jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix usage of normalizeScope

Browse Source
This commit is contained in:
Girish Ramakrishnan
2018-05-01 13:17:34 -07:00
parent f76a5a7ba7
commit c5ffb65563
3 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/accesscontrol.js
+6 -6
View File
@@ -68,15 +68,15 @@ function validateRequestedScopes(authInfo, requestedScopes) {
return null;
}
function normalizeScope(maxScope, allowedScope) {
assert.strictEqual(typeof maxScope, 'string');
function normalizeScope(allowedScope, wantedScope) {
assert.strictEqual(typeof allowedScope, 'string');
assert.strictEqual(typeof wantedScope, 'string');
const maxScopes = maxScope.split(',');
const allowedScopes = allowedScope.split(',');
const wantedScopes = wantedScope.split(',');
if (maxScopes.indexOf(exports.SCOPE_ANY) !== -1) return allowedScope;
if (allowedScopes.indexOf(exports.SCOPE_ANY) !== -1) return maxScope;
if (allowedScopes.indexOf(exports.SCOPE_ANY) !== -1) return wantedScope;
if (wantedScopes.indexOf(exports.SCOPE_ANY) !== -1) return allowedScope;
return _.intersection(maxScopes, allowedScopes).join(',');
return _.intersection(allowedScopes, wantedScopes).join(',');
}
src/routes/oauth2.js
+1 -1
View File
@@ -104,7 +104,7 @@ function initialize() {
var token = tokendb.generateToken();
var expires = Date.now() + constants.DEFAULT_TOKEN_EXPIRATION;
var scope = accesscontrol.normalizeScope(client.scope, user.scope);
var scope = accesscontrol.normalizeScope(user.scope, client.scope);
tokendb.add(token, user.id, client.id, expires, scope, function (error) {
if (error) return callback(error);
src/setup.js
+1 -1
View File
@@ -253,7 +253,7 @@ function activate(username, password, email, displayName, ip, auditSource, callb
var token = tokendb.generateToken();
var expires = Date.now() + constants.DEFAULT_TOKEN_EXPIRATION;
tokendb.add(token, userObject.id, result.id, expires, accesscontrol.SCOPE_ANY, function (error) {
tokendb.add(token, userObject.id, result.id, expires, result.scope, function (error) {
if (error) return callback(new SetupError(SetupError.INTERNAL_ERROR, error));
eventlog.add(eventlog.ACTION_ACTIVATE, auditSource, { });