diff --git a/src/oidc.js b/src/oidc.js index def682304..55b6f96bc 100644 --- a/src/oidc.js +++ b/src/oidc.js @@ -616,7 +616,7 @@ function interactionConfirm(provider) { return async function (req, res, next) { try { const interactionDetails = await provider.interactionDetails(req, res); - let { grantId, uid, prompt: { name, details }, params, session: { accountId } } = interactionDetails; + const { grantId, uid, prompt: { name, details }, params, session: { accountId } } = interactionDetails; debug(`route interaction confirm post uid:${uid} prompt.name:${name} accountId:${accountId}`); @@ -658,18 +658,17 @@ function interactionConfirm(provider) { grant.addOIDCClaims(details.missingOIDCClaims); } if (details.missingResourceScopes) { - // eslint-disable-next-line no-restricted-syntax for (const [indicator, scopes] of Object.entries(details.missingResourceScopes)) { grant.addResourceScope(indicator, scopes.join(' ')); } } - grantId = await grant.save(); + const savedGrantId = await grant.save(); const consent = {}; if (!interactionDetails.grantId) { // we don't have to pass grantId to consent, we're just modifying existing one - consent.grantId = grantId; + consent.grantId = savedGrantId; } const result = { consent }; diff --git a/src/routes/auth.js b/src/routes/auth.js index 91154edd7..28f547cad 100644 --- a/src/routes/auth.js +++ b/src/routes/auth.js @@ -33,11 +33,10 @@ async function login(req, res, next) { const ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null; const userAgent = req.headers['user-agent'] || ''; - let error = tokens.validateTokenType(type); - if (error) return next(new HttpError(400, error.message)); + const tokenTypeError = tokens.validateTokenType(type); + if (tokenTypeError) return next(new HttpError(400, tokenTypeError.message)); - let token; - [error, token] = await safe(tokens.add({ clientId: type, identifier: req.user.id, expires: Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS })); + const [error, token] = await safe(tokens.add({ clientId: type, identifier: req.user.id, expires: Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS })); if (error) return next(new HttpError(500, error)); const auditSource = AuditSource.fromRequest(req); @@ -71,8 +70,8 @@ async function passwordReset(req, res, next) { if (typeof req.body.resetToken !== 'string') return next(new HttpError(400, 'Missing resetToken')); if (typeof req.body.password !== 'string') return next(new HttpError(400, 'Missing password')); - let [error, userObject] = await safe(users.getByResetToken(req.body.resetToken)); - if (error) return next(new HttpError(401, 'Invalid resetToken')); + const [getError, userObject] = await safe(users.getByResetToken(req.body.resetToken)); + if (getError) return next(new HttpError(401, 'Invalid resetToken')); if (!userObject) return next(new HttpError(401, 'Invalid resetToken')); if (userObject.twoFactorAuthenticationEnabled) { @@ -87,13 +86,12 @@ async function passwordReset(req, res, next) { if (!userObject.username) return next(new HttpError(409, 'No username set')); // setPassword clears the resetToken - [error] = await safe(users.setPassword(userObject, req.body.password, AuditSource.fromRequest(req))); + const [error] = await safe(users.setPassword(userObject, req.body.password, AuditSource.fromRequest(req))); if (error && error.reason === BoxError.BAD_FIELD) return next(new HttpError(400, error.message)); if (error) return next(BoxError.toHttpError(error)); - let result; - [error, result] = await safe(tokens.add({ clientId: tokens.ID_WEBADMIN, identifier: userObject.id, expires: Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS })); - if (error) return next(BoxError.toHttpError(error)); + const [addError, result] = await safe(tokens.add({ clientId: tokens.ID_WEBADMIN, identifier: userObject.id, expires: Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS })); + if (addError) return next(BoxError.toHttpError(addError)); next(new HttpSuccess(202, { accessToken: result.accessToken })); }