jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

use clientdb types in authorization endpoint

Browse Source
This commit is contained in:
Johannes Zellner
2015-10-16 11:22:16 +02:00
parent 22402d1741
commit 5bc9f9e995
1 changed files with 4 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/oauth2.js
+4 -7
View File
@@ -370,15 +370,12 @@ var authorization = [
}),
function (req, res, next) {
// Handle our different types of oauth clients
var appId = req.oauth2.client.appId;
var type = req.oauth2.client.type;
// TODO find a smarter way to test these
if (appId === constants.ADMIN_CLIENT_ID) return next();
if (appId.indexOf('external-') === 0) return next();
if (appId.indexOf('addon-oauth-') === 0) appId = appId.slice('addon-oauth-'.length);
if (appId.indexOf('proxy-') === 0) appId = appId.slice('proxy-'.length);
if (type === clientdb.TYPE_ADMIN) return next();
if (type === clientdb.TYPE_EXTERNAL) return next();
appdb.get(appId, function (error, appObject) {
appdb.get(req.oauth2.client.appId, function (error, appObject) {
if (error) return sendErrorPageOrRedirect(req, res, 'Invalid request. Unknown app for this client_id.');
if (!apps.hasAccessTo(appObject, req.oauth2.user)) return sendErrorPageOrRedirect(req, res, 'No access to this app.');