jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

The clientSecret is now only ever created in the clients.js

Browse Source
This commit is contained in:
Johannes Zellner
2016-06-03 15:11:08 +02:00
parent 3ad2a2a5ca
commit 92e6ee9539
2 changed files with 4 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/addons.js
View File

@@ -283,19 +283,18 @@ function setupOauth(app, options, callback) {
assert.strictEqual(typeof callback, 'function');
var appId = app.id;
var clientSecret = hat(256);
var redirectURI = 'https://' + config.appFqdn(app.location);
var scope = 'profile';
clients.delByAppIdAndType(appId, clients.TYPE_OAUTH, function (error) { // remove existing creds
if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
clients.add(appId, clients.TYPE_OAUTH, clientSecret, redirectURI, scope, function (error, result) {
clients.add(appId, clients.TYPE_OAUTH, redirectURI, scope, function (error, result) {
if (error) return callback(error);
var env = [
'OAUTH_CLIENT_ID=' + result.id,
'OAUTH_CLIENT_SECRET=' + clientSecret,
'OAUTH_CLIENT_SECRET=' + result.clientSecret,
'OAUTH_ORIGIN=' + config.adminOrigin()
];
@@ -331,7 +330,7 @@ function setupSimpleAuth(app, options, callback) {
clients.delByAppIdAndType(app.id, clients.TYPE_SIMPLE_AUTH, function (error) { // remove existing creds
if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
clients.add(appId, clients.TYPE_SIMPLE_AUTH, '', '', scope, function (error, result) {
clients.add(appId, clients.TYPE_SIMPLE_AUTH, '', scope, function (error, result) {
if (error) return callback(error);
var env = [