAuth2Server({ + model: { + ...createModel(db), + getUserFromClient: async function (_client) { + // in a machine2machine setup we might not have a dedicated "user" + // but we need to return a truthy response to + const client = db.findClient(_client.id, _client.secret); + return client && { ...userDoc }; + } + } +}); + +const clientDoc = db.saveClient({ + id: 'client-credential-test-client', + secret: 'client-credential-test-secret', + grants: ['client_credentials'] +}); + +const enabledScope = 'read write'; + +describe('ClientCredentials Workflow Compliance (4.4)', function () { + describe('Access Token Request (4.4.1)', function () { + /** + * 4.4.2. Access Token Request + * + * The client makes a request to the token endpoint by adding the + * following parameters using the "application/x-www-form-urlencoded" + * format per Appendix B with a character encoding of UTF-8 in the HTTP + * request entity-body: + * + * grant_type + * REQUIRED. Value MUST be set to "client_credentials". + * + * scope + * OPTIONAL. The scope of the access request as described by + * Section 3.3. + * + * The client MUST authenticate with the authorization server as + * described in Section 3.2.1. + */ + it('authenticates the client with valid credentials', async function () { + const response = new Response(); + const request = createRequest({ + body: { + grant_type: 'client_credentials', + scope: enabledScope + }, + headers: { + 'authorization': 'Basic ' + Buffer.from(clientDoc.id + ':' + clientDoc.secret).toString('base64'), + 'content-type': 'application/x-www-form-urlencoded' + }, + method: 'POST', + }); + + const token = await oAuth2Server.token(request, response); + + response.status.should.equal(200); + response.headers.should.deep.equal( { 'cache-control': 'no-store', pragma: 'no-cache' }); + response.body.token_type.should.equal('Bearer'); + response.body.access_token.should.equal(token.accessToken); + response.body.expires_in.should.be.a('number'); + response.body.scope.should.equal(enabledScope); + ('refresh_token' in response.body).should.equal(false); + + token.accessToken.should.be.a('string'); + token.accessTokenExpiresAt.should.be.a('date'); + ('refreshToken' in token).should.equal(false); + ('refreshTokenExpiresAt' in token).should.equal(false); + token.scope.should.equal(enabledScope); + + db.accessTokens.has(token.accessToken).should.equal(true); + db.refreshTokens.has(token.refreshToken).should.equal(false); + }); + + /** + * 7. Accessing Protected Resources + * + * The client accesses protected resources by presenting the access + * token to the resource server. The resource server MUST validate the + * access token and ensure that it has not expired and that its scope + * covers the requested resource. The methods used by the resource + * server to validate the access token (as well as any error responses) + * are beyond the scope of this specification but generally involve an + * interaction or coordination between the resource server and the + * authorization server. + */ + it('enables an authenticated request using the access token', async function () { + const [accessToken] = [...db.accessTokens.entries()][0]; + const response = new Response(); + const request = createRequest({ + query: {}, + headers: { + 'authorization': `Bearer ${accessToken}` + }, + method: 'GET', + }); + + const token = await oAuth2Server.authenticate(request, response); + token.accessToken.should.equal(accessToken); + token.user.should.deep.equal(userDoc); + token.client.should.deep.equal(clientDoc); + token.scope.should.equal(enabledScope); + + response.status.should.equal(200); + // there should be no information in the response as it + // should only add information, if permission is denied + response.body.should.deep.equal({}); + response.headers.should.deep.equal({}); + }); + }); +}); \ No newline at end of file From f0259dbbcc1fb3c6d645fc51d3c6d327e5da70e7 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Thu, 17 Aug 2023 13:54:43 +0200 Subject: [PATCH 37/86] tests(integration): grant types integration tests model integration covered --- lib/grant-types/abstract-grant-type.js | 10 +- .../authorization-code-grant-type.js | 10 +- .../client-credentials-grant-type.js | 4 +- lib/grant-types/password-grant-type.js | 8 +- .../grant-types/abstract-grant-type_test.js | 115 ++++-- .../authorization-code-grant-type_test.js | 383 +++++++++++------- .../client-credentials-grant-type_test.js | 71 ++-- .../grant-types/password-grant-type_test.js | 183 +++++---- test/integration/server_test.js | 18 +- test/unit/errors/oauth-error_test.js | 23 +- test/unit/request_test.js | 19 + 11 files changed, 544 insertions(+), 300 deletions(-) diff --git a/lib/grant-types/abstract-grant-type.js b/lib/grant-types/abstract-grant-type.js index 4fd02437..033fba36 100644 --- a/lib/grant-types/abstract-grant-type.js +++ b/lib/grant-types/abstract-grant-type.js @@ -36,8 +36,9 @@ function AbstractGrantType(options) { AbstractGrantType.prototype.generateAccessToken = async function(client, user, scope) { if (this.model.generateAccessToken) { - const accessToken = await this.model.generateAccessToken(client, user, scope); - return accessToken || tokenUtil.generateRandomToken(); + // We should not fall back to a random accessToken, if the model did not + // return a token, in order to prevent unintended token-issuing. + return this.model.generateAccessToken(client, user, scope); } return tokenUtil.generateRandomToken(); @@ -49,8 +50,9 @@ AbstractGrantType.prototype.generateAccessToken = async function(client, user, s AbstractGrantType.prototype.generateRefreshToken = async function(client, user, scope) { if (this.model.generateRefreshToken) { - const refreshToken = await this.model.generateRefreshToken(client, user, scope); - return refreshToken || tokenUtil.generateRandomToken(); + // We should not fall back to a random refreshToken, if the model did not + // return a token, in order to prevent unintended token-issuing. + return this.model.generateRefreshToken(client, user, scope); } return tokenUtil.generateRandomToken(); diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js index 2101462b..8b766bfc 100644 --- a/lib/grant-types/authorization-code-grant-type.js +++ b/lib/grant-types/authorization-code-grant-type.js @@ -195,11 +195,11 @@ class AuthorizationCodeGrantType extends AbstractGrantType { const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt(); const token = { - accessToken: accessToken, - authorizationCode: authorizationCode, - accessTokenExpiresAt: accessTokenExpiresAt, - refreshToken: refreshToken, - refreshTokenExpiresAt: refreshTokenExpiresAt, + accessToken, + authorizationCode, + accessTokenExpiresAt, + refreshToken, + refreshTokenExpiresAt, scope: validatedScope, }; diff --git a/lib/grant-types/client-credentials-grant-type.js b/lib/grant-types/client-credentials-grant-type.js index 211628d3..c348e5cf 100644 --- a/lib/grant-types/client-credentials-grant-type.js +++ b/lib/grant-types/client-credentials-grant-type.js @@ -73,8 +73,8 @@ class ClientCredentialsGrantType extends AbstractGrantType { const accessToken = await this.generateAccessToken(client, user, scope); const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(client, user, scope); const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, + accessToken, + accessTokenExpiresAt, scope: validatedScope, }; diff --git a/lib/grant-types/password-grant-type.js b/lib/grant-types/password-grant-type.js index f13b68aa..f483e188 100644 --- a/lib/grant-types/password-grant-type.js +++ b/lib/grant-types/password-grant-type.js @@ -94,10 +94,10 @@ class PasswordGrantType extends AbstractGrantType { const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt(); const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, - refreshToken: refreshToken, - refreshTokenExpiresAt: refreshTokenExpiresAt, + accessToken, + accessTokenExpiresAt, + refreshToken, + refreshTokenExpiresAt, scope: validatedScope, }; diff --git a/test/integration/grant-types/abstract-grant-type_test.js b/test/integration/grant-types/abstract-grant-type_test.js index e874509f..22247d7a 100644 --- a/test/integration/grant-types/abstract-grant-type_test.js +++ b/test/integration/grant-types/abstract-grant-type_test.js @@ -7,6 +7,7 @@ const AbstractGrantType = require('../../../lib/grant-types/abstract-grant-type'); const InvalidArgumentError = require('../../../lib/errors/invalid-argument-error'); const Request = require('../../../lib/request'); +const InvalidScopeError = require('../../../lib/errors/invalid-scope-error'); const should = require('chai').should(); /** @@ -44,7 +45,7 @@ describe('AbstractGrantType integration', function() { }); it('should set the `model`', function() { - const model = {}; + const model = { async generateAccessToken () {} }; const grantType = new AbstractGrantType({ accessTokenLifetime: 123, model: model }); grantType.model.should.equal(model); @@ -58,70 +59,62 @@ describe('AbstractGrantType integration', function() { }); describe('generateAccessToken()', function() { - it('should return an access token', function() { + it('should return an access token', async function() { const handler = new AbstractGrantType({ accessTokenLifetime: 123, model: {}, refreshTokenLifetime: 456 }); - - return handler.generateAccessToken() - .then(function(data) { - data.should.be.a.sha256(); - }) - .catch(should.fail); + const accessToken = await handler.generateAccessToken(); + accessToken.should.be.a.sha256(); }); - it('should support promises', function() { + it('should support promises', async function() { const model = { generateAccessToken: async function() { - return {}; + return 'long-hash-foo-bar'; } }; const handler = new AbstractGrantType({ accessTokenLifetime: 123, model: model, refreshTokenLifetime: 456 }); - - handler.generateAccessToken().should.be.an.instanceOf(Promise); + const accessToken = await handler.generateAccessToken(); + accessToken.should.equal('long-hash-foo-bar'); }); - it('should support non-promises', function() { + it('should support non-promises', async function() { const model = { generateAccessToken: function() { - return {}; + return 'long-hash-foo-bar'; } }; const handler = new AbstractGrantType({ accessTokenLifetime: 123, model: model, refreshTokenLifetime: 456 }); - - handler.generateAccessToken().should.be.an.instanceOf(Promise); + const accessToken = await handler.generateAccessToken(); + accessToken.should.equal('long-hash-foo-bar'); }); }); describe('generateRefreshToken()', function() { - it('should return a refresh token', function() { + it('should return a refresh token', async function() { const handler = new AbstractGrantType({ accessTokenLifetime: 123, model: {}, refreshTokenLifetime: 456 }); - - return handler.generateRefreshToken() - .then(function(data) { - data.should.be.a.sha256(); - }) - .catch(should.fail); + const refreshToken = await handler.generateRefreshToken(); + refreshToken.should.be.a.sha256(); }); - it('should support promises', function() { + it('should support promises', async function() { const model = { generateRefreshToken: async function() { - return {}; + return 'long-hash-foo-bar'; } }; const handler = new AbstractGrantType({ accessTokenLifetime: 123, model: model, refreshTokenLifetime: 456 }); - - handler.generateRefreshToken().should.be.an.instanceOf(Promise); + const refreshToken = await handler.generateRefreshToken(); + refreshToken.should.equal('long-hash-foo-bar'); }); - it('should support non-promises', function() { + it('should support non-promises', async function() { const model = { generateRefreshToken: function() { - return {}; + return 'long-hash-foo-bar'; } }; const handler = new AbstractGrantType({ accessTokenLifetime: 123, model: model, refreshTokenLifetime: 456 }); - - handler.generateRefreshToken().should.be.an.instanceOf(Promise); + const refreshToken = await handler.generateRefreshToken(); + refreshToken.should.equal('long-hash-foo-bar'); }); }); @@ -170,4 +163,64 @@ describe('AbstractGrantType integration', function() { handler.getScope(request).should.equal('foo'); }); }); + + describe('validateScope()', function () { + it('accepts the scope, if the model does not implement it', async function () { + const scope = 'some,scope,this,that'; + const user = { id: 123 }; + const client = { id: 456 }; + const handler = new AbstractGrantType({ accessTokenLifetime: 123, model: {}, refreshTokenLifetime: 456 }); + const validated = await handler.validateScope(user, client, scope); + validated.should.equal(scope); + }); + + it('accepts the scope, if the model accepts it', async function () { + const scope = 'some,scope,this,that'; + const user = { id: 123 }; + const client = { id: 456 }; + + const model = { + async validateScope (_user, _client, _scope) { + // make sure the model received the correct args + _user.should.deep.equal(user); + _client.should.deep.equal(_client); + _scope.should.equal(scope); + + return scope; + } + }; + const handler = new AbstractGrantType({ accessTokenLifetime: 123, model, refreshTokenLifetime: 456 }); + const validated = await handler.validateScope(user, client, scope); + validated.should.equal(scope); + }); + + it('throws if the model rejects the scope', async function () { + const scope = 'some,scope,this,that'; + const user = { id: 123 }; + const client = { id: 456 }; + const returnTypes = [undefined, null, false, 0, '']; + + for (const type of returnTypes) { + const model = { + async validateScope (_user, _client, _scope) { + // make sure the model received the correct args + _user.should.deep.equal(user); + _client.should.deep.equal(_client); + _scope.should.equal(scope); + + return type; + } + }; + const handler = new AbstractGrantType({ accessTokenLifetime: 123, model, refreshTokenLifetime: 456 }); + + try { + await handler.validateScope(user, client, scope); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidScopeError); + e.message.should.equal('Invalid scope: Requested scope is invalid'); + } + } + }); + }); }); diff --git a/test/integration/grant-types/authorization-code-grant-type_test.js b/test/integration/grant-types/authorization-code-grant-type_test.js index a4d69c40..f4598bde 100644 --- a/test/integration/grant-types/authorization-code-grant-type_test.js +++ b/test/integration/grant-types/authorization-code-grant-type_test.js @@ -75,9 +75,9 @@ describe('AuthorizationCodeGrantType integration', function() { describe('handle()', function() { it('should throw an error if `request` is missing', async function() { const model = { - getAuthorizationCode: function() {}, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + getAuthorizationCode: () => should.fail(), + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); @@ -89,30 +89,33 @@ describe('AuthorizationCodeGrantType integration', function() { } }); - it('should throw an error if `client` is invalid', function() { - const client = {}; + it('should throw an error if `client` is invalid (not in code)', async function() { + const client = { id: 1234 }; const model = { - getAuthorizationCode: function() { return { authorizationCode: 12345, expiresAt: new Date(new Date() * 2), user: {} }; }, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + getAuthorizationCode: function(code) { + code.should.equal(123456789); + return { authorizationCode: 12345, expiresAt: new Date(new Date() * 2), user: {} }; + }, + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); - const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); + const request = new Request({ body: { code: 123456789 }, headers: {}, method: {}, query: {} }); - return grantType.handle(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(ServerError); - e.message.should.equal('Server error: `getAuthorizationCode()` did not return a `client` object'); - }); + try { + await grantType.handle(request, client); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(ServerError); + e.message.should.equal('Server error: `getAuthorizationCode()` did not return a `client` object'); + } }); it('should throw an error if `client` is missing', function() { - const model = { - getAuthorizationCode: function() { return { authorizationCode: 12345, expiresAt: new Date(new Date() * 2), user: {} }; }, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + getAuthorizationCode: () => should.fail(), + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); @@ -128,18 +131,64 @@ describe('AuthorizationCodeGrantType integration', function() { it('should return a token', async function() { const client = { id: 'foobar' }; - const token = {}; + const scope = 'fooscope'; + const user = { name: 'foouser' }; + const codeDoc = { + authorizationCode: 12345, + expiresAt: new Date(new Date() * 2), + client, + user, + scope + }; const model = { - getAuthorizationCode: function() { return { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() * 2), user: {} }; }, - revokeAuthorizationCode: function() { return true; }, - saveToken: function() { return token; }, - validateScope: function() { return 'foo'; } + getAuthorizationCode: async function (code) { + code.should.equal('code-1234'); + + return codeDoc; + }, + revokeAuthorizationCode: async function (_codeDoc) { + _codeDoc.should.deep.equal(codeDoc); + return true; + }, + validateScope: async function (_user, _client, _scope) { + _user.should.deep.equal(user); + _client.should.deep.equal(client); + _scope.should.equal(scope); + return scope; + }, + generateAccessToken: async function (_client, _user, _scope) { + _user.should.deep.equal(user); + _client.should.deep.equal(client); + _scope.should.equal(scope); + return 'long-access-token-hash'; + }, + generateRefreshToken: async function (_client, _user, _scope) { + _user.should.deep.equal(user); + _client.should.deep.equal(client); + _scope.should.equal(scope); + return 'long-refresh-token-hash'; + }, + saveToken: async function (_token, _client, _user) { + _user.should.deep.equal(user); + _client.should.deep.equal(client); + _token.accessToken.should.equal('long-access-token-hash'); + _token.refreshToken.should.equal('long-refresh-token-hash'); + _token.authorizationCode.should.equal(codeDoc.authorizationCode); + _token.accessTokenExpiresAt.should.be.instanceOf(Date); + _token.refreshTokenExpiresAt.should.be.instanceOf(Date); + return _token; + }, }; - const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); - const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - const data = await grantType.handle(request, client); - data.should.equal(token); + const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); + const request = new Request({ body: { code: 'code-1234' }, headers: {}, method: {}, query: {} }); + + const token = await grantType.handle(request, client); + token.accessToken.should.equal('long-access-token-hash'); + token.refreshToken.should.equal('long-refresh-token-hash'); + token.authorizationCode.should.equal(codeDoc.authorizationCode); + token.accessTokenExpiresAt.should.be.instanceOf(Date); + token.refreshTokenExpiresAt.should.be.instanceOf(Date); }); it('should support promises', function() { @@ -173,9 +222,9 @@ describe('AuthorizationCodeGrantType integration', function() { it('should throw an error if the request body does not contain `code`', async function() { const client = {}; const model = { - getAuthorizationCode: function() {}, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + getAuthorizationCode: () => should.fail(), + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); @@ -191,9 +240,9 @@ describe('AuthorizationCodeGrantType integration', function() { it('should throw an error if `code` is invalid', async function() { const client = {}; const model = { - getAuthorizationCode: function() {}, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + getAuthorizationCode: () => should.fail(), + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 'ø倣‰' }, headers: {}, method: {}, query: {} }); @@ -210,9 +259,9 @@ describe('AuthorizationCodeGrantType integration', function() { it('should throw an error if `authorizationCode` is missing', async function() { const client = {}; const model = { - getAuthorizationCode: function() {}, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + getAuthorizationCode: async function() {}, + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); @@ -226,136 +275,150 @@ describe('AuthorizationCodeGrantType integration', function() { } }); - it('should throw an error if `authorizationCode.client` is missing', function() { + it('should throw an error if `authorizationCode.client` is missing', async function() { const client = {}; const model = { - getAuthorizationCode: function() { return { authorizationCode: 12345 }; }, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + getAuthorizationCode: async function() { return { authorizationCode: 12345 }; }, + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getAuthorizationCode(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(ServerError); - e.message.should.equal('Server error: `getAuthorizationCode()` did not return a `client` object'); - }); + try { + await grantType.getAuthorizationCode(request, client); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(ServerError); + e.message.should.equal('Server error: `getAuthorizationCode()` did not return a `client` object'); + } }); - it('should throw an error if `authorizationCode.expiresAt` is missing', function() { + it('should throw an error if `authorizationCode.expiresAt` is missing', async function() { const client = {}; const model = { - getAuthorizationCode: function() { return { authorizationCode: 12345, client: {}, user: {} }; }, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + getAuthorizationCode: async function() { + return { authorizationCode: 12345, client: {}, user: {} }; + }, + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getAuthorizationCode(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(ServerError); - e.message.should.equal('Server error: `expiresAt` must be a Date instance'); - }); + try { + await grantType.getAuthorizationCode(request, client); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(ServerError); + e.message.should.equal('Server error: `expiresAt` must be a Date instance'); + } }); - it('should throw an error if `authorizationCode.user` is missing', function() { + it('should throw an error if `authorizationCode.user` is missing', async function() { const client = {}; const model = { - getAuthorizationCode: function() { return { authorizationCode: 12345, client: {}, expiresAt: new Date() }; }, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + getAuthorizationCode: async function() { + return { authorizationCode: 12345, client: {}, expiresAt: new Date() }; + }, + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getAuthorizationCode(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(ServerError); - e.message.should.equal('Server error: `getAuthorizationCode()` did not return a `user` object'); - }); + try { + await grantType.getAuthorizationCode(request, client); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(ServerError); + e.message.should.equal('Server error: `getAuthorizationCode()` did not return a `user` object'); + } }); - it('should throw an error if the client id does not match', function() { + it('should throw an error if the client id does not match', async function() { const client = { id: 123 }; const model = { - getAuthorizationCode: function() { + getAuthorizationCode: async function() { return { authorizationCode: 12345, expiresAt: new Date(), client: { id: 456 }, user: {} }; }, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getAuthorizationCode(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(InvalidGrantError); - e.message.should.equal('Invalid grant: authorization code is invalid'); - }); + try { + await grantType.getAuthorizationCode(request, client); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidGrantError); + e.message.should.equal('Invalid grant: authorization code is invalid'); + } }); - it('should throw an error if the auth code is expired', function() { + it('should throw an error if the auth code is expired', async function() { const client = { id: 123 }; const date = new Date(new Date() / 2); const model = { - getAuthorizationCode: function() { + getAuthorizationCode: async function() { return { authorizationCode: 12345, client: { id: 123 }, expiresAt: date, user: {} }; }, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getAuthorizationCode(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(InvalidGrantError); - e.message.should.equal('Invalid grant: authorization code has expired'); - }); + try { + await grantType.getAuthorizationCode(request, client); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidGrantError); + e.message.should.equal('Invalid grant: authorization code has expired'); + } }); - it('should throw an error if the `redirectUri` is invalid', function() { + it('should throw an error if the `redirectUri` is invalid (format)', async function() { const authorizationCode = { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() * 2), redirectUri: 'foobar', user: {} }; const client = { id: 'foobar' }; const model = { - getAuthorizationCode: function() { return authorizationCode; }, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + getAuthorizationCode: async function() { return authorizationCode; }, + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getAuthorizationCode(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(InvalidGrantError); - e.message.should.equal('Invalid grant: `redirect_uri` is not a valid URI'); - }); + try { + await grantType.getAuthorizationCode(request, client); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidGrantError); + e.message.should.equal('Invalid grant: `redirect_uri` is not a valid URI'); + } }); - it('should return an auth code', function() { - const authorizationCode = { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() * 2), user: {} }; + it('should return an auth code', async function() { + const authorizationCode = { + authorizationCode: 1234567, + client: { id: 'foobar' }, + expiresAt: new Date(new Date() * 2), user: {} + }; const client = { id: 'foobar' }; const model = { - getAuthorizationCode: function() { return authorizationCode; }, - revokeAuthorizationCode: function() {}, - saveToken: function() {} + getAuthorizationCode: async function(_code) { + _code.should.equal(12345); + return authorizationCode; + }, + revokeAuthorizationCode: () => should.fail(), + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); const request = new Request({ body: { code: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getAuthorizationCode(request, client) - .then(function(data) { - data.should.equal(authorizationCode); - }) - .catch(should.fail); + const code = await grantType.getAuthorizationCode(request, client); + code.should.deep.equal(authorizationCode); }); it('should support promises', function() { @@ -427,85 +490,113 @@ describe('AuthorizationCodeGrantType integration', function() { e.message.should.equal('Invalid request: `redirect_uri` is invalid'); } }); - }); - - describe('revokeAuthorizationCode()', function() { - it('should revoke the auth code', function() { - const authorizationCode = { authorizationCode: 12345, client: {}, expiresAt: new Date(new Date() / 2), user: {} }; + it('returns undefined and does not throw if `redirectUri` is valid', async function () { + const authorizationCode = { authorizationCode: 12345, client: {}, expiresAt: new Date(new Date() / 2), redirectUri: 'http://foo.bar', user: {} }; const model = { getAuthorizationCode: function() {}, revokeAuthorizationCode: function() { return true; }, saveToken: function() {} }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); - - return grantType.revokeAuthorizationCode(authorizationCode) - .then(function(data) { - data.should.equal(authorizationCode); - }) - .catch(should.fail); + const request = new Request({ body: { code: 12345, redirect_uri: 'http://foo.bar' }, headers: {}, method: {}, query: {} }); + const value = grantType.validateRedirectUri(request, authorizationCode); + const isUndefined = value === undefined; + isUndefined.should.equal(true); }); + }); - it('should throw an error when the auth code is invalid', function() { + describe('revokeAuthorizationCode()', function() { + it('should revoke the auth code', async function() { const authorizationCode = { authorizationCode: 12345, client: {}, expiresAt: new Date(new Date() / 2), user: {} }; const model = { - getAuthorizationCode: function() {}, - revokeAuthorizationCode: function() { return false; }, - saveToken: function() {} + getAuthorizationCode: () => should.fail(), + revokeAuthorizationCode: async function(_code) { + _code.should.equal(authorizationCode); + return true; + }, + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); - return grantType.revokeAuthorizationCode(authorizationCode) - .then(function(data) { - data.should.equal(authorizationCode); - }) - .catch(function(e) { + const data = await grantType.revokeAuthorizationCode(authorizationCode); + data.should.deep.equal(authorizationCode); + }); + + it('should throw an error when the auth code is invalid', async function() { + const authorizationCode = { authorizationCode: 12345, client: {}, expiresAt: new Date(new Date() / 2), user: {} }; + const returnTypes = [false, null, undefined, 0, '']; + + for (const type of returnTypes) { + const model = { + getAuthorizationCode: () => should.fail(), + revokeAuthorizationCode: async function(_code) { + _code.should.equal(authorizationCode); + return type; + }, + saveToken: () => should.fail() + }; + const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); + + try { + await grantType.revokeAuthorizationCode(authorizationCode); + should.fail(); + } catch (e) { e.should.be.an.instanceOf(InvalidGrantError); e.message.should.equal('Invalid grant: authorization code is invalid'); - }); + } + } }); it('should support promises', function() { const authorizationCode = { authorizationCode: 12345, client: {}, expiresAt: new Date(new Date() / 2), user: {} }; const model = { - getAuthorizationCode: function() {}, + getAuthorizationCode: () => should.fail(), revokeAuthorizationCode: async function() { return true; }, - saveToken: function() {} + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); - grantType.revokeAuthorizationCode(authorizationCode).should.be.an.instanceOf(Promise); }); it('should support non-promises', function() { const authorizationCode = { authorizationCode: 12345, client: {}, expiresAt: new Date(new Date() / 2), user: {} }; const model = { - getAuthorizationCode: function() {}, + getAuthorizationCode: () => should.fail(), revokeAuthorizationCode: function() { return authorizationCode; }, - saveToken: function() {} + saveToken: () => should.fail() }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); - grantType.revokeAuthorizationCode(authorizationCode).should.be.an.instanceOf(Promise); }); }); describe('saveToken()', function() { - it('should save the token', function() { - const token = {}; + it('should save the token', async function() { + const token = { foo: 'bar' }; const model = { - getAuthorizationCode: function() {}, - revokeAuthorizationCode: function() {}, - saveToken: function() { return token; }, - validateScope: function() { return 'foo'; } + getAuthorizationCode: () => should.fail(), + revokeAuthorizationCode: () => should.fail(), + saveToken: function(_token, _client= 'fallback', _user= 'fallback') { + _token.accessToken.should.be.a.sha256(); + _token.accessTokenExpiresAt.should.be.instanceOf(Date); + _token.refreshTokenExpiresAt.should.be.instanceOf(Date); + _token.refreshToken.should.be.a.sha256(); + _token.scope.should.equal('foo'); + (_token.authorizationCode === undefined).should.equal(true); + _user.should.equal('fallback'); + _client.should.equal('fallback'); + return token; + }, + validateScope: function(_user= 'fallback', _client= 'fallback', _scope = 'fallback') { + _user.should.equal('fallback'); + _client.should.equal('fallback'); + _scope.should.equal('fallback'); + return 'foo'; + } }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); - - return grantType.saveToken(token) - .then(function(data) { - data.should.equal(token); - }) - .catch(should.fail); + const data = await grantType.saveToken(); + data.should.equal(token); }); it('should support promises', function() { diff --git a/test/integration/grant-types/client-credentials-grant-type_test.js b/test/integration/grant-types/client-credentials-grant-type_test.js index 1a70874e..a21b1a13 100644 --- a/test/integration/grant-types/client-credentials-grant-type_test.js +++ b/test/integration/grant-types/client-credentials-grant-type_test.js @@ -90,35 +90,50 @@ describe('ClientCredentialsGrantType integration', function() { } }); - it('should return a token', function() { + it('should return a token', async function() { const token = {}; + const client = { foo: 'bar' }; + const user = { name: 'foo' }; + const scope = 'fooscope'; + const model = { - getUserFromClient: async function(client) { - client.foo.should.equal('bar'); - return { id: '123'}; + getUserFromClient: async function(_client) { + _client.should.deep.equal(client); + return { ...user }; }, - saveToken: async function(_token, client, user) { - client.foo.should.equal('bar'); - user.id.should.equal('123'); + saveToken: async function(_token, _client, _user) { + _client.should.deep.equal(client); + _user.should.deep.equal(user); + _token.accessToken.should.equal('long-access-token-hash'); + _token.accessTokenExpiresAt.should.be.instanceOf(Date); + _token.scope.should.equal(scope); return token; }, - validateScope: function() { return 'foo'; } + validateScope: async function (_user, _client, _scope) { + _user.should.deep.equal(user); + _client.should.deep.equal(client); + _scope.should.equal(scope); + return scope; + }, + generateAccessToken: async function (_client, _user, _scope) { + _user.should.deep.equal(user); + _client.should.deep.equal(client); + _scope.should.equal(scope); + return 'long-access-token-hash'; + } }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); - const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); + const request = new Request({ body: { scope }, headers: {}, method: {}, query: {} }); - return grantType.handle(request, { foo: 'bar' }) - .then(function(data) { - data.should.equal(token); - }) - .catch(should.fail); + const data = await grantType.handle(request, client); + data.should.equal(token); }); it('should support promises', function() { const token = {}; const model = { - getUserFromClient: function() { return {}; }, - saveToken: function() { return token; } + getUserFromClient: async function() { return {}; }, + saveToken: async function() { return token; } }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); @@ -143,7 +158,7 @@ describe('ClientCredentialsGrantType integration', function() { it('should throw an error if `user` is missing', function() { const model = { getUserFromClient: function() {}, - saveToken: function() {} + saveToken: () => should.fail() }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); @@ -160,7 +175,7 @@ describe('ClientCredentialsGrantType integration', function() { const user = { email: 'foo@bar.com' }; const model = { getUserFromClient: function() { return user; }, - saveToken: function() {} + saveToken: () => should.fail() }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); @@ -176,7 +191,7 @@ describe('ClientCredentialsGrantType integration', function() { const user = { email: 'foo@bar.com' }; const model = { getUserFromClient: async function() { return user; }, - saveToken: function() {} + saveToken: () => should.fail() }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); @@ -188,7 +203,7 @@ describe('ClientCredentialsGrantType integration', function() { const user = { email: 'foo@bar.com' }; const model = { getUserFromClient: function() {return user; }, - saveToken: function() {} + saveToken: () => should.fail() }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); @@ -198,26 +213,22 @@ describe('ClientCredentialsGrantType integration', function() { }); describe('saveToken()', function() { - it('should save the token', function() { + it('should save the token', async function() { const token = {}; const model = { - getUserFromClient: function() {}, + getUserFromClient: () => should.fail(), saveToken: function() { return token; }, validateScope: function() { return 'foo'; } }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 123, model: model }); - - return grantType.saveToken(token) - .then(function(data) { - data.should.equal(token); - }) - .catch(should.fail); + const data = await grantType.saveToken(token); + data.should.equal(token); }); it('should support promises', function() { const token = {}; const model = { - getUserFromClient: function() {}, + getUserFromClient:() => should.fail(), saveToken: async function() { return token; } }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 123, model: model }); @@ -228,7 +239,7 @@ describe('ClientCredentialsGrantType integration', function() { it('should support non-promises', function() { const token = {}; const model = { - getUserFromClient: function() {}, + getUserFromClient: () => should.fail(), saveToken: function() { return token; } }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 123, model: model }); diff --git a/test/integration/grant-types/password-grant-type_test.js b/test/integration/grant-types/password-grant-type_test.js index 04452ee0..df1db899 100644 --- a/test/integration/grant-types/password-grant-type_test.js +++ b/test/integration/grant-types/password-grant-type_test.js @@ -45,7 +45,7 @@ describe('PasswordGrantType integration', function() { getUser: function() {} }; - new PasswordGrantType({ model: model }); + new PasswordGrantType({ model }); should.fail(); } catch (e) { @@ -58,10 +58,10 @@ describe('PasswordGrantType integration', function() { describe('handle()', function() { it('should throw an error if `request` is missing', async function() { const model = { - getUser: function() {}, - saveToken: function() {} + getUser: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); try { await grantType.handle(); @@ -75,10 +75,10 @@ describe('PasswordGrantType integration', function() { it('should throw an error if `client` is missing', async function() { const model = { - getUser: function() {}, - saveToken: function() {} + getUser: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); try { await grantType.handle({}); @@ -90,32 +90,66 @@ describe('PasswordGrantType integration', function() { } }); - it('should return a token', function() { + it('should return a token', async function() { const client = { id: 'foobar' }; + const scope = 'baz'; const token = {}; + const user = { + id: 123456, + username: 'foo', + email: 'foo@example.com' + }; + const model = { - getUser: function() { return {}; }, - saveToken: function() { return token; }, - validateScope: function() { return 'baz'; } + getUser: async function(username, password) { + username.should.equal('foo'); + password.should.equal('bar'); + return user; + }, + validateScope: async function(_user, _client, _scope) { + _client.should.equal(client); + _user.should.equal(user); + _scope.should.equal(scope); + return scope; + }, + generateAccessToken: async function (_client, _user, _scope) { + _client.should.equal(client); + _user.should.equal(user); + _scope.should.equal(scope); + return 'long-access-token-hash'; + }, + generateRefreshToken: async function (_client, _user, _scope) { + _client.should.equal(client); + _user.should.equal(user); + _scope.should.equal(scope); + return 'long-refresh-token-hash'; + }, + saveToken: async function(_token, _client, _user) { + _client.should.equal(client); + _user.should.equal(user); + _token.accessToken.should.equal('long-access-token-hash'); + _token.refreshToken.should.equal('long-refresh-token-hash'); + _token.accessTokenExpiresAt.should.be.instanceOf(Date); + _token.refreshTokenExpiresAt.should.be.instanceOf(Date); + return token; + } }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo', password: 'bar', scope: 'baz' }, headers: {}, method: {}, query: {} }); - return grantType.handle(request, client) - .then(function(data) { - data.should.equal(token); - }) - .catch(should.fail); + const data = await grantType.handle(request, client); + data.should.equal(token); }); it('should support promises', async function() { const client = { id: 'foobar' }; const token = {}; const model = { - getUser: function() { return {}; }, + getUser: async function() { return {}; }, saveToken: async function() { return token; } }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); const result = await grantType.handle(request, client); @@ -129,7 +163,7 @@ describe('PasswordGrantType integration', function() { getUser: function() { return {}; }, saveToken: function() { return token; } }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); const result = await grantType.handle(request, client); @@ -140,10 +174,10 @@ describe('PasswordGrantType integration', function() { describe('getUser()', function() { it('should throw an error if the request body does not contain `username`', async function() { const model = { - getUser: function() {}, - saveToken: function() {} + getUser: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { @@ -158,10 +192,10 @@ describe('PasswordGrantType integration', function() { it('should throw an error if the request body does not contain `password`', async function() { const model = { - getUser: function() {}, - saveToken: function() {} + getUser: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo' }, headers: {}, method: {}, query: {} }); try { @@ -176,10 +210,10 @@ describe('PasswordGrantType integration', function() { it('should throw an error if `username` is invalid', async function() { const model = { - getUser: function() {}, - saveToken: function() {} + getUser: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: '\r\n', password: 'foobar' }, headers: {}, method: {}, query: {} }); try { @@ -194,10 +228,10 @@ describe('PasswordGrantType integration', function() { it('should throw an error if `password` is invalid', async function() { const model = { - getUser: function() {}, - saveToken: function() {} + getUser: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foobar', password: '\r\n' }, headers: {}, method: {}, query: {} }); try { @@ -210,45 +244,47 @@ describe('PasswordGrantType integration', function() { } }); - it('should throw an error if `user` is missing', function() { + it('should throw an error if `user` is missing', async function() { const model = { - getUser: function() {}, - saveToken: function() {} + getUser: async () => undefined, + saveToken: () => should.fail() }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); - return grantType.getUser(request) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(InvalidGrantError); - e.message.should.equal('Invalid