jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Handle scope roles in scope checks

Browse Source
This commit is contained in:
Johannes Zellner
2016-06-03 11:09:48 +02:00
parent 105047b0c4
commit 9d8a803185
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/routes/oauth2.js
View File

@@ -5,6 +5,7 @@ var appdb = require('../appdb'),
assert = require('assert'), assert = require('assert'),
authcodedb = require('../authcodedb'), authcodedb = require('../authcodedb'),
clientdb = require('../clientdb'), clientdb = require('../clientdb'),
clients = require('../clients'),
config = require('../config.js'), config = require('../config.js'),
constants = require('../constants.js'), constants = require('../constants.js'),
DatabaseError = require('../databaseerror'), DatabaseError = require('../databaseerror'),
@@ -462,10 +463,16 @@ function validateRequestedScopes(req, requestedScopes) {
assert(Array.isArray(requestedScopes)); assert(Array.isArray(requestedScopes));
if (!req.authInfo || !req.authInfo.scope) return new Error('No scope found'); if (!req.authInfo || !req.authInfo.scope) return new Error('No scope found');
if (req.authInfo.scope === '*') return null;
var scopes = req.authInfo.scope.split(','); var scopes = req.authInfo.scope.split(',');
// check for roles separately
if (requestedScopes.indexOf(clients.SCOPE_ROLE_SDK) !== -1 && scopes.indexOf(clients.SCOPE_ROLE_SDK) === -1) {
return new Error('Missing required scope role "' + clients.SCOPE_ROLE_SDK + '"');
}
if (scopes.indexOf('*') !== -1) return null;
for (var i = 0; i < requestedScopes.length; ++i) { for (var i = 0; i < requestedScopes.length; ++i) {
if (scopes.indexOf(requestedScopes[i]) === -1) { if (scopes.indexOf(requestedScopes[i]) === -1) {
debug('scope: missing scope "%s".', requestedScopes[i]); debug('scope: missing scope "%s".', requestedScopes[i]);