ch 6, ex 2 - fixed the issue with nosql (oauthinaction#14)

artursudnik · Oct 16, 2019 · 012a4a8 · 012a4a8
1 parent ba28658
commit 012a4a8
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 37 deletions.
diff --git a/exercises/ch-6-ex-2/authorizationServer.js b/exercises/ch-6-ex-2/authorizationServer.js
@@ -214,28 +214,30 @@ app.post("/token", function(req, res){
      */
 
     } else if (req.body.grant_type == 'refresh_token') {
-        nosql.one(function(token) {
-            if (token.refresh_token == req.body.refresh_token) {
-                return token;
-            }
-        }, function(err, token) {
-            if (token) {
-                console.log("We found a matching refresh token: %s", req.body.refresh_token);
-                if (token.client_id != clientId) {
-                    nosql.remove(function(found) { return (found == token); }, function () {} );
+        nosql.find().make(function (builder) {
+            builder.where('refresh_token', req.body.refresh_token);
+            builder.callback((err, tokens) => {
+                if (tokens.length > 0) {
+                    console.log("We found a matching token: %s", tokens[0]);
+
+                    if(tokens[0].client_id !== clientId) {
+                        nosql.remove().make(function (builder) {
+                            builder.where('refresh_token', req.body.refresh_token);
+                            builder.callback((err) => err ? console.error(`error while removing refresh token: ${err}`) : null);
+                            res.status(400).json({error: 'invalid_grant'});
+                            return;
+                        })
+                    }
+                    let access_token = randomstring.generate();
+                    nosql.insert({ access_token: access_token, client_id: clientId });
+                    let token_response = { access_token: access_token, token_type: 'Bearer',  refresh_token: tokens[0].refresh_token };
+                    res.status(200).json(token_response);
+                } else {
+                    console.log('No matching token was found.');
                     res.status(400).json({error: 'invalid_grant'});
                     return;
                 }
-                var access_token = randomstring.generate();
-                nosql.insert({ access_token: access_token, client_id: clientId });
-                var token_response = { access_token: access_token, token_type: 'Bearer',  refresh_token: token.refresh_token };
-                res.status(200).json(token_response);
-                return;
-            } else {
-                console.log('No matching token was found.');
-                res.status(400).json({error: 'invalid_grant'});
-                return;
-            }
+            })
         });
     } else {
         console.log('Unknown grant type %s', req.body.grant_type);
@@ -282,4 +284,4 @@ var server = app.listen(9001, 'localhost', function () {
 
   console.log('OAuth Authorization Server is listening at http://%s:%s', host, port);
 });
- 
+
diff --git a/exercises/ch-6-ex-2/package.json b/exercises/ch-6-ex-2/package.json
@@ -9,7 +9,7 @@
 	"consolidate": "^0.13.1",
 	"qs": "^4.0.0",
 	"randomstring": "^1.0.7",
-	"nosql": "^3.0.3",
+	"nosql": "^6.1.0",
 	"base64url": "^1.0.4",
 	"cors": "^2.7.1",
 	"jsrsasign": "^5.0.0"

diff --git a/exercises/ch-6-ex-2/protectedResource.js b/exercises/ch-6-ex-2/protectedResource.js
@@ -38,21 +38,22 @@ var getAccessToken = function(req, res, next) {
     } else if (req.query && req.query.access_token) {
         inToken = req.query.access_token
     }
-    
+
     console.log('Incoming token: %s', inToken);
-    nosql.one(function(token) {
-        if (token.access_token == inToken) {
-            return token;    
-        }
-    }, function(err, token) {
-        if (token) {
-            console.log("We found a matching token: %s", inToken);
-        } else {
-            console.log('No matching token was found.');
-        }
-        req.access_token = token;
-        next();
-        return;
+
+    nosql.find().make(function (builder) {
+        builder.where('access_token', inToken);
+        builder.callback((err, tokens) => {
+            if(tokens.length > 0) {
+                console.log("We found a matching token: %s", inToken);
+                req.access_token = tokens[0];
+            } else {
+                console.log('No matching token was found.');
+                req.access_token = null;
+            }
+            next();
+            return;
+        })
     });
 };
 
@@ -65,7 +66,7 @@ app.post("/resource", cors(), getAccessToken, function(req, res){
     } else {
         res.status(401).end();
     }
-    
+
 });
 
 var server = app.listen(9002, 'localhost', function () {
@@ -74,4 +75,4 @@ var server = app.listen(9002, 'localhost', function () {
 
   console.log('OAuth Resource Server is listening at http://%s:%s', host, port);
 });
- 
+