grant: user credentials are invalid'); - }); + try { + await grantType.getUser(request); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidGrantError); + e.message.should.equal('Invalid grant: user credentials are invalid'); + } }); - it('should return a user', function() { + it('should return a user', async function() { const user = { email: 'foo@bar.com' }; const model = { - getUser: function() { return user; }, - saveToken: function() {} + getUser: function(username, password) { + username.should.equal('foo'); + password.should.equal('bar'); + return user; + }, + saveToken: () => should.fail() }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); - return grantType.getUser(request) - .then(function(data) { - data.should.equal(user); - }) - .catch(should.fail); + const data = await grantType.getUser(request); + data.should.equal(user); }); it('should support promises', function() { const user = { email: 'foo@bar.com' }; const model = { getUser: async function() { return user; }, - saveToken: function() {} + saveToken: () => should.fail() }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); grantType.getUser(request).should.be.an.instanceOf(Promise); @@ -258,9 +294,9 @@ describe('PasswordGrantType integration', function() { const user = { email: 'foo@bar.com' }; const model = { getUser: function() { return user; }, - saveToken: function() {} + saveToken: () => should.fail() }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); grantType.getUser(request).should.be.an.instanceOf(Promise); @@ -268,29 +304,38 @@ describe('PasswordGrantType integration', function() { }); describe('saveToken()', function() { - it('should save the token', function() { + it('should save the token', async function() { const token = {}; const model = { - getUser: function() {}, - saveToken: function() { return token; }, - validateScope: function() { return 'foo'; } + getUser: () => should.fail(), + saveToken: async function(_token, _client = 'fallback', _user = 'fallback') { + _token.accessToken.should.be.a.sha256(); + _token.accessTokenExpiresAt.should.be.instanceOf(Date); + _token.refreshTokenExpiresAt.should.be.instanceOf(Date); + _token.refreshToken.should.be.a.sha256(); + _token.scope.should.equal('foo'); + _client.should.equal('fallback'); + _user.should.equal('fallback'); + return token; + }, + validateScope: async function(_scope = 'fallback') { + _scope.should.equal('fallback'); + return 'foo'; + } }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); - return grantType.saveToken(token) - .then(function(data) { - data.should.equal(token); - }) - .catch(should.fail); + const data = await grantType.saveToken(); + data.should.equal(token); }); it('should support promises', function() { const token = {}; const model = { - getUser: function() {}, + getUser: () => should.fail(), saveToken: async function() { return token; } }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); grantType.saveToken(token).should.be.an.instanceOf(Promise); }); @@ -298,10 +343,10 @@ describe('PasswordGrantType integration', function() { it('should support non-promises', function() { const token = {}; const model = { - getUser: function() {}, + getUser: () => should.fail(), saveToken: function() { return token; } }; - const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); grantType.saveToken(token).should.be.an.instanceOf(Promise); }); diff --git a/test/integration/server_test.js b/test/integration/server_test.js index cb717c76..aad03356 100644 --- a/test/integration/server_test.js +++ b/test/integration/server_test.js @@ -17,14 +17,16 @@ const should = require('chai').should(); describe('Server integration', function() { describe('constructor()', function() { it('should throw an error if `model` is missing', function() { - try { - new Server({}); - - should.fail(); - } catch (e) { - e.should.be.an.instanceOf(InvalidArgumentError); - e.message.should.equal('Missing parameter: `model`'); - } + [null, undefined, {}].forEach(options => { + try { + new Server(options); + + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidArgumentError); + e.message.should.equal('Missing parameter: `model`'); + } + }); }); it('should set the `model`', function() { diff --git a/test/unit/errors/oauth-error_test.js b/test/unit/errors/oauth-error_test.js index bad86f65..6d68a299 100644 --- a/test/unit/errors/oauth-error_test.js +++ b/test/unit/errors/oauth-error_test.js @@ -16,7 +16,7 @@ describe('OAuthError', function() { describe('constructor()', function() { it('should get `captureStackTrace`', function() { - const errorFn = function () { throw new OAuthError('test', {name: 'test_error'}); }; + const errorFn = function () { throw new OAuthError('test', {name: 'test_error', foo: 'bar'}); }; try { errorFn(); @@ -25,6 +25,8 @@ describe('OAuthError', function() { } catch (e) { e.should.be.an.instanceOf(OAuthError); + e.name.should.equal('test_error'); + e.foo.should.equal('bar'); e.message.should.equal('test'); e.code.should.equal(500); e.stack.should.not.be.null; @@ -34,4 +36,23 @@ describe('OAuthError', function() { } }); }); + it('supports undefined properties', function () { + const errorFn = function () { throw new OAuthError('test'); }; + + try { + errorFn(); + + should.fail(); + } catch (e) { + + e.should.be.an.instanceOf(OAuthError); + e.name.should.equal('Error'); + e.message.should.equal('test'); + e.code.should.equal(500); + e.stack.should.not.be.null; + e.stack.should.not.be.undefined; + e.stack.should.include('oauth-error_test.js'); + e.stack.should.include('40'); //error lineNUmber + } + }); }); diff --git a/test/unit/request_test.js b/test/unit/request_test.js index f292e2b4..0e23a419 100644 --- a/test/unit/request_test.js +++ b/test/unit/request_test.js @@ -5,6 +5,7 @@ */ const Request = require('../../lib/request'); +const InvalidArgumentError = require('../../lib/errors/invalid-argument-error'); const should = require('chai').should(); /** @@ -27,6 +28,24 @@ function generateBaseRequest() { } describe('Request', function() { + it('should throw on missing args', function () { + const args = [ + [undefined, InvalidArgumentError, 'Missing parameter: `headers`'], + [null, InvalidArgumentError, 'Missing parameter: `headers`'], + [{}, InvalidArgumentError, 'Missing parameter: `headers`'], + [{ headers: { }}, InvalidArgumentError, 'Missing parameter: `method`'], + [{ headers: {}, method: 'GET' }, InvalidArgumentError, 'Missing parameter: `query`'], + ]; + + args.forEach(([value, error, message]) => { + try { + new Request(value); + } catch (e) { + e.should.be.instanceOf(error); + e.message.should.equal(message); + } + }); + }); it('should instantiate with a basic request', function() { const originalRequest = generateBaseRequest(); From 0d142f0d0666c75b3a69b67c5a8e59ade7da580b Mon Sep 17 00:00:00 2001 From: Michael Newman Date: Thu, 17 Aug 2023 09:44:01 -0700 Subject: [PATCH 38/86] Convert Request, Response, CodeResponseType, TokenResponseType to ES6 classes --- lib/request.js | 92 ++++++++++------------- lib/response-types/code-response-type.js | 42 ++++------- lib/response-types/token-response-type.js | 14 +--- lib/response.js | 83 +++++++++----------- 4 files changed, 96 insertions(+), 135 deletions(-) diff --git a/lib/request.js b/lib/request.js index 560b29bc..f20130bc 100644 --- a/lib/request.js +++ b/lib/request.js @@ -7,67 +7,57 @@ const InvalidArgumentError = require('./errors/invalid-argument-error'); const typeis = require('type-is'); -/** - * Constructor. - */ +class Request { + constructor({ headers, method, query, body, ...otherOptions } = {}) { + if (!headers) { + throw new InvalidArgumentError('Missing parameter: `headers`'); + } -function Request(options) { - options = options || {}; + if (!method) { + throw new InvalidArgumentError('Missing parameter: `method`'); + } - if (!options.headers) { - throw new InvalidArgumentError('Missing parameter: `headers`'); - } + if (!query) { + throw new InvalidArgumentError('Missing parameter: `query`'); + } - if (!options.method) { - throw new InvalidArgumentError('Missing parameter: `method`'); + this.body = body || {}; + this.headers = {}; + this.method = method; + this.query = query; + + // Store the headers in lower case. + Object.entries(headers).forEach(([header, value]) => { + this.headers[header.toLowerCase()] = value; + }); + + // Store additional properties of the request object passed in + Object.entries(otherOptions) + .filter(([property]) => !this[property]) + .forEach(([property, value]) => { + this[property] = value; + }); } - if (!options.query) { - throw new InvalidArgumentError('Missing parameter: `query`'); + /** + * Get a request header. + * @param {String} field + */ + get(field) { + return this.headers[field.toLowerCase()]; } - this.body = options.body || {}; - this.headers = {}; - this.method = options.method; - this.query = options.query; - - // Store the headers in lower case. - for (const field in options.headers) { - if (Object.prototype.hasOwnProperty.call(options.headers, field)) { - this.headers[field.toLowerCase()] = options.headers[field]; + /** + * Check if the content-type matches any of the given mime types. + * @param {...String|Array} types + */ + is(...types) { + if (types.length === 1 && Array.isArray(types[0])) { + types = types[0]; } - } - // Store additional properties of the request object passed in - for (const property in options) { - if (Object.prototype.hasOwnProperty.call(options, property) && !this[property]) { - this[property] = options[property]; - } + return typeis(this, types) || false; } } -/** - * Get a request header. - */ - -Request.prototype.get = function(field) { - return this.headers[field.toLowerCase()]; -}; - -/** - * Check if the content-type matches any of the given mime type. - */ - -Request.prototype.is = function(types) { - if (!Array.isArray(types)) { - types = [].slice.call(arguments); - } - - return typeis(this, types) || false; -}; - -/** - * Export constructor. - */ - module.exports = Request; diff --git a/lib/response-types/code-response-type.js b/lib/response-types/code-response-type.js index 8252248f..6311d22a 100644 --- a/lib/response-types/code-response-type.js +++ b/lib/response-types/code-response-type.js @@ -7,37 +7,27 @@ const InvalidArgumentError = require('../errors/invalid-argument-error'); const url = require('url'); -/** - * Constructor. - */ +class CodeResponseType { + constructor(code) { + if (!code) { + throw new InvalidArgumentError('Missing parameter: `code`'); + } -function CodeResponseType(code) { - if (!code) { - throw new InvalidArgumentError('Missing parameter: `code`'); + this.code = code; } - this.code = code; -} + buildRedirectUri(redirectUri) { + if (!redirectUri) { + throw new InvalidArgumentError('Missing parameter: `redirectUri`'); + } -/** - * Build redirect uri. - */ - -CodeResponseType.prototype.buildRedirectUri = function(redirectUri) { - if (!redirectUri) { - throw new InvalidArgumentError('Missing parameter: `redirectUri`'); - } + const uri = url.parse(redirectUri, true); - const uri = url.parse(redirectUri, true); + uri.query.code = this.code; + uri.search = null; - uri.query.code = this.code; - uri.search = null; - - return uri; -}; - -/** - * Export constructor. - */ + return uri; + } +} module.exports = CodeResponseType; diff --git a/lib/response-types/token-response-type.js b/lib/response-types/token-response-type.js index 29c32e70..cd6891b4 100644 --- a/lib/response-types/token-response-type.js +++ b/lib/response-types/token-response-type.js @@ -6,16 +6,10 @@ const ServerError = require('../errors/server-error'); -/** - * Constructor. - */ - -function TokenResponseType() { - throw new ServerError('Not implemented.'); +class TokenResponseType { + constructor() { + throw new ServerError('Not implemented.'); + } } -/** - * Export constructor. - */ - module.exports = TokenResponseType; diff --git a/lib/response.js b/lib/response.js index 29a2c517..23725963 100644 --- a/lib/response.js +++ b/lib/response.js @@ -1,58 +1,45 @@ 'use strict'; -/** - * Constructor. - */ - -function Response(options) { - options = options || {}; +class Response { + constructor({ headers = {}, body = {}, ...otherOptions } = {}) { + this.status = 200; + this.body = body; + this.headers = {}; + + // Store the headers in lower case. + Object.entries(headers).forEach(([header, value]) => { + this.headers[header.toLowerCase()] = value; + }); + + // Store additional properties of the response object passed in + Object.entries(otherOptions) + .filter(([property]) => !this[property]) + .forEach(([property, value]) => { + this[property] = value; + }); + } - this.body = options.body || {}; - this.headers = {}; - this.status = 200; + /** + * Get a response header. + */ + get(field) { + return this.headers[field.toLowerCase()]; + } - // Store the headers in lower case. - for (const field in options.headers) { - if (Object.prototype.hasOwnProperty.call(options.headers, field)) { - this.headers[field.toLowerCase()] = options.headers[field]; - } + /** + * Redirect response. + */ + redirect(url) { + this.set('Location', url); + this.status = 302; } - // Store additional properties of the response object passed in - for (const property in options) { - if (Object.prototype.hasOwnProperty.call(options, property) && !this[property]) { - this[property] = options[property]; - } + /** + * Set a response header. + */ + set(field, value) { + this.headers[field.toLowerCase()] = value; } } -/** - * Get a response header. - */ - -Response.prototype.get = function(field) { - return this.headers[field.toLowerCase()]; -}; - -/** - * Redirect response. - */ - -Response.prototype.redirect = function(url) { - this.set('Location', url); - this.status = 302; -}; - -/** - * Set a response header. - */ - -Response.prototype.set = function(field, value) { - this.headers[field.toLowerCase()] = value; -}; - -/** - * Export constructor. - */ - module.exports = Response; From 9bf64c4b7d62541b6b1eac9baaf71c4d0c0bd889 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Tue, 22 Aug 2023 09:00:02 +0200 Subject: [PATCH 39/86] tests(integration): deep cover refresh-token grant type --- lib/grant-types/refresh-token-grant-type.js | 4 +- .../refresh-token-grant-type_test.js | 427 ++++++++++-------- 2 files changed, 249 insertions(+), 182 deletions(-) diff --git a/lib/grant-types/refresh-token-grant-type.js b/lib/grant-types/refresh-token-grant-type.js index b9e89a27..5b5b6fd2 100644 --- a/lib/grant-types/refresh-token-grant-type.js +++ b/lib/grant-types/refresh-token-grant-type.js @@ -130,8 +130,8 @@ class RefreshTokenGrantType extends AbstractGrantType { const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(); const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt(); const token = { - accessToken: accessToken, - accessTokenExpiresAt: accessTokenExpiresAt, + accessToken, + accessTokenExpiresAt, scope: scope, }; diff --git a/test/integration/grant-types/refresh-token-grant-type_test.js b/test/integration/grant-types/refresh-token-grant-type_test.js index fede3776..316b8064 100644 --- a/test/integration/grant-types/refresh-token-grant-type_test.js +++ b/test/integration/grant-types/refresh-token-grant-type_test.js @@ -43,10 +43,10 @@ describe('RefreshTokenGrantType integration', function() { it('should throw an error if the model does not implement `revokeToken()`', function() { try { const model = { - getRefreshToken: function() {} + getRefreshToken: () => should.fail() }; - new RefreshTokenGrantType({ model: model }); + new RefreshTokenGrantType({ model }); should.fail(); } catch (e) { @@ -58,11 +58,11 @@ describe('RefreshTokenGrantType integration', function() { it('should throw an error if the model does not implement `saveToken()`', function() { try { const model = { - getRefreshToken: function() {}, - revokeToken: function() {} + getRefreshToken: () => should.fail(), + revokeToken: () => should.fail() }; - new RefreshTokenGrantType({ model: model }); + new RefreshTokenGrantType({ model }); should.fail(); } catch (e) { @@ -75,11 +75,11 @@ describe('RefreshTokenGrantType integration', function() { describe('handle()', function() { it('should throw an error if `request` is missing', async function() { const model = { - getRefreshToken: function() {}, - revokeToken: function() {}, - saveToken: function() {} + getRefreshToken: () => should.fail(), + revokeToken: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); try { await grantType.handle(); @@ -93,11 +93,11 @@ describe('RefreshTokenGrantType integration', function() { it('should throw an error if `client` is missing', async function() { const model = { - getRefreshToken: function() {}, - revokeToken: function() {}, - saveToken: function() {} + getRefreshToken: () => should.fail(), + revokeToken: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { @@ -110,22 +110,51 @@ describe('RefreshTokenGrantType integration', function() { } }); - it('should return a token', function() { + it('should return a token', async function() { const client = { id: 123 }; - const token = { accessToken: 'foo', client: { id: 123 }, user: {} }; + const token = { + accessToken: 'foo', + client: { id: 123 }, + user: { name: 'foo' }, + scope: 'read write', + refreshTokenExpiresAt: new Date( new Date() * 2) + }; const model = { - getRefreshToken: function() { return token; }, - revokeToken: function() { return { accessToken: 'foo', client: { id: 123 }, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }; }, - saveToken: function() { return token; } + getRefreshToken: async function(_refreshToken) { + _refreshToken.should.equal('foobar_refresh'); + return token; + }, + revokeToken: async function(_token) { + _token.should.deep.equal(token); + return true; + }, + generateAccessToken: async function (_client, _user, _scope) { + _user.should.deep.equal({ name: 'foo' }); + _client.should.deep.equal({ id: 123 }); + _scope.should.equal('read write'); + return 'new-access-token'; + }, + generateRefreshToken: async function (_client, _user, _scope) { + _user.should.deep.equal({ name: 'foo' }); + _client.should.deep.equal({ id: 123 }); + _scope.should.equal('read write'); + return 'new-refresh-token'; + }, + saveToken: async function(_token, _client, _user) { + _user.should.deep.equal({ name: 'foo' }); + _client.should.deep.equal({ id: 123 }); + _token.accessToken.should.equal('new-access-token'); + _token.refreshToken.should.equal('new-refresh-token'); + _token.accessTokenExpiresAt.should.be.instanceOf(Date); + _token.refreshTokenExpiresAt.should.be.instanceOf(Date); + return token; + } }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); - const request = new Request({ body: { refresh_token: 'foobar' }, headers: {}, method: {}, query: {} }); - return grantType.handle(request, client) - .then(function(data) { - data.should.equal(token); - }) - .catch(should.fail); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); + const request = new Request({ body: { refresh_token: 'foobar_refresh' }, headers: {}, method: {}, query: {} }); + const data = await grantType.handle(request, client); + data.should.equal(token); }); it('should support promises', function() { @@ -135,7 +164,7 @@ describe('RefreshTokenGrantType integration', function() { revokeToken: async function() { return { accessToken: 'foo', client: {}, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }; }, saveToken: async function() { return { accessToken: 'foo', client: {}, user: {} }; } }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { refresh_token: 'foobar' }, headers: {}, method: {}, query: {} }); grantType.handle(request, client).should.be.an.instanceOf(Promise); @@ -144,11 +173,11 @@ describe('RefreshTokenGrantType integration', function() { it('should support non-promises', function() { const client = { id: 123 }; const model = { - getRefreshToken: function() { return { accessToken: 'foo', client: { id: 123 }, user: {} }; }, - revokeToken: function() { return { accessToken: 'foo', client: {}, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }; }, - saveToken: function() { return { accessToken: 'foo', client: {}, user: {} }; } + getRefreshToken: async function() { return { accessToken: 'foo', client: { id: 123 }, user: {} }; }, + revokeToken: async function() { return { accessToken: 'foo', client: {}, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }; }, + saveToken: async function() { return { accessToken: 'foo', client: {}, user: {} }; } }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { refresh_token: 'foobar' }, headers: {}, method: {}, query: {} }); grantType.handle(request, client).should.be.an.instanceOf(Promise); @@ -159,11 +188,11 @@ describe('RefreshTokenGrantType integration', function() { it('should throw an error if the `refreshToken` parameter is missing from the request body', async function() { const client = {}; const model = { - getRefreshToken: function() {}, - revokeToken: function() {}, - saveToken: function() {} + getRefreshToken: () => should.fail(), + revokeToken: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { @@ -176,92 +205,100 @@ describe('RefreshTokenGrantType integration', function() { } }); - it('should throw an error if `refreshToken` is not found', function() { + it('should throw an error if `refreshToken` is not found', async function() { const client = { id: 123 }; const model = { - getRefreshToken: function() { return; }, - revokeToken: function() {}, - saveToken: function() {} + getRefreshToken: async function() {} , + revokeToken: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); const request = new Request({ body: { refresh_token: '12345' }, headers: {}, method: {}, query: {} }); - return grantType.getRefreshToken(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(InvalidGrantError); - e.message.should.equal('Invalid grant: refresh token is invalid'); - }); + try { + await grantType.getRefreshToken(request, client); + + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidGrantError); + e.message.should.equal('Invalid grant: refresh token is invalid'); + } }); - it('should throw an error if `refreshToken.client` is missing', function() { + it('should throw an error if `refreshToken.client` is missing', async function() { const client = {}; const model = { - getRefreshToken: function() { return {}; }, - revokeToken: function() {}, - saveToken: function() {} + getRefreshToken: async function() { return {}; }, + revokeToken: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); const request = new Request({ body: { refresh_token: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getRefreshToken(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(ServerError); - e.message.should.equal('Server error: `getRefreshToken()` did not return a `client` object'); - }); + try { + await grantType.getRefreshToken(request, client); + + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(ServerError); + e.message.should.equal('Server error: `getRefreshToken()` did not return a `client` object'); + } }); - it('should throw an error if `refreshToken.user` is missing', function() { + it('should throw an error if `refreshToken.user` is missing', async function() { const client = {}; const model = { - getRefreshToken: function() { + getRefreshToken: async function() { return { accessToken: 'foo', client: {} }; }, - revokeToken: function() {}, - saveToken: function() {} + revokeToken: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); const request = new Request({ body: { refresh_token: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getRefreshToken(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(ServerError); - e.message.should.equal('Server error: `getRefreshToken()` did not return a `user` object'); - }); + try { + await grantType.getRefreshToken(request, client); + + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(ServerError); + e.message.should.equal('Server error: `getRefreshToken()` did not return a `user` object'); + } }); - it('should throw an error if the client id does not match', function() { + it('should throw an error if the client id does not match', async function() { const client = { id: 123 }; const model = { - getRefreshToken: function() { + getRefreshToken: async function() { return { accessToken: 'foo', client: { id: 456 }, user: {} }; }, - revokeToken: function() {}, - saveToken: function() {} + revokeToken: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); const request = new Request({ body: { refresh_token: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getRefreshToken(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(InvalidGrantError); - e.message.should.equal('Invalid grant: refresh token was issued to another client'); - }); + try { + await grantType.getRefreshToken(request, client); + + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidGrantError); + e.message.should.equal('Invalid grant: refresh token was issued to another client'); + } }); it('should throw an error if `refresh_token` contains invalid characters', async function() { const client = {}; const model = { - getRefreshToken: function() { + getRefreshToken: async function() { return { client: { id: 456 }, user: {} }; }, - revokeToken: function() {}, - saveToken: function() {} + revokeToken: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); const request = new Request({ body: { refresh_token: 'ø倣‰' }, headers: {}, method: {}, query: {} }); try { @@ -274,83 +311,100 @@ describe('RefreshTokenGrantType integration', function() { } }); - it('should throw an error if `refresh_token` is missing', function() { + it('should throw an error if `refresh_token` is missing', async function() { const client = {}; const model = { - getRefreshToken: function() { + getRefreshToken: async function() { return { accessToken: 'foo', client: { id: 456 }, user: {} }; }, - revokeToken: function() {}, - saveToken: function() {} + revokeToken: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); const request = new Request({ body: { refresh_token: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getRefreshToken(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(InvalidGrantError); - e.message.should.equal('Invalid grant: refresh token was issued to another client'); - }); + try { + await grantType.getRefreshToken(request, client); + + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidGrantError); + e.message.should.equal('Invalid grant: refresh token was issued to another client'); + } }); - it('should throw an error if `refresh_token` is expired', function() { + it('should throw an error if `refresh_token` is expired', async function() { const client = { id: 123 }; const date = new Date(new Date() / 2); const model = { - getRefreshToken: function() { + getRefreshToken: async function() { return { accessToken: 'foo', client: { id: 123 }, refreshTokenExpiresAt: date, user: {} }; }, - revokeToken: function() {}, - saveToken: function() {} + revokeToken: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); const request = new Request({ body: { refresh_token: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getRefreshToken(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(InvalidGrantError); - e.message.should.equal('Invalid grant: refresh token has expired'); - }); + try { + await grantType.getRefreshToken(request, client); + + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidGrantError); + e.message.should.equal('Invalid grant: refresh token has expired'); + } }); - it('should throw an error if `refreshTokenExpiresAt` is not a date value', function() { + it('should throw an error if `refreshTokenExpiresAt` is not a date value', async function() { const client = { id: 123 }; const model = { - getRefreshToken: function() { + getRefreshToken: async function() { return { accessToken: 'foo', client: { id: 123 }, refreshTokenExpiresAt: 'stringvalue', user: {} }; }, - revokeToken: function() {}, - saveToken: function() {} + revokeToken: () => should.fail(), + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); const request = new Request({ body: { refresh_token: 12345 }, headers: {}, method: {}, query: {} }); - return grantType.getRefreshToken(request, client) - .then(should.fail) - .catch(function(e) { - e.should.be.an.instanceOf(ServerError); - e.message.should.equal('Server error: `refreshTokenExpiresAt` must be a Date instance'); - }); + try { + await grantType.getRefreshToken(request, client); + + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(ServerError); + e.message.should.equal('Server error: `refreshTokenExpiresAt` must be a Date instance'); + } }); - it('should return a token', function() { + it('should return a token', async function() { const client = { id: 123 }; - const token = { accessToken: 'foo', client: { id: 123 }, user: {} }; + const token = { accessToken: 'foo', client: { id: 123 }, user: { name: 'foobar' } }; const model = { - getRefreshToken: function() { return token; }, - revokeToken: function() {}, - saveToken: function() {} + getRefreshToken: async function(_refreshToken) { + _refreshToken.should.equal('foobar_refresh'); + return token; + }, + revokeToken: async function(_token) { + _token.should.deep.equal(token); + return true; + }, + saveToken: async function(_token, _client, _user) { + _user.should.deep.equal(token.user); + _client.should.deep.equal(client); + _token.accessToken.should.be.a.sha256(); + _token.refreshToken.should.be.a.sha256(); + _token.accessTokenExpiresAt.should.be.instanceOf(Date); + _token.refreshTokenExpiresAt.should.be.instanceOf(Date); + return token; + } }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); - const request = new Request({ body: { refresh_token: 'foobar' }, headers: {}, method: {}, query: {} }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); + const request = new Request({ body: { refresh_token: 'foobar_refresh' }, headers: {}, method: {}, query: {} }); - return grantType.getRefreshToken(request, client) - .then(function(data) { - data.should.equal(token); - }) - .catch(should.fail); + const data = await grantType.getRefreshToken(request, client); + data.should.equal(token); }); it('should support promises', function() { @@ -358,10 +412,10 @@ describe('RefreshTokenGrantType integration', function() { const token = { accessToken: 'foo', client: { id: 123 }, user: {} }; const model = { getRefreshToken: async function() { return token; }, - revokeToken: function() {}, - saveToken: function() {} + revokeToken: async function() {}, + saveToken: async function() {} }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { refresh_token: 'foobar' }, headers: {}, method: {}, query: {} }); grantType.getRefreshToken(request, client).should.be.an.instanceOf(Promise); @@ -371,11 +425,11 @@ describe('RefreshTokenGrantType integration', function() { const client = { id: 123 }; const token = { accessToken: 'foo', client: { id: 123 }, user: {} }; const model = { - getRefreshToken: function() { return token; }, - revokeToken: function() {}, - saveToken: function() {} + getRefreshToken: async function() { return token; }, + revokeToken: async function() {}, + saveToken: async function() {} }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { refresh_token: 'foobar' }, headers: {}, method: {}, query: {} }); grantType.getRefreshToken(request, client).should.be.an.instanceOf(Promise); @@ -383,46 +437,47 @@ describe('RefreshTokenGrantType integration', function() { }); describe('revokeToken()', function() { - it('should throw an error if the `token` is invalid', function() { + it('should throw an error if the `token` is invalid', async function() { const model = { - getRefreshToken: function() {}, - revokeToken: function() {}, - saveToken: function() {} + getRefreshToken: () => should.fail(), + revokeToken: async () => {}, + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model: model }); - - grantType.revokeToken({}) - .then(should.fail) - .catch(function (e) { - e.should.be.an.instanceOf(InvalidGrantError); - e.message.should.equal('Invalid grant: refresh token is invalid'); - }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 120, model }); + + try { + await grantType.revokeToken({}); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidGrantError); + e.message.should.equal('Invalid grant: refresh token is invalid or could not be revoked'); + } }); - it('should revoke the token', function() { + it('should revoke the token', async function() { const token = { accessToken: 'foo', client: {}, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }; const model = { - getRefreshToken: function() {}, - revokeToken: function() { return token; }, - saveToken: function() {} + getRefreshToken: () => should.fail(), + revokeToken: async function(_token) { + _token.should.deep.equal(token); + return token; + }, + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); - return grantType.revokeToken(token) - .then(function(data) { - data.should.equal(token); - }) - .catch(should.fail); + const data = await grantType.revokeToken(token); + data.should.equal(token); }); it('should support promises', function() { const token = { accessToken: 'foo', client: {}, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }; const model = { - getRefreshToken: function() {}, + getRefreshToken: () => should.fail(), revokeToken: async function() { return token; }, - saveToken: function() {} + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); grantType.revokeToken(token).should.be.an.instanceOf(Promise); }); @@ -430,41 +485,53 @@ describe('RefreshTokenGrantType integration', function() { it('should support non-promises', function() { const token = { accessToken: 'foo', client: {}, refreshTokenExpiresAt: new Date(new Date() / 2), user: {} }; const model = { - getRefreshToken: function() {}, + getRefreshToken: () => should.fail(), revokeToken: function() { return token; }, - saveToken: function() {} + saveToken: () => should.fail() }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); grantType.revokeToken(token).should.be.an.instanceOf(Promise); }); }); describe('saveToken()', function() { - it('should save the token', function() { - const token = {}; + it('should save the token', async function() { + const user = { name: 'foo' }; + const client = { id: 123465 }; + const scope = ['foo', 'bar']; const model = { - getRefreshToken: function() {}, - revokeToken: function() {}, - saveToken: function() { return token; } + getRefreshToken: () => should.fail(), + revokeToken: () => should.fail(), + saveToken: async function(_token, _client, _user) { + _user.should.deep.equal(user); + _client.should.deep.equal(client); + _token.scope.should.deep.equal(scope); + _token.accessToken.should.be.a.sha256(); + _token.refreshToken.should.be.a.sha256(); + _token.accessTokenExpiresAt.should.be.instanceOf(Date); + _token.refreshTokenExpiresAt.should.be.instanceOf(Date); + return { ..._token }; + } }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); - - return grantType.saveToken(token) - .then(function(data) { - data.should.equal(token); - }) - .catch(should.fail); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); + + const data = await grantType.saveToken(user, client, scope); + data.accessToken.should.be.a.sha256(); + data.refreshToken.should.be.a.sha256(); + data.accessTokenExpiresAt.should.be.instanceOf(Date); + data.refreshTokenExpiresAt.should.be.instanceOf(Date); + data.scope.should.deep.equal(scope); }); it('should support promises', function() { const token = {}; const model = { - getRefreshToken: function() {}, - revokeToken: function() {}, + getRefreshToken: () => should.fail(), + revokeToken: () => should.fail(), saveToken: async function() { return token; } }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); grantType.saveToken(token).should.be.an.instanceOf(Promise); }); @@ -472,11 +539,11 @@ describe('RefreshTokenGrantType integration', function() { it('should support non-promises', function() { const token = {}; const model = { - getRefreshToken: function() {}, - revokeToken: function() {}, + getRefreshToken: () => should.fail(), + revokeToken: () => should.fail(), saveToken: function() { return token; } }; - const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model: model }); + const grantType = new RefreshTokenGrantType({ accessTokenLifetime: 123, model }); grantType.saveToken(token).should.be.an.instanceOf(Promise); }); From 92cc613a7c5a6e73b63d4e11461aeb58f1044dac Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Tue, 22 Aug 2023 09:02:18 +0200 Subject: [PATCH 40/86] tests(integration): deep cover authenticte handler --- .../handlers/authenticate-handler_test.js | 38 +++++++++++++++---- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/test/integration/handlers/authenticate-handler_test.js b/test/integration/handlers/authenticate-handler_test.js index c069ed9f..712dd7cd 100644 --- a/test/integration/handlers/authenticate-handler_test.js +++ b/test/integration/handlers/authenticate-handler_test.js @@ -101,16 +101,38 @@ describe('AuthenticateHandler integration', function() { }); describe('handle()', function() { - it('should throw an error if `request` is missing', async function() { - const handler = new AuthenticateHandler({ model: { getAccessToken: function() {} } }); + it('should throw an error if `request` is missing or not a Request instance', async function() { + class Request {} // intentionally fake + const values = [undefined, null, {}, [], new Date(), new Request()]; + for (const request of values) { + const handler = new AuthenticateHandler({ model: { getAccessToken: function() {} } }); + + try { + await handler.handle(request); + + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidArgumentError); + e.message.should.equal('Invalid argument: `request` must be an instance of Request'); + } + } + }); - try { - await handler.handle(); + it('should throw an error if `response` is missing or not a Response instance', async function() { + class Response {} // intentionally fake + const values = [undefined, null, {}, [], new Date(), new Response()]; + const request = new Request({ body: {}, headers: { 'Authorization': 'Bearer foo' }, method: {}, query: {} }); - should.fail(); - } catch (e) { - e.should.be.an.instanceOf(InvalidArgumentError); - e.message.should.equal('Invalid argument: `request` must be an instance of Request'); + for (const response of values) { + const handler = new AuthenticateHandler({ model: { getAccessToken: function() {} } }); + try { + await handler.handle(request, response); + + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidArgumentError); + e.message.should.equal('Invalid argument: `response` must be an instance of Response'); + } } }); From 323c91b03a8ebce4593b753173ae0441d4c2b9cf Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Tue, 22 Aug 2023 09:02:40 +0200 Subject: [PATCH 41/86] tests(unit): improve coverage for TokenModel --- test/unit/models/token-model_test.js | 96 ++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/test/unit/models/token-model_test.js b/test/unit/models/token-model_test.js index 7dcac615..e9039386 100644 --- a/test/unit/models/token-model_test.js +++ b/test/unit/models/token-model_test.js @@ -1,4 +1,5 @@ const TokenModel = require('../../../lib/models/token-model'); +const InvalidArgumentError = require('../../../lib/errors/invalid-argument-error'); const should = require('chai').should(); /** * Test `Server`. @@ -6,6 +7,101 @@ const should = require('chai').should(); describe('Model', function() { describe('constructor()', function() { + it('throws, if data is empty', function () { + try { + new TokenModel(); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidArgumentError); + e.message.should.equal('Missing parameter: `accessToken`'); + } + }); + it('throws, if `accessToken` is missing', function () { + const atExpiresAt = new Date(); + atExpiresAt.setHours(new Date().getHours() + 1); + + const data = { + client: 'bar', + user: 'tar', + accessTokenExpiresAt: atExpiresAt + }; + + try { + new TokenModel(data); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidArgumentError); + e.message.should.equal('Missing parameter: `accessToken`'); + } + }); + it('throws, if `client` is missing', function () { + const atExpiresAt = new Date(); + atExpiresAt.setHours(new Date().getHours() + 1); + + const data = { + accessToken: 'foo', + user: 'tar', + accessTokenExpiresAt: atExpiresAt + }; + + try { + new TokenModel(data); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidArgumentError); + e.message.should.equal('Missing parameter: `client`'); + } + }); + it('throws, if `user` is missing', function () { + const atExpiresAt = new Date(); + atExpiresAt.setHours(new Date().getHours() + 1); + + const data = { + accessToken: 'foo', + client: 'bar', + accessTokenExpiresAt: atExpiresAt + }; + + try { + new TokenModel(data); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidArgumentError); + e.message.should.equal('Missing parameter: `user`'); + } + }); + it('throws, if `accessTokenExpiresAt` is not a Date', function () { + const data = { + accessToken: 'foo', + client: 'bar', + user: 'tar', + accessTokenExpiresAt: '11/10/2023' + }; + + try { + new TokenModel(data); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidArgumentError); + e.message.should.equal('Invalid parameter: `accessTokenExpiresAt`'); + } + }); + it('throws, if `refreshTokenExpiresAt` is not a Date', function () { + const data = { + accessToken: 'foo', + client: 'bar', + user: 'tar', + refreshTokenExpiresAt: '11/10/2023' + }; + + try { + new TokenModel(data); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidArgumentError); + e.message.should.equal('Invalid parameter: `refreshTokenExpiresAt`'); + } + }); it('should calculate `accessTokenLifetime` if `accessTokenExpiresAt` is set', function() { const atExpiresAt = new Date(); atExpiresAt.setHours(new Date().getHours() + 1); From fde0915bdef4f30955a566dbd19f6950c946c69b Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Tue, 22 Aug 2023 15:55:14 +0200 Subject: [PATCH 42/86] tests(unit): improve coverage for crypto util --- test/unit/utils/crypto-util_test.js | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 test/unit/utils/crypto-util_test.js diff --git a/test/unit/utils/crypto-util_test.js b/test/unit/utils/crypto-util_test.js new file mode 100644 index 00000000..7c3057e0 --- /dev/null +++ b/test/unit/utils/crypto-util_test.js @@ -0,0 +1,18 @@ +const cryptoUtil = require('../../../lib/utils/crypto-util'); +require('chai').should(); + +describe(cryptoUtil.createHash.name, function () { + it('creates a hash by given algorithm', function () { + const data = 'client-credentials-grant'; + const hash = cryptoUtil.createHash({ data, encoding: 'hex' }); + hash.should.equal('072726830f0aadd2d91f86f53e3a7ef40018c2626438152dd576e272bf2b8e60'); + }); + it('should throw if data is missing', function () { + try { + cryptoUtil.createHash({}); + } catch (e) { + e.should.be.instanceOf(TypeError); + e.message.should.include('he "data" argument must be of type string or an instance of Buffer, TypedArray, or