jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Adhere to accessRestriction for oauth authorization endpoint

Browse Source
This commit is contained in:
Johannes Zellner
2015-10-15 16:49:13 +02:00
parent 7c97ab5408
commit 2ba1092809
1 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/routes/oauth2.js
View File

@@ -3,6 +3,7 @@
'use strict';
var assert = require('assert'),
apps = require('../apps'),
authcodedb = require('../authcodedb'),
clientdb = require('../clientdb'),
config = require('../config.js'),
@@ -380,10 +381,19 @@ var authorization = [
callback(null, client, '/api/v1/session/callback?redirectURI=' + url.resolve(redirectOrigin, redirectPath));
});
}, function (client, user, done) {
// This allows us to skip decision dialog
return done (null, true);
})
}),
function (req, res, next) {
debug('authorization: check accessPermissions');
appdb.get(req.oauth2.client.appId, function (error, appObject) {
if (error) return sendErrorPageOrRedirect(req, res, 'Invalid request. Unknown app for this client_id.');
if (!apps.hasAccessTo(appObject, req.oauth2.user)) return sendErrorPageOrRedirect(req, res, 'No access to this app.');
next();
});
},
gServer.decision({ loadTransaction: false })
];