2018-04-26 15:54:53 -07:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
exports = module.exports = {
|
2021-03-15 12:47:57 -07:00
|
|
|
verifyToken
|
2018-06-18 14:21:54 -07:00
|
|
|
};
|
|
|
|
|
|
2018-04-26 15:54:53 -07:00
|
|
|
var assert = require('assert'),
|
2019-10-22 21:16:00 -07:00
|
|
|
BoxError = require('./boxerror.js'),
|
2021-03-15 12:47:57 -07:00
|
|
|
debug = require('debug')('box:accesscontrol'),
|
|
|
|
|
tokens = require('./tokens.js'),
|
2020-02-06 16:44:46 +01:00
|
|
|
users = require('./users.js');
|
2018-05-01 13:34:46 -07:00
|
|
|
|
2021-03-15 12:47:57 -07:00
|
|
|
const NOOP_CALLBACK = function (error) { if (error) debug(error); };
|
|
|
|
|
|
2020-02-06 16:44:46 +01:00
|
|
|
function verifyToken(accessToken, callback) {
|
2018-06-27 23:17:04 -07:00
|
|
|
assert.strictEqual(typeof accessToken, 'string');
|
|
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
2021-03-15 12:47:57 -07:00
|
|
|
tokens.getByAccessToken(accessToken, function (error, token) {
|
2020-02-06 16:44:46 +01:00
|
|
|
if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
|
2020-02-06 14:50:12 +01:00
|
|
|
if (error) return callback(error);
|
2018-06-27 23:17:04 -07:00
|
|
|
|
2018-07-26 10:20:19 -07:00
|
|
|
users.get(token.identifier, function (error, user) {
|
2020-02-06 16:44:46 +01:00
|
|
|
if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
|
2018-06-27 23:17:04 -07:00
|
|
|
if (error) return callback(error);
|
|
|
|
|
|
2020-02-06 16:44:46 +01:00
|
|
|
if (!user.active) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
|
2018-08-02 19:07:33 -07:00
|
|
|
|
2021-03-15 12:47:57 -07:00
|
|
|
tokens.update(token.id, { lastUsedTime: new Date() }, NOOP_CALLBACK);
|
|
|
|
|
|
2020-02-06 16:44:46 +01:00
|
|
|
callback(null, user);
|
2018-06-27 23:17:04 -07:00
|
|
|
});
|
|
|
|
|
});
|
2018-06-18 14:21:54 -07:00
|
|
|
}
|