DataView.'); + } + }); +}); From c0593ef7d53874130317e9538296973cb2646ad6 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Tue, 22 Aug 2023 15:55:47 +0200 Subject: [PATCH 43/86] tests(integration): deep-cover model integration in AuthorizeHandler tests --- lib/handlers/authorize-handler.js | 1 + .../handlers/authorize-handler_test.js | 634 +++++++++++------- 2 files changed, 398 insertions(+), 237 deletions(-) diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index 65168324..19922ed5 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -347,6 +347,7 @@ AuthorizeHandler.prototype.buildErrorRedirectUri = function(redirectUri, error) error: error.name }; + if (error.message) { uri.query.error_description = error.message; } diff --git a/test/integration/handlers/authorize-handler_test.js b/test/integration/handlers/authorize-handler_test.js index 17df3160..1e4a515d 100644 --- a/test/integration/handlers/authorize-handler_test.js +++ b/test/integration/handlers/authorize-handler_test.js @@ -20,6 +20,15 @@ const UnauthorizedClientError = require('../../../lib/errors/unauthorized-client const should = require('chai').should(); const url = require('url'); +const createModel = (model = {}) => { + return { + getAccessToken: () => should.fail(), + getClient: () => should.fail(), + saveAuthorizationCode: () => should.fail(), + ...model + }; +}; + /** * Test `AuthorizeHandler` integration. */ @@ -29,7 +38,6 @@ describe('AuthorizeHandler integration', function() { it('should throw an error if `options.authorizationCodeLifetime` is missing', function() { try { new AuthorizeHandler(); - should.fail(); } catch (e) { e.should.be.an.instanceOf(InvalidArgumentError); @@ -40,7 +48,6 @@ describe('AuthorizeHandler integration', function() { it('should throw an error if `options.model` is missing', function() { try { new AuthorizeHandler({ authorizationCodeLifetime: 120 }); - should.fail(); } catch (e) { e.should.be.an.instanceOf(InvalidArgumentError); @@ -51,7 +58,6 @@ describe('AuthorizeHandler integration', function() { it('should throw an error if the model does not implement `getClient()`', function() { try { new AuthorizeHandler({ authorizationCodeLifetime: 120, model: {} }); - should.fail(); } catch (e) { e.should.be.an.instanceOf(InvalidArgumentError); @@ -61,8 +67,7 @@ describe('AuthorizeHandler integration', function() { it('should throw an error if the model does not implement `saveAuthorizationCode()`', function() { try { - new AuthorizeHandler({ authorizationCodeLifetime: 120, model: { getClient: function() {} } }); - + new AuthorizeHandler({ authorizationCodeLifetime: 120, model: { getClient: () => should.fail() } }); should.fail(); } catch (e) { e.should.be.an.instanceOf(InvalidArgumentError); @@ -72,12 +77,12 @@ describe('AuthorizeHandler integration', function() { it('should throw an error if the model does not implement `getAccessToken()`', function() { const model = { - getClient: function() {}, - saveAuthorizationCode: function() {} + getClient: () => should.fail(), + saveAuthorizationCode: () => should.fail() }; try { - new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); should.fail(); } catch (e) { @@ -87,51 +92,58 @@ describe('AuthorizeHandler integration', function() { }); it('should set the `authorizationCodeLifetime`', function() { - const model = { - getAccessToken: function() {}, - getClient: function() {}, - saveAuthorizationCode: function() {} - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const model = createModel(); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); handler.authorizationCodeLifetime.should.equal(120); }); - it('should set the `authenticateHandler`', function() { - const model = { - getAccessToken: function() {}, - getClient: function() {}, - saveAuthorizationCode: function() {} - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + it('should throw if the custom `authenticateHandler` does not implement a `handle` method', function () { + const model = createModel(); + const authenticateHandler = {}; // misses handle() method + + try { + new AuthorizeHandler({ authenticateHandler, authorizationCodeLifetime: 120, model }); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidArgumentError); + e.message.should.equal('Invalid argument: authenticateHandler does not implement `handle()`'); + } + }); + it('should set the default `authenticateHandler`, if no custom one is passed', function() { + const model = createModel(); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); handler.authenticateHandler.should.be.an.instanceOf(AuthenticateHandler); }); - it('should set the `model`', function() { - const model = { - getAccessToken: function() {}, - getClient: function() {}, - saveAuthorizationCode: function() {} - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + it('should set the custom `authenticateHandler`, if valid', function () { + const model = createModel(); + + class CustomAuthenticateHandler { + async handle () {} + } + + const authenticateHandler = new CustomAuthenticateHandler(); + const handler = new AuthorizeHandler({ authenticateHandler, authorizationCodeLifetime: 120, model }); + handler.authenticateHandler.should.be.an.instanceOf(CustomAuthenticateHandler); + handler.authenticateHandler.should.not.be.an.instanceOf(AuthenticateHandler); + }); + it('should set the `model`', function() { + const model = createModel(); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); handler.model.should.equal(model); }); }); describe('handle()', function() { it('should throw an error if `request` is missing', async function() { - const model = { - getAccessToken: function() {}, - getClient: function() {}, - saveAuthorizationCode: function() {} - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const model = createModel(); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); try { await handler.handle(); - should.fail(); } catch (e) { e.should.be.an.instanceOf(InvalidArgumentError); @@ -140,17 +152,12 @@ describe('AuthorizeHandler integration', function() { }); it('should throw an error if `response` is missing', async function() { - const model = { - getAccessToken: function() {}, - getClient: function() {}, - saveAuthorizationCode: function() {} - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const model = createModel(); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { await handler.handle(request); - should.fail(); } catch (e) { e.should.be.an.instanceOf(InvalidArgumentError); @@ -158,28 +165,35 @@ describe('AuthorizeHandler integration', function() { } }); - it('should redirect to an error response if user denied access', function() { - const model = { - getAccessToken: function() { + it('should redirect to an error response if user denied access', async function() { + const client = { + id: 'client-12345', + grants: ['authorization_code'], + redirectUris: ['http://example.com/cb'] + }; + const model = createModel({ + getAccessToken: async function(_token) { + _token.should.equal('foobarbazmootoken'); return { user: {}, accessTokenExpiresAt: new Date(new Date().getTime() + 10000) }; }, - getClient: function() { - return { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; - }, - saveAuthorizationCode: function() {} - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + getClient: async function(clientId, clientSecret) { + clientId.should.equal(client.id); + (clientSecret === null).should.equal(true); + return { ...client }; + } + }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { - client_id: 12345, + client_id: client.id, response_type: 'code' }, method: {}, headers: { - 'Authorization': 'Bearer foo' + 'Authorization': 'Bearer foobarbazmootoken' }, query: { state: 'foobar', @@ -188,29 +202,39 @@ describe('AuthorizeHandler integration', function() { }); const response = new Response({ body: {}, headers: {} }); - return handler.handle(request, response) - .then(should.fail) - .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=access_denied&error_description=Access%20denied%3A%20user%20denied%20access%20to%20application&state=foobar'); - }); + try { + await handler.handle(request, response); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(AccessDeniedError); + e.message.should.equal('Access denied: user denied access to application'); + response + .get('location') + .should + .equal('http://example.com/cb?error=access_denied&error_description=Access%20denied%3A%20user%20denied%20access%20to%20application&state=foobar'); + } }); - it('should redirect to an error response if a non-oauth error is thrown', function() { - const model = { - getAccessToken: function() { + it('should redirect to an error response if a non-oauth error is thrown', async function() { + const model = createModel({ + getAccessToken: async function() { return { user: {}, accessTokenExpiresAt: new Date(new Date().getTime() + 10000) }; }, - getClient: function() { - return { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; + getClient: async function() { + return { + grants: ['authorization_code'], + redirectUris: ['http://example.com/cb'] + }; }, - saveAuthorizationCode: function() { - throw new Error('Unhandled exception'); + saveAuthorizationCode: async function() { + throw new CustomError('Unhandled exception'); } - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + }); + class CustomError extends Error {} + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, @@ -226,29 +250,35 @@ describe('AuthorizeHandler integration', function() { }); const response = new Response({ body: {}, headers: {} }); - return handler.handle(request, response) - .then(should.fail) - .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=server_error&error_description=Unhandled%20exception&state=foobar'); - }); + try { + await handler.handle(request, response); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(ServerError); // non-oauth-errors are converted to ServerError + e.message.should.equal('Unhandled exception'); + response + .get('location') + .should + .equal('http://example.com/cb?error=server_error&error_description=Unhandled%20exception&state=foobar'); + } }); - it('should redirect to an error response if an oauth error is thrown', function() { - const model = { - getAccessToken: function() { + it('should redirect to an error response if an oauth error is thrown', async function() { + const model = createModel({ + getAccessToken: async function() { return { user: {}, accessTokenExpiresAt: new Date(new Date().getTime() + 10000) }; }, - getClient: function() { + getClient: async function() { return { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; }, - saveAuthorizationCode: function() { + saveAuthorizationCode: async function() { throw new AccessDeniedError('Cannot request this auth code'); } - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, @@ -264,69 +294,87 @@ describe('AuthorizeHandler integration', function() { }); const response = new Response({ body: {}, headers: {} }); - return handler.handle(request, response) - .then(should.fail) - .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=access_denied&error_description=Cannot%20request%20this%20auth%20code&state=foobar'); - }); + try { + await handler.handle(request, response); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(AccessDeniedError); + e.message.should.equal('Cannot request this auth code'); + response + .get('location') + .should + .equal('http://example.com/cb?error=access_denied&error_description=Cannot%20request%20this%20auth%20code&state=foobar'); + } }); - it('should redirect to a successful response with `code` and `state` if successful', function() { - const client = { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; - const model = { - getAccessToken: function() { + it('should redirect to a successful response with `code` and `state` if successful', async function() { + const client = { + id: 'client-12343434', + grants: ['authorization_code'], + redirectUris: ['http://example.com/cb'] + }; + const model = createModel({ + getAccessToken: async function(_token) { + _token.should.equal('foobarbaztokenmoo'); return { - client: client, + client, user: {}, accessTokenExpiresAt: new Date(new Date().getTime() + 10000) }; }, - getClient: function() { - return client; + getClient: async function(clientId, clientSecret) { + clientId.should.equal(client.id); + (clientSecret === null).should.equal(true); + return { ...client }; }, - saveAuthorizationCode: function() { - return { authorizationCode: 12345, client: client }; + saveAuthorizationCode: async function() { + return { + authorizationCode: 'fooobar-long-authzcode-?', + client + }; } - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { - client_id: 12345, + client_id: client.id, response_type: 'code' }, headers: { - 'Authorization': 'Bearer foo' + 'Authorization': 'Bearer foobarbaztokenmoo' }, method: {}, query: { - state: 'foobar' + state: 'foobarbazstatemoo' } }); const response = new Response({ body: {}, headers: {} }); - - return handler.handle(request, response) - .then(function() { - response.get('location').should.equal('http://example.com/cb?code=12345&state=foobar'); - }) - .catch(should.fail); - }); - - it('should redirect to an error response if `scope` is invalid', function() { - const model = { - getAccessToken: function() { + const data = await handler.handle(request, response); + data.authorizationCode.should.equal('fooobar-long-authzcode-?'); + data.client.should.deep.equal(client); + response.status.should.equal(302); + response + .get('location') + .should + .equal('http://example.com/cb?code=fooobar-long-authzcode-%3F&state=foobarbazstatemoo'); + }); + + it('should redirect to an error response if `scope` is invalid', async function() { + const model = createModel({ + getAccessToken: async function() { return { user: {}, accessTokenExpiresAt: new Date(new Date().getTime() + 10000) }; }, - getClient: function() { + getClient: async function() { return { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; }, - saveAuthorizationCode: function() { + saveAuthorizationCode: async function() { return {}; } - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, @@ -343,14 +391,18 @@ describe('AuthorizeHandler integration', function() { }); const response = new Response({ body: {}, headers: {} }); - return handler.handle(request, response) - .then(should.fail) - .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20parameter%3A%20%60scope%60&state=foobar'); - }); + try { + await handler.handle(request, response); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidScopeError); + e.message.should.equal('Invalid parameter: `scope`'); + response.status.should.equal(302); + response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20parameter%3A%20%60scope%60&state=foobar'); + } }); - it('should redirect to a successful response if `model.validateScope` is not defined', function() { + it('should redirect to a successful response if `model.validateScope` is not defined', async function() { const client = { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; const model = { getAccessToken: function() { @@ -364,10 +416,10 @@ describe('AuthorizeHandler integration', function() { return client; }, saveAuthorizationCode: function() { - return { authorizationCode: 12345, client: client }; + return { authorizationCode: 'fooobar-long-authzcode-?', client }; } }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, @@ -379,42 +431,44 @@ describe('AuthorizeHandler integration', function() { method: {}, query: { scope: 'read', - state: 'foobar' + state: 'foobarbazstatemoo' } }); const response = new Response({ body: {}, headers: {} }); - - return handler.handle(request, response) - .then(function(data) { - data.should.eql({ - authorizationCode: 12345, - client: client - }); - }) - .catch(should.fail); + const data = await handler.handle(request, response); + data.should.deep.equal({ + authorizationCode: 'fooobar-long-authzcode-?', + client: client + }); + response.status.should.equal(302); + response + .get('location') + .should + .equal('http://example.com/cb?code=fooobar-long-authzcode-%3F&state=foobarbazstatemoo'); }); - it('should redirect to an error response if `scope` is insufficient', function() { - const client = { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; + it('should redirect to an error response if `scope` is insufficient (validateScope)', async function() { + const client = { id: 12345, grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; const model = { - getAccessToken: function() { + getAccessToken: async function() { return { client: client, - user: {}, + user: { name: 'foouser' }, accessTokenExpiresAt: new Date(new Date().getTime() + 10000) }; }, - getClient: function() { + getClient: async function() { return client; }, - saveAuthorizationCode: function() { - return { authorizationCode: 12345, client: client }; + saveAuthorizationCode: async function() { + return { authorizationCode: 12345, client }; }, - validateScope: function() { + validateScope: async function(_user, _client, _scope) { + _scope.should.equal('read'); return false; } }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, @@ -431,29 +485,36 @@ describe('AuthorizeHandler integration', function() { }); const response = new Response({ body: {}, headers: {} }); - return handler.handle(request, response) - .then(should.fail) - .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20scope%3A%20Requested%20scope%20is%20invalid&state=foobar'); - }); + try { + await handler.handle(request, response); + should.fail(); + } catch(e) { + e.should.be.an.instanceOf(InvalidScopeError); + e.message.should.equal('Invalid scope: Requested scope is invalid'); + response.status.should.equal(302); + response + .get('location') + .should + .equal('http://example.com/cb?error=invalid_scope&error_description=Invalid%20scope%3A%20Requested%20scope%20is%20invalid&state=foobar'); + } }); - it('should redirect to an error response if `state` is missing', function() { - const model = { - getAccessToken: function() { + it('should redirect to an error response if `state` is missing', async function() { + const model = createModel({ + getAccessToken: async function() { return { user: {}, accessTokenExpiresAt: new Date(new Date().getTime() + 10000) }; }, - getClient: function() { + getClient: async function() { return { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; }, - saveAuthorizationCode: function() { + saveAuthorizationCode: async function() { throw new AccessDeniedError('Cannot request this auth code'); } - }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, @@ -467,29 +528,34 @@ describe('AuthorizeHandler integration', function() { }); const response = new Response({ body: {}, headers: {} }); - return handler.handle(request, response) - .then(should.fail) - .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=invalid_request&error_description=Missing%20parameter%3A%20%60state%60'); - }); + try { + await handler.handle(request, response); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(InvalidRequestError); + e.message.should.equal('Missing parameter: `state`'); + response.status.should.equal(302); + response + .get('location') + .should + .equal('http://example.com/cb?error=invalid_request&error_description=Missing%20parameter%3A%20%60state%60'); + } }); - it('should redirect to an error response if `response_type` is invalid', function() { + it('should redirect to an error response if `response_type` is invalid', async function() { const model = { - getAccessToken: function() { + getAccessToken: async function() { return { user: {}, accessTokenExpiresAt: new Date(new Date().getTime() + 10000) }; }, - getClient: function() { + getClient: async function() { return { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; }, - saveAuthorizationCode: function() { - return { authorizationCode: 12345, client: {} }; - } + saveAuthorizationCode: () => should.fail() // should fail before call }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, @@ -505,33 +571,43 @@ describe('AuthorizeHandler integration', function() { }); const response = new Response({ body: {}, headers: {} }); - return handler.handle(request, response) - .then(should.fail) - .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=unsupported_response_type&error_description=Unsupported%20response%20type%3A%20%60response_type%60%20is%20not%20supported&state=foobar'); - }); + try { + await handler.handle(request, response); + should.fail(); + } catch (e) { + e.should.be.an.instanceOf(UnsupportedResponseTypeError); + e.message.should.equal('Unsupported response type: `response_type` is not supported'); + response.status.should.equal(302); + response + .get('location') + .should + .equal('http://example.com/cb?error=unsupported_response_type&error_description=Unsupported%20response%20type%3A%20%60response_type%60%20is%20not%20supported&state=foobar'); + } }); - it('should fail on invalid `response_type` before calling model.saveAuthorizationCode()', function() { + it('should return the `code` if successful', async function() { + const client = { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; const model = { - getAccessToken: function() { + getAccessToken: async function() { return { + client: client, user: {}, accessTokenExpiresAt: new Date(new Date().getTime() + 10000) }; }, - getClient: function() { - return { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; + getClient: async function() { + return client; }, - saveAuthorizationCode: function() { - throw new Error('must not be reached'); + generateAuthorizationCode: async () => 'some-code', + saveAuthorizationCode: async function(code) { + return { authorizationCode: code.authorizationCode, client: client }; } }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, - response_type: 'test' + response_type: 'code' }, headers: { 'Authorization': 'Bearer foo' @@ -543,24 +619,111 @@ describe('AuthorizeHandler integration', function() { }); const response = new Response({ body: {}, headers: {} }); - return handler.handle(request, response) - .then(should.fail) - .catch(function() { - response.get('location').should.equal('http://example.com/cb?error=unsupported_response_type&error_description=Unsupported%20response%20type%3A%20%60response_type%60%20is%20not%20supported&state=foobar'); - }); + const data = await handler.handle(request, response); + data.should.eql({ + authorizationCode: 'some-code', + client: client + }); }); - it('should return the `code` if successful', function() { + it('should return the `code` if successful (full model implementation)', async function () { + const user = { name: 'fooUser' }; + const state = 'fooobarstatebaz'; + const scope = 'read'; + const client = { + id: 'client-1322132131', + grants: ['authorization_code'], + redirectUris: ['http://example.com/cb'] + }; + const authorizationCode = 'long-authz-code-?'; + const accessTokenDoc = { + accessToken: 'some-access-token-code-?', + client, + user, + scope, + accessTokenExpiresAt: new Date(new Date().getTime() + 10000) + }; + const model = { + getClient: async function (clientId, clientSecret) { + clientId.should.equal(client.id); + (clientSecret === null).should.equal(true); + return { ...client }; + }, + getAccessToken: async function (_token) { + _token.should.equal(accessTokenDoc.accessToken); + return { ...accessTokenDoc }; + }, + verifyScope: async function (_tokenDoc, _scope) { + _tokenDoc.should.equal(accessTokenDoc); + _scope.should.equal(accessTokenDoc.scope); + return true; + }, + validateScope: async function (_user, _client, _scope) { + _user.should.deep.equal(user); + _client.should.deep.equal(client); + _scope.should.equal(scope); + return _scope; + }, + generateAuthorizationCode: async function (_client, _user, _scope) { + _user.should.deep.equal(user); + _client.should.deep.equal(client); + _scope.should.equal(scope); + return authorizationCode; + }, + saveAuthorizationCode: async function (code, _client, _user) { + code.authorizationCode.should.equal(authorizationCode); + code.expiresAt.should.be.instanceOf(Date); + _user.should.deep.equal(user); + _client.should.deep.equal(client); + return { ...code, client, user }; + } + }; + + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); + const request = new Request({ + body: { + client_id: client.id, + response_type: 'code' + }, + headers: { + 'Authorization': `Bearer ${accessTokenDoc.accessToken}` + }, + method: {}, + query: { state, scope } + }); + + const response = new Response({ body: {}, headers: {} }); + const data = await handler.handle(request, response); + data.scope.should.equal(scope); + data.client.should.deep.equal(client); + data.user.should.deep.equal(user); + data.expiresAt.should.be.instanceOf(Date); + data.redirectUri.should.equal(client.redirectUris[0]); + response.status.should.equal(302); + response + .get('location') + .should + .equal('http://example.com/cb?code=long-authz-code-%3F&state=fooobarstatebaz'); + }); + + it('should support a custom `authenticateHandler`', async function () { + const user = { name: 'user1' }; + const authenticateHandler = { + handle: async function () { + // all good + return { ...user }; + } + }; const client = { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; const model = { - getAccessToken: function() { + getAccessToken: async function() { return { client: client, user: {}, accessTokenExpiresAt: new Date(new Date().getTime() + 10000) }; }, - getClient: function() { + getClient: async function() { return client; }, generateAuthorizationCode: async () => 'some-code', @@ -568,7 +731,7 @@ describe('AuthorizeHandler integration', function() { return { authorizationCode: code.authorizationCode, client: client }; } }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model, authenticateHandler }); const request = new Request({ body: { client_id: 12345, @@ -584,14 +747,11 @@ describe('AuthorizeHandler integration', function() { }); const response = new Response({ body: {}, headers: {} }); - return handler.handle(request, response) - .then(function(data) { - data.should.eql({ - authorizationCode: 'some-code', - client: client - }); - }) - .catch(should.fail); + const data = await handler.handle(request, response); + data.should.eql({ + authorizationCode: 'some-code', + client: client + }); }); }); @@ -602,7 +762,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); return handler.generateAuthorizationCode() .then(function(data) { @@ -620,7 +780,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); handler.generateAuthorizationCode().should.be.an.instanceOf(Promise); }); @@ -634,7 +794,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); handler.generateAuthorizationCode().should.be.an.instanceOf(Promise); }); @@ -647,7 +807,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); handler.getAuthorizationCodeLifetime().should.be.an.instanceOf(Date); }); @@ -661,7 +821,7 @@ describe('AuthorizeHandler integration', function() { saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); handler.validateRedirectUri('http://example.com/a', { redirectUris: ['http://example.com/a'] }).should.be.an.instanceOf(Promise); }); @@ -676,7 +836,7 @@ describe('AuthorizeHandler integration', function() { } }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); handler.validateRedirectUri('http://example.com/a', { }).should.be.an.instanceOf(Promise); }); @@ -691,7 +851,7 @@ describe('AuthorizeHandler integration', function() { } }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); handler.validateRedirectUri('http://example.com/a', { }).should.be.an.instanceOf(Promise); }); @@ -704,7 +864,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { response_type: 'code' }, headers: {}, method: {}, query: {} }); try { @@ -723,7 +883,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 'ø倣‰', response_type: 'code' }, headers: {}, method: {}, query: {} }); try { @@ -742,7 +902,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, response_type: 'code', redirect_uri: 'foobar' }, headers: {}, method: {}, query: {} }); try { @@ -761,7 +921,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, response_type: 'code' }, headers: {}, method: {}, query: {} }); return handler.getClient(request) @@ -780,7 +940,7 @@ describe('AuthorizeHandler integration', function() { }, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, response_type: 'code' }, headers: {}, method: {}, query: {} }); return handler.getClient(request) @@ -799,7 +959,7 @@ describe('AuthorizeHandler integration', function() { }, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, response_type: 'code' }, headers: {}, method: {}, query: {} }); return handler.getClient(request) @@ -816,7 +976,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() { return { grants: ['authorization_code'] }; }, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, response_type: 'code' }, headers: {}, method: {}, query: {} }); return handler.getClient(request) @@ -835,7 +995,7 @@ describe('AuthorizeHandler integration', function() { }, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345, response_type: 'code', redirect_uri: 'https://foobar.com' }, headers: {}, method: {}, query: {} }); return handler.getClient(request) @@ -854,7 +1014,7 @@ describe('AuthorizeHandler integration', function() { }, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345 }, headers: {}, @@ -873,7 +1033,7 @@ describe('AuthorizeHandler integration', function() { }, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { client_id: 12345 }, headers: {}, @@ -894,7 +1054,7 @@ describe('AuthorizeHandler integration', function() { }, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { response_type: 'code' }, headers: {}, method: {}, query: { client_id: 12345 } }); return handler.getClient(request) @@ -913,7 +1073,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { scope: 'ø倣‰' }, headers: {}, method: {}, query: {} }); try { @@ -933,7 +1093,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { scope: 'foo' }, headers: {}, method: {}, query: {} }); handler.getScope(request).should.equal('foo'); @@ -947,7 +1107,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: { scope: 'foo' } }); handler.getScope(request).should.equal('foo'); @@ -962,7 +1122,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ allowEmptyState: false, authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ allowEmptyState: false, authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { @@ -981,7 +1141,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ allowEmptyState: true, authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ allowEmptyState: true, authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); const state = handler.getState(request); should.equal(state, undefined); @@ -993,7 +1153,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: { state: 'ø倣‰' } }); try { @@ -1013,7 +1173,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { state: 'foobar' }, headers: {}, method: {}, query: {} }); handler.getState(request).should.equal('foobar'); @@ -1027,7 +1187,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: { state: 'foobar' } }); handler.getState(request).should.equal('foobar'); @@ -1042,7 +1202,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authenticateHandler: authenticateHandler, authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authenticateHandler: authenticateHandler, authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); const response = new Response(); @@ -1066,7 +1226,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: { 'Authorization': 'Bearer foo' }, method: {}, query: {} }); const response = new Response({ body: {}, headers: {} }); @@ -1088,7 +1248,7 @@ describe('AuthorizeHandler integration', function() { return authorizationCode; } }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); return handler.saveAuthorizationCode('foo', 'bar', 'biz', 'baz') .then(function(data) { @@ -1105,7 +1265,7 @@ describe('AuthorizeHandler integration', function() { return {}; } }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); handler.saveAuthorizationCode('foo', 'bar', 'biz', 'baz').should.be.an.instanceOf(Promise); }); @@ -1118,7 +1278,7 @@ describe('AuthorizeHandler integration', function() { return {}; } }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); handler.saveAuthorizationCode('foo', 'bar', 'biz', 'baz').should.be.an.instanceOf(Promise); }); @@ -1131,7 +1291,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { @@ -1150,7 +1310,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { response_type: 'foobar' }, headers: {}, method: {}, query: {} }); try { @@ -1170,7 +1330,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { response_type: 'code' }, headers: {}, method: {}, query: {} }); const ResponseType = handler.getResponseType(request); @@ -1185,7 +1345,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: { response_type: 'code' } }); const ResponseType = handler.getResponseType(request); @@ -1201,7 +1361,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const responseType = new CodeResponseType(12345); const redirectUri = handler.buildSuccessRedirectUri('http://example.com/cb', responseType); @@ -1217,7 +1377,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const redirectUri = handler.buildErrorRedirectUri('http://example.com/cb', error); url.format(redirectUri).should.equal('http://example.com/cb?error=invalid_client&error_description=foo%20bar'); @@ -1230,7 +1390,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const redirectUri = handler.buildErrorRedirectUri('http://example.com/cb', error); url.format(redirectUri).should.equal('http://example.com/cb?error=invalid_client&error_description=Bad%20Request'); @@ -1244,7 +1404,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const response = new Response({ body: {}, headers: {} }); const uri = url.parse('http://example.com/cb'); @@ -1261,7 +1421,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {code_challenge_method: 'S256'}, headers: {}, method: {}, query: {} }); const codeChallengeMethod = handler.getCodeChallengeMethod(request); @@ -1274,7 +1434,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {code_challenge_method: 'foo'}, headers: {}, method: {}, query: {} }); try { @@ -1294,7 +1454,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); const codeChallengeMethod = handler.getCodeChallengeMethod(request); @@ -1309,7 +1469,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {code_challenge: 'challenge'}, headers: {}, method: {}, query: {} }); const codeChallengeMethod = handler.getCodeChallenge(request); From d3c68d3e182835e1edb7f7929ecc5bd9c2156e9b Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 26 Aug 2023 07:13:05 +0200 Subject: [PATCH 44/86] refactored abstract-grant-type --- lib/grant-types/abstract-grant-type.js | 125 ++++++++++++------------- 1 file changed, 60 insertions(+), 65 deletions(-) diff --git a/lib/grant-types/abstract-grant-type.js b/lib/grant-types/abstract-grant-type.js index 4fd02437..e351d940 100644 --- a/lib/grant-types/abstract-grant-type.js +++ b/lib/grant-types/abstract-grant-type.js @@ -9,97 +9,92 @@ const InvalidScopeError = require('../errors/invalid-scope-error'); const isFormat = require('@node-oauth/formats'); const tokenUtil = require('../utils/token-util'); -/** - * Constructor. - */ +class AbstractGrantType { + constructor (options) { + options = options || {}; -function AbstractGrantType(options) { - options = options || {}; + if (!options.accessTokenLifetime) { + throw new InvalidArgumentError('Missing parameter: `accessTokenLifetime`'); + } - if (!options.accessTokenLifetime) { - throw new InvalidArgumentError('Missing parameter: `accessTokenLifetime`'); - } + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); + this.accessTokenLifetime = options.accessTokenLifetime; + this.model = options.model; + this.refreshTokenLifetime = options.refreshTokenLifetime; + this.alwaysIssueNewRefreshToken = options.alwaysIssueNewRefreshToken; } - this.accessTokenLifetime = options.accessTokenLifetime; - this.model = options.model; - this.refreshTokenLifetime = options.refreshTokenLifetime; - this.alwaysIssueNewRefreshToken = options.alwaysIssueNewRefreshToken; -} - -/** - * Generate access token. - */ + /** + * Generate access token. + */ + async generateAccessToken (client, user, scope) { + if (this.model.generateAccessToken) { + const accessToken = await this.model.generateAccessToken(client, user, scope); + return accessToken || tokenUtil.generateRandomToken(); + } -AbstractGrantType.prototype.generateAccessToken = async function(client, user, scope) { - if (this.model.generateAccessToken) { - const accessToken = await this.model.generateAccessToken(client, user, scope); - return accessToken || tokenUtil.generateRandomToken(); + return tokenUtil.generateRandomToken(); } - return tokenUtil.generateRandomToken(); -}; - -/** + /** * Generate refresh token. */ + async generateRefreshToken (client, user, scope) { + if (this.model.generateRefreshToken) { + const refreshToken = await this.model.generateRefreshToken(client, user, scope); + return refreshToken || tokenUtil.generateRandomToken(); + } -AbstractGrantType.prototype.generateRefreshToken = async function(client, user, scope) { - if (this.model.generateRefreshToken) { - const refreshToken = await this.model.generateRefreshToken(client, user, scope); - return refreshToken || tokenUtil.generateRandomToken(); + return tokenUtil.generateRandomToken(); } - return tokenUtil.generateRandomToken(); -}; - -/** + /** * Get access token expiration date. */ + getAccessTokenExpiresAt() { + return new Date(Date.now() + this.accessTokenLifetime * 1000); + } -AbstractGrantType.prototype.getAccessTokenExpiresAt = function() { - return new Date(Date.now() + this.accessTokenLifetime * 1000); -}; -/** - * Get refresh token expiration date. - */ -AbstractGrantType.prototype.getRefreshTokenExpiresAt = function() { - return new Date(Date.now() + this.refreshTokenLifetime * 1000); -}; + /** + * Get refresh token expiration date. + */ + getRefreshTokenExpiresAt () { + return new Date(Date.now() + this.refreshTokenLifetime * 1000); + } -/** - * Get scope from the request body. - */ + /** + * Get scope from the request body. + */ + getScope (request) { + if (!isFormat.nqschar(request.body.scope)) { + throw new InvalidArgumentError('Invalid parameter: `scope`'); + } -AbstractGrantType.prototype.getScope = function(request) { - if (!isFormat.nqschar(request.body.scope)) { - throw new InvalidArgumentError('Invalid parameter: `scope`'); + return request.body.scope; } - return request.body.scope; -}; + /** + * Validate requested scope. + */ + async validateScope (user, client, scope) { + if (this.model.validateScope) { + const validatedScope = await this.model.validateScope(user, client, scope); -/** - * Validate requested scope. - */ -AbstractGrantType.prototype.validateScope = async function(user, client, scope) { - if (this.model.validateScope) { - const validatedScope = await this.model.validateScope(user, client, scope); + if (!validatedScope) { + throw new InvalidScopeError('Invalid scope: Requested scope is invalid'); + } - if (!validatedScope) { - throw new InvalidScopeError('Invalid scope: Requested scope is invalid'); + return validatedScope; + } else { + return scope; } - - return validatedScope; - } else { - return scope; } -}; +} /** * Export constructor. From 9cbe92e26da57f7ffe958556c435ab9568bf41be Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 26 Aug 2023 07:18:13 +0200 Subject: [PATCH 45/86] refactored authenticate-handler --- lib/handlers/authenticate-handler.js | 363 ++++++++++++++------------- 1 file changed, 182 insertions(+), 181 deletions(-) diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js index 1da50f95..54945285 100644 --- a/lib/handlers/authenticate-handler.js +++ b/lib/handlers/authenticate-handler.js @@ -18,240 +18,241 @@ const UnauthorizedRequestError = require('../errors/unauthorized-request-error') * Constructor. */ -function AuthenticateHandler(options) { - options = options || {}; +class AuthenticateHandler { + constructor (options) { + options = options || {}; - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } - - if (!options.model.getAccessToken) { - throw new InvalidArgumentError('Invalid argument: model does not implement `getAccessToken()`'); - } - - if (options.scope && undefined === options.addAcceptedScopesHeader) { - throw new InvalidArgumentError('Missing parameter: `addAcceptedScopesHeader`'); - } - - if (options.scope && undefined === options.addAuthorizedScopesHeader) { - throw new InvalidArgumentError('Missing parameter: `addAuthorizedScopesHeader`'); - } + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } - if (options.scope && !options.model.verifyScope) { - throw new InvalidArgumentError('Invalid argument: model does not implement `verifyScope()`'); - } + if (!options.model.getAccessToken) { + throw new InvalidArgumentError('Invalid argument: model does not implement `getAccessToken()`'); + } - this.addAcceptedScopesHeader = options.addAcceptedScopesHeader; - this.addAuthorizedScopesHeader = options.addAuthorizedScopesHeader; - this.allowBearerTokensInQueryString = options.allowBearerTokensInQueryString; - this.model = options.model; - this.scope = options.scope; -} + if (options.scope && undefined === options.addAcceptedScopesHeader) { + throw new InvalidArgumentError('Missing parameter: `addAcceptedScopesHeader`'); + } -/** - * Authenticate Handler. - */ + if (options.scope && undefined === options.addAuthorizedScopesHeader) { + throw new InvalidArgumentError('Missing parameter: `addAuthorizedScopesHeader`'); + } -AuthenticateHandler.prototype.handle = async function(request, response) { - if (!(request instanceof Request)) { - throw new InvalidArgumentError('Invalid argument: `request` must be an instance of Request'); - } + if (options.scope && !options.model.verifyScope) { + throw new InvalidArgumentError('Invalid argument: model does not implement `verifyScope()`'); + } - if (!(response instanceof Response)) { - throw new InvalidArgumentError('Invalid argument: `response` must be an instance of Response'); + this.addAcceptedScopesHeader = options.addAcceptedScopesHeader; + this.addAuthorizedScopesHeader = options.addAuthorizedScopesHeader; + this.allowBearerTokensInQueryString = options.allowBearerTokensInQueryString; + this.model = options.model; + this.scope = options.scope; } - try { - const requestToken = await this.getTokenFromRequest(request); + /** + * Authenticate Handler. + */ - let accessToken; - accessToken = await this.getAccessToken(requestToken); - accessToken = await this.validateAccessToken(accessToken); - - if (this.scope) { - await this.verifyScope(accessToken); + async handle (request, response) { + if (!