api: add client.autoAccept flag to not ask for authorization

This commit is contained in:
Paul Bienkowski 2021-05-01 16:20:05 +02:00
parent 9a7043ea71
commit 76620c5e8f
3 changed files with 28 additions and 13 deletions

View file

@ -15,7 +15,8 @@
"validRedirectUris": ["http://localhost:3001/redirect"], "validRedirectUris": ["http://localhost:3001/redirect"],
"refreshTokenExpirySeconds": 604800, "refreshTokenExpirySeconds": 604800,
"maxScope": "*", "maxScope": "*",
"title": "OBS Portal" "title": "OBS Portal",
"autoAccept": true
}, },
{ {
"clientId": "a2958209-4045-4ec9-8cb3-1156abba7de3", "clientId": "a2958209-4045-4ec9-8cb3-1156abba7de3",

View file

@ -49,6 +49,8 @@ const configSchema = Joi.object({
// scope to get a valid response. Scopes are not automatically truncated. // scope to get a valid response. Scopes are not automatically truncated.
// Leave empty or set to `"*"` for unlimited scopes in this client. // Leave empty or set to `"*"` for unlimited scopes in this client.
maxScope: Joi.string().required(), maxScope: Joi.string().required(),
autoAccept: Joi.boolean().optional(),
}), }),
), ),
}).required(); }).required();

View file

@ -10,7 +10,6 @@ const config = require('../config');
const baseUrl = config.baseUrl.replace(/\/+$/, ''); const baseUrl = config.baseUrl.replace(/\/+$/, '');
// Check whether the "bigScope" fully includes the "smallScope". // Check whether the "bigScope" fully includes the "smallScope".
function scopeIncludes(smallScope, bigScope) { function scopeIncludes(smallScope, bigScope) {
const smallScopeParts = smallScope.split(/\s/); const smallScopeParts = smallScope.split(/\s/);
@ -174,7 +173,7 @@ router.get(
return returnError(res, 'invalid_request', 'client_id parameter required'); return returnError(res, 'invalid_request', 'client_id parameter required');
} }
const client = await config.oAuth2Clients.find((c) => c.clientId === clientId); const client = config.oAuth2Clients.find((c) => c.clientId === clientId);
if (!client) { if (!client) {
return returnError(res, 'invalid_client', 'unknown client'); return returnError(res, 'invalid_client', 'unknown client');
} }
@ -234,17 +233,30 @@ router.get(
// Ok, let's save all this in the session, and show a dialog for the // Ok, let's save all this in the session, and show a dialog for the
// decision to the user. // decision to the user.
//
if (client.autoAccept) {
const code = AuthorizationCode.generate({
clientId,
user: req.user,
redirectUri,
scope,
codeChallenge,
});
await code.save();
req.session.authorizationTransaction = { return redirectWithParams(res, redirectUri, { code: code.code, scope });
responseType, } else {
clientId, req.session.authorizationTransaction = {
redirectUri, responseType,
scope, clientId,
expiresAt: new Date().getTime() + 1000 * 60 * 2, // 2 minute decision time redirectUri,
codeChallenge, scope,
}; expiresAt: new Date().getTime() + 1000 * 60 * 2, // 2 minute decision time
codeChallenge,
};
res.render('authorize', { clientTitle: client.title, scope, redirectUri }); res.render('authorize', { clientTitle: client.title, scope, redirectUri });
}
} catch (err) { } catch (err) {
res.status(400).json({ error: 'invalid_request', error_description: 'unknown error' }); res.status(400).json({ error: 'invalid_request', error_description: 'unknown error' });
} }
@ -344,7 +356,7 @@ router.get(
return returnError(res, 'invalid_request', 'code_verifier parameter required'); return returnError(res, 'invalid_request', 'code_verifier parameter required');
} }
const client = await config.oAuth2Clients.find((c) => c.clientId === clientId); const client = config.oAuth2Clients.find((c) => c.clientId === clientId);
if (!client) { if (!client) {
await destroyAuthCode(); await destroyAuthCode();