loopback-component-oauth2 - npm Package Compare versions

Comparing version 2.2.1 to 2.3.0

CHANGES.md

		@@ -0,1 +1,9 @@
		2015-06-18, Version 2.3.0
		=========================

		* Remove auth code after 1st use (Raymond Feng)

		* Allow options.scopes to be a custom function (Raymond Feng)


		2015-06-16, Version 2.2.1
		@@ -2,0 +10,0 @@ =========================

lib/models/index.js

		@@ -164,2 +164,6 @@ var debug = require('debug')('loopback:oauth2:models');

		code.delete = function(id, done) {
		oAuthAuthorizationCodeModel.destroyById(id, done);
		};

		code.save = function(code, clientId, redirectURI, resourceOwner, scopes, done) {
		@@ -188,3 +192,2 @@ var codeObj;

		var oAuthPermissionModel = oauth2.OAuthPermission;
		var permission = {};
		@@ -191,0 +194,0 @@ permission.find = function(appId, userId, done) {

lib/oauth2-loopback.js

		@@ -239,5 +239,10 @@ /**

		models.accessTokens.save(token.id, clientId,
		resourceOwner, authCode.scopes, refreshToken,
		getTokenHandler(token, done));
		// Remove the authorization code
		models.authorizationCodes.delete(code, function(err) {

		if (err) return done(err);
		models.accessTokens.save(token.id, clientId,
		resourceOwner, authCode.scopes, refreshToken,
		getTokenHandler(token, done));
		});
		});
		@@ -244,0 +249,0 @@ }));

lib/resource-server.js

		@@ -142,3 +142,3 @@ var async = require('async')
		if (options.scopes \|\| options.scope) {
		authenticators.push(scopeValidator(options.scopes \|\| options.scope));
		authenticators.push(scopeValidator(options));
		}
		@@ -145,0 +145,0 @@ authenticators.push(oauth2Provider.errorHandler());

lib/scope.js

		@@ -89,21 +89,31 @@ var pathToRegexp = require('path-to-regexp');
		*
		* @param {Object\|String}\|String[]} scopes A list of scopes or scope mapping
		* @param {Object} options Options object
		* @returns {validateScope}
		*/
		module.exports = function(scopes) {
		var scopeMapping = loadScopes(scopes);
		module.exports = function(options) {
		var configuredScopes = options.checkScopes \|\| options.scopes \|\| options.scope;
		var checkScopes;
		if(typeof configuredScopes === 'function') {
		checkScopes = configuredScopes;
		} else {
		checkScopes = function(req, tokenScopes, cb) {
		var scopeMapping = loadScopes(configuredScopes);
		debug('Scope mapping: ', scopeMapping);
		var allowedScopes = findMatchedScopes(req, scopeMapping);
		debug('Allowed scopes: ', allowedScopes);
		if (helpers.isScopeAllowed(allowedScopes, tokenScopes)) {
		cb();
		} else {
		debug('Insufficient scope: ', tokenScopes);
		cb(new oauth2Provider.TokenError(
		'Insufficient scope', 'insufficient_scope', null, 403));
		}
		};
		}
		return function validateScope(req, res, next) {
		var allowedScopes = findMatchedScopes(req, scopeMapping);
		debug('Allowed scopes: ', allowedScopes);
		var scopes = req.accessToken && req.accessToken.scopes;
		debug('Scopes of the access token: ', scopes);
		if (helpers.isScopeAllowed(allowedScopes, scopes)) {
		next();
		} else {
		debug('Insufficient scope: ', scopes);
		next(new oauth2Provider.TokenError(
		'Insufficient scope', 'insufficient_scope', null, 403));
		}
		checkScopes(req, scopes, next);
		};
		}

package.json

		{
		"name": "loopback-component-oauth2",
		"version": "2.2.1",
		"version": "2.3.0",
		"description": "OAuth 2.0 provider for LoopBack",
		@@ -51,3 +51,3 @@ "keywords": [
		"optionalDependencies": {
		"sl-blip": "http://blip.strongloop.com/loopback-component-oauth2@2.2.1"
		"sl-blip": "http://blip.strongloop.com/loopback-component-oauth2@2.3.0"
		},
		@@ -54,0 +54,0 @@ "engines": {

New alerts