(request instanceof Request)) { + throw new InvalidArgumentError('Invalid argument: `request` must be an instance of Request'); } - this.updateResponse(response, accessToken); - - return accessToken; - } catch (e) { - // Include the "WWW-Authenticate" response header field if the client - // lacks any authentication information. - // - // @see https://tools.ietf.org/html/rfc6750#section-3.1 - if (e instanceof UnauthorizedRequestError) { - response.set('WWW-Authenticate', 'Bearer realm="Service"'); - } else if (e instanceof InvalidRequestError) { - response.set('WWW-Authenticate', 'Bearer realm="Service",error="invalid_request"'); - } else if (e instanceof InvalidTokenError) { - response.set('WWW-Authenticate', 'Bearer realm="Service",error="invalid_token"'); - } else if (e instanceof InsufficientScopeError) { - response.set('WWW-Authenticate', 'Bearer realm="Service",error="insufficient_scope"'); + if (!(response instanceof Response)) { + throw new InvalidArgumentError('Invalid argument: `response` must be an instance of Response'); } - if (!(e instanceof OAuthError)) { - throw new ServerError(e); + try { + const requestToken = await this.getTokenFromRequest(request); + + let accessToken; + accessToken = await this.getAccessToken(requestToken); + accessToken = await this.validateAccessToken(accessToken); + + if (this.scope) { + await this.verifyScope(accessToken); + } + + this.updateResponse(response, accessToken); + + return accessToken; + } catch (e) { + // Include the "WWW-Authenticate" response header field if the client + // lacks any authentication information. + // + // @see https://tools.ietf.org/html/rfc6750#section-3.1 + if (e instanceof UnauthorizedRequestError) { + response.set('WWW-Authenticate', 'Bearer realm="Service"'); + } else if (e instanceof InvalidRequestError) { + response.set('WWW-Authenticate', 'Bearer realm="Service",error="invalid_request"'); + } else if (e instanceof InvalidTokenError) { + response.set('WWW-Authenticate', 'Bearer realm="Service",error="invalid_token"'); + } else if (e instanceof InsufficientScopeError) { + response.set('WWW-Authenticate', 'Bearer realm="Service",error="insufficient_scope"'); + } + + if (!(e instanceof OAuthError)) { + throw new ServerError(e); + } + + throw e; } - - throw e; } -}; -/** - * Get the token from the header or body, depending on the request. - * - * "Clients MUST NOT use more than one method to transmit the token in each request." - * - * @see https://tools.ietf.org/html/rfc6750#section-2 - */ - -AuthenticateHandler.prototype.getTokenFromRequest = function(request) { - const headerToken = request.get('Authorization'); - const queryToken = request.query.access_token; - const bodyToken = request.body.access_token; + /** + * Get the token from the header or body, depending on the request. + * + * "Clients MUST NOT use more than one method to transmit the token in each request." + * + * @see https://tools.ietf.org/html/rfc6750#section-2 + */ + + getTokenFromRequest (request) { + const headerToken = request.get('Authorization'); + const queryToken = request.query.access_token; + const bodyToken = request.body.access_token; + + if (!!headerToken + !!queryToken + !!bodyToken > 1) { + throw new InvalidRequestError('Invalid request: only one authentication method is allowed'); + } - if (!!headerToken + !!queryToken + !!bodyToken > 1) { - throw new InvalidRequestError('Invalid request: only one authentication method is allowed'); - } + if (headerToken) { + return this.getTokenFromRequestHeader(request); + } - if (headerToken) { - return this.getTokenFromRequestHeader(request); - } + if (queryToken) { + return this.getTokenFromRequestQuery(request); + } - if (queryToken) { - return this.getTokenFromRequestQuery(request); - } + if (bodyToken) { + return this.getTokenFromRequestBody(request); + } - if (bodyToken) { - return this.getTokenFromRequestBody(request); + throw new UnauthorizedRequestError('Unauthorized request: no authentication given'); } - throw new UnauthorizedRequestError('Unauthorized request: no authentication given'); -}; + /** + * Get the token from the request header. + * + * @see http://tools.ietf.org/html/rfc6750#section-2.1 + */ -/** - * Get the token from the request header. - * - * @see http://tools.ietf.org/html/rfc6750#section-2.1 - */ + getTokenFromRequestHeader (request) { + const token = request.get('Authorization'); + const matches = token.match(/^Bearer\s(\S+)/); -AuthenticateHandler.prototype.getTokenFromRequestHeader = function(request) { - const token = request.get('Authorization'); - const matches = token.match(/^Bearer\s(\S+)/); + if (!matches) { + throw new InvalidRequestError('Invalid request: malformed authorization header'); + } - if (!matches) { - throw new InvalidRequestError('Invalid request: malformed authorization header'); + return matches[1]; } - return matches[1]; -}; - -/** - * Get the token from the request query. - * - * "Don't pass bearer tokens in page URLs: Bearer tokens SHOULD NOT be passed in page - * URLs (for example, as query string parameters). Instead, bearer tokens SHOULD be - * passed in HTTP message headers or message bodies for which confidentiality measures - * are taken. Browsers, web servers, and other software may not adequately secure URLs - * in the browser history, web server logs, and other data structures. If bearer tokens - * are passed in page URLs, attackers might be able to steal them from the history data, - * logs, or other unsecured locations." - * - * @see http://tools.ietf.org/html/rfc6750#section-2.3 - */ + /** + * Get the token from the request query. + * + * "Don't pass bearer tokens in page URLs: Bearer tokens SHOULD NOT be passed in page + * URLs (for example, as query string parameters). Instead, bearer tokens SHOULD be + * passed in HTTP message headers or message bodies for which confidentiality measures + * are taken. Browsers, web servers, and other software may not adequately secure URLs + * in the browser history, web server logs, and other data structures. If bearer tokens + * are passed in page URLs, attackers might be able to steal them from the history data, + * logs, or other unsecured locations." + * + * @see http://tools.ietf.org/html/rfc6750#section-2.3 + */ + + getTokenFromRequestQuery (request) { + if (!this.allowBearerTokensInQueryString) { + throw new InvalidRequestError('Invalid request: do not send bearer tokens in query URLs'); + } -AuthenticateHandler.prototype.getTokenFromRequestQuery = function(request) { - if (!this.allowBearerTokensInQueryString) { - throw new InvalidRequestError('Invalid request: do not send bearer tokens in query URLs'); + return request.query.access_token; } - return request.query.access_token; -}; - -/** - * Get the token from the request body. - * - * "The HTTP request method is one for which the request-body has defined semantics. - * In particular, this means that the "GET" method MUST NOT be used." - * - * @see http://tools.ietf.org/html/rfc6750#section-2.2 - */ + /** + * Get the token from the request body. + * + * "The HTTP request method is one for which the request-body has defined semantics. + * In particular, this means that the "GET" method MUST NOT be used." + * + * @see http://tools.ietf.org/html/rfc6750#section-2.2 + */ + + getTokenFromRequestBody (request) { + if (request.method === 'GET') { + throw new InvalidRequestError('Invalid request: token may not be passed in the body when using the GET verb'); + } -AuthenticateHandler.prototype.getTokenFromRequestBody = function(request) { - if (request.method === 'GET') { - throw new InvalidRequestError('Invalid request: token may not be passed in the body when using the GET verb'); - } + if (!request.is('application/x-www-form-urlencoded')) { + throw new InvalidRequestError('Invalid request: content must be application/x-www-form-urlencoded'); + } - if (!request.is('application/x-www-form-urlencoded')) { - throw new InvalidRequestError('Invalid request: content must be application/x-www-form-urlencoded'); + return request.body.access_token; } - return request.body.access_token; -}; + /** + * Get the access token from the model. + */ -/** - * Get the access token from the model. - */ + async getAccessToken (token) { + const accessToken = await this.model.getAccessToken(token); -AuthenticateHandler.prototype.getAccessToken = async function(token) { - const accessToken = await this.model.getAccessToken(token); + if (!accessToken) { + throw new InvalidTokenError('Invalid token: access token is invalid'); + } - if (!accessToken) { - throw new InvalidTokenError('Invalid token: access token is invalid'); - } + if (!accessToken.user) { + throw new ServerError('Server error: `getAccessToken()` did not return a `user` object'); + } - if (!accessToken.user) { - throw new ServerError('Server error: `getAccessToken()` did not return a `user` object'); + return accessToken; } - return accessToken; -}; + /** + * Validate access token. + */ -/** - * Validate access token. - */ + validateAccessToken (accessToken) { + if (!(accessToken.accessTokenExpiresAt instanceof Date)) { + throw new ServerError('Server error: `accessTokenExpiresAt` must be a Date instance'); + } -AuthenticateHandler.prototype.validateAccessToken = function(accessToken) { - if (!(accessToken.accessTokenExpiresAt instanceof Date)) { - throw new ServerError('Server error: `accessTokenExpiresAt` must be a Date instance'); - } + if (accessToken.accessTokenExpiresAt < new Date()) { + throw new InvalidTokenError('Invalid token: access token has expired'); + } - if (accessToken.accessTokenExpiresAt < new Date()) { - throw new InvalidTokenError('Invalid token: access token has expired'); + return accessToken; } - return accessToken; -}; + /** + * Verify scope. + */ -/** - * Verify scope. - */ + async verifyScope (accessToken) { + const scope = await this.model.verifyScope(accessToken, this.scope); -AuthenticateHandler.prototype.verifyScope = async function(accessToken) { - const scope = await this.model.verifyScope(accessToken, this.scope); + if (!scope) { + throw new InsufficientScopeError('Insufficient scope: authorized scope is insufficient'); + } - if (!scope) { - throw new InsufficientScopeError('Insufficient scope: authorized scope is insufficient'); + return scope; } - return scope; -}; + /** + * Update response. + */ -/** - * Update response. - */ - -AuthenticateHandler.prototype.updateResponse = function(response, accessToken) { - if (this.scope && this.addAcceptedScopesHeader) { - response.set('X-Accepted-OAuth-Scopes', this.scope); - } + updateResponse (response, accessToken) { + if (this.scope && this.addAcceptedScopesHeader) { + response.set('X-Accepted-OAuth-Scopes', this.scope); + } - if (this.scope && this.addAuthorizedScopesHeader) { - response.set('X-OAuth-Scopes', accessToken.scope); + if (this.scope && this.addAuthorizedScopesHeader) { + response.set('X-OAuth-Scopes', accessToken.scope); + } } -}; - +} /** * Export constructor. */ From 900dff53f58ab7e550cfeb2f3a91df410478e7ee Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 26 Aug 2023 07:22:16 +0200 Subject: [PATCH 46/86] refactored authorize-handler --- lib/handlers/authorize-handler.js | 535 +++++++++++++++--------------- 1 file changed, 268 insertions(+), 267 deletions(-) diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index 75d1b2e6..a98a037a 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -34,361 +34,362 @@ const responseTypes = { * Constructor. */ -function AuthorizeHandler(options) { - options = options || {}; +class AuthorizeHandler { + constructor (options) { + options = options || {}; - if (options.authenticateHandler && !options.authenticateHandler.handle) { - throw new InvalidArgumentError('Invalid argument: authenticateHandler does not implement `handle()`'); - } - - if (!options.authorizationCodeLifetime) { - throw new InvalidArgumentError('Missing parameter: `authorizationCodeLifetime`'); - } - - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } - - if (!options.model.getClient) { - throw new InvalidArgumentError('Invalid argument: model does not implement `getClient()`'); - } + if (options.authenticateHandler && !options.authenticateHandler.handle) { + throw new InvalidArgumentError('Invalid argument: authenticateHandler does not implement `handle()`'); + } - if (!options.model.saveAuthorizationCode) { - throw new InvalidArgumentError('Invalid argument: model does not implement `saveAuthorizationCode()`'); - } + if (!options.authorizationCodeLifetime) { + throw new InvalidArgumentError('Missing parameter: `authorizationCodeLifetime`'); + } - this.allowEmptyState = options.allowEmptyState; - this.authenticateHandler = options.authenticateHandler || new AuthenticateHandler(options); - this.authorizationCodeLifetime = options.authorizationCodeLifetime; - this.model = options.model; -} + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } -/** - * Authorize Handler. - */ + if (!options.model.getClient) { + throw new InvalidArgumentError('Invalid argument: model does not implement `getClient()`'); + } -AuthorizeHandler.prototype.handle = async function(request, response) { - if (!(request instanceof Request)) { - throw new InvalidArgumentError('Invalid argument: `request` must be an instance of Request'); - } + if (!options.model.saveAuthorizationCode) { + throw new InvalidArgumentError('Invalid argument: model does not implement `saveAuthorizationCode()`'); + } - if (!(response instanceof Response)) { - throw new InvalidArgumentError('Invalid argument: `response` must be an instance of Response'); + this.allowEmptyState = options.allowEmptyState; + this.authenticateHandler = options.authenticateHandler || new AuthenticateHandler(options); + this.authorizationCodeLifetime = options.authorizationCodeLifetime; + this.model = options.model; } - const expiresAt = await this.getAuthorizationCodeLifetime(); - const client = await this.getClient(request); - const user = await this.getUser(request, response); + /** + * Authorize Handler. + */ - let uri; - let state; - - try { - uri = this.getRedirectUri(request, client); - state = this.getState(request); - - if (request.query.allowed === 'false' || request.body.allowed === 'false') { - throw new AccessDeniedError('Access denied: user denied access to application'); + async handle (request, response) { + if (!(request instanceof Request)) { + throw new InvalidArgumentError('Invalid argument: `request` must be an instance of Request'); } - const requestedScope = this.getScope(request); - const validScope = await this.validateScope(user, client, requestedScope); - const authorizationCode = this.generateAuthorizationCode(client, user, validScope); - - const ResponseType = this.getResponseType(request); - const codeChallenge = this.getCodeChallenge(request); - const codeChallengeMethod = this.getCodeChallengeMethod(request); - const code = await this.saveAuthorizationCode( - authorizationCode, - expiresAt, - validScope, - client, - uri, - user, - codeChallenge, - codeChallengeMethod - ); - - const responseTypeInstance = new ResponseType(code.authorizationCode); - const redirectUri = this.buildSuccessRedirectUri(uri, responseTypeInstance); - - this.updateResponse(response, redirectUri, state); - - return code; - } catch (err) { - let e = err; - - if (!(e instanceof OAuthError)) { - e = new ServerError(e); + if (!(response instanceof Response)) { + throw new InvalidArgumentError('Invalid argument: `response` must be an instance of Response'); } - const redirectUri = this.buildErrorRedirectUri(uri, e); - this.updateResponse(response, redirectUri, state); - throw e; + const expiresAt = await this.getAuthorizationCodeLifetime(); + const client = await this.getClient(request); + const user = await this.getUser(request, response); + + let uri; + let state; + + try { + uri = this.getRedirectUri(request, client); + state = this.getState(request); + + if (request.query.allowed === 'false' || request.body.allowed === 'false') { + throw new AccessDeniedError('Access denied: user denied access to application'); + } + + const requestedScope = this.getScope(request); + const validScope = await this.validateScope(user, client, requestedScope); + const authorizationCode = this.generateAuthorizationCode(client, user, validScope); + + const ResponseType = this.getResponseType(request); + const codeChallenge = this.getCodeChallenge(request); + const codeChallengeMethod = this.getCodeChallengeMethod(request); + const code = await this.saveAuthorizationCode( + authorizationCode, + expiresAt, + validScope, + client, + uri, + user, + codeChallenge, + codeChallengeMethod + ); + + const responseTypeInstance = new ResponseType(code.authorizationCode); + const redirectUri = this.buildSuccessRedirectUri(uri, responseTypeInstance); + + this.updateResponse(response, redirectUri, state); + + return code; + } catch (err) { + let e = err; + + if (!(e instanceof OAuthError)) { + e = new ServerError(e); + } + const redirectUri = this.buildErrorRedirectUri(uri, e); + this.updateResponse(response, redirectUri, state); + + throw e; + } } -}; -/** - * Generate authorization code. - */ + /** + * Generate authorization code. + */ -AuthorizeHandler.prototype.generateAuthorizationCode = async function(client, user, scope) { - if (this.model.generateAuthorizationCode) { - return this.model.generateAuthorizationCode(client, user, scope); + async generateAuthorizationCode (client, user, scope) { + if (this.model.generateAuthorizationCode) { + return this.model.generateAuthorizationCode(client, user, scope); + } + return tokenUtil.generateRandomToken(); } - return tokenUtil.generateRandomToken(); -}; -/** - * Get authorization code lifetime. - */ + /** + * Get authorization code lifetime. + */ -AuthorizeHandler.prototype.getAuthorizationCodeLifetime = function() { - const expires = new Date(); + getAuthorizationCodeLifetime () { + const expires = new Date(); - expires.setSeconds(expires.getSeconds() + this.authorizationCodeLifetime); - return expires; -}; + expires.setSeconds(expires.getSeconds() + this.authorizationCodeLifetime); + return expires; + } -/** - * Get the client from the model. - */ + /** + * Get the client from the model. + */ -AuthorizeHandler.prototype.getClient = async function(request) { - const self = this; - const clientId = request.body.client_id || request.query.client_id; + async getClient (request) { + const self = this; + const clientId = request.body.client_id || request.query.client_id; - if (!clientId) { - throw new InvalidRequestError('Missing parameter: `client_id`'); - } + if (!clientId) { + throw new InvalidRequestError('Missing parameter: `client_id`'); + } - if (!isFormat.vschar(clientId)) { - throw new InvalidRequestError('Invalid parameter: `client_id`'); - } + if (!isFormat.vschar(clientId)) { + throw new InvalidRequestError('Invalid parameter: `client_id`'); + } - const redirectUri = request.body.redirect_uri || request.query.redirect_uri; + const redirectUri = request.body.redirect_uri || request.query.redirect_uri; - if (redirectUri && !isFormat.uri(redirectUri)) { - throw new InvalidRequestError('Invalid request: `redirect_uri` is not a valid URI'); - } + if (redirectUri && !isFormat.uri(redirectUri)) { + throw new InvalidRequestError('Invalid request: `redirect_uri` is not a valid URI'); + } - const client = await this.model.getClient(clientId, null); + const client = await this.model.getClient(clientId, null); - if (!client) { - throw new InvalidClientError('Invalid client: client credentials are invalid'); - } + if (!client) { + throw new InvalidClientError('Invalid client: client credentials are invalid'); + } - if (!client.grants) { - throw new InvalidClientError('Invalid client: missing client `grants`'); - } + if (!client.grants) { + throw new InvalidClientError('Invalid client: missing client `grants`'); + } - if (!Array.isArray(client.grants) || !client.grants.includes('authorization_code')) { - throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid'); - } + if (!Array.isArray(client.grants) || !client.grants.includes('authorization_code')) { + throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid'); + } - if (!client.redirectUris || 0 === client.redirectUris.length) { - throw new InvalidClientError('Invalid client: missing client `redirectUri`'); - } + if (!client.redirectUris || 0 === client.redirectUris.length) { + throw new InvalidClientError('Invalid client: missing client `redirectUri`'); + } - if (redirectUri) { - const valid = await self.validateRedirectUri(redirectUri, client); + if (redirectUri) { + const valid = await self.validateRedirectUri(redirectUri, client); - if (!valid) { - throw new InvalidClientError('Invalid client: `redirect_uri` does not match client value'); + if (!valid) { + throw new InvalidClientError('Invalid client: `redirect_uri` does not match client value'); + } } + + return client; } - return client; -}; + /** + * Validate requested scope. + */ + async validateScope (user, client, scope) { + if (this.model.validateScope) { + const validatedScope = await this.model.validateScope(user, client, scope); -/** - * Validate requested scope. - */ -AuthorizeHandler.prototype.validateScope = async function(user, client, scope) { - if (this.model.validateScope) { - const validatedScope = await this.model.validateScope(user, client, scope); + if (!validatedScope) { + throw new InvalidScopeError('Invalid scope: Requested scope is invalid'); + } - if (!validatedScope) { - throw new InvalidScopeError('Invalid scope: Requested scope is invalid'); + return validatedScope; } - return validatedScope; + return scope; } - return scope; -}; + /** + * Get scope from the request. + */ -/** - * Get scope from the request. - */ + getScope (request) { + const scope = request.body.scope || request.query.scope; -AuthorizeHandler.prototype.getScope = function(request) { - const scope = request.body.scope || request.query.scope; + if (!isFormat.nqschar(scope)) { + throw new InvalidScopeError('Invalid parameter: `scope`'); + } - if (!isFormat.nqschar(scope)) { - throw new InvalidScopeError('Invalid parameter: `scope`'); + return scope; } - return scope; -}; + /** + * Get state from the request. + */ -/** - * Get state from the request. - */ + getState (request) { + const state = request.body.state || request.query.state; + const stateExists = state && state.length > 0; + const stateIsValid = stateExists + ? isFormat.vschar(state) + : this.allowEmptyState; -AuthorizeHandler.prototype.getState = function(request) { - const state = request.body.state || request.query.state; - const stateExists = state && state.length > 0; - const stateIsValid = stateExists - ? isFormat.vschar(state) - : this.allowEmptyState; + if (!stateIsValid) { + const message = (!stateExists) ? 'Missing' : 'Invalid'; + throw new InvalidRequestError(`${message} parameter: \`state\``); + } - if (!stateIsValid) { - const message = (!stateExists) ? 'Missing' : 'Invalid'; - throw new InvalidRequestError(`${message} parameter: \`state\``); + return state; } - return state; -}; + /** + * Get user by calling the authenticate middleware. + */ -/** - * Get user by calling the authenticate middleware. - */ + async getUser (request, response) { + if (this.authenticateHandler instanceof AuthenticateHandler) { + const handled = await this.authenticateHandler.handle(request, response); + return handled + ? handled.user + : undefined; + } -AuthorizeHandler.prototype.getUser = async function(request, response) { - if (this.authenticateHandler instanceof AuthenticateHandler) { - const handled = await this.authenticateHandler.handle(request, response); - return handled - ? handled.user - : undefined; - } + const user = await this.authenticateHandler.handle(request, response); - const user = await this.authenticateHandler.handle(request, response); + if (!user) { + throw new ServerError('Server error: `handle()` did not return a `user` object'); + } - if (!user) { - throw new ServerError('Server error: `handle()` did not return a `user` object'); + return user; } - return user; -}; - -/** - * Get redirect URI. - */ + /** + * Get redirect URI. + */ -AuthorizeHandler.prototype.getRedirectUri = function(request, client) { - return request.body.redirect_uri || request.query.redirect_uri || client.redirectUris[0]; -}; + getRedirectUri (request, client) { + return request.body.redirect_uri || request.query.redirect_uri || client.redirectUris[0]; + } -/** - * Save authorization code. - */ + /** + * Save authorization code. + */ + + async saveAuthorizationCode (authorizationCode, expiresAt, scope, client, redirectUri, user, codeChallenge, codeChallengeMethod) { + let code = { + authorizationCode: authorizationCode, + expiresAt: expiresAt, + redirectUri: redirectUri, + scope: scope + }; + + if(codeChallenge && codeChallengeMethod){ + code = Object.assign({ + codeChallenge: codeChallenge, + codeChallengeMethod: codeChallengeMethod + }, code); + } -AuthorizeHandler.prototype.saveAuthorizationCode = async function(authorizationCode, expiresAt, scope, client, redirectUri, user, codeChallenge, codeChallengeMethod) { - let code = { - authorizationCode: authorizationCode, - expiresAt: expiresAt, - redirectUri: redirectUri, - scope: scope - }; - - if(codeChallenge && codeChallengeMethod){ - code = Object.assign({ - codeChallenge: codeChallenge, - codeChallengeMethod: codeChallengeMethod - }, code); + return this.model.saveAuthorizationCode(code, client, user); } - return this.model.saveAuthorizationCode(code, client, user); -}; + async validateRedirectUri (redirectUri, client) { + if (this.model.validateRedirectUri) { + return this.model.validateRedirectUri(redirectUri, client); + } -AuthorizeHandler.prototype.validateRedirectUri = async function(redirectUri, client) { - if (this.model.validateRedirectUri) { - return this.model.validateRedirectUri(redirectUri, client); + return client.redirectUris.includes(redirectUri); } + /** + * Get response type. + */ - return client.redirectUris.includes(redirectUri); -}; -/** - * Get response type. - */ + getResponseType (request) { + const responseType = request.body.response_type || request.query.response_type; -AuthorizeHandler.prototype.getResponseType = function(request) { - const responseType = request.body.response_type || request.query.response_type; + if (!responseType) { + throw new InvalidRequestError('Missing parameter: `response_type`'); + } - if (!responseType) { - throw new InvalidRequestError('Missing parameter: `response_type`'); - } + if (!Object.prototype.hasOwnProperty.call(responseTypes, responseType)) { + throw new UnsupportedResponseTypeError('Unsupported response type: `response_type` is not supported'); + } - if (!Object.prototype.hasOwnProperty.call(responseTypes, responseType)) { - throw new UnsupportedResponseTypeError('Unsupported response type: `response_type` is not supported'); + return responseTypes[responseType]; } - return responseTypes[responseType]; -}; + /** + * Build a successful response that redirects the user-agent to the client-provided url. + */ -/** - * Build a successful response that redirects the user-agent to the client-provided url. - */ + buildSuccessRedirectUri (redirectUri, responseType) { + return responseType.buildRedirectUri(redirectUri); + } -AuthorizeHandler.prototype.buildSuccessRedirectUri = function(redirectUri, responseType) { - return responseType.buildRedirectUri(redirectUri); -}; + /** + * Build an error response that redirects the user-agent to the client-provided url. + */ -/** - * Build an error response that redirects the user-agent to the client-provided url. - */ + buildErrorRedirectUri (redirectUri, error) { + const uri = url.parse(redirectUri); -AuthorizeHandler.prototype.buildErrorRedirectUri = function(redirectUri, error) { - const uri = url.parse(redirectUri); + uri.query = { + error: error.name + }; - uri.query = { - error: error.name - }; + if (error.message) { + uri.query.error_description = error.message; + } - if (error.message) { - uri.query.error_description = error.message; + return uri; } - return uri; -}; + /** + * Update response with the redirect uri and the state parameter, if available. + */ -/** - * Update response with the redirect uri and the state parameter, if available. - */ + updateResponse (response, redirectUri, state) { + redirectUri.query = redirectUri.query || {}; -AuthorizeHandler.prototype.updateResponse = function(response, redirectUri, state) { - redirectUri.query = redirectUri.query || {}; + if (state) { + redirectUri.query.state = state; + } - if (state) { - redirectUri.query.state = state; + response.redirect(url.format(redirectUri)); } - response.redirect(url.format(redirectUri)); -}; - -AuthorizeHandler.prototype.getCodeChallenge = function(request) { - return request.body.code_challenge; -}; - -/** - * Get code challenge method from request or defaults to plain. - * https://www.rfc-editor.org/rfc/rfc7636#section-4.3 - * - * @throws {InvalidRequestError} if request contains unsupported code_challenge_method - * (see https://www.rfc-editor.org/rfc/rfc7636#section-4.4) - */ -AuthorizeHandler.prototype.getCodeChallengeMethod = function(request) { - const algorithm = request.body.code_challenge_method; - - if (algorithm && !pkce.isValidMethod(algorithm)) { - throw new InvalidRequestError(`Invalid request: transform algorithm '${algorithm}' not supported`); + getCodeChallenge (request) { + return request.body.code_challenge; } - return algorithm || 'plain'; -}; + /** + * Get code challenge method from request or defaults to plain. + * https://www.rfc-editor.org/rfc/rfc7636#section-4.3 + * + * @throws {InvalidRequestError} if request contains unsupported code_challenge_method + * (see https://www.rfc-editor.org/rfc/rfc7636#section-4.4) + */ + getCodeChallengeMethod (request) { + const algorithm = request.body.code_challenge_method; + + if (algorithm && !pkce.isValidMethod(algorithm)) { + throw new InvalidRequestError(`Invalid request: transform algorithm '${algorithm}' not supported`); + } + return algorithm || 'plain'; + } +} /** * Export constructor. */ From cc99be50bdd346da713c3e5513d2989b6ee074a8 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 26 Aug 2023 07:24:17 +0200 Subject: [PATCH 47/86] refactored token-handler --- lib/handlers/token-handler.js | 396 +++++++++++++++++----------------- 1 file changed, 199 insertions(+), 197 deletions(-) diff --git a/lib/handlers/token-handler.js b/lib/handlers/token-handler.js index 468d8102..6ce6c215 100644 --- a/lib/handlers/token-handler.js +++ b/lib/handlers/token-handler.js @@ -34,264 +34,266 @@ const grantTypes = { * Constructor. */ -function TokenHandler(options) { - options = options || {}; +class TokenHandler { + constructor (options) { + options = options || {}; - if (!options.accessTokenLifetime) { - throw new InvalidArgumentError('Missing parameter: `accessTokenLifetime`'); - } + if (!options.accessTokenLifetime) { + throw new InvalidArgumentError('Missing parameter: `accessTokenLifetime`'); + } - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } - if (!options.refreshTokenLifetime) { - throw new InvalidArgumentError('Missing parameter: `refreshTokenLifetime`'); - } + if (!options.refreshTokenLifetime) { + throw new InvalidArgumentError('Missing parameter: `refreshTokenLifetime`'); + } + + if (!options.model.getClient) { + throw new InvalidArgumentError('Invalid argument: model does not implement `getClient()`'); + } - if (!options.model.getClient) { - throw new InvalidArgumentError('Invalid argument: model does not implement `getClient()`'); + this.accessTokenLifetime = options.accessTokenLifetime; + this.grantTypes = Object.assign({}, grantTypes, options.extendedGrantTypes); + this.model = options.model; + this.refreshTokenLifetime = options.refreshTokenLifetime; + this.allowExtendedTokenAttributes = options.allowExtendedTokenAttributes; + this.requireClientAuthentication = options.requireClientAuthentication || {}; + this.alwaysIssueNewRefreshToken = options.alwaysIssueNewRefreshToken !== false; } - this.accessTokenLifetime = options.accessTokenLifetime; - this.grantTypes = Object.assign({}, grantTypes, options.extendedGrantTypes); - this.model = options.model; - this.refreshTokenLifetime = options.refreshTokenLifetime; - this.allowExtendedTokenAttributes = options.allowExtendedTokenAttributes; - this.requireClientAuthentication = options.requireClientAuthentication || {}; - this.alwaysIssueNewRefreshToken = options.alwaysIssueNewRefreshToken !== false; -} + /** + * Token Handler. + */ -/** - * Token Handler. - */ + async handle (request, response) { + if (!(request instanceof Request)) { + throw new InvalidArgumentError('Invalid argument: `request` must be an instance of Request'); + } -TokenHandler.prototype.handle = async function(request, response) { - if (!(request instanceof Request)) { - throw new InvalidArgumentError('Invalid argument: `request` must be an instance of Request'); - } + if (!(response instanceof Response)) { + throw new InvalidArgumentError('Invalid argument: `response` must be an instance of Response'); + } - if (!(response instanceof Response)) { - throw new InvalidArgumentError('Invalid argument: `response` must be an instance of Response'); - } + if (request.method !== 'POST') { + throw new InvalidRequestError('Invalid request: method must be POST'); + } - if (request.method !== 'POST') { - throw new InvalidRequestError('Invalid request: method must be POST'); - } + if (!request.is('application/x-www-form-urlencoded')) { + throw new InvalidRequestError('Invalid request: content must be application/x-www-form-urlencoded'); + } - if (!request.is('application/x-www-form-urlencoded')) { - throw new InvalidRequestError('Invalid request: content must be application/x-www-form-urlencoded'); - } + try { + const client = await this.getClient(request, response); + const data = await this.handleGrantType(request, client); + const model = new TokenModel(data, { allowExtendedTokenAttributes: this.allowExtendedTokenAttributes }); + const tokenType = this.getTokenType(model); - try { - const client = await this.getClient(request, response); - const data = await this.handleGrantType(request, client); - const model = new TokenModel(data, { allowExtendedTokenAttributes: this.allowExtendedTokenAttributes }); - const tokenType = this.getTokenType(model); + this.updateSuccessResponse(response, tokenType); - this.updateSuccessResponse(response, tokenType); + return data; + } catch (err) { + let e = err; - return data; - } catch (err) { - let e = err; + if (!(e instanceof OAuthError)) { + e = new ServerError(e); + } - if (!(e instanceof OAuthError)) { - e = new ServerError(e); + this.updateErrorResponse(response, e); + throw e; } - - this.updateErrorResponse(response, e); - throw e; } -}; -/** - * Get the client from the model. - */ + /** + * Get the client from the model. + */ -TokenHandler.prototype.getClient = async function(request, response) { - const credentials = await this.getClientCredentials(request); - const grantType = request.body.grant_type; - const codeVerifier = request.body.code_verifier; - const isPkce = pkce.isPKCERequest({ grantType, codeVerifier }); + async getClient (request, response) { + const credentials = await this.getClientCredentials(request); + const grantType = request.body.grant_type; + const codeVerifier = request.body.code_verifier; + const isPkce = pkce.isPKCERequest({ grantType, codeVerifier }); - if (!credentials.clientId) { - throw new InvalidRequestError('Missing parameter: `client_id`'); - } + if (!credentials.clientId) { + throw new InvalidRequestError('Missing parameter: `client_id`'); + } - if (this.isClientAuthenticationRequired(grantType) && !credentials.clientSecret && !isPkce) { - throw new InvalidRequestError('Missing parameter: `client_secret`'); - } + if (this.isClientAuthenticationRequired(grantType) && !credentials.clientSecret && !isPkce) { + throw new InvalidRequestError('Missing parameter: `client_secret`'); + } - if (!isFormat.vschar(credentials.clientId)) { - throw new InvalidRequestError('Invalid parameter: `client_id`'); - } + if (!isFormat.vschar(credentials.clientId)) { + throw new InvalidRequestError('Invalid parameter: `client_id`'); + } - if (credentials.clientSecret && !isFormat.vschar(credentials.clientSecret)) { - throw new InvalidRequestError('Invalid parameter: `client_secret`'); - } + if (credentials.clientSecret && !isFormat.vschar(credentials.clientSecret)) { + throw new InvalidRequestError('Invalid parameter: `client_secret`'); + } - try { - const client = await this.model.getClient(credentials.clientId, credentials.clientSecret); + try { + const client = await this.model.getClient(credentials.clientId, credentials.clientSecret); + + if (!client) { + throw new InvalidClientError('Invalid client: client is invalid'); + } + + if (!client.grants) { + throw new ServerError('Server error: missing client `grants`'); + } + + if (!(client.grants instanceof Array)) { + throw new ServerError('Server error: `grants` must be an array'); + } + + return client; + } catch (e) { + // Include the "WWW-Authenticate" response header field if the client + // attempted to authenticate via the "Authorization" request header. + // + // @see https://tools.ietf.org/html/rfc6749#section-5.2. + if ((e instanceof InvalidClientError) && request.get('authorization')) { + response.set('WWW-Authenticate', 'Basic realm="Service"'); + throw new InvalidClientError(e, { code: 401 }); + } + + throw e; + } + } - if (!client) { - throw new InvalidClientError('Invalid client: client is invalid'); + /** + * Get client credentials. + * + * The client credentials may be sent using the HTTP Basic authentication scheme or, alternatively, + * the `client_id` and `client_secret` can be embedded in the body. + * + * @see https://tools.ietf.org/html/rfc6749#section-2.3.1 + */ + + getClientCredentials (request) { + const credentials = auth(request); + const grantType = request.body.grant_type; + const codeVerifier = request.body.code_verifier; + + if (credentials) { + return { clientId: credentials.name, clientSecret: credentials.pass }; } - if (!client.grants) { - throw new ServerError('Server error: missing client `grants`'); + if (request.body.client_id && request.body.client_secret) { + return { clientId: request.body.client_id, clientSecret: request.body.client_secret }; } - if (!(client.grants instanceof Array)) { - throw new ServerError('Server error: `grants` must be an array'); + if (pkce.isPKCERequest({ grantType, codeVerifier })) { + if(request.body.client_id) { + return { clientId: request.body.client_id }; + } } - return client; - } catch (e) { - // Include the "WWW-Authenticate" response header field if the client - // attempted to authenticate via the "Authorization" request header. - // - // @see https://tools.ietf.org/html/rfc6749#section-5.2. - if ((e instanceof InvalidClientError) && request.get('authorization')) { - response.set('WWW-Authenticate', 'Basic realm="Service"'); - throw new InvalidClientError(e, { code: 401 }); + if (!this.isClientAuthenticationRequired(grantType)) { + if(request.body.client_id) { + return { clientId: request.body.client_id }; + } } - throw e; + throw new InvalidClientError('Invalid client: cannot retrieve client credentials'); } -}; - -/** - * Get client credentials. - * - * The client credentials may be sent using the HTTP Basic authentication scheme or, alternatively, - * the `client_id` and `client_secret` can be embedded in the body. - * - * @see https://tools.ietf.org/html/rfc6749#section-2.3.1 - */ -TokenHandler.prototype.getClientCredentials = function(request) { - const credentials = auth(request); - const grantType = request.body.grant_type; - const codeVerifier = request.body.code_verifier; + /** + * Handle grant type. + */ - if (credentials) { - return { clientId: credentials.name, clientSecret: credentials.pass }; - } - - if (request.body.client_id && request.body.client_secret) { - return { clientId: request.body.client_id, clientSecret: request.body.client_secret }; - } + async handleGrantType (request, client) { + const grantType = request.body.grant_type; - if (pkce.isPKCERequest({ grantType, codeVerifier })) { - if(request.body.client_id) { - return { clientId: request.body.client_id }; + if (!grantType) { + throw new InvalidRequestError('Missing parameter: `grant_type`'); } - } - if (!this.isClientAuthenticationRequired(grantType)) { - if(request.body.client_id) { - return { clientId: request.body.client_id }; + if (!isFormat.nchar(grantType) && !isFormat.uri(grantType)) { + throw new InvalidRequestError('Invalid parameter: `grant_type`'); } - } - throw new InvalidClientError('Invalid client: cannot retrieve client credentials'); -}; + if (!Object.prototype.hasOwnProperty.call(this.grantTypes, grantType)) { + throw new UnsupportedGrantTypeError('Unsupported grant type: `grant_type` is invalid'); + } -/** - * Handle grant type. - */ + if (!Array.isArray(client.grants) || !client.grants.includes(grantType)) { + throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid'); + } -TokenHandler.prototype.handleGrantType = async function(request, client) { - const grantType = request.body.grant_type; + const accessTokenLifetime = this.getAccessTokenLifetime(client); + const refreshTokenLifetime = this.getRefreshTokenLifetime(client); + const Type = this.grantTypes[grantType]; - if (!grantType) { - throw new InvalidRequestError('Missing parameter: `grant_type`'); - } + const options = { + accessTokenLifetime: accessTokenLifetime, + model: this.model, + refreshTokenLifetime: refreshTokenLifetime, + alwaysIssueNewRefreshToken: this.alwaysIssueNewRefreshToken + }; - if (!isFormat.nchar(grantType) && !isFormat.uri(grantType)) { - throw new InvalidRequestError('Invalid parameter: `grant_type`'); + return new Type(options).handle(request, client); } - if (!Object.prototype.hasOwnProperty.call(this.grantTypes, grantType)) { - throw new UnsupportedGrantTypeError('Unsupported grant type: `grant_type` is invalid'); - } + /** + * Get access token lifetime. + */ - if (!Array.isArray(client.grants) || !client.grants.includes(grantType)) { - throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid'); + getAccessTokenLifetime (client) { + return client.accessTokenLifetime || this.accessTokenLifetime; } - const accessTokenLifetime = this.getAccessTokenLifetime(client); - const refreshTokenLifetime = this.getRefreshTokenLifetime(client); - const Type = this.grantTypes[grantType]; - - const options = { - accessTokenLifetime: accessTokenLifetime, - model: this.model, - refreshTokenLifetime: refreshTokenLifetime, - alwaysIssueNewRefreshToken: this.alwaysIssueNewRefreshToken - }; - - return new Type(options).handle(request, client); -}; - -/** - * Get access token lifetime. - */ - -TokenHandler.prototype.getAccessTokenLifetime = function(client) { - return client.accessTokenLifetime || this.accessTokenLifetime; -}; - -/** - * Get refresh token lifetime. - */ + /** + * Get refresh token lifetime. + */ -TokenHandler.prototype.getRefreshTokenLifetime = function(client) { - return client.refreshTokenLifetime || this.refreshTokenLifetime; -}; + getRefreshTokenLifetime (client) { + return client.refreshTokenLifetime || this.refreshTokenLifetime; + } -/** - * Get token type. - */ + /** + * Get token type. + */ -TokenHandler.prototype.getTokenType = function(model) { - return new BearerTokenType(model.accessToken, model.accessTokenLifetime, model.refreshToken, model.scope, model.customAttributes); -}; + getTokenType (model) { + return new BearerTokenType(model.accessToken, model.accessTokenLifetime, model.refreshToken, model.scope, model.customAttributes); + } -/** - * Update response when a token is generated. - */ + /** + * Update response when a token is generated. + */ -TokenHandler.prototype.updateSuccessResponse = function(response, tokenType) { - response.body = tokenType.valueOf(); + updateSuccessResponse (response, tokenType) { + response.body = tokenType.valueOf(); - response.set('Cache-Control', 'no-store'); - response.set('Pragma', 'no-cache'); -}; + response.set('Cache-Control', 'no-store'); + response.set('Pragma', 'no-cache'); + } -/** - * Update response when an error is thrown. - */ + /** + * Update response when an error is thrown. + */ -TokenHandler.prototype.updateErrorResponse = function(response, error) { - response.body = { - error: error.name, - error_description: error.message - }; + updateErrorResponse (response, error) { + response.body = { + error: error.name, + error_description: error.message + }; - response.status = error.code; -}; + response.status = error.code; + } -/** - * Given a grant type, check if client authentication is required - */ -TokenHandler.prototype.isClientAuthenticationRequired = function(grantType) { - if (Object.keys(this.requireClientAuthentication).length > 0) { - return (typeof this.requireClientAuthentication[grantType] !