diff --git a/exercises/ch-6-ex-2/authorizationServer.js b/exercises/ch-6-ex-2/authorizationServer.js index 4563a8a5..7c92298a 100644 --- a/exercises/ch-6-ex-2/authorizationServer.js +++ b/exercises/ch-6-ex-2/authorizationServer.js @@ -214,28 +214,30 @@ app.post("/token", function(req, res){ */ } else if (req.body.grant_type == 'refresh_token') { - nosql.one(function(token) { - if (token.refresh_token == req.body.refresh_token) { - return token; - } - }, function(err, token) { - if (token) { - console.log("We found a matching refresh token: %s", req.body.refresh_token); - if (token.client_id != clientId) { - nosql.remove(function(found) { return (found == token); }, function () {} ); + nosql.find().make(function (builder) { + builder.where('refresh_token', req.body.refresh_token); + builder.callback((err, tokens) => { + if (tokens.length > 0) { + console.log("We found a matching token: %s", tokens[0]); + + if(tokens[0].client_id !== clientId) { + nosql.remove().make(function (builder) { + builder.where('refresh_token', req.body.refresh_token); + builder.callback((err) => err ? console.error(`error while removing refresh token: ${err}`) : null); + res.status(400).json({error: 'invalid_grant'}); + return; + }) + } + let access_token = randomstring.generate(); + nosql.insert({ access_token: access_token, client_id: clientId }); + let token_response = { access_token: access_token, token_type: 'Bearer', refresh_token: tokens[0].refresh_token }; + res.status(200).json(token_response); + } else { + console.log('No matching token was found.'); res.status(400).json({error: 'invalid_grant'}); return; } - var access_token = randomstring.generate(); - nosql.insert({ access_token: access_token, client_id: clientId }); - var token_response = { access_token: access_token, token_type: 'Bearer', refresh_token: token.refresh_token }; - res.status(200).json(token_response); - return; - } else { - console.log('No matching token was found.'); - res.status(400).json({error: 'invalid_grant'}); - return; - } + }) }); } else { console.log('Unknown grant type %s', req.body.grant_type); @@ -282,4 +284,4 @@ var server = app.listen(9001, 'localhost', function () { console.log('OAuth Authorization Server is listening at http://%s:%s', host, port); }); - + diff --git a/exercises/ch-6-ex-2/package.json b/exercises/ch-6-ex-2/package.json index c2aaaf53..6ad7536e 100644 --- a/exercises/ch-6-ex-2/package.json +++ b/exercises/ch-6-ex-2/package.json @@ -9,7 +9,7 @@ "consolidate": "^0.13.1", "qs": "^4.0.0", "randomstring": "^1.0.7", - "nosql": "^3.0.3", + "nosql": "^6.1.0", "base64url": "^1.0.4", "cors": "^2.7.1", "jsrsasign": "^5.0.0" diff --git a/exercises/ch-6-ex-2/protectedResource.js b/exercises/ch-6-ex-2/protectedResource.js index 8ccc162a..2c7b3be4 100644 --- a/exercises/ch-6-ex-2/protectedResource.js +++ b/exercises/ch-6-ex-2/protectedResource.js @@ -38,21 +38,22 @@ var getAccessToken = function(req, res, next) { } else if (req.query && req.query.access_token) { inToken = req.query.access_token } - + console.log('Incoming token: %s', inToken); - nosql.one(function(token) { - if (token.access_token == inToken) { - return token; - } - }, function(err, token) { - if (token) { - console.log("We found a matching token: %s", inToken); - } else { - console.log('No matching token was found.'); - } - req.access_token = token; - next(); - return; + + nosql.find().make(function (builder) { + builder.where('access_token', inToken); + builder.callback((err, tokens) => { + if(tokens.length > 0) { + console.log("We found a matching token: %s", inToken); + req.access_token = tokens[0]; + } else { + console.log('No matching token was found.'); + req.access_token = null; + } + next(); + return; + }) }); }; @@ -65,7 +66,7 @@ app.post("/resource", cors(), getAccessToken, function(req, res){ } else { res.status(401).end(); } - + }); var server = app.listen(9002, 'localhost', function () { @@ -74,4 +75,4 @@ var server = app.listen(9002, 'localhost', function () { console.log('OAuth Resource Server is listening at http://%s:%s', host, port); }); - +