add oauth2 issue debugging and bump version

master
Garrett Mills 2 years ago
parent 015d6fd6ae
commit d210cba236

@ -1,6 +1,6 @@
{
"name": "@extollo/lib",
"version": "0.9.36",
"version": "0.9.37",
"description": "The framework library that lifts up your code.",
"main": "lib/index.js",
"types": "lib/index.d.ts",

@ -1,5 +1,5 @@
import {Controller} from '../../http/Controller'
import {Injectable} from '../../di'
import {Inject, Injectable} from '../../di'
import {ResponseObject, Route} from '../../http/routing/Route'
import {Request} from '../../http/lifecycle/Request'
import {Session} from '../../http/session/Session'
@ -20,6 +20,7 @@ import {redirect} from '../../http/response/RedirectResponseFactory'
import {AuthRequiredMiddleware} from '../middleware/AuthRequiredMiddleware'
import {one} from '../../http/response/api'
import {AuthenticatableRepository} from '../types'
import {Logging} from '../../service/Logging'
export enum GrantType {
Client = 'client_credentials',
@ -31,6 +32,9 @@ export const grantTypes: GrantType[] = [GrantType.Client, GrantType.Code, GrantT
@Injectable()
export class OAuth2Server extends Controller {
@Inject()
protected readonly logging!: Logging
public static routes(): void {
Route.get('/oauth2/authorize')
.alias('@oauth2:authorize')
@ -53,8 +57,7 @@ export class OAuth2Server extends Controller {
}
issue(request: Request, client: OAuth2Client): Awaitable<ResponseObject> {
const grant = request.safe('grant_type')
.in(grantTypes)
const grant = request.safe('grant_type').in(grantTypes)
if ( grant === GrantType.Client ) {
return this.issueFromClient(request, client)
@ -70,6 +73,13 @@ export class OAuth2Server extends Controller {
const username = this.request.safe('username').string()
const password = this.request.safe('password').string()
this.logging.verbose('Attempting password grant token issue...')
this.logging.verbose({
scope,
username,
client,
})
const userRepo = <AuthenticatableRepository> request.make(AuthenticatableRepository)
const user = await userRepo.getByIdentifier(username)
if ( !user || !(await user.validateCredential(password)) ) {
@ -121,9 +131,16 @@ export class OAuth2Server extends Controller {
throw new HTTPError(HTTPStatus.BAD_REQUEST)
}
this.logging.debug('Client auth parts:')
this.logging.debug(authParts)
const clientRepo = <ClientRepository> request.make(ClientRepository)
const [clientId, clientSecret] = authParts
const client = await clientRepo.find(clientId)
this.logging.verbose('Client:')
this.logging.verbose(client)
if ( !client || client.secret !== clientSecret ) {
throw new HTTPError(HTTPStatus.UNAUTHORIZED)
}

Loading…
Cancel
Save