== 'undefined') ? this.requireClientAuthentication[grantType] : true; - } else { - return true; + /** + * Given a grant type, check if client authentication is required + */ + isClientAuthenticationRequired (grantType) { + if (Object.keys(this.requireClientAuthentication).length > 0) { + return (typeof this.requireClientAuthentication[grantType] !== 'undefined') ? this.requireClientAuthentication[grantType] : true; + } else { + return true; + } } -}; +} /** * Export constructor. From d38b75c4b3a4e0eeafadde78afb56011f0e47fd5 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 26 Aug 2023 07:33:29 +0200 Subject: [PATCH 48/86] refactored bearer-token-type --- lib/token-types/bearer-token-type.js | 64 ++++++++++++++-------------- 1 file changed, 33 insertions(+), 31 deletions(-) diff --git a/lib/token-types/bearer-token-type.js b/lib/token-types/bearer-token-type.js index 0bf526d0..02b73517 100644 --- a/lib/token-types/bearer-token-type.js +++ b/lib/token-types/bearer-token-type.js @@ -10,50 +10,52 @@ const InvalidArgumentError = require('../errors/invalid-argument-error'); * Constructor. */ -function BearerTokenType(accessToken, accessTokenLifetime, refreshToken, scope, customAttributes) { - if (!accessToken) { - throw new InvalidArgumentError('Missing parameter: `accessToken`'); - } +class BearerTokenType { + constructor(accessToken, accessTokenLifetime, refreshToken, scope, customAttributes) { + if (!accessToken) { + throw new InvalidArgumentError('Missing parameter: `accessToken`'); + } - this.accessToken = accessToken; - this.accessTokenLifetime = accessTokenLifetime; - this.refreshToken = refreshToken; - this.scope = scope; + this.accessToken = accessToken; + this.accessTokenLifetime = accessTokenLifetime; + this.refreshToken = refreshToken; + this.scope = scope; - if (customAttributes) { - this.customAttributes = customAttributes; + if (customAttributes) { + this.customAttributes = customAttributes; + } } -} -/** + /** * Retrieve the value representation. */ -BearerTokenType.prototype.valueOf = function() { - const object = { - access_token: this.accessToken, - token_type: 'Bearer' - }; + valueOf () { + const object = { + access_token: this.accessToken, + token_type: 'Bearer' + }; - if (this.accessTokenLifetime) { - object.expires_in = this.accessTokenLifetime; - } + if (this.accessTokenLifetime) { + object.expires_in = this.accessTokenLifetime; + } - if (this.refreshToken) { - object.refresh_token = this.refreshToken; - } + if (this.refreshToken) { + object.refresh_token = this.refreshToken; + } - if (this.scope) { - object.scope = this.scope; - } + if (this.scope) { + object.scope = this.scope; + } - for (const key in this.customAttributes) { - if ( Object.prototype.hasOwnProperty.call(this.customAttributes, key) ) { - object[key] = this.customAttributes[key]; + for (const key in this.customAttributes) { + if ( Object.prototype.hasOwnProperty.call(this.customAttributes, key) ) { + object[key] = this.customAttributes[key]; + } } + return object; } - return object; -}; +} /** * Export constructor. From 8984d596221452efcc6cd93c387693aaf0bcaa08 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 26 Aug 2023 07:33:54 +0200 Subject: [PATCH 49/86] refactored mac-token-type --- lib/token-types/mac-token-type.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/token-types/mac-token-type.js b/lib/token-types/mac-token-type.js index a5dd240a..2d90fbe8 100644 --- a/lib/token-types/mac-token-type.js +++ b/lib/token-types/mac-token-type.js @@ -10,8 +10,10 @@ const ServerError = require('../errors/server-error'); * Constructor. */ -function MacTokenType() { - throw new ServerError('Not implemented.'); +class MacTokenType { + constructor() { + throw new ServerError('Not implemented.'); + } } /** From 65c5f174c4b32bcd8427dd7412ccb7ca790d554e Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 26 Aug 2023 07:36:02 +0200 Subject: [PATCH 50/86] refactored server --- lib/server.js | 76 ++++++++++++++++++++++++++------------------------- 1 file changed, 39 insertions(+), 37 deletions(-) diff --git a/lib/server.js b/lib/server.js index aca56d2a..a73acd63 100644 --- a/lib/server.js +++ b/lib/server.js @@ -13,62 +13,64 @@ const TokenHandler = require('./handlers/token-handler'); * Constructor. */ -function OAuth2Server(options) { - options = options || {}; +class OAuth2Server { + constructor (options) { + options = options || {}; - if (!options.model) { - throw new InvalidArgumentError('Missing parameter: `model`'); - } + if (!options.model) { + throw new InvalidArgumentError('Missing parameter: `model`'); + } - this.options = options; -} + this.options = options; + } -/** + /** * Authenticate a token. * Note, that callback will soon be deprecated! */ -OAuth2Server.prototype.authenticate = function(request, response, options) { - if (typeof options === 'string') { - options = {scope: options}; - } + authenticate (request, response, options) { + if (typeof options === 'string') { + options = {scope: options}; + } - options = Object.assign({ - addAcceptedScopesHeader: true, - addAuthorizedScopesHeader: true, - allowBearerTokensInQueryString: false - }, this.options, options); + options = Object.assign({ + addAcceptedScopesHeader: true, + addAuthorizedScopesHeader: true, + allowBearerTokensInQueryString: false + }, this.options, options); - return new AuthenticateHandler(options).handle(request, response); -}; + return new AuthenticateHandler(options).handle(request, response); + } -/** + /** * Authorize a request. */ -OAuth2Server.prototype.authorize = function(request, response, options) { - options = Object.assign({ - allowEmptyState: false, - authorizationCodeLifetime: 5 * 60 // 5 minutes. - }, this.options, options); + authorize (request, response, options) { + options = Object.assign({ + allowEmptyState: false, + authorizationCodeLifetime: 5 * 60 // 5 minutes. + }, this.options, options); - return new AuthorizeHandler(options).handle(request, response); -}; + return new AuthorizeHandler(options).handle(request, response); + } -/** + /** * Create a token. */ -OAuth2Server.prototype.token = function(request, response, options) { - options = Object.assign({ - accessTokenLifetime: 60 * 60, // 1 hour. - refreshTokenLifetime: 60 * 60 * 24 * 14, // 2 weeks. - allowExtendedTokenAttributes: false, - requireClientAuthentication: {} // defaults to true for all grant types - }, this.options, options); + token (request, response, options) { + options = Object.assign({ + accessTokenLifetime: 60 * 60, // 1 hour. + refreshTokenLifetime: 60 * 60 * 24 * 14, // 2 weeks. + allowExtendedTokenAttributes: false, + requireClientAuthentication: {} // defaults to true for all grant types + }, this.options, options); - return new TokenHandler(options).handle(request, response); -}; + return new TokenHandler(options).handle(request, response); + } +} /** * Export constructor. From fc403c3fcb81775bcdf905c145d754843eb0ad9f Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 26 Aug 2023 09:01:51 +0200 Subject: [PATCH 51/86] fix critical bug for scope validation --- lib/grant-types/authorization-code-grant-type.js | 8 ++++---- lib/grant-types/client-credentials-grant-type.js | 8 ++++---- lib/grant-types/password-grant-type.js | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js index 2101462b..556ec723 100644 --- a/lib/grant-types/authorization-code-grant-type.js +++ b/lib/grant-types/authorization-code-grant-type.js @@ -187,10 +187,10 @@ class AuthorizationCodeGrantType extends AbstractGrantType { * Save token. */ - async saveToken(user, client, authorizationCode, scope) { - const validatedScope = await this.validateScope(user, client, scope); - const accessToken = await this.generateAccessToken(client, user, scope); - const refreshToken = await this.generateRefreshToken(client, user, scope); + async saveToken(user, client, authorizationCode, requestedScope) { + const validatedScope = await this.validateScope(user, client, requestedScope); + const accessToken = await this.generateAccessToken(client, user, validatedScope); + const refreshToken = await this.generateRefreshToken(client, user, validatedScope); const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(); const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt(); diff --git a/lib/grant-types/client-credentials-grant-type.js b/lib/grant-types/client-credentials-grant-type.js index e2db3f7c..dc35ea1d 100644 --- a/lib/grant-types/client-credentials-grant-type.js +++ b/lib/grant-types/client-credentials-grant-type.js @@ -68,10 +68,10 @@ class ClientCredentialsGrantType extends AbstractGrantType { * Save token. */ - async saveToken(user, client, scope) { - const validatedScope = await this.validateScope(user, client, scope); - const accessToken = await this.generateAccessToken(client, user, scope); - const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(client, user, scope); + async saveToken(user, client, requestedScope) { + const validatedScope = await this.validateScope(user, client, requestedScope); + const accessToken = await this.generateAccessToken(client, user, validatedScope); + const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(client, user, validatedScope); const token = { accessToken: accessToken, accessTokenExpiresAt: accessTokenExpiresAt, diff --git a/lib/grant-types/password-grant-type.js b/lib/grant-types/password-grant-type.js index f13b68aa..2aa78816 100644 --- a/lib/grant-types/password-grant-type.js +++ b/lib/grant-types/password-grant-type.js @@ -86,10 +86,10 @@ class PasswordGrantType extends AbstractGrantType { * Save token. */ - async saveToken(user, client, scope) { - const validatedScope = await this.validateScope(user, client, scope); - const accessToken = await this.generateAccessToken(client, user, scope); - const refreshToken = await this.generateRefreshToken(client, user, scope); + async saveToken(user, client, requestedScope) { + const validatedScope = await this.validateScope(user, client, requestedScope); + const accessToken = await this.generateAccessToken(client, user, validatedScope); + const refreshToken = await this.generateRefreshToken(client, user, validatedScope); const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(); const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt(); From a23d68249937f9bf83534ebdcdf7f89bce142f92 Mon Sep 17 00:00:00 2001 From: Michael Newman Date: Sat, 26 Aug 2023 01:51:45 -0700 Subject: [PATCH 52/86] Use types.flat() to handle 'is' arguments --- lib/request.js | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/request.js b/lib/request.js index f20130bc..7ac01a44 100644 --- a/lib/request.js +++ b/lib/request.js @@ -52,11 +52,7 @@ class Request { * @param {...String|Array} types */ is(...types) { - if (types.length === 1 && Array.isArray(types[0])) { - types = types[0]; - } - - return typeis(this, types) || false; + return typeis(this, types.flat()) || false; } } From 8ea66994831892dc28ec0215246ecd2a3752f08c Mon Sep 17 00:00:00 2001 From: Michael Newman Date: Sat, 26 Aug 2023 02:22:51 -0700 Subject: [PATCH 53/86] Push unit tests that verify that prototype methods can't be overwritten --- test/unit/request_test.js | 16 ++++++++++++++++ test/unit/response_test.js | 14 ++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/test/unit/request_test.js b/test/unit/request_test.js index f292e2b4..fe3c136e 100644 --- a/test/unit/request_test.js +++ b/test/unit/request_test.js @@ -127,6 +127,22 @@ describe('Request', function() { request.custom2.should.eql(originalRequest.custom2); }); + it('should not allow overwriting methods on the Request prototype via custom properties', () => { + const request = new Request({ + query: {}, + method: 'GET', + headers: { + 'content-type': 'application/json' + }, + get() { + // malicious attempt to override the 'get' method + return 'text/html'; + } + }); + + request.get('content-type').should.equal('application/json'); + }); + it('should allow getting of headers using `request.get`', function() { const originalRequest = generateBaseRequest(); diff --git a/test/unit/response_test.js b/test/unit/response_test.js index 8d4897c9..af505ba9 100644 --- a/test/unit/response_test.js +++ b/test/unit/response_test.js @@ -83,6 +83,20 @@ describe('Request', function() { response.custom2.should.eql(originalResponse.custom2); }); + it('should not allow overwriting methods on the Response prototype via custom properties', () => { + const response = new Response({ + headers: { + 'content-type': 'application/json' + }, + get() { + // malicious attempt to override the 'get' method + return 'text/html'; + } + }); + + response.get('content-type').should.equal('application/json'); + }); + it('should allow getting of headers using `response.get`', function() { const originalResponse = generateBaseResponse(); From 0f8c7929d63ce5ccbc8faaa2b0106a1e097f81d8 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 26 Aug 2023 13:38:01 +0200 Subject: [PATCH 54/86] revoke code before validating redirect uri --- lib/grant-types/authorization-code-grant-type.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js index 556ec723..71de6c2d 100644 --- a/lib/grant-types/authorization-code-grant-type.js +++ b/lib/grant-types/authorization-code-grant-type.js @@ -53,8 +53,8 @@ class AuthorizationCodeGrantType extends AbstractGrantType { } const code = await this.getAuthorizationCode(request, client); - await this.validateRedirectUri(request, code); await this.revokeAuthorizationCode(code); + await this.validateRedirectUri(request, code); return this.saveToken(code.user, client, code.authorizationCode, code.scope); } From 39fbe66cbd6d51c5dc1e30a416a7d025401f7a7d Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sun, 27 Aug 2023 14:21:39 +0200 Subject: [PATCH 55/86] improve bearer validation --- lib/handlers/authenticate-handler.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js index 1da50f95..2ce06d79 100644 --- a/lib/handlers/authenticate-handler.js +++ b/lib/handlers/authenticate-handler.js @@ -138,7 +138,7 @@ AuthenticateHandler.prototype.getTokenFromRequest = function(request) { AuthenticateHandler.prototype.getTokenFromRequestHeader = function(request) { const token = request.get('Authorization'); - const matches = token.match(/^Bearer\s(\S+)/); + const matches = token.match(/^Bearer\s([0-9a-zA-Z-._~+/]+=*)$/); if (!matches) { throw new InvalidRequestError('Invalid request: malformed authorization header'); From 51f85c960563d63ced674c815c14654913749ccf Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Tue, 29 Aug 2023 09:15:22 +0200 Subject: [PATCH 56/86] changed \s to space --- lib/handlers/authenticate-handler.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js index fe4cded6..88d6f6d2 100644 --- a/lib/handlers/authenticate-handler.js +++ b/lib/handlers/authenticate-handler.js @@ -139,7 +139,7 @@ class AuthenticateHandler { getTokenFromRequestHeader (request) { const token = request.get('Authorization'); - const matches = token.match(/^Bearer\s([0-9a-zA-Z-._~+/]+=*)$/); + const matches = token.match(/^Bearer ([0-9a-zA-Z-._~+/]+=*)$/); if (!matches) { throw new InvalidRequestError('Invalid request: malformed authorization header'); From 028e020558395263a83160db0d3a642d444069db Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Tue, 29 Aug 2023 09:29:51 +0200 Subject: [PATCH 57/86] update minimum nodejs version in release test workflow --- .github/workflows/tests-release.yml | 157 ++++++++++++++-------------- 1 file changed, 78 insertions(+), 79 deletions(-) diff --git a/.github/workflows/tests-release.yml b/.github/workflows/tests-release.yml index 31db09b2..2bd4e253 100644 --- a/.github/workflows/tests-release.yml +++ b/.github/workflows/tests-release.yml @@ -10,7 +10,6 @@ on: branches: - release-* # all release- branches - jobs: # STEP 1 - NPM Audit @@ -23,13 +22,13 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 - with: - node-version: 20 - # install to create local package-lock.json but don't cache the files - # also: no audit for dev dependencies - - run: npm i --package-lock-only && npm audit --production + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 20 + # install to create local package-lock.json but don't cache the files + # also: no audit for dev dependencies + - run: npm i --package-lock-only && npm audit --production # STEP 2 - basic unit tests @@ -40,34 +39,34 @@ jobs: needs: [audit] strategy: matrix: - node: [14, 16, 18] + node: [16, 18, 20] steps: - - name: Checkout ${{ matrix.node }} - uses: actions/checkout@v3 - - - name: Setup node ${{ matrix.node }} - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node }} - - - name: Cache dependencies ${{ matrix.node }} - uses: actions/cache@v3 - with: - path: ~/.npm - key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node-${{ matrix.node }} - # for this workflow we also require npm audit to pass - - run: npm i - - run: npm run test:coverage - - # with the following action we enforce PRs to have a high coverage - # and ensure, changes are tested well enough so that coverage won't fail - - name: check coverage - uses: VeryGoodOpenSource/very_good_coverage@v1.2.0 - with: - path: './coverage/lcov.info' - min_coverage: 95 + - name: Checkout ${{ matrix.node }} + uses: actions/checkout@v3 + + - name: Setup node ${{ matrix.node }} + uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node }} + + - name: Cache dependencies ${{ matrix.node }} + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node-${{ matrix.node }} + # for this workflow we also require npm audit to pass + - run: npm i + - run: npm run test:coverage + + # with the following action we enforce PRs to have a high coverage + # and ensure, changes are tested well enough so that coverage won't fail + - name: check coverage + uses: VeryGoodOpenSource/very_good_coverage@v1.2.0 + with: + path: './coverage/lcov.info' + min_coverage: 95 # STEP 3 - Integration tests @@ -80,41 +79,41 @@ jobs: needs: [unittest] strategy: matrix: - node: [14, 16, 18] # TODO get running for node 16+ + node: [16, 18, 20] # TODO get running for node 16+ steps: - # checkout this repo - - name: Checkout ${{ matrix.node }} - uses: actions/checkout@v3 - - # checkout express-adapter repo - - name: Checkout express-adapter ${{ matrix.node }} - uses: actions/checkout@v3 - with: - repository: node-oauth/express-oauth-server - path: github/testing/express - - - name: Setup node ${{ matrix.node }} - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node }} - - - name: Cache dependencies ${{ matrix.node }} - uses: actions/cache@v3 - with: - path: ~/.npm - key: ${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server-${{ hashFiles('github/testing/express/**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server - - # in order to test the adapter we need to use the current checkout - # and install it as local dependency - # we just cloned and install it as local dependency - # xxx: added bluebird as explicit dependency - - run: | - cd github/testing/express - npm i - npm install https://github.com/node-oauth/node-oauth2-server.git#${{ github.ref_name }} - npm run test + # checkout this repo + - name: Checkout ${{ matrix.node }} + uses: actions/checkout@v3 + + # checkout express-adapter repo + - name: Checkout express-adapter ${{ matrix.node }} + uses: actions/checkout@v3 + with: + repository: node-oauth/express-oauth-server + path: github/testing/express + + - name: Setup node ${{ matrix.node }} + uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node }} + + - name: Cache dependencies ${{ matrix.node }} + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server-${{ hashFiles('github/testing/express/**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server + + # in order to test the adapter we need to use the current checkout + # and install it as local dependency + # we just cloned and install it as local dependency + # xxx: added bluebird as explicit dependency + - run: | + cd github/testing/express + npm i + npm install https://github.com/node-oauth/node-oauth2-server.git#${{ github.ref_name }} + npm run test # todo repeat with other adapters @@ -139,13 +138,13 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 - with: - # we always publish targeting the lowest supported node version - node-version: 16 - registry-url: $registry-url(npm) - - run: npm i - - run: npm publish --dry-run - env: - NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} \ No newline at end of file + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + # we always publish targeting the lowest supported node version + node-version: 16 + registry-url: $registry-url(npm) + - run: npm i + - run: npm publish --dry-run + env: + NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} From a6bccbe9577bab3debb96fae78d81467f12130d0 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Tue, 29 Aug 2023 10:07:38 +0200 Subject: [PATCH 58/86] made badges clickable --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b60607f8..1dc86361 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,9 @@ Complete, compliant and well tested module for implementing an OAuth2 server in [![Tests for Release](https://github.com/node-oauth/node-oauth2-server/actions/workflows/tests-release.yml/badge.svg)](https://github.com/node-oauth/node-oauth2-server/actions/workflows/tests-release.yml) [![Documentation Status](https://readthedocs.org/projects/node-oauthoauth2-server/badge/?version=latest)](https://node-oauthoauth2-server.readthedocs.io/en/latest/?badge=latest) [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) -![npm Version](https://img.shields.io/npm/v/@node-oauth/oauth2-server?label=version) -![npm Downloads/Week](https://img.shields.io/npm/dw/@node-oauth/oauth2-server) -![GitHub License](https://img.shields.io/github/license/node-oauth/node-oauth2-server) +[![npm Version](https://img.shields.io/npm/v/@node-oauth/oauth2-server?label=version)](https://www.npmjs.com/package/@node-oauth/oauth2-server) +[![npm Downloads/Week](https://img.shields.io/npm/dw/@node-oauth/oauth2-server)](https://www.npmjs.com/package/@node-oauth/oauth2-server) +[![GitHub License](https://img.shields.io/github/license/node-oauth/node-oauth2-server)](https://github.com/node-oauth/node-oauth2-server/blob/master/LICENSE) NOTE: This project has been forked from [oauthjs/node-oauth2-server](https://github.com/oauthjs/node-oauth2-server) and is a continuation due to the project appearing to be abandoned. Please see [our issue board](https://github.com/node-oauth/node-oauth2-server/issues) to talk about next steps and the future of this project. @@ -40,7 +40,7 @@ Please leave an issue if something is confusing or missing in the docs. ## Examples -Most users should refer to our [Express (active)](https://github.com/node-oauth/express-oauth-server) or +Most users should refer to our [Express (active)](https://github.com/node-oauth/express-oauth-server) or [Koa (not maintained by us)](https://github.com/oauthjs/koa-oauth-server/tree/master/examples) examples. More examples can be found here: https://github.com/14gasher/oauth-example From a42dc06578447624c34650e3eb2eeb8f2f208bf0 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 9 Sep 2023 23:24:49 +0200 Subject: [PATCH 59/86] rewrote the scope validation --- CHANGELOG.md | 3 +- docs/api/oauth2-server.rst | 2 +- docs/model/spec.rst | 226 +++++++++--------- index.d.ts | 36 +-- lib/grant-types/abstract-grant-type.js | 8 +- lib/grant-types/refresh-token-grant-type.js | 32 ++- lib/handlers/authenticate-handler.js | 10 +- lib/handlers/authorize-handler.js | 7 +- lib/server.js | 4 - lib/utils/scope-util.js | 16 ++ .../client-credential-workflow_test.js | 8 +- test/compliance/password-grant-type_test.js | 6 +- .../refresh-token-grant-type_test.js | 74 ++++-- test/helpers/model.js | 6 +- .../grant-types/abstract-grant-type_test.js | 14 +- .../authorization-code-grant-type_test.js | 18 +- .../client-credentials-grant-type_test.js | 12 +- .../grant-types/password-grant-type_test.js | 16 +- .../refresh-token-grant-type_test.js | 8 +- .../handlers/authenticate-handler_test.js | 36 +-- .../handlers/authorize-handler_test.js | 24 +- .../handlers/token-handler_test.js | 34 +-- test/integration/server_test.js | 2 +- .../authorization-code-grant-type_test.js | 6 +- .../client-credentials-grant-type_test.js | 6 +- .../grant-types/password-grant-type_test.js | 6 +- .../refresh-token-grant-type_test.js | 12 +- .../handlers/authenticate-handler_test.js | 6 +- test/unit/handlers/authorize-handler_test.js | 8 +- test/unit/server_test.js | 18 -- 30 files changed, 355 insertions(+), 309 deletions(-) create mode 100644 lib/utils/scope-util.js diff --git a/CHANGELOG.md b/CHANGELOG.md index 81b82f07..b7faf9f8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ - this is a breaking change, because **it removes callback support** for `OAuthServer` and your model implementation. - fixed missing await in calling generateAuthorizationCode in AuthorizeHandler +- validate scope as an array of strings ## 4.2.0 ### Fixed @@ -52,7 +53,7 @@ - Upgrades all code from ES5 to ES6, where possible. ## 4.1.0 -### Changed +### Changed * Bump dev dependencies to resolve vulnerabilities * Replaced jshint with eslint along with should and chai * Use sha256 when generating tokens diff --git a/docs/api/oauth2-server.rst b/docs/api/oauth2-server.rst index 48acf538..9fcf8123 100644 --- a/docs/api/oauth2-server.rst +++ b/docs/api/oauth2-server.rst @@ -73,7 +73,7 @@ Authenticates a request. +------------------------------------------------+-----------------+-----------------------------------------------------------------------+ | [options={}] | Object | Handler options. | +------------------------------------------------+-----------------+-----------------------------------------------------------------------+ -| [options.scope=undefined] | String | The scope(s) to authenticate. | +| [options.scope=undefined] | String[] | The scope(s) to authenticate. | +------------------------------------------------+-----------------+-----------------------------------------------------------------------+ | [options.addAcceptedScopesHeader=true] | Boolean | Set the ``X-Accepted-OAuth-Scopes`` HTTP header on response objects. | +------------------------------------------------+-----------------+-----------------------------------------------------------------------+ diff --git a/docs/model/spec.rst b/docs/model/spec.rst index 953c2811..5b1695f3 100644 --- a/docs/model/spec.rst +++ b/docs/model/spec.rst @@ -41,7 +41,7 @@ Code examples on this page use *promises*. .. _Model#generateAccessToken: -``generateAccessToken(client, user, scope, [callback])`` +``generateAccessToken(client, user, scope)`` ======================================================== Invoked to generate a new access token. @@ -64,7 +64,7 @@ This model function is **optional**. If not implemented, a default handler is us +------------+----------+---------------------------------------------------------------------+ | user | Object | The user the access token is generated for. | +------------+----------+---------------------------------------------------------------------+ -| scope | String | The scopes associated with the access token. Can be ``null``. | +| scope | String[] | The scopes associated with the access token. Can be ``null``. | +------------+----------+---------------------------------------------------------------------+ | [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | +------------+----------+---------------------------------------------------------------------+ @@ -85,7 +85,7 @@ A ``String`` to be used as access token. .. _Model#generateRefreshToken: -``generateRefreshToken(client, user, scope, [callback])`` +``generateRefreshToken(client, user, scope)`` ========================================================= Invoked to generate a new refresh token. @@ -107,7 +107,7 @@ This model function is **optional**. If not implemented, a default handler is us +------------+----------+---------------------------------------------------------------------+ | user | Object | The user the refresh token is generated for. | +------------+----------+---------------------------------------------------------------------+ -| scope | String | The scopes associated with the refresh token. Can be ``null``. | +| scope | String[] | The scopes associated with the refresh token. Can be ``null``. | +------------+----------+---------------------------------------------------------------------+ | [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | +------------+----------+---------------------------------------------------------------------+ @@ -148,7 +148,7 @@ This model function is **optional**. If not implemented, a default handler is us +------------+----------+---------------------------------------------------------------------+ | user | Object | The user the authorization code is generated for. | +------------+----------+---------------------------------------------------------------------+ -| scope | String | The scopes associated with the authorization code. Can be ``null``. | +| scope | String[] | The scopes associated with the authorization code. Can be ``null``. | +------------+----------+---------------------------------------------------------------------+ | [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | +------------+----------+---------------------------------------------------------------------+ @@ -188,23 +188,23 @@ This model function is **required** if :ref:`OAuth2Server#authenticate() VALID_SCOPES.indexOf(s) >= 0)) { + if (!scope.every(s => VALID_SCOPES.indexOf(s) >= 0)) { return false; } return scope; @@ -917,14 +917,9 @@ To accept partially valid scopes: const VALID_SCOPES = ['read', 'write']; function validateScope(user, client, scope) { - return scope - .split(' ') - .filter(s => VALID_SCOPES.indexOf(s) >= 0) - .join(' '); + return scope.filter(s => VALID_SCOPES.indexOf(s) >= 0); } -Note that the example above will still reject completely invalid scopes, since ``validateScope`` returns an empty string if all scopes are filtered out. - -------- .. _Model#verifyScope: @@ -951,7 +946,7 @@ This model function is **required** if scopes are used with :ref:`OAuth2Server#a +------------------------------+----------+---------------------------------------------------------------------+ | [token.accessTokenExpiresAt] | Date | The expiry time of the access token. | +------------------------------+----------+---------------------------------------------------------------------+ -| [token.scope] | String | The authorized scope of the access token. | +| [token.scope] | String[] | The authorized scope of the access token. | +------------------------------+----------+---------------------------------------------------------------------+ | token.client | Object | The client associated with the access token. | +------------------------------+----------+---------------------------------------------------------------------+ @@ -959,7 +954,7 @@ This model function is **required** if scopes are used with :ref:`OAuth2Server#a +------------------------------+----------+---------------------------------------------------------------------+ | token.user | Object | The user associated with the access token. | +------------------------------+----------+---------------------------------------------------------------------+ -| scope | String | The required scopes. | +| scope | String[] | The required scopes. | +------------------------------+----------+---------------------------------------------------------------------+ | [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | +------------------------------+----------+---------------------------------------------------------------------+ @@ -976,13 +971,12 @@ Returns ``true`` if the access token passes, ``false`` otherwise. :: - function verifyScope(token, scope) { + function verifyScope(token, requestedScopes) { if (!token.scope) { return false; } - let requestedScopes = scope.split(' '); - let authorizedScopes = token.scope.split(' '); - return requestedScopes.every(s => authorizedScopes.indexOf(s) >= 0); + let authorizedScopes = token.scope; + return requestedScopes.every(s => token.scope.includes(scope)); } -------- diff --git a/index.d.ts b/index.d.ts index 4c253606..d48f6c0d 100644 --- a/index.d.ts +++ b/index.d.ts @@ -118,13 +118,13 @@ declare namespace OAuth2Server { * Generate access token. Calls Model#generateAccessToken() if implemented. * */ - generateAccessToken(client: Client, user: User, scope: string | string[]): Promise; + generateAccessToken(client: Client, user: User, scope: string[]): Promise; /** * Generate refresh token. Calls Model#generateRefreshToken() if implemented. * */ - generateRefreshToken(client: Client, user: User, scope: string | string[]): Promise; + generateRefreshToken(client: Client, user: User, scope: string[]): Promise; /** * Get access token expiration date. @@ -142,13 +142,13 @@ declare namespace OAuth2Server { * Get scope from the request body. * */ - getScope(request: Request): string; + getScope(request: Request): string[]; /** * Validate requested scope. Calls Model#validateScope() if implemented. * */ - validateScope(user: User, client: Client, scope: string | string[]): Promise; + validateScope(user: User, client: Client, scope: string[]): Promise; /** * Retrieve info from the request and client and return token @@ -168,7 +168,7 @@ declare namespace OAuth2Server { /** * The scope(s) to authenticate. */ - scope?: string | string[] | undefined; + scope?: string[] | undefined; /** * Set the X-Accepted-OAuth-Scopes HTTP header on response objects. @@ -245,7 +245,7 @@ declare namespace OAuth2Server { * Invoked to generate a new access token. * */ - generateAccessToken?(client: Client, user: User, scope: string | string[]): Promise; + generateAccessToken?(client: Client, user: User, scope: string[]): Promise; /** * Invoked to retrieve a client using a client id or a client id/client secret combination, depending on the grant type. @@ -272,7 +272,7 @@ declare namespace OAuth2Server { * Optional, if a custom authenticateHandler is used or if there is no scope part of the request. * */ - verifyScope(token: Token, scope: string | string[]): Promise; + verifyScope?(token: Token, scope: string[]): Promise; } interface AuthorizationCodeModel extends BaseModel, RequestAuthenticationModel { @@ -280,13 +280,13 @@ declare namespace OAuth2Server { * Invoked to generate a new refresh token. * */ - generateRefreshToken?(client: Client, user: User, scope: string | string[]): Promise; + generateRefreshToken?(client: Client, user: User, scope: string[]): Promise; /** * Invoked to generate a new authorization code. * */ - generateAuthorizationCode?(client: Client, user: User, scope: string | string[]): Promise; + generateAuthorizationCode?(client: Client, user: User, scope: string[]): Promise; /** * Invoked to retrieve an existing authorization code previously saved through Model#saveAuthorizationCode(). @@ -314,8 +314,8 @@ declare namespace OAuth2Server { * Invoked to check if the requested scope is valid for a particular client/user combination. * */ - validateScope?(user: User, client: Client, scope: string | string[]): Promise; - + validateScope?(user: User, client: Client, scope: string[]): Promise; + /** * Invoked to check if the provided `redirectUri` is valid for a particular `client`. * @@ -328,7 +328,7 @@ declare namespace OAuth2Server { * Invoked to generate a new refresh token. * */ - generateRefreshToken?(client: Client, user: User, scope: string | string[]): Promise; + generateRefreshToken?(client: Client, user: User, scope: string[]): Promise; /** * Invoked to retrieve a user using a username/password combination. @@ -340,7 +340,7 @@ declare namespace OAuth2Server { * Invoked to check if the requested scope is valid for a particular client/user combination. * */ - validateScope?(user: User, client: Client, scope: string | string[]): Promise; + validateScope?(user: User, client: Client, scope: string[]): Promise; } interface RefreshTokenModel extends BaseModel, RequestAuthenticationModel { @@ -348,7 +348,7 @@ declare namespace OAuth2Server { * Invoked to generate a new refresh token. * */ - generateRefreshToken?(client: Client, user: User, scope: string | string[]): Promise; + generateRefreshToken?(client: Client, user: User, scope: string[]): Promise; /** * Invoked to retrieve an existing refresh token previously saved through Model#saveToken(). @@ -374,7 +374,7 @@ declare namespace OAuth2Server { * Invoked to check if the requested scope is valid for a particular client/user combination. * */ - validateScope?(user: User, client: Client, scope: string | string[]): Promise; + validateScope?