Girish Ramakrishnan
+3
-3
@@ -242,16 +242,16 @@ async function revokeByUsername(username) {
|
||||
async function consumeAuthCode(authCode) {
|
||||
assert.strictEqual(typeof authCode, 'string');
|
||||
|
||||
let userId = null;
|
||||
let username = null;
|
||||
await StorageAdapter.updateData('AuthorizationCode', (data) => {
|
||||
const authData = data[authCode];
|
||||
if (authData) {
|
||||
userId = authData.payload.accountId;
|
||||
username = authData.payload.accountId;
|
||||
authData.consumed = true;
|
||||
}
|
||||
});
|
||||
|
||||
return userId;
|
||||
return username;
|
||||
}
|
||||
|
||||
// This exposed to run on a cron job
|
||||
|
||||
+3
-2
@@ -150,8 +150,9 @@ async function callback(req, res, next) {
|
||||
|
||||
debug(`callback: with code ${req.query.code}`);
|
||||
|
||||
const userId = await oidcServer.consumeAuthCode(req.query.code);
|
||||
if (userId) req.user = await users.get(userId);
|
||||
const username = await oidcServer.consumeAuthCode(req.query.code);
|
||||
if (!username) return next(new HttpError(400, 'invalid "code"'));
|
||||
req.user = await users.getByUsername(username);
|
||||
|
||||
next();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user