Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 5f01eda

Browse filesBrowse files
panvapanva
committed
refactor: simpler DCR validate registration access token
1 parent 9a864d6 commit 5f01eda
Copy full SHA for 5f01eda

File tree

Expand file treeCollapse file tree

1 file changed

+35
-37
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+35
-37
lines changed

‎lib/actions/registration.js

Copy file name to clipboardExpand all lines: lib/actions/registration.js
+35-37Lines changed: 35 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -15,44 +15,42 @@ const FORBIDDEN = [
1515
'client_id_issued_at',
1616
];
1717

18-
const validateRegistrationAccessToken = [
19-
async function validateRegistrationAccessToken(ctx, next) {
20-
try {
21-
const regAccessToken = await ctx.oidc.provider.RegistrationAccessToken.find(
22-
ctx.oidc.getAccessToken(),
23-
);
24-
ctx.assert(regAccessToken, new InvalidToken('registration access token not found'));
25-
26-
const client = await ctx.oidc.provider.Client.find(ctx.params.clientId);
27-
28-
if (client?.clientId !== regAccessToken.clientId) {
29-
await regAccessToken.destroy();
30-
throw new InvalidToken('client mismatch');
31-
}
18+
async function validateRegistrationAccessToken(ctx, next) {
19+
try {
20+
const regAccessToken = await ctx.oidc.provider.RegistrationAccessToken.find(
21+
ctx.oidc.getAccessToken(),
22+
);
23+
ctx.assert(regAccessToken, new InvalidToken('registration access token not found'));
24+
25+
const client = await ctx.oidc.provider.Client.find(ctx.params.clientId);
26+
27+
if (client?.clientId !== regAccessToken.clientId) {
28+
await regAccessToken.destroy();
29+
throw new InvalidToken('client mismatch');
30+
}
3231

33-
ctx.oidc.entity('Client', client);
34-
ctx.oidc.entity('RegistrationAccessToken', regAccessToken);
35-
} catch (err) {
36-
if (err.expose) {
37-
if (err.error_description === 'no access token provided') {
38-
appendWWWAuthenticate(ctx, 'Bearer', {
39-
realm: ctx.oidc.issuer,
40-
scope: err.scope,
41-
});
42-
} else {
43-
appendWWWAuthenticate(ctx, 'Bearer', {
44-
realm: ctx.oidc.issuer,
45-
error: err.message,
46-
error_description: err.error_description,
47-
});
48-
}
32+
ctx.oidc.entity('Client', client);
33+
ctx.oidc.entity('RegistrationAccessToken', regAccessToken);
34+
} catch (err) {
35+
if (err.expose) {
36+
if (err.error_description === 'no access token provided') {
37+
appendWWWAuthenticate(ctx, 'Bearer', {
38+
realm: ctx.oidc.issuer,
39+
scope: err.scope,
40+
});
41+
} else {
42+
appendWWWAuthenticate(ctx, 'Bearer', {
43+
realm: ctx.oidc.issuer,
44+
error: err.message,
45+
error_description: err.error_description,
46+
});
4947
}
50-
throw err;
5148
}
49+
throw err;
50+
}
5251

53-
await next();
54-
},
55-
];
52+
await next();
53+
}
5654

5755
export const post = [
5856
noCache,
@@ -171,7 +169,7 @@ export const post = [
171169

172170
export const get = [
173171
noCache,
174-
...validateRegistrationAccessToken,
172+
validateRegistrationAccessToken,
175173

176174
async function clientReadResponse(ctx) {
177175
if (ctx.oidc.client.noManage) {
@@ -191,7 +189,7 @@ export const get = [
191189

192190
export const put = [
193191
noCache,
194-
...validateRegistrationAccessToken,
192+
validateRegistrationAccessToken,
195193
parseBody,
196194

197195
async function forbiddenFields(ctx, next) {
@@ -287,7 +285,7 @@ export const put = [
287285

288286
export const del = [
289287
noCache,
290-
...validateRegistrationAccessToken,
288+
validateRegistrationAccessToken,
291289

292290
async function clientRemoveResponse(ctx) {
293291
if (ctx.oidc.client.noManage) {

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.