(user: User, client: Client, scope: string[]): Promise; } interface ExtensionModel extends BaseModel, RequestAuthenticationModel {} @@ -406,7 +406,7 @@ declare namespace OAuth2Server { authorizationCode: string; expiresAt: Date; redirectUri: string; - scope?: string | string[] | undefined; + scope?: string[] | undefined; client: Client; user: User; codeChallenge?: string; @@ -422,7 +422,7 @@ declare namespace OAuth2Server { accessTokenExpiresAt?: Date | undefined; refreshToken?: string | undefined; refreshTokenExpiresAt?: Date | undefined; - scope?: string | string[] | undefined; + scope?: string[] | undefined; client: Client; user: User; [key: string]: any; @@ -434,7 +434,7 @@ declare namespace OAuth2Server { interface RefreshToken { refreshToken: string; refreshTokenExpiresAt?: Date | undefined; - scope?: string | string[] | undefined; + scope?: string[] | undefined; client: Client; user: User; [key: string]: any; diff --git a/lib/grant-types/abstract-grant-type.js b/lib/grant-types/abstract-grant-type.js index 72fcc837..bce24ed8 100644 --- a/lib/grant-types/abstract-grant-type.js +++ b/lib/grant-types/abstract-grant-type.js @@ -6,8 +6,8 @@ const InvalidArgumentError = require('../errors/invalid-argument-error'); const InvalidScopeError = require('../errors/invalid-scope-error'); -const isFormat = require('@node-oauth/formats'); const tokenUtil = require('../utils/token-util'); +const { parseScope } = require('../utils/scope-util'); class AbstractGrantType { constructor (options) { @@ -73,11 +73,7 @@ class AbstractGrantType { * Get scope from the request body. */ getScope (request) { - if (!isFormat.nqschar(request.body.scope)) { - throw new InvalidArgumentError('Invalid parameter: `scope`'); - } - - return request.body.scope; + return parseScope(request.body.scope); } /** diff --git a/lib/grant-types/refresh-token-grant-type.js b/lib/grant-types/refresh-token-grant-type.js index dd6f7e25..45237dbc 100644 --- a/lib/grant-types/refresh-token-grant-type.js +++ b/lib/grant-types/refresh-token-grant-type.js @@ -10,6 +10,7 @@ const InvalidGrantError = require('../errors/invalid-grant-error'); const InvalidRequestError = require('../errors/invalid-request-error'); const ServerError = require('../errors/server-error'); const isFormat = require('@node-oauth/formats'); +const InvalidScopeError = require('../errors/invalid-scope-error'); /** * Constructor. @@ -55,7 +56,9 @@ class RefreshTokenGrantType extends AbstractGrantType { token = await this.getRefreshToken(request, client); token = await this.revokeToken(token); - return this.saveToken(token.user, client, token.scope); + const scope = this.getScope(request, token); + + return this.saveToken(token.user, client, scope); } /** @@ -142,6 +145,33 @@ class RefreshTokenGrantType extends AbstractGrantType { return this.model.saveToken(token, client, user); } + + getScope (request, token) { + const requestedScope = super.getScope(request); + const originalScope = token.scope; + + if (!originalScope && !requestedScope) { + return; + } + + if (!originalScope && requestedScope) { + throw new InvalidScopeError('Invalid scope: Unable to add extra scopes'); + } + + if (!requestedScope) { + return originalScope; + } + + const valid = requestedScope.every(scope => { + return originalScope.includes(scope); + }); + + if (!valid) { + throw new InvalidScopeError('Invalid scope: Unable to add extra scopes'); + } + + return requestedScope; + } } /** diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js index 54945285..019b284d 100644 --- a/lib/handlers/authenticate-handler.js +++ b/lib/handlers/authenticate-handler.js @@ -235,8 +235,6 @@ class AuthenticateHandler { if (!scope) { throw new InsufficientScopeError('Insufficient scope: authorized scope is insufficient'); } - - return scope; } /** @@ -244,12 +242,16 @@ class AuthenticateHandler { */ updateResponse (response, accessToken) { + if (accessToken.scope == null) { + return; + } + if (this.scope && this.addAcceptedScopesHeader) { - response.set('X-Accepted-OAuth-Scopes', this.scope); + response.set('X-Accepted-OAuth-Scopes', this.scope.join(' ')); } if (this.scope && this.addAuthorizedScopesHeader) { - response.set('X-OAuth-Scopes', accessToken.scope); + response.set('X-OAuth-Scopes', accessToken.scope.join(' ')); } } } diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index a854eaf0..a02a5b9d 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -20,6 +20,7 @@ const isFormat = require('@node-oauth/formats'); const tokenUtil = require('../utils/token-util'); const url = require('url'); const pkce = require('../pkce/pkce'); +const { parseScope } = require('../utils/scope-util'); /** * Response types. @@ -226,11 +227,7 @@ class AuthorizeHandler { getScope (request) { const scope = request.body.scope || request.query.scope; - if (!isFormat.nqschar(scope)) { - throw new InvalidScopeError('Invalid parameter: `scope`'); - } - - return scope; + return parseScope(scope); } /** diff --git a/lib/server.js b/lib/server.js index a73acd63..656ad306 100644 --- a/lib/server.js +++ b/lib/server.js @@ -30,10 +30,6 @@ class OAuth2Server { */ authenticate (request, response, options) { - if (typeof options === 'string') { - options = {scope: options}; - } - options = Object.assign({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, diff --git a/lib/utils/scope-util.js b/lib/utils/scope-util.js new file mode 100644 index 00000000..61278587 --- /dev/null +++ b/lib/utils/scope-util.js @@ -0,0 +1,16 @@ +const isFormat = require('@node-oauth/formats'); +const InvalidScopeError = require('../errors/invalid-scope-error'); + +module.exports = { + parseScope: function (requestedScope) { + if (!isFormat.nqschar(requestedScope)) { + throw new InvalidScopeError('Invalid parameter: `scope`'); + } + + if (requestedScope == null) { + return undefined; + } + + return requestedScope.split(' '); + } +}; diff --git a/test/compliance/client-credential-workflow_test.js b/test/compliance/client-credential-workflow_test.js index 6b7a2898..5e71d4ab 100644 --- a/test/compliance/client-credential-workflow_test.js +++ b/test/compliance/client-credential-workflow_test.js @@ -90,14 +90,14 @@ describe('ClientCredentials Workflow Compliance (4.4)', function () { response.body.token_type.should.equal('Bearer'); response.body.access_token.should.equal(token.accessToken); response.body.expires_in.should.be.a('number'); - response.body.scope.should.equal(enabledScope); + response.body.scope.should.eql(['read', 'write']); ('refresh_token' in response.body).should.equal(false); token.accessToken.should.be.a('string'); token.accessTokenExpiresAt.should.be.a('date'); ('refreshToken' in token).should.equal(false); ('refreshTokenExpiresAt' in token).should.equal(false); - token.scope.should.equal(enabledScope); + token.scope.should.eql(['read', 'write']); db.accessTokens.has(token.accessToken).should.equal(true); db.refreshTokens.has(token.refreshToken).should.equal(false); @@ -130,7 +130,7 @@ describe('ClientCredentials Workflow Compliance (4.4)', function () { token.accessToken.should.equal(accessToken); token.user.should.deep.equal(userDoc); token.client.should.deep.equal(clientDoc); - token.scope.should.equal(enabledScope); + token.scope.should.eql(['read', 'write']); response.status.should.equal(200); // there should be no information in the response as it @@ -139,4 +139,4 @@ describe('ClientCredentials Workflow Compliance (4.4)', function () { response.headers.should.deep.equal({}); }); }); -}); \ No newline at end of file +}); diff --git a/test/compliance/password-grant-type_test.js b/test/compliance/password-grant-type_test.js index 7941d54f..c30e440d 100644 --- a/test/compliance/password-grant-type_test.js +++ b/test/compliance/password-grant-type_test.js @@ -101,13 +101,13 @@ describe('PasswordGrantType Compliance', function () { response.body.access_token.should.equal(token.accessToken); response.body.refresh_token.should.equal(token.refreshToken); response.body.expires_in.should.be.a('number'); - response.body.scope.should.equal(scope); + response.body.scope.should.eql(['read', 'write']); token.accessToken.should.be.a('string'); token.refreshToken.should.be.a('string'); token.accessTokenExpiresAt.should.be.a('date'); token.refreshTokenExpiresAt.should.be.a('date'); - token.scope.should.equal(scope); + token.scope.should.eql(['read', 'write']); db.accessTokens.has(token.accessToken).should.equal(true); db.refreshTokens.has(token.refreshToken).should.equal(true); @@ -134,7 +134,7 @@ describe('PasswordGrantType Compliance', function () { authenticationResponse, {}); - authenticated.scope.should.equal(scope); + authenticated.scope.should.eql(['read', 'write']); authenticated.user.should.be.an('object'); authenticated.client.should.be.an('object'); }); diff --git a/test/compliance/refresh-token-grant-type_test.js b/test/compliance/refresh-token-grant-type_test.js index b01fef3d..8c0e4982 100644 --- a/test/compliance/refresh-token-grant-type_test.js +++ b/test/compliance/refresh-token-grant-type_test.js @@ -62,6 +62,7 @@ const DB = require('../helpers/db'); const createModel = require('../helpers/model'); const createRequest = require('../helpers/request'); const Response = require('../../lib/response'); +const should = require('chai').should(); require('chai').should(); @@ -123,13 +124,13 @@ describe('RefreshTokenGrantType Compliance', function () { refreshResponse.body.access_token.should.equal(token.accessToken); refreshResponse.body.refresh_token.should.equal(token.refreshToken); refreshResponse.body.expires_in.should.be.a('number'); - refreshResponse.body.scope.should.equal(scope); + refreshResponse.body.scope.should.eql(['read', 'write']); token.accessToken.should.be.a('string'); token.refreshToken.should.be.a('string'); token.accessTokenExpiresAt.should.be.a('date'); token.refreshTokenExpiresAt.should.be.a('date'); - token.scope.should.equal(scope); + token.scope.should.eql(['read', 'write']); db.accessTokens.has(token.accessToken).should.equal(true); db.refreshTokens.has(token.refreshToken).should.equal(true); @@ -147,27 +148,62 @@ describe('RefreshTokenGrantType Compliance', function () { }); }); - // TODO: test refresh token with different scopes - // https://github.com/node-oauth/node-oauth2-server/issues/104 + it('Should throw invalid_scope error', async function () { + const request = createLoginRequest(); + const response = new Response({}); + + const credentials = await auth.token(request, response, {}); + + const refreshRequest = createRefreshRequest(credentials.refreshToken); + const refreshResponse = new Response({}); + + refreshRequest.body.scope = 'invalid'; + + await auth.token(refreshRequest, refreshResponse, {}) + .then(should.fail) + .catch(err => { + err.name.should.equal('invalid_scope'); + }); + }); + + it('Should throw error if requested scope is greater than original scope', async function () { + const request = createLoginRequest(); + const response = new Response({}); + + request.body.scope = 'read'; + + const credentials = await auth.token(request, response, {}); + + const refreshRequest = createRefreshRequest(credentials.refreshToken); + const refreshResponse = new Response({}); + + refreshRequest.scope = 'read write'; + + await auth.token(refreshRequest, refreshResponse, {}) + .then(should.fail) + .catch(err => { + err.name.should.equal('invalid_scope'); + }); + }); + + it('Should create refresh token with smaller scope', async function () { + const request = createLoginRequest(); + const response = new Response({}); - // it('Should throw invalid_scope error', async function () { - // const request = createLoginRequest(); - // const response = new Response({}); + const credentials = await auth.token(request, response, {}); - // const credentials = await auth.token(request, response, {}); + const refreshRequest = createRefreshRequest(credentials.refreshToken); + const refreshResponse = new Response({}); - // const refreshRequest = createRefreshRequest(credentials.refreshToken); - // const refreshResponse = new Response({}); + refreshRequest.body.scope = 'read'; - // refreshRequest.scope = 'invalid'; + const token = await auth.token(refreshRequest, refreshResponse, {}); - // await auth.token(refreshRequest, refreshResponse, {}) - // .then(() => { - // throw Error('Should not reach this'); - // }) - // .catch(err => { - // err.name.should.equal('invalid_scope'); - // }); - // }); + refreshResponse.body.token_type.should.equal('Bearer'); + refreshResponse.body.access_token.should.equal(token.accessToken); + refreshResponse.body.refresh_token.should.equal(token.refreshToken); + refreshResponse.body.expires_in.should.be.a('number'); + refreshResponse.body.scope.should.eql(['read']); + }); }); }); diff --git a/test/helpers/model.js b/test/helpers/model.js index 7a1893b1..6566f0cd 100644 --- a/test/helpers/model.js +++ b/test/helpers/model.js @@ -71,11 +71,7 @@ function createModel (db) { } async function verifyScope (token, scope) { - if (typeof scope === 'string') { - return scopes.includes(scope); - } else { - return scope.every(s => scopes.includes(s)); - } + return scope.every(s => scopes.includes(s)); } return { diff --git a/test/integration/grant-types/abstract-grant-type_test.js b/test/integration/grant-types/abstract-grant-type_test.js index 22247d7a..4d3e6d19 100644 --- a/test/integration/grant-types/abstract-grant-type_test.js +++ b/test/integration/grant-types/abstract-grant-type_test.js @@ -144,7 +144,7 @@ describe('AbstractGrantType integration', function() { should.fail(); } catch (e) { - e.should.be.an.instanceOf(InvalidArgumentError); + e.should.be.an.instanceOf(InvalidScopeError); e.message.should.equal('Invalid parameter: `scope`'); } }); @@ -160,22 +160,22 @@ describe('AbstractGrantType integration', function() { const handler = new AbstractGrantType({ accessTokenLifetime: 123, model: {}, refreshTokenLifetime: 456 }); const request = new Request({ body: { scope: 'foo' }, headers: {}, method: {}, query: {} }); - handler.getScope(request).should.equal('foo'); + handler.getScope(request).should.eql(['foo']); }); }); describe('validateScope()', function () { it('accepts the scope, if the model does not implement it', async function () { - const scope = 'some,scope,this,that'; + const scope = ['some,scope,this,that']; const user = { id: 123 }; const client = { id: 456 }; const handler = new AbstractGrantType({ accessTokenLifetime: 123, model: {}, refreshTokenLifetime: 456 }); const validated = await handler.validateScope(user, client, scope); - validated.should.equal(scope); + validated.should.eql(scope); }); it('accepts the scope, if the model accepts it', async function () { - const scope = 'some,scope,this,that'; + const scope = ['some,scope,this,that']; const user = { id: 123 }; const client = { id: 456 }; @@ -184,14 +184,14 @@ describe('AbstractGrantType integration', function() { // make sure the model received the correct args _user.should.deep.equal(user); _client.should.deep.equal(_client); - _scope.should.equal(scope); + _scope.should.eql(scope); return scope; } }; const handler = new AbstractGrantType({ accessTokenLifetime: 123, model, refreshTokenLifetime: 456 }); const validated = await handler.validateScope(user, client, scope); - validated.should.equal(scope); + validated.should.eql(scope); }); it('throws if the model rejects the scope', async function () { diff --git a/test/integration/grant-types/authorization-code-grant-type_test.js b/test/integration/grant-types/authorization-code-grant-type_test.js index f4598bde..d705f397 100644 --- a/test/integration/grant-types/authorization-code-grant-type_test.js +++ b/test/integration/grant-types/authorization-code-grant-type_test.js @@ -88,7 +88,7 @@ describe('AuthorizationCodeGrantType integration', function() { e.message.should.equal('Missing parameter: `request`'); } }); - + it('should throw an error if `client` is invalid (not in code)', async function() { const client = { id: 1234 }; const model = { @@ -131,7 +131,7 @@ describe('AuthorizationCodeGrantType integration', function() { it('should return a token', async function() { const client = { id: 'foobar' }; - const scope = 'fooscope'; + const scope = ['fooscope']; const user = { name: 'foouser' }; const codeDoc = { authorizationCode: 12345, @@ -153,19 +153,19 @@ describe('AuthorizationCodeGrantType integration', function() { validateScope: async function (_user, _client, _scope) { _user.should.deep.equal(user); _client.should.deep.equal(client); - _scope.should.equal(scope); + _scope.should.eql(scope); return scope; }, generateAccessToken: async function (_client, _user, _scope) { _user.should.deep.equal(user); _client.should.deep.equal(client); - _scope.should.equal(scope); + _scope.should.eql(scope); return 'long-access-token-hash'; }, generateRefreshToken: async function (_client, _user, _scope) { _user.should.deep.equal(user); _client.should.deep.equal(client); - _scope.should.equal(scope); + _scope.should.eql(scope); return 'long-refresh-token-hash'; }, saveToken: async function (_token, _client, _user) { @@ -581,17 +581,17 @@ describe('AuthorizationCodeGrantType integration', function() { _token.accessTokenExpiresAt.should.be.instanceOf(Date); _token.refreshTokenExpiresAt.should.be.instanceOf(Date); _token.refreshToken.should.be.a.sha256(); - _token.scope.should.equal('foo'); + _token.scope.should.eql(['foo']); (_token.authorizationCode === undefined).should.equal(true); _user.should.equal('fallback'); _client.should.equal('fallback'); return token; }, - validateScope: function(_user= 'fallback', _client= 'fallback', _scope = 'fallback') { + validateScope: function(_user= 'fallback', _client= 'fallback', _scope = ['fallback']) { _user.should.equal('fallback'); _client.should.equal('fallback'); - _scope.should.equal('fallback'); - return 'foo'; + _scope.should.eql(['fallback']); + return ['foo']; } }; const grantType = new AuthorizationCodeGrantType({ accessTokenLifetime: 123, model: model }); diff --git a/test/integration/grant-types/client-credentials-grant-type_test.js b/test/integration/grant-types/client-credentials-grant-type_test.js index a21b1a13..97d10055 100644 --- a/test/integration/grant-types/client-credentials-grant-type_test.js +++ b/test/integration/grant-types/client-credentials-grant-type_test.js @@ -94,7 +94,7 @@ describe('ClientCredentialsGrantType integration', function() { const token = {}; const client = { foo: 'bar' }; const user = { name: 'foo' }; - const scope = 'fooscope'; + const scope = ['fooscope']; const model = { getUserFromClient: async function(_client) { @@ -106,24 +106,24 @@ describe('ClientCredentialsGrantType integration', function() { _user.should.deep.equal(user); _token.accessToken.should.equal('long-access-token-hash'); _token.accessTokenExpiresAt.should.be.instanceOf(Date); - _token.scope.should.equal(scope); + _token.scope.should.eql(scope); return token; }, validateScope: async function (_user, _client, _scope) { _user.should.deep.equal(user); _client.should.deep.equal(client); - _scope.should.equal(scope); + _scope.should.eql(scope); return scope; }, generateAccessToken: async function (_client, _user, _scope) { _user.should.deep.equal(user); _client.should.deep.equal(client); - _scope.should.equal(scope); + _scope.should.eql(scope); return 'long-access-token-hash'; } }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); - const request = new Request({ body: { scope }, headers: {}, method: {}, query: {} }); + const request = new Request({ body: { scope: scope.join(' ') }, headers: {}, method: {}, query: {} }); const data = await grantType.handle(request, client); data.should.equal(token); @@ -218,7 +218,7 @@ describe('ClientCredentialsGrantType integration', function() { const model = { getUserFromClient: () => should.fail(), saveToken: function() { return token; }, - validateScope: function() { return 'foo'; } + validateScope: function() { return ['foo']; } }; const grantType = new ClientCredentialsGrantType({ accessTokenLifetime: 123, model: model }); const data = await grantType.saveToken(token); diff --git a/test/integration/grant-types/password-grant-type_test.js b/test/integration/grant-types/password-grant-type_test.js index df1db899..20d2ac4f 100644 --- a/test/integration/grant-types/password-grant-type_test.js +++ b/test/integration/grant-types/password-grant-type_test.js @@ -92,7 +92,7 @@ describe('PasswordGrantType integration', function() { it('should return a token', async function() { const client = { id: 'foobar' }; - const scope = 'baz'; + const scope = ['baz']; const token = {}; const user = { id: 123456, @@ -109,19 +109,19 @@ describe('PasswordGrantType integration', function() { validateScope: async function(_user, _client, _scope) { _client.should.equal(client); _user.should.equal(user); - _scope.should.equal(scope); + _scope.should.eql(scope); return scope; }, generateAccessToken: async function (_client, _user, _scope) { _client.should.equal(client); _user.should.equal(user); - _scope.should.equal(scope); + _scope.should.eql(scope); return 'long-access-token-hash'; }, generateRefreshToken: async function (_client, _user, _scope) { _client.should.equal(client); _user.should.equal(user); - _scope.should.equal(scope); + _scope.should.eql(scope); return 'long-refresh-token-hash'; }, saveToken: async function(_token, _client, _user) { @@ -313,14 +313,14 @@ describe('PasswordGrantType integration', function() { _token.accessTokenExpiresAt.should.be.instanceOf(Date); _token.refreshTokenExpiresAt.should.be.instanceOf(Date); _token.refreshToken.should.be.a.sha256(); - _token.scope.should.equal('foo'); + _token.scope.should.eql(['foo']); _client.should.equal('fallback'); _user.should.equal('fallback'); return token; }, - validateScope: async function(_scope = 'fallback') { - _scope.should.equal('fallback'); - return 'foo'; + validateScope: async function(_scope = ['fallback']) { + _scope.should.eql(['fallback']); + return ['foo']; } }; const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); diff --git a/test/integration/grant-types/refresh-token-grant-type_test.js b/test/integration/grant-types/refresh-token-grant-type_test.js index 316b8064..0619fefd 100644 --- a/test/integration/grant-types/refresh-token-grant-type_test.js +++ b/test/integration/grant-types/refresh-token-grant-type_test.js @@ -116,7 +116,7 @@ describe('RefreshTokenGrantType integration', function() { accessToken: 'foo', client: { id: 123 }, user: { name: 'foo' }, - scope: 'read write', + scope: ['read', 'write'], refreshTokenExpiresAt: new Date( new Date() * 2) }; const model = { @@ -131,13 +131,13 @@ describe('RefreshTokenGrantType integration', function() { generateAccessToken: async function (_client, _user, _scope) { _user.should.deep.equal({ name: 'foo' }); _client.should.deep.equal({ id: 123 }); - _scope.should.equal('read write'); + _scope.should.eql(['read', 'write']); return 'new-access-token'; }, generateRefreshToken: async function (_client, _user, _scope) { _user.should.deep.equal({ name: 'foo' }); _client.should.deep.equal({ id: 123 }); - _scope.should.equal('read write'); + _scope.should.eql(['read', 'write']); return 'new-refresh-token'; }, saveToken: async function(_token, _client, _user) { @@ -506,7 +506,7 @@ describe('RefreshTokenGrantType integration', function() { saveToken: async function(_token, _client, _user) { _user.should.deep.equal(user); _client.should.deep.equal(client); - _token.scope.should.deep.equal(scope); + _token.scope.should.deep.eql(scope); _token.accessToken.should.be.a.sha256(); _token.refreshToken.should.be.a.sha256(); _token.accessTokenExpiresAt.should.be.instanceOf(Date); diff --git a/test/integration/handlers/authenticate-handler_test.js b/test/integration/handlers/authenticate-handler_test.js index 712dd7cd..52355550 100644 --- a/test/integration/handlers/authenticate-handler_test.js +++ b/test/integration/handlers/authenticate-handler_test.js @@ -46,7 +46,7 @@ describe('AuthenticateHandler integration', function() { it('should throw an error if `scope` was given and `addAcceptedScopesHeader()` is missing', function() { try { - new AuthenticateHandler({ model: { getAccessToken: function() {} }, scope: 'foobar' }); + new AuthenticateHandler({ model: { getAccessToken: function() {} }, scope: ['foobar'] }); should.fail(); } catch (e) { @@ -57,7 +57,7 @@ describe('AuthenticateHandler integration', function() { it('should throw an error if `scope` was given and `addAuthorizedScopesHeader()` is missing', function() { try { - new AuthenticateHandler({ addAcceptedScopesHeader: true, model: { getAccessToken: function() {} }, scope: 'foobar' }); + new AuthenticateHandler({ addAcceptedScopesHeader: true, model: { getAccessToken: function() {} }, scope: ['foobar'] }); should.fail(); } catch (e) { @@ -68,7 +68,7 @@ describe('AuthenticateHandler integration', function() { it('should throw an error if `scope` was given and the model does not implement `verifyScope()`', function() { try { - new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: { getAccessToken: function() {} }, scope: 'foobar' }); + new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: { getAccessToken: function() {} }, scope: ['foobar'] }); should.fail(); } catch (e) { @@ -93,10 +93,10 @@ describe('AuthenticateHandler integration', function() { addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, - scope: 'foobar' + scope: ['foobar'] }); - grantType.scope.should.equal('foobar'); + grantType.scope.should.eql(['foobar']); }); }); @@ -254,7 +254,7 @@ describe('AuthenticateHandler integration', function() { return true; } }; - const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: 'foo' }); + const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: ['foo'] }); const request = new Request({ body: {}, headers: { 'Authorization': 'Bearer foo' }, @@ -522,9 +522,9 @@ describe('AuthenticateHandler integration', function() { return false; } }; - const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: 'foo' }); + const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: ['foo'] }); - return handler.verifyScope('foo') + return handler.verifyScope(['foo']) .then(should.fail) .catch(function(e) { e.should.be.an.instanceOf(InsufficientScopeError); @@ -539,9 +539,9 @@ describe('AuthenticateHandler integration', function() { return true; } }; - const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: 'foo' }); + const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: ['foo'] }); - handler.verifyScope('foo').should.be.an.instanceOf(Promise); + handler.verifyScope(['foo']).should.be.an.instanceOf(Promise); }); it('should support non-promises', function() { @@ -551,9 +551,9 @@ describe('AuthenticateHandler integration', function() { return true; } }; - const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: 'foo' }); + const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: ['foo'] }); - handler.verifyScope('foo').should.be.an.instanceOf(Promise); + handler.verifyScope(['foo']).should.be.an.instanceOf(Promise); }); }); @@ -566,7 +566,7 @@ describe('AuthenticateHandler integration', function() { const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: false, model: model }); const response = new Response({ body: {}, headers: {} }); - handler.updateResponse(response, { scope: 'foo biz' }); + handler.updateResponse(response, { scope: ['foo', 'biz'] }); response.headers.should.not.have.property('x-accepted-oauth-scopes'); }); @@ -576,10 +576,10 @@ describe('AuthenticateHandler integration', function() { getAccessToken: function() {}, verifyScope: function() {} }; - const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: false, model: model, scope: 'foo bar' }); + const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: false, model: model, scope: ['foo', 'bar'] }); const response = new Response({ body: {}, headers: {} }); - handler.updateResponse(response, { scope: 'foo biz' }); + handler.updateResponse(response, { scope: ['foo', 'biz'] }); response.get('X-Accepted-OAuth-Scopes').should.equal('foo bar'); }); @@ -592,7 +592,7 @@ describe('AuthenticateHandler integration', function() { const handler = new AuthenticateHandler({ addAcceptedScopesHeader: false, addAuthorizedScopesHeader: true, model: model }); const response = new Response({ body: {}, headers: {} }); - handler.updateResponse(response, { scope: 'foo biz' }); + handler.updateResponse(response, { scope: ['foo', 'biz'] }); response.headers.should.not.have.property('x-oauth-scopes'); }); @@ -602,10 +602,10 @@ describe('AuthenticateHandler integration', function() { getAccessToken: function() {}, verifyScope: function() {} }; - const handler = new AuthenticateHandler({ addAcceptedScopesHeader: false, addAuthorizedScopesHeader: true, model: model, scope: 'foo bar' }); + const handler = new AuthenticateHandler({ addAcceptedScopesHeader: false, addAuthorizedScopesHeader: true, model: model, scope: ['foo', 'bar'] }); const response = new Response({ body: {}, headers: {} }); - handler.updateResponse(response, { scope: 'foo biz' }); + handler.updateResponse(response, { scope: ['foo', 'biz'] }); response.get('X-OAuth-Scopes').should.equal('foo biz'); }); diff --git a/test/integration/handlers/authorize-handler_test.js b/test/integration/handlers/authorize-handler_test.js index 1e4a515d..fbc3a9c4 100644 --- a/test/integration/handlers/authorize-handler_test.js +++ b/test/integration/handlers/authorize-handler_test.js @@ -464,7 +464,7 @@ describe('AuthorizeHandler integration', function() { return { authorizationCode: 12345, client }; }, validateScope: async function(_user, _client, _scope) { - _scope.should.equal('read'); + _scope.should.eql(['read']); return false; } }; @@ -629,7 +629,7 @@ describe('AuthorizeHandler integration', function() { it('should return the `code` if successful (full model implementation)', async function () { const user = { name: 'fooUser' }; const state = 'fooobarstatebaz'; - const scope = 'read'; + const scope = ['read']; const client = { id: 'client-1322132131', grants: ['authorization_code'], @@ -655,19 +655,19 @@ describe('AuthorizeHandler integration', function() { }, verifyScope: async function (_tokenDoc, _scope) { _tokenDoc.should.equal(accessTokenDoc); - _scope.should.equal(accessTokenDoc.scope); + _scope.should.eql(accessTokenDoc.scope); return true; }, validateScope: async function (_user, _client, _scope) { _user.should.deep.equal(user); _client.should.deep.equal(client); - _scope.should.equal(scope); + _scope.should.eql(scope); return _scope; }, generateAuthorizationCode: async function (_client, _user, _scope) { _user.should.deep.equal(user); _client.should.deep.equal(client); - _scope.should.equal(scope); + _scope.should.eql(scope); return authorizationCode; }, saveAuthorizationCode: async function (code, _client, _user) { @@ -689,12 +689,12 @@ describe('AuthorizeHandler integration', function() { 'Authorization': `Bearer ${accessTokenDoc.accessToken}` }, method: {}, - query: { state, scope } + query: { state, scope: scope.join(' ') } }); const response = new Response({ body: {}, headers: {} }); const data = await handler.handle(request, response); - data.scope.should.equal(scope); + data.scope.should.eql(scope); data.client.should.deep.equal(client); data.user.should.deep.equal(user); data.expiresAt.should.be.instanceOf(Date); @@ -1096,7 +1096,7 @@ describe('AuthorizeHandler integration', function() { const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: { scope: 'foo' }, headers: {}, method: {}, query: {} }); - handler.getScope(request).should.equal('foo'); + handler.getScope(request).should.eql(['foo']); }); }); @@ -1110,7 +1110,7 @@ describe('AuthorizeHandler integration', function() { const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: { scope: 'foo' } }); - handler.getScope(request).should.equal('foo'); + handler.getScope(request).should.eql(['foo']); }); }); }); @@ -1421,7 +1421,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {code_challenge_method: 'S256'}, headers: {}, method: {}, query: {} }); const codeChallengeMethod = handler.getCodeChallengeMethod(request); @@ -1454,7 +1454,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); const codeChallengeMethod = handler.getCodeChallengeMethod(request); @@ -1469,7 +1469,7 @@ describe('AuthorizeHandler integration', function() { getClient: function() {}, saveAuthorizationCode: function() {} }; - const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); + const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model }); const request = new Request({ body: {code_challenge: 'challenge'}, headers: {}, method: {}, query: {} }); const codeChallengeMethod = handler.getCodeChallenge(request); diff --git a/test/integration/handlers/token-handler_test.js b/test/integration/handlers/token-handler_test.js index 4477c7b8..1c2db3b4 100644 --- a/test/integration/handlers/token-handler_test.js +++ b/test/integration/handlers/token-handler_test.js @@ -298,12 +298,12 @@ describe('TokenHandler integration', function() { }); it('should return a bearer token if successful', function() { - const token = { accessToken: 'foo', client: {}, refreshToken: 'bar', scope: 'foobar', user: {} }; + const token = { accessToken: 'foo', client: {}, refreshToken: 'bar', scope: ['foobar'], user: {} }; const model = { getClient: function() { return { grants: ['password'] }; }, getUser: function() { return {}; }, saveToken: function() { return token; }, - validateScope: function() { return 'baz'; } + validateScope: function() { return ['baz']; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); const request = new Request({ @@ -329,12 +329,12 @@ describe('TokenHandler integration', function() { }); it('should not return custom attributes in a bearer token if the allowExtendedTokenAttributes is not set', function() { - const token = { accessToken: 'foo', client: {}, refreshToken: 'bar', scope: 'foobar', user: {}, foo: 'bar' }; + const token = { accessToken: 'foo', client: {}, refreshToken: 'bar', scope: ['foobar'], user: {}, foo: 'bar' }; const model = { getClient: function() { return { grants: ['password'] }; }, getUser: function() { return {}; }, saveToken: function() { return token; }, - validateScope: function() { return 'baz'; } + validateScope: function() { return ['baz']; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); const request = new Request({ @@ -364,12 +364,12 @@ describe('TokenHandler integration', function() { }); it('should return custom attributes in a bearer token if the allowExtendedTokenAttributes is set', function() { - const token = { accessToken: 'foo', client: {}, refreshToken: 'bar', scope: 'foobar', user: {}, foo: 'bar' }; + const token = { accessToken: 'foo', client: {}, refreshToken: 'bar', scope: ['foobar'], user: {}, foo: 'bar' }; const model = { getClient: function() { return { grants: ['password'] }; }, getUser: function() { return {}; }, saveToken: function() { return token; }, - validateScope: function() { return 'baz'; } + validateScope: function() { return ['baz']; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120, allowExtendedTokenAttributes: true }); const request = new Request({ @@ -795,7 +795,7 @@ describe('TokenHandler integration', function() { getAuthorizationCode: function() { return { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() * 2), user: {} }; }, getClient: function() {}, saveToken: function() { return token; }, - validateScope: function() { return 'foo'; }, + validateScope: function() { return ['foo']; }, revokeAuthorizationCode: function() { return { authorizationCode: 12345, client: { id: 'foobar' }, expiresAt: new Date(new Date() / 2), user: {} }; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); @@ -834,7 +834,7 @@ describe('TokenHandler integration', function() { getAuthorizationCode: function() { return authorizationCode; }, getClient: function() {}, saveToken: function() { return token; }, - validateScope: function() { return 'foo'; }, + validateScope: function() { return ['foo']; }, revokeAuthorizationCode: function() { return authorizationCode; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); @@ -872,7 +872,7 @@ describe('TokenHandler integration', function() { getAuthorizationCode: function() { return authorizationCode; }, getClient: function() {}, saveToken: function() { return token; }, - validateScope: function() { return 'foo'; }, + validateScope: function() { return ['foo']; }, revokeAuthorizationCode: function() { return authorizationCode; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); @@ -910,7 +910,7 @@ describe('TokenHandler integration', function() { getAuthorizationCode: function() { return authorizationCode; }, getClient: function() {}, saveToken: function() { return token; }, - validateScope: function() { return 'foo'; }, + validateScope: function() { return ['foo']; }, revokeAuthorizationCode: function() { return authorizationCode; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); @@ -949,7 +949,7 @@ describe('TokenHandler integration', function() { getAuthorizationCode: function() { return authorizationCode; }, getClient: function() {}, saveToken: function() { return token; }, - validateScope: function() { return 'foo'; }, + validateScope: function() { return ['foo']; }, revokeAuthorizationCode: function() { return authorizationCode; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); @@ -984,7 +984,7 @@ describe('TokenHandler integration', function() { getAuthorizationCode: function() { return authorizationCode; }, getClient: function() {}, saveToken: function() { return token; }, - validateScope: function() { return 'foo'; }, + validateScope: function() { return ['foo']; }, revokeAuthorizationCode: function() { return authorizationCode; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); @@ -1016,7 +1016,7 @@ describe('TokenHandler integration', function() { getClient: function() {}, getUserFromClient: function() { return {}; }, saveToken: function() { return token; }, - validateScope: function() { return 'foo'; } + validateScope: function() { return ['foo']; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); const request = new Request({ @@ -1045,7 +1045,7 @@ describe('TokenHandler integration', function() { getClient: function() {}, getUser: function() { return {}; }, saveToken: function() { return token; }, - validateScope: function() { return 'baz'; } + validateScope: function() { return ['baz']; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); const request = new Request({ @@ -1107,7 +1107,7 @@ describe('TokenHandler integration', function() { getClient: function() {}, getUser: function() { return {}; }, saveToken: function() { return token; }, - validateScope: function() { return 'foo'; } + validateScope: function() { return ['foo']; } }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120, extendedGrantTypes: { 'urn:ietf:params:oauth:grant-type:saml2-bearer': PasswordGrantType } }); const request = new Request({ body: { grant_type: 'urn:ietf:params:oauth:grant-type:saml2-bearer', username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); @@ -1176,8 +1176,8 @@ describe('TokenHandler integration', function() { saveToken: function() {} }; const handler = new TokenHandler({ accessTokenLifetime: 120, model: model, refreshTokenLifetime: 120 }); - const tokenType = handler.getTokenType({ accessToken: 'foo', refreshToken: 'bar', scope: 'foobar' }); - tokenType.should.deep.include({ accessToken: 'foo', accessTokenLifetime: undefined, refreshToken: 'bar', scope: 'foobar' }); + const tokenType = handler.getTokenType({ accessToken: 'foo', refreshToken: 'bar', scope: ['foobar'] }); + tokenType.should.deep.include({ accessToken: 'foo', accessTokenLifetime: undefined, refreshToken: 'bar', scope: ['foobar'] }); }); }); diff --git a/test/integration/server_test.js b/test/integration/server_test.js index aad03356..7732bdc2 100644 --- a/test/integration/server_test.js +++ b/test/integration/server_test.js @@ -144,7 +144,7 @@ describe('Server integration', function() { saveToken: function() { return { accessToken: 1234, client: {}, user: {} }; }, - validateScope: function() { return 'foo'; } + validateScope: function() { return ['foo']; } }; const server = new Server({ model: model }); const request = new Request({ body: { client_id: 1234, client_secret: 'secret', grant_type: 'password', username: 'foo', password: 'pass', scope: 'foo' }, headers: { 'content-type': 'application/x-www-form-urlencoded', 'transfer-encoding': 'chunked' }, method: 'POST', query: {} }); diff --git a/test/unit/grant-types/authorization-code-grant-type_test.js b/test/unit/grant-types/authorization-code-grant-type_test.js index c3502bee..3ffe46ad 100644 --- a/test/unit/grant-types/authorization-code-grant-type_test.js +++ b/test/unit/grant-types/authorization-code-grant-type_test.js @@ -72,17 +72,17 @@ describe('AuthorizationCodeGrantType', function() { }; const handler = new AuthorizationCodeGrantType({ accessTokenLifetime: 120, model: model }); - sinon.stub(handler, 'validateScope').returns('foobiz'); + sinon.stub(handler, 'validateScope').returns(['foobiz']); sinon.stub(handler, 'generateAccessToken').returns(Promise.resolve('foo')); sinon.stub(handler, 'generateRefreshToken').returns(Promise.resolve('bar')); sinon.stub(handler, 'getAccessTokenExpiresAt').returns(Promise.resolve('biz')); sinon.stub(handler, 'getRefreshTokenExpiresAt').returns(Promise.resolve('baz')); - return handler.saveToken(user, client, 'foobar', 'foobiz') + return handler.saveToken(user, client, 'foobar', ['foobiz']) .then(function() { model.saveToken.callCount.should.equal(1); model.saveToken.firstCall.args.should.have.length(3); - model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', authorizationCode: 'foobar', accessTokenExpiresAt: 'biz', refreshToken: 'bar', refreshTokenExpiresAt: 'baz', scope: 'foobiz' }); + model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', authorizationCode: 'foobar', accessTokenExpiresAt: 'biz', refreshToken: 'bar', refreshTokenExpiresAt: 'baz', scope: ['foobiz'] }); model.saveToken.firstCall.args[1].should.equal(client); model.saveToken.firstCall.args[2].should.equal(user); model.saveToken.firstCall.thisValue.should.equal(model); diff --git a/test/unit/grant-types/client-credentials-grant-type_test.js b/test/unit/grant-types/client-credentials-grant-type_test.js index 3997823b..5e012b43 100644 --- a/test/unit/grant-types/client-credentials-grant-type_test.js +++ b/test/unit/grant-types/client-credentials-grant-type_test.js @@ -43,15 +43,15 @@ describe('ClientCredentialsGrantType', function() { }; const handler = new ClientCredentialsGrantType({ accessTokenLifetime: 120, model: model }); - sinon.stub(handler, 'validateScope').returns('foobar'); + sinon.stub(handler, 'validateScope').returns(['foobar']); sinon.stub(handler, 'generateAccessToken').returns('foo'); sinon.stub(handler, 'getAccessTokenExpiresAt').returns('biz'); - return handler.saveToken(user, client, 'foobar') + return handler.saveToken(user, client, ['foobar']) .then(function() { model.saveToken.callCount.should.equal(1); model.saveToken.firstCall.args.should.have.length(3); - model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', accessTokenExpiresAt: 'biz', scope: 'foobar' }); + model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', accessTokenExpiresAt: 'biz', scope: ['foobar'] }); model.saveToken.firstCall.args[1].should.equal(client); model.saveToken.firstCall.args[2].should.equal(user); model.saveToken.firstCall.thisValue.should.equal(model); diff --git a/test/unit/grant-types/password-grant-type_test.js b/test/unit/grant-types/password-grant-type_test.js index ceb2ad9d..f2411765 100644 --- a/test/unit/grant-types/password-grant-type_test.js +++ b/test/unit/grant-types/password-grant-type_test.js @@ -45,17 +45,17 @@ describe('PasswordGrantType', function() { }; const handler = new PasswordGrantType({ accessTokenLifetime: 120, model: model }); - sinon.stub(handler, 'validateScope').returns('foobar'); + sinon.stub(handler, 'validateScope').returns(['foobar']); sinon.stub(handler, 'generateAccessToken').returns('foo'); sinon.stub(handler, 'generateRefreshToken').returns('bar'); sinon.stub(handler, 'getAccessTokenExpiresAt').returns('biz'); sinon.stub(handler, 'getRefreshTokenExpiresAt').returns('baz'); - return handler.saveToken(user, client, 'foobar') + return handler.saveToken(user, client, ['foobar']) .then(function() { model.saveToken.callCount.should.equal(1); model.saveToken.firstCall.args.should.have.length(3); - model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', accessTokenExpiresAt: 'biz', refreshToken: 'bar', refreshTokenExpiresAt: 'baz', scope: 'foobar' }); + model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', accessTokenExpiresAt: 'biz', refreshToken: 'bar', refreshTokenExpiresAt: 'baz', scope: ['foobar'] }); model.saveToken.firstCall.args[1].should.equal(client); model.saveToken.firstCall.args[2].should.equal(user); model.saveToken.firstCall.thisValue.should.equal(model); diff --git a/test/unit/grant-types/refresh-token-grant-type_test.js b/test/unit/grant-types/refresh-token-grant-type_test.js index c91a37ed..8d2faee6 100644 --- a/test/unit/grant-types/refresh-token-grant-type_test.js +++ b/test/unit/grant-types/refresh-token-grant-type_test.js @@ -131,11 +131,11 @@ describe('RefreshTokenGrantType', function() { sinon.stub(handler, 'getAccessTokenExpiresAt').returns('biz'); sinon.stub(handler, 'getRefreshTokenExpiresAt').returns('baz'); - return handler.saveToken(user, client, 'foobar') + return handler.saveToken(user, client, ['foobar']) .then(function() { model.saveToken.callCount.should.equal(1); model.saveToken.firstCall.args.should.have.length(3); - model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', accessTokenExpiresAt: 'biz', refreshToken: 'bar', refreshTokenExpiresAt: 'baz', scope: 'foobar' }); + model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', accessTokenExpiresAt: 'biz', refreshToken: 'bar', refreshTokenExpiresAt: 'baz', scope: ['foobar'] }); model.saveToken.firstCall.args[1].should.equal(client); model.saveToken.firstCall.args[2].should.equal(user); model.saveToken.firstCall.thisValue.should.equal(model); @@ -158,11 +158,11 @@ describe('RefreshTokenGrantType', function() { sinon.stub(handler, 'getAccessTokenExpiresAt').returns('biz'); sinon.stub(handler, 'getRefreshTokenExpiresAt').returns('baz'); - return handler.saveToken(user, client, 'foobar') + return handler.saveToken(user, client, ['foobar']) .then(function() { model.saveToken.callCount.should.equal(1); model.saveToken.firstCall.args.should.have.length(3); - model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', accessTokenExpiresAt: 'biz', scope: 'foobar' }); + model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', accessTokenExpiresAt: 'biz', scope: ['foobar'] }); model.saveToken.firstCall.args[1].should.equal(client); model.saveToken.firstCall.args[2].should.equal(user); model.saveToken.firstCall.thisValue.should.equal(model); @@ -185,11 +185,11 @@ describe('RefreshTokenGrantType', function() { sinon.stub(handler, 'getAccessTokenExpiresAt').returns('biz'); sinon.stub(handler, 'getRefreshTokenExpiresAt').returns('baz'); - return handler.saveToken(user, client, 'foobar') + return handler.saveToken(user, client, ['foobar']) .then(function() { model.saveToken.callCount.should.equal(1); model.saveToken.firstCall.args.should.have.length(3); - model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', accessTokenExpiresAt: 'biz', refreshToken: 'bar', refreshTokenExpiresAt: 'baz', scope: 'foobar' }); + model.saveToken.firstCall.args[0].should.eql({ accessToken: 'foo', accessTokenExpiresAt: 'biz', refreshToken: 'bar', refreshTokenExpiresAt: 'baz', scope: ['foobar'] }); model.saveToken.firstCall.args[1].should.equal(client); model.saveToken.firstCall.args[2].should.equal(user); model.saveToken.firstCall.thisValue.should.equal(model); diff --git a/test/unit/handlers/authenticate-handler_test.js b/test/unit/handlers/authenticate-handler_test.js index ff0a924d..c8433057 100644 --- a/test/unit/handlers/authenticate-handler_test.js +++ b/test/unit/handlers/authenticate-handler_test.js @@ -166,13 +166,13 @@ describe('AuthenticateHandler', function() { getAccessToken: function() {}, verifyScope: sinon.stub().returns(true) }; - const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: 'bar' }); + const handler = new AuthenticateHandler({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, model: model, scope: ['bar'] }); - return handler.verifyScope('foo') + return handler.verifyScope(['foo']) .then(function() { model.verifyScope.callCount.should.equal(1); model.verifyScope.firstCall.args.should.have.length(2); - model.verifyScope.firstCall.args[0].should.equal('foo', 'bar'); + model.verifyScope.firstCall.args[0].should.eql(['foo'], ['bar']); model.verifyScope.firstCall.thisValue.should.equal(model); }) .catch(should.fail); diff --git a/test/unit/handlers/authorize-handler_test.js b/test/unit/handlers/authorize-handler_test.js index 91ab651e..078f82f8 100644 --- a/test/unit/handlers/authorize-handler_test.js +++ b/test/unit/handlers/authorize-handler_test.js @@ -86,11 +86,11 @@ describe('AuthorizeHandler', function() { }; const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); - return handler.saveAuthorizationCode('foo', 'bar', 'qux', 'biz', 'baz', 'boz') + return handler.saveAuthorizationCode('foo', 'bar', ['qux'], 'biz', 'baz', 'boz') .then(function() { model.saveAuthorizationCode.callCount.should.equal(1); model.saveAuthorizationCode.firstCall.args.should.have.length(3); - model.saveAuthorizationCode.firstCall.args[0].should.eql({ authorizationCode: 'foo', expiresAt: 'bar', redirectUri: 'baz', scope: 'qux' }); + model.saveAuthorizationCode.firstCall.args[0].should.eql({ authorizationCode: 'foo', expiresAt: 'bar', redirectUri: 'baz', scope: ['qux'] }); model.saveAuthorizationCode.firstCall.args[1].should.equal('biz'); model.saveAuthorizationCode.firstCall.args[2].should.equal('boz'); model.saveAuthorizationCode.firstCall.thisValue.should.equal(model); @@ -106,11 +106,11 @@ describe('AuthorizeHandler', function() { }; const handler = new AuthorizeHandler({ authorizationCodeLifetime: 120, model: model }); - return handler.saveAuthorizationCode('foo', 'bar', 'qux', 'biz', 'baz', 'boz', 'codeChallenge', 'codeChallengeMethod') + return handler.saveAuthorizationCode('foo', 'bar', ['qux'], 'biz', 'baz', 'boz', 'codeChallenge', 'codeChallengeMethod') .then(function() { model.saveAuthorizationCode.callCount.should.equal(1); model.saveAuthorizationCode.firstCall.args.should.have.length(3); - model.saveAuthorizationCode.firstCall.args[0].should.eql({ authorizationCode: 'foo', expiresAt: 'bar', redirectUri: 'baz', scope: 'qux', codeChallenge: 'codeChallenge', codeChallengeMethod: 'codeChallengeMethod' }); + model.saveAuthorizationCode.firstCall.args[0].should.eql({ authorizationCode: 'foo', expiresAt: 'bar', redirectUri: 'baz', scope: ['qux'], codeChallenge: 'codeChallenge', codeChallengeMethod: 'codeChallengeMethod' }); model.saveAuthorizationCode.firstCall.args[1].should.equal('biz'); model.saveAuthorizationCode.firstCall.args[2].should.equal('boz'); model.saveAuthorizationCode.firstCall.thisValue.should.equal(model); diff --git a/test/unit/server_test.js b/test/unit/server_test.js index df685213..fd7bd391 100644 --- a/test/unit/server_test.js +++ b/test/unit/server_test.js @@ -30,24 +30,6 @@ describe('Server', function() { AuthenticateHandler.prototype.handle.firstCall.args[0].should.equal('foo'); AuthenticateHandler.prototype.handle.restore(); }); - - it('should map string passed as `options` to `options.scope`', function() { - const model = { - getAccessToken: function() {}, - verifyScope: function() {} - }; - const server = new Server({ model: model }); - - sinon.stub(AuthenticateHandler.prototype, 'handle').returns(Promise.resolve()); - - server.authenticate('foo', 'bar', 'test'); - - AuthenticateHandler.prototype.handle.callCount.should.equal(1); - AuthenticateHandler.prototype.handle.firstCall.args[0].should.equal('foo'); - AuthenticateHandler.prototype.handle.firstCall.args[1].should.equal('bar'); - AuthenticateHandler.prototype.handle.firstCall.thisValue.should.have.property('scope', 'test'); - AuthenticateHandler.prototype.handle.restore(); - }); }); describe('authorize()', function() { From 22217513b24e52faebe75b315484d339e49b9428 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 9 Sep 2023 23:29:53 +0200 Subject: [PATCH 60/86] removed callbacks from docs --- README.md | 4 +-- docs/api/oauth2-server.rst | 18 ++-------- docs/docs/getting-started.rst | 2 +- docs/model/spec.rst | 65 ++++++++--------------------------- lib/server.js | 1 - 5 files changed, 21 insertions(+), 69 deletions(-) diff --git a/README.md b/README.md index b60607f8..d4e0cb2d 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ If you're using one of those frameworks it is strongly recommended to use the re ## Features - Supports `authorization_code`, `client_credentials`, `refresh_token` and `password` grant, as well as *extension grants*, with scopes. -- Can be used with *promises*, *Node-style callbacks*, *ES6 generators* and *async*/*await* (using [Babel](https://babeljs.io)). +- Can be used with *promises*, *ES6 generators* and *async*/*await* (using [Babel](https://babeljs.io)). - Fully [RFC 6749](https://tools.ietf.org/html/rfc6749.html) and [RFC 6750](https://tools.ietf.org/html/rfc6750.html) compliant. - Implicitly supports any form of storage, e.g. *PostgreSQL*, *MySQL*, *MongoDB*, *Redis*, etc. - Support for PKCE @@ -40,7 +40,7 @@ Please leave an issue if something is confusing or missing in the docs. ## Examples -Most users should refer to our [Express (active)](https://github.com/node-oauth/express-oauth-server) or +Most users should refer to our [Express (active)](https://github.com/node-oauth/express-oauth-server) or [Koa (not maintained by us)](https://github.com/oauthjs/koa-oauth-server/tree/master/examples) examples. More examples can be found here: https://github.com/14gasher/oauth-example diff --git a/docs/api/oauth2-server.rst b/docs/api/oauth2-server.rst index 9fcf8123..bdcf4ae6 100644 --- a/docs/api/oauth2-server.rst +++ b/docs/api/oauth2-server.rst @@ -57,7 +57,7 @@ Advanced example with additional options: .. _OAuth2Server#authenticate: -``authenticate(request, response, [options], [callback])`` +``authenticate(request, response, [options])`` ========================================================== Authenticates a request. @@ -81,8 +81,6 @@ Authenticates a request. +------------------------------------------------+-----------------+-----------------------------------------------------------------------+ | [options.allowBearerTokensInQueryString=false] | Boolean | Allow clients to pass bearer tokens in the query string of a request. | +------------------------------------------------+-----------------+-----------------------------------------------------------------------+ -| [callback=undefined] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+------------------------------------------------+-----------------+-----------------------------------------------------------------------+ **Return value:** @@ -94,8 +92,6 @@ Possible errors include but are not limited to: :doc:`/api/errors/unauthorized-request-error`: The protected resource request failed authentication. -The returned ``Promise`` **must** be ignored if ``callback`` is used. - **Remarks:** :: @@ -121,7 +117,7 @@ The returned ``Promise`` **must** be ignored if ``callback`` is used. .. _OAuth2Server#authorize: -``authorize(request, response, [options], [callback])`` +``authorize(request, response, [options])`` ======================================================= Authorizes a token request. @@ -145,8 +141,6 @@ Authorizes a token request. +-----------------------------------------+-----------------+-----------------------------------------------------------------------------+ | [options.authorizationCodeLifetime=300] | Number | Lifetime of generated authorization codes in seconds (default = 5 minutes). | +-----------------------------------------+-----------------+-----------------------------------------------------------------------------+ -| [callback=undefined] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+ **Return value:** @@ -158,8 +152,6 @@ Possible errors include but are not limited to: :doc:`/api/errors/access-denied-error` The resource owner denied the access request (i.e. ``request.query.allow`` was ``'false'``). -The returned ``Promise`` **must** be ignored if ``callback`` is used. - **Remarks:** If ``request.query.allowed`` equals the string ``'false'`` the access request is denied and the returned promise is rejected with an :doc:`/api/errors/access-denied-error`. @@ -211,7 +203,7 @@ When working with a session-based login mechanism, the handler can simply look l .. _OAuth2Server#token: -``token(request, response, [options], [callback])`` +``token(request, response, [options])`` =================================================== Retrieves a new token for an authorized token request. @@ -239,8 +231,6 @@ Retrieves a new token for an authorized token request. +----------------------------------------------+-----------------+-------------------------------------------------------------------------------------------+ | [options.extendedGrantTypes={}] | Object | Additional supported grant types. | +----------------------------------------------+-----------------+-------------------------------------------------------------------------------------------+ -| [callback=undefined] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+----------------------------------------------+-----------------+-------------------------------------------------------------------------------------------+ **Return value:** @@ -252,8 +242,6 @@ Possible errors include but are not limited to: :doc:`/api/errors/invalid-grant-error`: The access token request was invalid or not authorized. -The returned ``Promise`` **must** be ignored if ``callback`` is used. - **Remarks:** If ``options.allowExtendedTokenAttributes`` is ``true`` any additional properties set on the object returned from :ref:`Model#saveToken() ` are copied to the token response sent to the client. diff --git a/docs/docs/getting-started.rst b/docs/docs/getting-started.rst index ff2c1156..85bfd6e1 100644 --- a/docs/docs/getting-started.rst +++ b/docs/docs/getting-started.rst @@ -28,7 +28,7 @@ Features ======== - Supports :ref:`authorization code `, :ref:`client credentials `, :ref:`refresh token ` and :ref:`password ` grant, as well as :ref:`extension grants `, with scopes. -- Can be used with *promises*, *Node-style callbacks*, *ES6 generators* and *async*/*await* (using Babel_). +- Can be used with *promises*, *ES6 generators* and *async*/*await* (using Babel_). - Fully :rfc:`6749` and :rfc:`6750` compliant. - Implicitly supports any form of storage, e.g. *PostgreSQL*, *MySQL*, *MongoDB*, *Redis*, etc. - Complete `test suite`_. diff --git a/docs/model/spec.rst b/docs/model/spec.rst index 5b1695f3..c4f0dc11 100644 --- a/docs/model/spec.rst +++ b/docs/model/spec.rst @@ -2,7 +2,7 @@ Model Specification ===================== -Each model function supports *promises*, *Node-style callbacks*, *ES6 generators* and *async*/*await* (using Babel_). Note that promise support implies support for returning plain values where asynchronism is not required. +Each model function supports *promises*, *ES6 generators* and *async*/*await* (using Babel_). Note that promise support implies support for returning plain values where asynchronism is not required. .. _Babel: https://babeljs.io @@ -14,11 +14,6 @@ Each model function supports *promises*, *Node-style callbacks*, *ES6 generators return new Promise('works!'); }, - // Or, calling a Node-style callback. - getAuthorizationCode: function(done) { - done(null, 'works!'); - }, - // Or, using generators. getClient: function*() { yield somethingAsync(); @@ -66,8 +61,6 @@ This model function is **optional**. If not implemented, a default handler is us +------------+----------+---------------------------------------------------------------------+ | scope | String[] | The scopes associated with the access token. Can be ``null``. | +------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -109,8 +102,6 @@ This model function is **optional**. If not implemented, a default handler is us +------------+----------+---------------------------------------------------------------------+ | scope | String[] | The scopes associated with the refresh token. Can be ``null``. | +------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -128,7 +119,7 @@ A ``String`` to be used as refresh token. .. _Model#generateAuthorizationCode: -``generateAuthorizationCode(client, user, scope, [callback])`` +``generateAuthorizationCode(client, user, scope)`` ========================================= Invoked to generate a new authorization code. @@ -150,8 +141,6 @@ This model function is **optional**. If not implemented, a default handler is us +------------+----------+---------------------------------------------------------------------+ | scope | String[] | The scopes associated with the authorization code. Can be ``null``. | +------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -163,7 +152,7 @@ A ``String`` to be used as authorization code. .. _Model#getAccessToken: -``getAccessToken(accessToken, [callback])`` +``getAccessToken(accessToken)`` =========================================== Invoked to retrieve an existing access token previously saved through :ref:`Model#saveToken() `. @@ -181,8 +170,6 @@ This model function is **required** if :ref:`OAuth2Server#authenticate() `. @@ -255,8 +242,6 @@ This model function is **required** if the ``refresh_token`` grant is used. +==============+==========+=====================================================================+ | refreshToken | String | The access token to retrieve. | +--------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+--------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -311,7 +296,7 @@ An ``Object`` representing the refresh token and associated data. .. _Model#getAuthorizationCode: -``getAuthorizationCode(authorizationCode, [callback])`` +``getAuthorizationCode(authorizationCode)`` ======================================================= Invoked to retrieve an existing authorization code previously saved through :ref:`Model#saveAuthorizationCode() `. @@ -329,8 +314,6 @@ This model function is **required** if the ``authorization_code`` grant is used. +===================+==========+=====================================================================+ | authorizationCode | String | The authorization code to retrieve. | +-------------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+-------------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -388,7 +371,7 @@ An ``Object`` representing the authorization code and associated data. .. _Model#getClient: -``getClient(clientId, clientSecret, [callback])`` +``getClient(clientId, clientSecret)`` ================================================= Invoked to retrieve a client using a client id or a client id/client secret combination, depending on the grant type. @@ -411,8 +394,6 @@ This model function is **required** for all grant types. +--------------+----------+---------------------------------------------------------------------+ | clientSecret | String | The client secret of the client to retrieve. Can be ``null``. | +--------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+--------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -460,7 +441,7 @@ The return value (``client``) can carry additional properties that will be ignor .. _Model#getUser: -``getUser(username, password, [callback])`` +``getUser(username, password)`` =========================================== Invoked to retrieve a user using a username/password combination. @@ -480,8 +461,6 @@ This model function is **required** if the ``password`` grant is used. +------------+----------+---------------------------------------------------------------------+ | password | String | The user's password. | +------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -500,7 +479,7 @@ An ``Object`` representing the user, or a falsy value if no such user could be f .. _Model#getUserFromClient: -``getUserFromClient(client, [callback])`` +``getUserFromClient(client)`` ========================================= Invoked to retrieve the user associated with the specified client. @@ -520,8 +499,6 @@ This model function is **required** if the ``client_credentials`` grant is used. +------------+----------+---------------------------------------------------------------------+ | client.id | String | A unique string identifying the client. | +------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -542,7 +519,7 @@ An ``Object`` representing the user, or a falsy value if the client does not hav .. _Model#saveToken: -``saveToken(token, client, user, [callback])`` +``saveToken(token, client, user)`` ============================================== Invoked to save an access token and optionally a refresh token, depending on the grant type. @@ -577,8 +554,6 @@ This model function is **required** for all grant types. +-------------------------------+----------+---------------------------------------------------------------------+ | user | Object | The user associated with the token(s). | +-------------------------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+-------------------------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -650,7 +625,7 @@ If the ``allowExtendedTokenAttributes`` server option is enabled (see :ref:`OAut .. _Model#saveAuthorizationCode: -``saveAuthorizationCode(code, client, user, [callback])`` +``saveAuthorizationCode(code, client, user)`` ========================================================= Invoked to save an authorization code. @@ -680,8 +655,6 @@ This model function is **required** if the ``authorization_code`` grant is used. +------------------------+----------+---------------------------------------------------------------------+ | user | Object | The user associated with the authorization code. | +------------------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+------------------------+----------+---------------------------------------------------------------------+ .. todo:: Is ``code.scope`` really optional? @@ -742,7 +715,7 @@ An ``Object`` representing the authorization code and associated data. .. _Model#revokeToken: -``revokeToken(token, [callback])`` +``revokeToken(token)`` ================================== Invoked to revoke a refresh token. @@ -772,8 +745,6 @@ This model function is **required** if the ``refresh_token`` grant is used. +-------------------------------+----------+---------------------------------------------------------------------+ | token.user | Object | The user associated with the refresh token. | +-------------------------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+-------------------------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -797,7 +768,7 @@ Return ``true`` if the revocation was successful or ``false`` if the refresh tok .. _Model#revokeAuthorizationCode: -``revokeAuthorizationCode(code, [callback])`` +``revokeAuthorizationCode(code)`` ============================================= Invoked to revoke an authorization code. @@ -829,8 +800,6 @@ This model function is **required** if the ``authorization_code`` grant is used. +--------------------+----------+---------------------------------------------------------------------+ | code.user | Object | The user associated with the authorization code. | +--------------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+--------------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -854,7 +823,7 @@ Return ``true`` if the revocation was successful or ``false`` if the authorizati .. _Model#validateScope: -``validateScope(user, client, scope, [callback])`` +``validateScope(user, client, scope)`` ================================================== Invoked to check if the requested ``scope`` is valid for a particular ``client``/``user`` combination. @@ -880,8 +849,6 @@ This model function is **optional**. If not implemented, any scope is accepted. +------------+----------+---------------------------------------------------------------------+ | scope | String[] | The scopes to validate. | +------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -924,7 +891,7 @@ To accept partially valid scopes: .. _Model#verifyScope: -``verifyScope(accessToken, scope, [callback])`` +``verifyScope(accessToken, scope)`` =============================================== Invoked during request authentication to check if the provided access token was authorized the requested scopes. @@ -956,8 +923,6 @@ This model function is **required** if scopes are used with :ref:`OAuth2Server#a +------------------------------+----------+---------------------------------------------------------------------+ | scope | String[] | The required scopes. | +------------------------------+----------+---------------------------------------------------------------------+ -| [callback] | Function | Node-style callback to be used instead of the returned ``Promise``. | -+------------------------------+----------+---------------------------------------------------------------------+ **Return value:** @@ -983,7 +948,7 @@ Returns ``true`` if the access token passes, ``false`` otherwise. .. _Model#validateRedirectUri: -``validateRedirectUri(redirectUri, client, [callback])`` +``validateRedirectUri(redirectUri, client)`` ================================================================ Invoked to check if the provided ``redirectUri`` is valid for a particular ``client``. diff --git a/lib/server.js b/lib/server.js index 656ad306..a2e31878 100644 --- a/lib/server.js +++ b/lib/server.js @@ -26,7 +26,6 @@ class OAuth2Server { /** * Authenticate a token. - * Note, that callback will soon be deprecated! */ authenticate (request, response, options) { From 716b52e7d7751e03366af4b318dd7fec8065bf46 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sun, 10 Sep 2023 08:40:17 +0200 Subject: [PATCH 61/86] forgot a single scope --- test/integration/grant-types/abstract-grant-type_test.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/grant-types/abstract-grant-type_test.js b/test/integration/grant-types/abstract-grant-type_test.js index 4d3e6d19..d48c1ee0 100644 --- a/test/integration/grant-types/abstract-grant-type_test.js +++ b/test/integration/grant-types/abstract-grant-type_test.js @@ -195,7 +195,7 @@ describe('AbstractGrantType integration', function() { }); it('throws if the model rejects the scope', async function () { - const scope = 'some,scope,this,that'; + const scope = ['some,scope,this,that']; const user = { id: 123 }; const client = { id: 456 }; const returnTypes = [undefined, null, false, 0, '']; @@ -206,7 +206,7 @@ describe('AbstractGrantType integration', function() { // make sure the model received the correct args _user.should.deep.equal(user); _client.should.deep.equal(_client); - _scope.should.equal(scope); + _scope.should.eql(scope); return type; } From 3e3010785c9f494f549ad3b7f9aaa6d7bdc4b51c Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 18 Sep 2023 16:27:41 +0200 Subject: [PATCH 62/86] release 5.0.0-rc,3 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 10a65c08..e167c96c 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@node-oauth/oauth2-server", "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", - "version": "5.0.0-rc.2", + "version": "5.0.0-rc.3", "keywords": [ "oauth", "oauth2" From 0d4e5f36c62714fbee277c0314cc3f0c81f33308 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Wed, 27 Sep 2023 22:34:04 +0200 Subject: [PATCH 63/86] added extra test for coverage --- .../refresh-token-grant-type_test.js | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/test/compliance/refresh-token-grant-type_test.js b/test/compliance/refresh-token-grant-type_test.js index 8c0e4982..09427855 100644 --- a/test/compliance/refresh-token-grant-type_test.js +++ b/test/compliance/refresh-token-grant-type_test.js @@ -186,6 +186,26 @@ describe('RefreshTokenGrantType Compliance', function () { }); }); + it('Should throw error if a scope is requested without a previous scope', async function () { + const request = createLoginRequest(); + const response = new Response({}); + + delete request.body.scope; + + const credentials = await auth.token(request, response, {}); + + const refreshRequest = createRefreshRequest(credentials.refreshToken); + const refreshResponse = new Response({}); + + refreshRequest.scope = 'read write'; + + await auth.token(refreshRequest, refreshResponse, {}) + .then(should.fail) + .catch(err => { + err.name.should.equal('invalid_scope'); + }); + }); + it('Should create refresh token with smaller scope', async function () { const request = createLoginRequest(); const response = new Response({}); From 6d7a990c907dff4794fc5c6e0cd34c8eb01d762b Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Thu, 28 Sep 2023 09:57:44 +0200 Subject: [PATCH 64/86] remove invalid bearer token that was used in test --- test/integration/handlers/authorize-handler_test.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/integration/handlers/authorize-handler_test.js b/test/integration/handlers/authorize-handler_test.js index fbc3a9c4..8bc3ae09 100644 --- a/test/integration/handlers/authorize-handler_test.js +++ b/test/integration/handlers/authorize-handler_test.js @@ -635,9 +635,9 @@ describe('AuthorizeHandler integration', function() { grants: ['authorization_code'], redirectUris: ['http://example.com/cb'] }; - const authorizationCode = 'long-authz-code-?'; + const authorizationCode = 'long-authz-code'; const accessTokenDoc = { - accessToken: 'some-access-token-code-?', + accessToken: 'some-access-token-code', client, user, scope, @@ -703,7 +703,7 @@ describe('AuthorizeHandler integration', function() { response .get('location') .should - .equal('http://example.com/cb?code=long-authz-code-%3F&state=fooobarstatebaz'); + .equal('http://example.com/cb?code=long-authz-code&state=fooobarstatebaz'); }); it('should support a custom `authenticateHandler`', async function () { From 1c409269c71e70449b7f79c45cb77a9687bfe15b Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Fri, 29 Sep 2023 08:54:34 +0200 Subject: [PATCH 65/86] publish 5.0.0-rc.4 --- package.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index e167c96c..8e8364e5 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@node-oauth/oauth2-server", "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", - "version": "5.0.0-rc.3", + "version": "5.0.0-rc.4", "keywords": [ "oauth", "oauth2" @@ -22,7 +22,8 @@ "files": [ "index.js", "index.d.ts", - "lib" + "lib", + "CHANGELOG.md" ], "dependencies": { "@node-oauth/formats": "1.0.0", From da3dc541211f75675bc34ae8fece79def6e82643 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Sat, 7 Oct 2023 13:29:10 +0200 Subject: [PATCH 66/86] fix typing of revokeToken --- index.d.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.d.ts b/index.d.ts index d48f6c0d..48d32426 100644 --- a/index.d.ts +++ b/index.d.ts @@ -360,7 +360,7 @@ declare namespace OAuth2Server { * Invoked to revoke a refresh token. * */ - revokeToken(token: RefreshToken | Token): Promise; + revokeToken(token: RefreshToken): Promise; } interface ClientCredentialsModel extends BaseModel, RequestAuthenticationModel { From d41585b1fd9aea5a3f5ee06713bcd2455ab8f51f Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Wed, 25 Oct 2023 17:04:26 +0200 Subject: [PATCH 67/86] pass client to model function --- docs/model/spec.rst | 18 +++++++------- index.d.ts | 2 +- lib/grant-types/password-grant-type.js | 6 ++--- .../grant-types/password-grant-type_test.js | 24 ++++++++++++------- .../grant-types/password-grant-type_test.js | 5 ++-- 5 files changed, 33 insertions(+), 22 deletions(-) diff --git a/docs/model/spec.rst b/docs/model/spec.rst index c4f0dc11..87344641 100644 --- a/docs/model/spec.rst +++ b/docs/model/spec.rst @@ -441,7 +441,7 @@ The return value (``client``) can carry additional properties that will be ignor .. _Model#getUser: -``getUser(username, password)`` +``getUser(username, password, client)`` =========================================== Invoked to retrieve a user using a username/password combination. @@ -454,13 +454,15 @@ This model function is **required** if the ``password`` grant is used. **Arguments:** -+------------+----------+---------------------------------------------------------------------+ -| Name | Type | Description | -+============+==========+=====================================================================+ -| username | String | The username of the user to retrieve. | -+------------+----------+---------------------------------------------------------------------+ -| password | String | The user's password. | -+------------+----------+---------------------------------------------------------------------+ ++-------------------+----------+---------------------------------------------------------------------+ +| Name | Type | Description | ++===================+==========+=====================================================================+ +| username | String | The username of the user to retrieve. | ++-------------------+----------+---------------------------------------------------------------------+ +| password | String | The user's password. | ++-------------------+----------+---------------------------------------------------------------------+ +| client (optional) | Client | The user's password. | ++-------------------+----------+---------------------------------------------------------------------+ **Return value:** diff --git a/index.d.ts b/index.d.ts index 48d32426..5cd73d9c 100644 --- a/index.d.ts +++ b/index.d.ts @@ -334,7 +334,7 @@ declare namespace OAuth2Server { * Invoked to retrieve a user using a username/password combination. * */ - getUser(username: string, password: string): Promise; + getUser(username: string, password: string, client: Client): Promise; /** * Invoked to check if the requested scope is valid for a particular client/user combination. diff --git a/lib/grant-types/password-grant-type.js b/lib/grant-types/password-grant-type.js index d8c3f059..b09e4993 100644 --- a/lib/grant-types/password-grant-type.js +++ b/lib/grant-types/password-grant-type.js @@ -47,7 +47,7 @@ class PasswordGrantType extends AbstractGrantType { } const scope = this.getScope(request); - const user = await this.getUser(request); + const user = await this.getUser(request, client); return this.saveToken(user, client, scope); } @@ -56,7 +56,7 @@ class PasswordGrantType extends AbstractGrantType { * Get user using a username/password combination. */ - async getUser(request) { + async getUser(request, client) { if (!request.body.username) { throw new InvalidRequestError('Missing parameter: `username`'); } @@ -73,7 +73,7 @@ class PasswordGrantType extends AbstractGrantType { throw new InvalidRequestError('Invalid parameter: `password`'); } - const user = await this.model.getUser(request.body.username, request.body.password); + const user = await this.model.getUser(request.body.username, request.body.password, client); if (!user) { throw new InvalidGrantError('Invalid grant: user credentials are invalid'); diff --git a/test/integration/grant-types/password-grant-type_test.js b/test/integration/grant-types/password-grant-type_test.js index 20d2ac4f..ef9b2f16 100644 --- a/test/integration/grant-types/password-grant-type_test.js +++ b/test/integration/grant-types/password-grant-type_test.js @@ -177,11 +177,12 @@ describe('PasswordGrantType integration', function() { getUser: () => should.fail(), saveToken: () => should.fail() }; + const client = { id: 'foobar' }; const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: {}, headers: {}, method: {}, query: {} }); try { - await grantType.getUser(request); + await grantType.getUser(request, client); should.fail(); } catch (e) { @@ -195,11 +196,12 @@ describe('PasswordGrantType integration', function() { getUser: () => should.fail(), saveToken: () => should.fail() }; + const client = { id: 'foobar' }; const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo' }, headers: {}, method: {}, query: {} }); try { - await grantType.getUser(request); + await grantType.getUser(request, client); should.fail(); } catch (e) { @@ -213,11 +215,12 @@ describe('PasswordGrantType integration', function() { getUser: () => should.fail(), saveToken: () => should.fail() }; + const client = { id: 'foobar' }; const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: '\r\n', password: 'foobar' }, headers: {}, method: {}, query: {} }); try { - await grantType.getUser(request); + await grantType.getUser(request, client); should.fail(); } catch (e) { @@ -231,11 +234,12 @@ describe('PasswordGrantType integration', function() { getUser: () => should.fail(), saveToken: () => should.fail() }; + const client = { id: 'foobar' }; const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foobar', password: '\r\n' }, headers: {}, method: {}, query: {} }); try { - await grantType.getUser(request); + await grantType.getUser(request, client); should.fail(); } catch (e) { @@ -249,11 +253,12 @@ describe('PasswordGrantType integration', function() { getUser: async () => undefined, saveToken: () => should.fail() }; + const client = { id: 'foobar' }; const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); try { - await grantType.getUser(request); + await grantType.getUser(request, client); should.fail(); } catch (e) { e.should.be.an.instanceOf(InvalidGrantError); @@ -263,6 +268,7 @@ describe('PasswordGrantType integration', function() { it('should return a user', async function() { const user = { email: 'foo@bar.com' }; + const client = { id: 'foobar' }; const model = { getUser: function(username, password) { username.should.equal('foo'); @@ -274,12 +280,13 @@ describe('PasswordGrantType integration', function() { const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); - const data = await grantType.getUser(request); + const data = await grantType.getUser(request, client); data.should.equal(user); }); it('should support promises', function() { const user = { email: 'foo@bar.com' }; + const client = { id: 'foobar' }; const model = { getUser: async function() { return user; }, saveToken: () => should.fail() @@ -287,11 +294,12 @@ describe('PasswordGrantType integration', function() { const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); - grantType.getUser(request).should.be.an.instanceOf(Promise); + grantType.getUser(request, client).should.be.an.instanceOf(Promise); }); it('should support non-promises', function() { const user = { email: 'foo@bar.com' }; + const client = { id: 'foobar' }; const model = { getUser: function() { return user; }, saveToken: () => should.fail() @@ -299,7 +307,7 @@ describe('PasswordGrantType integration', function() { const grantType = new PasswordGrantType({ accessTokenLifetime: 123, model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); - grantType.getUser(request).should.be.an.instanceOf(Promise); + grantType.getUser(request, client).should.be.an.instanceOf(Promise); }); }); diff --git a/test/unit/grant-types/password-grant-type_test.js b/test/unit/grant-types/password-grant-type_test.js index f2411765..63f43933 100644 --- a/test/unit/grant-types/password-grant-type_test.js +++ b/test/unit/grant-types/password-grant-type_test.js @@ -20,13 +20,14 @@ describe('PasswordGrantType', function() { getUser: sinon.stub().returns(true), saveToken: function() {} }; + const client = { id: 'foobar' }; const handler = new PasswordGrantType({ accessTokenLifetime: 120, model: model }); const request = new Request({ body: { username: 'foo', password: 'bar' }, headers: {}, method: {}, query: {} }); - return handler.getUser(request) + return handler.getUser(request, client) .then(function() { model.getUser.callCount.should.equal(1); - model.getUser.firstCall.args.should.have.length(2); + model.getUser.firstCall.args.should.have.length(3); model.getUser.firstCall.args[0].should.equal('foo'); model.getUser.firstCall.args[1].should.equal('bar'); model.getUser.firstCall.thisValue.should.equal(model); From d01219331c8d17c9154d76b897ad1c65ec932912 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Thu, 26 Oct 2023 10:00:36 +0200 Subject: [PATCH 68/86] fixed typo --- docs/model/spec.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/model/spec.rst b/docs/model/spec.rst index 87344641..665f4eee 100644 --- a/docs/model/spec.rst +++ b/docs/model/spec.rst @@ -461,7 +461,7 @@ This model function is **required** if the ``password`` grant is used. +-------------------+----------+---------------------------------------------------------------------+ | password | String | The user's password. | +-------------------+----------+---------------------------------------------------------------------+ -| client (optional) | Client | The user's password. | +| client (optional) | Client | The client. | +-------------------+----------+---------------------------------------------------------------------+ **Return value:** From ca43d4aa08c8eea0b3715442c0de7dc7278f79a6 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Wed, 1 Nov 2023 08:46:39 +0100 Subject: [PATCH 69/86] fix(pkce): get code challenge and method from either body or query (redo #197) --- lib/handlers/authorize-handler.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index a02a5b9d..12ca72cf 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -367,7 +367,7 @@ class AuthorizeHandler { } getCodeChallenge (request) { - return request.body.code_challenge; + return request.body.code_challenge || request.query.code_challenge; } /** @@ -378,7 +378,7 @@ class AuthorizeHandler { * (see https://www.rfc-editor.org/rfc/rfc7636#section-4.4) */ getCodeChallengeMethod (request) { - const algorithm = request.body.code_challenge_method; + const algorithm = request.body.code_challenge_method || request.query.code_challenge_method; if (algorithm && !pkce.isValidMethod(algorithm)) { throw new InvalidRequestError(`Invalid request: transform algorithm '${algorithm}' not supported`); From eb9f12348ef001cac0950f2ddaeb7f111d68d34b Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Wed, 1 Nov 2023 08:54:20 +0100 Subject: [PATCH 70/86] build: publish release 5.0.0-rc.5 --- CHANGELOG.md | 10 +++++++++- package.json | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b7faf9f8..79ef175d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,13 +2,21 @@ ## 5.0.0 +This release contains several breaking changes. +Please carefully consult the documentation while updating. + - removed `bluebird` and `promisify-any` - uses native Promises and `async/await` everywhere - drop support for Node 14 (EOL), setting Node 16 as `engine` in `package.json` - this is a breaking change, because **it removes callback support** for `OAuthServer` and your model implementation. - fixed missing await in calling generateAuthorizationCode in AuthorizeHandler -- validate scope as an array of strings +- fix scope validation bug +- revoke code before validating redirect URI +- improved Bearer token validation +- validate scope as an array of strings (breaking change) +- model support for retrieving user based on client +- more tests added; test coverage improved ## 4.2.0 ### Fixed diff --git a/package.json b/package.json index 8e8364e5..a4169b88 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@node-oauth/oauth2-server", "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", - "version": "5.0.0-rc.4", + "version": "5.0.0-rc.5", "keywords": [ "oauth", "oauth2" From 7e2abeec689f8eadb6c28172704056649252ba2b Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 06:35:34 +0100 Subject: [PATCH 71/86] docs: add readthedocs v2 config file --- .readthedocs.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .readthedocs.yml diff --git a/.readthedocs.yml b/.readthedocs.yml new file mode 100644 index 00000000..d9ee7902 --- /dev/null +++ b/.readthedocs.yml @@ -0,0 +1,22 @@ +# .readthedocs.yaml +# Read the Docs configuration file +# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details + +# Required +version: 2 + +# Set the version of Python and other tools you might need +build: + os: ubuntu-22.04 + tools: + python: "3.11" + +# Build documentation in the docs/ directory with Sphinx +sphinx: + configuration: docs/conf.py + +# We recommend specifying your dependencies to enable reproducible builds: +# https://docs.readthedocs.io/en/stable/guides/reproducible-builds.html +# python: +# install: +# - requirements: docs/requirements.txt \ No newline at end of file From f3e243894652f3d9cb7c7766ca5de02366c94b3e Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 06:56:47 +0100 Subject: [PATCH 72/86] docs: sphinx conf updated to v2 compatible --- docs/conf.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/conf.py b/docs/conf.py index d9aae790..a621e906 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # -# oauth2-server documentation build configuration file, created by +# @node-oauth/oauth2-server documentation build configuration file, created by # sphinx-quickstart on Thu Nov 17 16:47:05 2016. # # This file is execfile()d with the current directory set to its containing dir. @@ -272,5 +272,5 @@ highlight_language = 'js' def setup(app): - app.add_stylesheet('custom.css') + app.add_css_file('custom.css') From 6d27e3fb36bc00d6df13440c79654d9780c39e17 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 08:25:55 +0100 Subject: [PATCH 73/86] docs: merged master docs into 5.0.0 --- docs/api/errors/access-denied-error.rst | 2 +- docs/api/errors/insufficient-scope-error.rst | 2 +- docs/api/errors/invalid-argument-error.rst | 2 +- docs/api/errors/invalid-client-error.rst | 2 +- docs/api/errors/invalid-grant-error.rst | 2 +- docs/api/errors/invalid-request-error.rst | 2 +- docs/api/errors/invalid-scope-error.rst | 2 +- docs/api/errors/invalid-token-error.rst | 2 +- docs/api/errors/oauth-error.rst | 2 +- docs/api/errors/server-error.rst | 2 +- docs/api/errors/unauthorized-client-error.rst | 2 +- .../api/errors/unauthorized-request-error.rst | 2 +- .../errors/unsupported-grant-type-error.rst | 2 +- .../unsupported-response-type-error.rst | 2 +- docs/api/oauth2-server.rst | 2 +- docs/api/request.rst | 4 +- docs/api/response.rst | 4 +- docs/index.rst | 17 ++- docs/misc/extension-grants.rst | 2 +- docs/misc/migrating-v2-to-v3.rst | 2 +- docs/misc/pkce.rst | 141 ++++++++++++++++++ docs/model/spec.rst | 16 +- docs/npm_conf.py | 6 +- 23 files changed, 186 insertions(+), 36 deletions(-) create mode 100644 docs/misc/pkce.rst diff --git a/docs/api/errors/access-denied-error.rst b/docs/api/errors/access-denied-error.rst index e561c5b0..11e61ec9 100644 --- a/docs/api/errors/access-denied-error.rst +++ b/docs/api/errors/access-denied-error.rst @@ -6,7 +6,7 @@ The resource owner or authorization server denied the request. See :rfc:`Section :: - const AccessDeniedError = require('oauth2-server/lib/errors/access-denied-error'); + const AccessDeniedError = require('@node-oauth/oauth2-server/lib/errors/access-denied-error'); -------- diff --git a/docs/api/errors/insufficient-scope-error.rst b/docs/api/errors/insufficient-scope-error.rst index be3539de..b19e2acb 100644 --- a/docs/api/errors/insufficient-scope-error.rst +++ b/docs/api/errors/insufficient-scope-error.rst @@ -6,7 +6,7 @@ The request requires higher privileges than provided by the access token. See :r :: - const InsufficientScopeError = require('oauth2-server/lib/errors/insufficient-scope-error'); + const InsufficientScopeError = require('@node-oauth/oauth2-server/lib/errors/insufficient-scope-error'); -------- diff --git a/docs/api/errors/invalid-argument-error.rst b/docs/api/errors/invalid-argument-error.rst index 650e1d9f..11b554eb 100644 --- a/docs/api/errors/invalid-argument-error.rst +++ b/docs/api/errors/invalid-argument-error.rst @@ -6,7 +6,7 @@ An invalid argument was encountered. :: - const InvalidArgumentError = require('oauth2-server/lib/errors/invalid-argument-error'); + const InvalidArgumentError = require('@node-oauth/oauth2-server/lib/errors/invalid-argument-error'); .. note:: This error indicates that the module is used incorrectly (i.e., there is a programming error) and should never be seen because of external errors (like invalid data sent by a client). diff --git a/docs/api/errors/invalid-client-error.rst b/docs/api/errors/invalid-client-error.rst index d25a4934..5ddd0a40 100644 --- a/docs/api/errors/invalid-client-error.rst +++ b/docs/api/errors/invalid-client-error.rst @@ -6,7 +6,7 @@ Client authentication failed (e.g., unknown client, no client authentication inc :: - const InvalidClientError = require('oauth2-server/lib/errors/invalid-client-error'); + const InvalidClientError = require('@node-oauth/oauth2-server/lib/errors/invalid-client-error'); -------- diff --git a/docs/api/errors/invalid-grant-error.rst b/docs/api/errors/invalid-grant-error.rst index 8f2a9ba2..79317149 100644 --- a/docs/api/errors/invalid-grant-error.rst +++ b/docs/api/errors/invalid-grant-error.rst @@ -6,7 +6,7 @@ The provided authorization grant (e.g., authorization code, resource owner crede :: - const InvalidGrantError = require('oauth2-server/lib/errors/invalid-grant-error'); + const InvalidGrantError = require('@node-oauth/oauth2-server/lib/errors/invalid-grant-error'); -------- diff --git a/docs/api/errors/invalid-request-error.rst b/docs/api/errors/invalid-request-error.rst index 119ab40e..bbb38c44 100644 --- a/docs/api/errors/invalid-request-error.rst +++ b/docs/api/errors/invalid-request-error.rst @@ -6,7 +6,7 @@ The request is missing a required parameter, includes an invalid parameter value :: - const InvalidRequestError = require('oauth2-server/lib/errors/invalid-request-error'); + const InvalidRequestError = require('@node-oauth/oauth2-server/lib/errors/invalid-request-error'); -------- diff --git a/docs/api/errors/invalid-scope-error.rst b/docs/api/errors/invalid-scope-error.rst index 801930f9..01c70d26 100644 --- a/docs/api/errors/invalid-scope-error.rst +++ b/docs/api/errors/invalid-scope-error.rst @@ -6,7 +6,7 @@ The requested scope is invalid, unknown, or malformed. See :rfc:`Section 4.1.2.1 :: - const InvalidScopeError = require('oauth2-server/lib/errors/invalid-scope-error'); + const InvalidScopeError = require('@node-oauth/oauth2-server/lib/errors/invalid-scope-error'); -------- diff --git a/docs/api/errors/invalid-token-error.rst b/docs/api/errors/invalid-token-error.rst index 21ffad8f..fc0da035 100644 --- a/docs/api/errors/invalid-token-error.rst +++ b/docs/api/errors/invalid-token-error.rst @@ -6,7 +6,7 @@ The access token provided is expired, revoked, malformed, or invalid for other r :: - const InvalidTokenError = require('oauth2-server/lib/errors/invalid-token-error'); + const InvalidTokenError = require('@node-oauth/oauth2-server/lib/errors/invalid-token-error'); -------- diff --git a/docs/api/errors/oauth-error.rst b/docs/api/errors/oauth-error.rst index c7f1d861..83be4659 100644 --- a/docs/api/errors/oauth-error.rst +++ b/docs/api/errors/oauth-error.rst @@ -6,7 +6,7 @@ Base class for all errors returned by this module. :: - const OAuthError = require('oauth2-server/lib/errors/oauth-error'); + const OAuthError = require('@node-oauth/oauth2-server/lib/errors/oauth-error'); -------- diff --git a/docs/api/errors/server-error.rst b/docs/api/errors/server-error.rst index 13f436ed..7a2dcf90 100644 --- a/docs/api/errors/server-error.rst +++ b/docs/api/errors/server-error.rst @@ -6,7 +6,7 @@ The authorization server encountered an unexpected condition that prevented it f :: - const ServerError = require('oauth2-server/lib/errors/server-error'); + const ServerError = require('@node-oauth/oauth2-server/lib/errors/server-error'); ``ServerError`` is used to wrap unknown exceptions encountered during request processing. diff --git a/docs/api/errors/unauthorized-client-error.rst b/docs/api/errors/unauthorized-client-error.rst index d04cb080..9d104cac 100644 --- a/docs/api/errors/unauthorized-client-error.rst +++ b/docs/api/errors/unauthorized-client-error.rst @@ -6,7 +6,7 @@ The authenticated client is not authorized to use this authorization grant type. :: - const UnauthorizedClientError = require('oauth2-server/lib/errors/unauthorized-client-error'); + const UnauthorizedClientError = require('@node-oauth/oauth2-server/lib/errors/unauthorized-client-error'); -------- diff --git a/docs/api/errors/unauthorized-request-error.rst b/docs/api/errors/unauthorized-request-error.rst index 495f5f8c..9ed24675 100644 --- a/docs/api/errors/unauthorized-request-error.rst +++ b/docs/api/errors/unauthorized-request-error.rst @@ -6,7 +6,7 @@ The request lacked any authentication information or the client attempted to use :: - const UnauthorizedRequestError = require('oauth2-server/lib/errors/unauthorized-request-error'); + const UnauthorizedRequestError = require('@node-oauth/oauth2-server/lib/errors/unauthorized-request-error'); According to :rfc:`Section 3.1 of RFC 6750 <6750#section-3.1>` you should just fail the request with ``401 Unauthorized`` and not send any error information in the body if this error occurs: diff --git a/docs/api/errors/unsupported-grant-type-error.rst b/docs/api/errors/unsupported-grant-type-error.rst index d2fe49f7..1e812ed7 100644 --- a/docs/api/errors/unsupported-grant-type-error.rst +++ b/docs/api/errors/unsupported-grant-type-error.rst @@ -6,7 +6,7 @@ The authorization grant type is not supported by the authorization server. See : :: - const UnsupportedGrantTypeError = require('oauth2-server/lib/errors/unsupported-grant-type-error'); + const UnsupportedGrantTypeError = require('@node-oauth/oauth2-server/lib/errors/unsupported-grant-type-error'); -------- diff --git a/docs/api/errors/unsupported-response-type-error.rst b/docs/api/errors/unsupported-response-type-error.rst index 28974eba..c9ee0fd3 100644 --- a/docs/api/errors/unsupported-response-type-error.rst +++ b/docs/api/errors/unsupported-response-type-error.rst @@ -6,7 +6,7 @@ The authorization server does not supported obtaining an authorization code usin :: - const UnsupportedResponseTypeError = require('oauth2-server/lib/errors/unsupported-response-type-error'); + const UnsupportedResponseTypeError = require('@node-oauth/oauth2-server/lib/errors/unsupported-response-type-error'); -------- diff --git a/docs/api/oauth2-server.rst b/docs/api/oauth2-server.rst index bdcf4ae6..2cb6cda4 100644 --- a/docs/api/oauth2-server.rst +++ b/docs/api/oauth2-server.rst @@ -6,7 +6,7 @@ Represents an OAuth2 server instance. :: - const OAuth2Server = require('oauth2-server'); + const OAuth2Server = require('@node-oauth/oauth2-server'); -------- diff --git a/docs/api/request.rst b/docs/api/request.rst index b8f8963a..7d5f4cad 100644 --- a/docs/api/request.rst +++ b/docs/api/request.rst @@ -6,7 +6,7 @@ Represents an incoming HTTP request. :: - const Request = require('oauth2-server').Request; + const Request = require('@node-oauth/oauth2-server').Request; -------- @@ -50,7 +50,7 @@ To convert `Express' request`_ to a ``Request`` simply pass ``req`` as ``options :: function(req, res, next) { - var request = new Request(req); + let request = new Request(req); // ... } diff --git a/docs/api/response.rst b/docs/api/response.rst index 48cc36dc..2c5d3326 100644 --- a/docs/api/response.rst +++ b/docs/api/response.rst @@ -6,7 +6,7 @@ Represents an outgoing HTTP response. :: - const Response = require('oauth2-server').Response; + const Response = require('@node-oauth/oauth2-server').Response; -------- @@ -46,7 +46,7 @@ To convert `Express' response`_ to a ``Response`` simply pass ``res`` as ``optio :: function(req, res, next) { - var response = new Response(res); + let response = new Response(res); // ... } diff --git a/docs/index.rst b/docs/index.rst index 4a7c3415..f88c4b47 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -1,13 +1,13 @@ -=============== - oauth2-server -=============== +========================== + @node-oauth/oauth2-server +========================== -oauth2-server_ is a complete, compliant and well tested module for implementing an OAuth2 server in Node.js_. The project is `hosted on GitHub`_ and the included test suite is automatically `run on Travis CI`_. +oauth2-server_ is a complete, compliant and well tested module for implementing an OAuth2 server in Node.js_. The project is `hosted on GitHub`_ and the included test suite is automatically `run on GitHub CI`_. -.. _oauth2-server: https://npmjs.org/package/oauth2-server +.. _oauth2-server: https://www.npmjs.com/package/@node-oauth/oauth2-server .. _Node.js: https://nodejs.org -.. _hosted on GitHub: https://github.com/oauthjs/node-oauth2-server -.. _run on Travis CI: https://travis-ci.org/oauthjs/node-oauth2-server +.. _hosted on GitHub: https://github.com/node-oauth/node-oauth2-server +.. _run on GitHub CI: https://github.com/node-oauth/node-oauth2-server/actions :ref:`installation` @@ -17,7 +17,7 @@ Example Usage :: - const OAuth2Server = require('oauth2-server'); + const OAuth2Server = require('@node-oauth/oauth2-server'); const Request = OAuth2Server.Request; const Response = OAuth2Server.Response; @@ -84,5 +84,6 @@ See the :doc:`/model/spec` of what is required from the model passed to :doc:`/a :hidden: misc/extension-grants + misc/pkce misc/migrating-v2-to-v3 diff --git a/docs/misc/extension-grants.rst b/docs/misc/extension-grants.rst index 1fbe55a2..4ce22bfd 100644 --- a/docs/misc/extension-grants.rst +++ b/docs/misc/extension-grants.rst @@ -6,7 +6,7 @@ Create a subclass of ``AbstractGrantType`` and create methods `handle` and `save .. code-block:: js - const OAuth2Server = require('oauth2-server'); + const OAuth2Server = require('@node-oauth/oauth2-server'); const AbstractGrantType = OAuth2Server.AbstractGrantType; const InvalidArgumentError = OAuth2Server.InvalidArgumentError; const InvalidRequestError = OAuth2Server.InvalidRequestError; diff --git a/docs/misc/migrating-v2-to-v3.rst b/docs/misc/migrating-v2-to-v3.rst index 9d03c8f2..8d1290c0 100644 --- a/docs/misc/migrating-v2-to-v3.rst +++ b/docs/misc/migrating-v2-to-v3.rst @@ -11,7 +11,7 @@ Middlewares The naming of the exposed middlewares has changed to match the OAuth2 _RFC_ more closely. Please refer to the table below: +-------------------+------------------------------------------------+ -| oauth2-server 2.x | oauth2-server 3.x | +| oauth2-server 2.x | @node-oauth/oauth2-server 3.x | +===================+================================================+ | authorise | authenticate | +-------------------+------------------------------------------------+ diff --git a/docs/misc/pkce.rst b/docs/misc/pkce.rst new file mode 100644 index 00000000..cb52f1e7 --- /dev/null +++ b/docs/misc/pkce.rst @@ -0,0 +1,141 @@ +================ + PKCE Support +================ + +Starting with release 4.3.0_ this library supports PKCE (Proof Key for Code Exchange by OAuth Public Clients) as +defined in :rfc:`7636`. + +.. _4.3.0: https://github.com/node-oauth/node-oauth2-server/releases/tag/v4.3.0 + +The PKCE integrates only with the :ref:`authorization code `. The abstract workflow looks like +the following: + +:: + + +-------------------+ + | Authz Server | + +--------+ | +---------------+ | + | |--(A)- Authorization Request ---->| | | + | | + t(code_verifier), t_m | | Authorization | | + | | | | Endpoint | | + | |<-(B)---- Authorization Code -----| | | + | | | +---------------+ | + | Client | | | + | | | +---------------+ | + | |--(C)-- Access Token Request ---->| | | + | | + code_verifier | | Token | | + | | | | Endpoint | | + | |<-(D)------ Access Token ---------| | | + +--------+ | +---------------+ | + +-------------------+ + + Figure 2: Abstract Protocol Flow + +See :rfc:`Section 1 of RFC 7636 <7636#section-1.1>`. + +1. Authorization request +======================== + +.. _PKCE#authorizationRequest: + + A. The client creates and records a secret named the "code_verifier" and derives a transformed version "t(code_verifier)" (referred to as the "code_challenge"), which is sent in the OAuth 2.0 Authorization Request along with the transformation method "t_m". + +The following shows an example of how a client could generate a `code_challenge`` and +``code_challenge_method`` for the authorizazion request. + +:: + + const base64URLEncode = str => str.toString('base64') + .replace(/\+/g, '-') + .replace(/\//g, '_') + .replace(/=/g, '') + + // This is the code_verifier, which is INITIALLY KEPT SECRET on the client + // and which is later passed as request param to the token endpoint. + // DO NOT SEND this with the authorization request! + const codeVerifier = base64URLEncode(crypto.randomBytes(32)) + + // This is the hashed version of the verifier, which is sent to the authorization endpoint. + // This is named t(code_verifier) in the above workflow + // Send this with the authorization request! + const codeChallenge = base64URLEncode(crypto.createHash('sha256').update(codeVerifier).digest()) + + // This is the name of the code challenge method + // This is named t_m in the above workflow + // Send this with the authorization request! + const codeChallengeMethod = 'S256' + + // add these to the request that is fired from the client + +In this project the authorize endpoint calls OAuth2Server.prototype.authorize which itself uses AuthorizeHandler. +If your Request body contains code_challenge and code_challenge_method then PKCE is active. + +:: + + const server = new OAuth2Server({ model }) + + // this could be added to express or other middleware + const authorizeEndpoint = function (req, res, next) { + const request = new Request(req) + req.query.code_challenge // the codeChallenge value + req.query.code_challenge_method // 'S256' + + server.authorize(request, response, options) + .then(function (code) { + // add code to response, code should not contain + // code_challenge or code_challenge_method + }) + .catch(function (err) { + // handle error condition + }) + } + +2. Authorization response +========================= + +.. _PKCE#authorizationResponse: + + B. The Authorization Endpoint responds as usual but records "t(code_verifier)" and the transformation method. + +The ``AuthorizeHandler.handle`` saves code challenge and code challenge method automatically via ``model.saveAuthorizationCode``. +Note that this calls your model with additional properties ``code.codeChallenge`` and ``code.codeChallengeMethod``. + + +3. Access Token Request +======================= + +.. _PKCE#accessTokenRequest: + + C. The client then sends the authorization code in the Access Token Request as usual but includes the "code_verifier" secret generated at (A). + +This is usually done in your token endpoint, that uses ``OAuth2Server.token``. + +:: + + const server = new OAuth2Server({ model }) + + // ...authorizeEndpoint + + // this could be added to express or other middleware + const tokenEndpoint = function (req, res, next) { + const request = new Request(req) + request.body.code_verifier // the non-hashed code verifier + server.token(request, response, options) + .then(function (code) { + // add code to response, code should contain + }) + .catch(function (err) { + // handle error condition + }) + } + +Note that your client should have kept ``code_verifier`` a secret until this step and now includes it as param for the token endpoint call. + + + D. The authorization server transforms "code_verifier" and compares it to "t(code_verifier)" from (B). Access is denied if they are not equal. + +This will call ``model.getAuthorizationCode`` to load the code. +The loaded code has to contain ``codeChallenge`` and ``codeChallengeMethod``. +If ``model.saveAuthorizationCode`` did not cover these values when saving the code then this step will deny the request. + +See :ref:`Model#saveAuthorizationCode` and :ref:`Model#getAuthorizationCode` diff --git a/docs/model/spec.rst b/docs/model/spec.rst index 665f4eee..f18923f8 100644 --- a/docs/model/spec.rst +++ b/docs/model/spec.rst @@ -2,7 +2,9 @@ Model Specification ===================== -Each model function supports *promises*, *ES6 generators* and *async*/*await* (using Babel_). Note that promise support implies support for returning plain values where asynchronism is not required. +**Version >=5.x:** Callback support has been removed! Each model function supports either sync or async (``Promise`` or ``async function``) return values. + +**Version <=4.x:** Each model function supports *promises*, *Node-style callbacks*, *ES6 generators* and *async*/*await* (using Babel_). Note that promise support implies support for returning plain values where asynchronism is not required. .. _Babel: https://babeljs.io @@ -14,6 +16,11 @@ Each model function supports *promises*, *ES6 generators* and *async*/*await* (u return new Promise('works!'); }, + // Or sync-style values + getAuthorizationCode: function() { + return 'works!' + }, + // Or, using generators. getClient: function*() { yield somethingAsync(); @@ -27,7 +34,7 @@ Each model function supports *promises*, *ES6 generators* and *async*/*await* (u } }; - const OAuth2Server = require('oauth2-server'); + const OAuth2Server = require('@node-oauth/oauth2-server'); let oauth = new OAuth2Server({model: model}); Code examples on this page use *promises*. @@ -357,7 +364,7 @@ An ``Object`` representing the authorization code and associated data. }) .spread(function(code, client, user) { return { - code: code.authorization_code, + authorizationCode: code.authorization_code, expiresAt: code.expires_at, redirectUri: code.redirect_uri, scope: code.scope, @@ -898,7 +905,8 @@ To accept partially valid scopes: Invoked during request authentication to check if the provided access token was authorized the requested scopes. -This model function is **required** if scopes are used with :ref:`OAuth2Server#authenticate() `. +This model function is **required** if scopes are used with :ref:`OAuth2Server#authenticate() ` +but it's never called, if you provide your own ``authenticateHandler`` to the options. **Invoked during:** diff --git a/docs/npm_conf.py b/docs/npm_conf.py index f86915f5..41b03819 100644 --- a/docs/npm_conf.py +++ b/docs/npm_conf.py @@ -40,10 +40,10 @@ def get_config(): 'name': package['name'], 'version': package['version'], 'short_version': get_short_version(package['version']), - 'organization': 'oauthjs', + 'organization': '@node-oauth', 'copyright_year': get_copyright_year(2016), # TODO: Get authors from package. - 'docs_author': 'Max Truxa', - 'docs_author_email': 'dev@maxtruxa.com' + 'docs_author': 'Node-OAuth Authors', + 'docs_author_email': '' } From 1da98373380d196769e50e0bdd88f4d58082989f Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 08:51:04 +0100 Subject: [PATCH 74/86] docs: add migrating to v5 topic --- docs/index.rst | 1 + docs/misc/migrating-to-v5.rst | 44 +++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 docs/misc/migrating-to-v5.rst diff --git a/docs/index.rst b/docs/index.rst index f88c4b47..9f83b10a 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -85,5 +85,6 @@ See the :doc:`/model/spec` of what is required from the model passed to :doc:`/a misc/extension-grants misc/pkce + misc/migrating-v5 misc/migrating-v2-to-v3 diff --git a/docs/misc/migrating-to-v5.rst b/docs/misc/migrating-to-v5.rst new file mode 100644 index 00000000..279c343b --- /dev/null +++ b/docs/misc/migrating-to-v5.rst @@ -0,0 +1,44 @@ +=========================== + Migrating to 5.x +=========================== + +This guide covers the most breaking changes, in case you updated from an earlier version. + +------------------- +Requires Node >= 16 +------------------- + +Due to Node 14 reaching end of life (EOL; which implies no security updates) this version requires at least Node 16. +Future versions of the 5.x major releases will update to a newer Node LTS, once the current one reaches EOL. + +Note, that we also won't regard any security patches to problems that are a direct consequence of +using a Node version that reached EOL. + +------------------------ +Removed callback support +------------------------ + +With beginning of release 5.0.0 this module dropped all callback support and uses `async/await` +for all asynchronous operations. + +This implies you either need to have a more recent Node.js environment that natively supports `async/await` +or your project uses tools to support at least Promises. + +----------------- +Update your model +----------------- + +The model functions is now expected to return a Promise (or being declared as `async function`), +since callback support is dropped. + +Note: Synchronous model functions are still supported. However, we recommend to use Promise or async, +if database operations (or other heavy operations) are part of a specific model function implementation. + +------------------ +Scope is now Array +------------------ + +In earlier versions we allowed `scope` to be strings with words, separated by empty space. +With beginning of 5.0.0 the scope parameter needs to be an Array of strings. + +This implies to requests, responses and model implementations where scope is included. From ff8cdadb592304bca616a8e8a2ef6c259bf2c276 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 09:23:38 +0100 Subject: [PATCH 75/86] docs: add missing adapters and getting started guide --- docs/docs/adapters.rst | 8 ++++---- docs/docs/getting-started.rst | 17 ++++++++--------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/docs/docs/adapters.rst b/docs/docs/adapters.rst index c302d34e..139995ee 100644 --- a/docs/docs/adapters.rst +++ b/docs/docs/adapters.rst @@ -2,14 +2,14 @@ Adapters ========== -The *oauth2-server* module is typically not used directly but through one of the available adapters, converting the interface to a suitable one for the HTTP server framework in use. +The *@node-oauth/oauth2-server* module is typically not used directly but through one of the available adapters, converting the interface to a suitable one for the HTTP server framework in use. -.. framework-agnostic but there are several officially supported adapters available for popular HTTP server frameworks such as Express_ and Koa_. +.. framework-agnostic but there are several officially supported adapters available for popular HTTP server frameworks such as Express_ and Koa_ (not maintained by us). - express-oauth-server_ for Express_ - koa-oauth-server_ for Koa_ -.. _express-oauth-server: https://npmjs.org/package/express-oauth-server +.. _express-oauth-server: https://www.npmjs.com/package/@node-oauth/express-oauth-server .. _Express: https://npmjs.org/package/express .. _koa-oauth-server: https://npmjs.org/package/koa-oauth-server .. _Koa: https://npmjs.org/package/koa @@ -32,5 +32,5 @@ Adapters typically do the following: - Copy all fields from the :doc:`Response ` back to the framework-specific request object and send it. -Adapters should preserve functionality provided by *oauth2-server* but are free to add additional features that make sense for the respective HTTP server framework. +Adapters should preserve functionality provided by *@node-oauth/oauth2-server* but are free to add additional features that make sense for the respective HTTP server framework. diff --git a/docs/docs/getting-started.rst b/docs/docs/getting-started.rst index 85bfd6e1..9d86c15b 100644 --- a/docs/docs/getting-started.rst +++ b/docs/docs/getting-started.rst @@ -9,16 +9,16 @@ Installation oauth2-server_ is available via npm_. -.. _oauth2-server: https://npmjs.org/package/oauth2-server +.. _oauth2-server: https://www.npmjs.com/package/@node-oauth/oauth2-server .. _npm: https://npmjs.org .. code-block:: sh - $ npm install oauth2-server + $ npm install @node-oauth/oauth2-server -.. note:: The *oauth2-server* module is framework-agnostic but there are several officially supported adapters available for popular HTTP server frameworks such as Express_ and Koa_. If you're using one of those frameworks it is strongly recommended to use the respective adapter module instead of rolling your own. +.. note:: The *@node-oauth/oauth2-server* module is framework-agnostic but there are several officially supported adapters available for popular HTTP server frameworks such as Express_ and Koa_. If you're using one of those frameworks it is strongly recommended to use the respective adapter module instead of rolling your own. -.. _Express: https://npmjs.org/package/express-oauth-server +.. _Express: https://www.npmjs.com/package/@node-oauth/express-oauth-server .. _Koa: https://npmjs.org/package/koa-oauth-server @@ -28,13 +28,12 @@ Features ======== - Supports :ref:`authorization code `, :ref:`client credentials `, :ref:`refresh token ` and :ref:`password ` grant, as well as :ref:`extension grants `, with scopes. -- Can be used with *promises*, *ES6 generators* and *async*/*await* (using Babel_). +- Can be used with *promises*, *ES6 generators* and *async*/*await*. - Fully :rfc:`6749` and :rfc:`6750` compliant. - Implicitly supports any form of storage, e.g. *PostgreSQL*, *MySQL*, *MongoDB*, *Redis*, etc. - Complete `test suite`_. -.. _Babel: https://babeljs.io -.. _test suite: https://github.com/oauthjs/node-oauth2-server/tree/master/test +.. _test suite: https://github.com/node-oauth/node-oauth2-server/tree/master/test .. _quick-start: @@ -46,7 +45,7 @@ Quick Start :: - const OAuth2Server = require('oauth2-server'); + const OAuth2Server = require('@node-oauth/oauth2-server'); const oauth = new OAuth2Server({ model: require('./model') @@ -78,7 +77,7 @@ Quick Start :: - const AccessDeniedError = require('oauth2-server/lib/errors/access-denied-error'); + const AccessDeniedError = require('@node-oauth/oauth2-server/lib/errors/access-denied-error'); oauth.authorize(request, response) .then((code) => { From f06f2fdf8582a32ff6a87995c27861595394c779 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 12:50:40 +0100 Subject: [PATCH 76/86] docs: update sphinx conf and index toc --- docs/conf.py | 8 ++++++-- docs/index.rst | 8 ++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/conf.py b/docs/conf.py index a621e906..bf40262a 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -94,7 +94,7 @@ # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. -html_theme = 'default' +html_theme = 'sphinx_rtd_theme' # Theme options are theme-specific and customize the look and feel of a theme # further. For a list of options available for each theme, see the @@ -246,7 +246,11 @@ # Example configuration for intersphinx: refer to the Python standard library. -intersphinx_mapping = {'http://docs.python.org/': None} +intersphinx_mapping = { + "rtd": ("https://docs.readthedocs.io/en/stable/", None), + "python": ("https://docs.python.org/3/", None), + "sphinx": ("https://www.sphinx-doc.org/en/master/", None), +} todo_include_todos = True diff --git a/docs/index.rst b/docs/index.rst index 9f83b10a..31956216 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -45,16 +45,15 @@ Example Usage See the :doc:`/model/spec` of what is required from the model passed to :doc:`/api/oauth2-server`. +Contents +-------- .. toctree:: - :hidden: - Home .. toctree:: :maxdepth: 2 :caption: User Documentation - :hidden: docs/getting-started docs/adapters @@ -63,7 +62,6 @@ See the :doc:`/model/spec` of what is required from the model passed to :doc:`/a :maxdepth: 2 :caption: API :includehidden: - :hidden: api/oauth2-server api/request @@ -73,7 +71,6 @@ See the :doc:`/model/spec` of what is required from the model passed to :doc:`/a .. toctree:: :maxdepth: 3 :caption: Model - :hidden: model/overview model/spec @@ -81,7 +78,6 @@ See the :doc:`/model/spec` of what is required from the model passed to :doc:`/a .. toctree:: :maxdepth: 2 :caption: Miscellaneous - :hidden: misc/extension-grants misc/pkce From 7f18e08a196b1f46071f7a2498a1e68291261da6 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 12:55:26 +0100 Subject: [PATCH 77/86] docs: use requirements files to install themes and plugins --- docs/conf.py | 10 +++++++- docs/requirements.in | 2 ++ docs/requirements.txt | 58 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 docs/requirements.in create mode 100644 docs/requirements.txt diff --git a/docs/conf.py b/docs/conf.py index bf40262a..0f210e33 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -28,7 +28,15 @@ # Add any Sphinx extension module names here, as strings. They can be extensions # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = ['sphinx.ext.intersphinx', 'sphinx.ext.ifconfig', 'sphinx.ext.todo'] +extensions = [ + "sphinx.ext.duration", + "sphinx.ext.doctest", + "sphinx.ext.autodoc", + "sphinx.ext.ifconfig", + "sphinx.ext.autosummary", + "sphinx.ext.todo", + "sphinx.ext.intersphinx", +] # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] diff --git a/docs/requirements.in b/docs/requirements.in new file mode 100644 index 00000000..8b29f019 --- /dev/null +++ b/docs/requirements.in @@ -0,0 +1,2 @@ +Sphinx>=5,<6 +sphinx_rtd_theme \ No newline at end of file diff --git a/docs/requirements.txt b/docs/requirements.txt new file mode 100644 index 00000000..35ca70fb --- /dev/null +++ b/docs/requirements.txt @@ -0,0 +1,58 @@ +# +# This file is autogenerated by pip-compile with python 3.10 +# To update, run: +# +# pip-compile docs/requirements.in +# +alabaster==0.7.12 + # via sphinx +babel==2.10.3 + # via sphinx +certifi==2022.6.15 + # via requests +charset-normalizer==2.1.0 + # via requests +docutils==0.17.1 + # via + # sphinx + # sphinx-rtd-theme +idna==3.3 + # via requests +imagesize==1.4.1 + # via sphinx +jinja2==3.1.2 + # via sphinx +markupsafe==2.1.1 + # via jinja2 +packaging==21.3 + # via sphinx +pygments==2.12.0 + # via sphinx +pyparsing==3.0.9 + # via packaging +pytz==2022.1 + # via babel +requests==2.28.1 + # via sphinx +snowballstemmer==2.2.0 + # via sphinx +sphinx==5.0.2 + # via + # -r docs/requirements.in + # sphinx-rtd-theme +sphinx-rtd-theme==1.0.0 + # via -r docs/requirements.in +sphinxcontrib-applehelp==1.0.2 + # via sphinx +sphinxcontrib-devhelp==1.0.2 + # via sphinx +sphinxcontrib-htmlhelp==2.0.0 + # via sphinx +sphinxcontrib-jsmath==1.0.1 + # via sphinx +sphinxcontrib-qthelp==1.0.3 + # via sphinx +sphinxcontrib-serializinghtml==1.1.5 + # via sphinx +urllib3==1.26.9 + # via requests \ No newline at end of file From da9ce1a53837d4b57b68abe610c500e8cce4d893 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 12:57:00 +0100 Subject: [PATCH 78/86] docs: update rtd config --- .readthedocs.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.readthedocs.yml b/.readthedocs.yml index d9ee7902..bf2b013d 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -17,6 +17,8 @@ sphinx: # We recommend specifying your dependencies to enable reproducible builds: # https://docs.readthedocs.io/en/stable/guides/reproducible-builds.html -# python: -# install: -# - requirements: docs/requirements.txt \ No newline at end of file +python: + install: + - requirements: docs/requirements.txt + - method: pip + path: . \ No newline at end of file From 3991a8c777b79faa1eaabbd525ffc46a8bffb5cb Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 12:58:42 +0100 Subject: [PATCH 79/86] docs: remove requirements --- docs/conf.py | 18 +++----------- docs/requirements.in | 2 -- docs/requirements.txt | 58 ------------------------------------------- 3 files changed, 3 insertions(+), 75 deletions(-) delete mode 100644 docs/requirements.in delete mode 100644 docs/requirements.txt diff --git a/docs/conf.py b/docs/conf.py index 0f210e33..a621e906 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -28,15 +28,7 @@ # Add any Sphinx extension module names here, as strings. They can be extensions # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = [ - "sphinx.ext.duration", - "sphinx.ext.doctest", - "sphinx.ext.autodoc", - "sphinx.ext.ifconfig", - "sphinx.ext.autosummary", - "sphinx.ext.todo", - "sphinx.ext.intersphinx", -] +extensions = ['sphinx.ext.intersphinx', 'sphinx.ext.ifconfig', 'sphinx.ext.todo'] # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] @@ -102,7 +94,7 @@ # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. -html_theme = 'sphinx_rtd_theme' +html_theme = 'default' # Theme options are theme-specific and customize the look and feel of a theme # further. For a list of options available for each theme, see the @@ -254,11 +246,7 @@ # Example configuration for intersphinx: refer to the Python standard library. -intersphinx_mapping = { - "rtd": ("https://docs.readthedocs.io/en/stable/", None), - "python": ("https://docs.python.org/3/", None), - "sphinx": ("https://www.sphinx-doc.org/en/master/", None), -} +intersphinx_mapping = {'http://docs.python.org/': None} todo_include_todos = True diff --git a/docs/requirements.in b/docs/requirements.in deleted file mode 100644 index 8b29f019..00000000 --- a/docs/requirements.in +++ /dev/null @@ -1,2 +0,0 @@ -Sphinx>=5,<6 -sphinx_rtd_theme \ No newline at end of file diff --git a/docs/requirements.txt b/docs/requirements.txt deleted file mode 100644 index 35ca70fb..00000000 --- a/docs/requirements.txt +++ /dev/null @@ -1,58 +0,0 @@ -# -# This file is autogenerated by pip-compile with python 3.10 -# To update, run: -# -# pip-compile docs/requirements.in -# -alabaster==0.7.12 - # via sphinx -babel==2.10.3 - # via sphinx -certifi==2022.6.15 - # via requests -charset-normalizer==2.1.0 - # via requests -docutils==0.17.1 - # via - # sphinx - # sphinx-rtd-theme -idna==3.3 - # via requests -imagesize==1.4.1 - # via sphinx -jinja2==3.1.2 - # via sphinx -markupsafe==2.1.1 - # via jinja2 -packaging==21.3 - # via sphinx -pygments==2.12.0 - # via sphinx -pyparsing==3.0.9 - # via packaging -pytz==2022.1 - # via babel -requests==2.28.1 - # via sphinx -snowballstemmer==2.2.0 - # via sphinx -sphinx==5.0.2 - # via - # -r docs/requirements.in - # sphinx-rtd-theme -sphinx-rtd-theme==1.0.0 - # via -r docs/requirements.in -sphinxcontrib-applehelp==1.0.2 - # via sphinx -sphinxcontrib-devhelp==1.0.2 - # via sphinx -sphinxcontrib-htmlhelp==2.0.0 - # via sphinx -sphinxcontrib-jsmath==1.0.1 - # via sphinx -sphinxcontrib-qthelp==1.0.3 - # via sphinx -sphinxcontrib-serializinghtml==1.1.5 - # via sphinx -urllib3==1.26.9 - # via requests \ No newline at end of file From 72f3675323228965b1d411b3eda8dbfadd4aa03a Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 13:01:05 +0100 Subject: [PATCH 80/86] docs: remove build using requirements files --- .readthedocs.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.readthedocs.yml b/.readthedocs.yml index bf2b013d..d9ee7902 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -17,8 +17,6 @@ sphinx: # We recommend specifying your dependencies to enable reproducible builds: # https://docs.readthedocs.io/en/stable/guides/reproducible-builds.html -python: - install: - - requirements: docs/requirements.txt - - method: pip - path: . \ No newline at end of file +# python: +# install: +# - requirements: docs/requirements.txt \ No newline at end of file From fb59e308a4b389ca00aa1d8aff1bbc5228471b0a Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 13:15:13 +0100 Subject: [PATCH 81/86] docs: add multiple documentation links --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c0b665af..5f01c4af 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,11 @@ If you're using one of those frameworks it is strongly recommended to use the re ## Documentation -[Documentation](https://node-oauthoauth2-server.readthedocs.io/en/latest/) is hosted on Read the Docs. +Documentation is hosted on Read the Docs. We have multiple versions of the docs available: + +- [stable](https://node-oauthoauth2-server.readthedocs.io/en/master/) (master branch) +- [development](https://node-oauthoauth2-server.readthedocs.io/en/development/) (development branch) + Please leave an issue if something is confusing or missing in the docs. ## Examples From 937d9a711da0c0f17b82fb430f7dcf895be7f735 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 13:17:46 +0100 Subject: [PATCH 82/86] docs: fix table of contents --- docs/index.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/index.rst b/docs/index.rst index 31956216..7c1ea417 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -52,14 +52,14 @@ Contents Home .. toctree:: - :maxdepth: 2 + :maxdepth: 1 :caption: User Documentation docs/getting-started docs/adapters .. toctree:: - :maxdepth: 2 + :maxdepth: 1 :caption: API :includehidden: @@ -69,18 +69,18 @@ Contents api/errors/index .. toctree:: - :maxdepth: 3 + :maxdepth: 1 :caption: Model model/overview model/spec .. toctree:: - :maxdepth: 2 + :maxdepth: 1 :caption: Miscellaneous misc/extension-grants misc/pkce - misc/migrating-v5 + misc/migrating-to-v5 misc/migrating-v2-to-v3 From a4f214573fcaa6cdbf787217927883f9abc56ad7 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 13:26:29 +0100 Subject: [PATCH 83/86] docs: add sphinx rtd theme --- docs/conf.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/conf.py b/docs/conf.py index a621e906..2abf9c3f 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -28,7 +28,7 @@ # Add any Sphinx extension module names here, as strings. They can be extensions # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = ['sphinx.ext.intersphinx', 'sphinx.ext.ifconfig', 'sphinx.ext.todo'] +extensions = ['sphinx.ext.intersphinx', 'sphinx.ext.ifconfig', 'sphinx.ext.todo', 'sphinx_rtd_theme'] # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] @@ -94,7 +94,7 @@ # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. -html_theme = 'default' +html_theme = "sphinx_rtd_theme" # Theme options are theme-specific and customize the look and feel of a theme # further. For a list of options available for each theme, see the From 185866900f8bae49771bfdbd12e2c38c91e2487e Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 13:29:28 +0100 Subject: [PATCH 84/86] docs: install sphinx theme with python --- .readthedocs.yml | 6 +++--- docs/requirements.txt | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 docs/requirements.txt diff --git a/.readthedocs.yml b/.readthedocs.yml index d9ee7902..bc2b3c65 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -17,6 +17,6 @@ sphinx: # We recommend specifying your dependencies to enable reproducible builds: # https://docs.readthedocs.io/en/stable/guides/reproducible-builds.html -# python: -# install: -# - requirements: docs/requirements.txt \ No newline at end of file +python: + install: + - requirements: docs/requirements.txt \ No newline at end of file diff --git a/docs/requirements.txt b/docs/requirements.txt new file mode 100644 index 00000000..1ee13a2b --- /dev/null +++ b/docs/requirements.txt @@ -0,0 +1,4 @@ +# Defining the exact version will make sure things don't break +sphinx==5.3.0 +sphinx_rtd_theme==1.1.1 +readthedocs-sphinx-search==0.1.1 \ No newline at end of file From a7a1b25a1f698da106c7280ac2de6f033c8ff59a Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Mon, 6 Nov 2023 14:58:47 +0100 Subject: [PATCH 85/86] published release 5.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a4169b88..437c2476 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@node-oauth/oauth2-server", "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", - "version": "5.0.0-rc.5", + "version": "5.0.0", "keywords": [ "oauth", "oauth2" From 9515530deb4dfe1c1bd145235a6f9b23eae4f896 Mon Sep 17 00:00:00 2001 From: jankapunkt Date: Tue, 7 Nov 2023 07:31:52 +0100 Subject: [PATCH 86/86] refactor: readd removed files after merge-override --- .github/ISSUE_TEMPLATE/bug_report.md | 59 ++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 19 ++++ CODE_OF_CONDUCT.md | 128 +++++++++++++++++++++++++++ 3 files changed, 206 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 CODE_OF_CONDUCT.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..e1989490 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,59 @@ +--- +name: 🐛 Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + + + + +**Specify your setup** + +- Operating System: +- Node version: +- npm version: +- version of @node-oauth/oauth2-server +- which [OAuth2 workflow](https://datatracker.ietf.org/doc/html/rfc6749.html#section-1.3): +- at [which workflow step](https://datatracker.ietf.org/doc/html/rfc6749.html#section-1.2) does the error occur: + +**Describe the bug** + +A clear and concise description of what the bug is. + +**To Reproduce** + +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +Alternatively, please add a link to a GitHub repo +that reproduces the error/s. + +**Expected behavior** + +A clear and concise description of what you expected to happen. + +**Screenshots** + +If applicable, add screenshots to help explain your problem. + +**Additional context** + +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..1fbc07bc --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,19 @@ +--- +blank_issues_enabled: false +contact_links: + - + about: Propose new features + name: 💡 Feature requests + url: https://github.com/node-oauth/node-oauth2-server/discussions/categories/ideas + - + about: Ask a question or for help + name: ❓ Question + url: https://github.com/node-oauth/node-oauth2-server/discussions/categories/q-a + - + about: Chat on our discord + name: 🗯 Chat + url: https://discord.gg/4HTUAcTvqV + - + about: Read the documentation + name: 📜 Documentation + url: https://node-oauthoauth2-server.readthedocs.io/en/latest/ diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..92695c9f --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,128 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email + address, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +into [at] jankuester [dot] com. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +https://www.contributor-covenant.org/faq. Translations are available at +https://www.contributor-covenant.org/translations.