Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

node-oauth2-server

Package Overview
Dependencies
Maintainers
1
Versions
33
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-oauth2-server - npm Package Compare versions

Comparing version 1.2.3 to 1.2.4

.jshintignore

20

lib/authorise.js
// Modules
var OAuth2Error = require('./error');
var error = require('./error');

@@ -26,3 +26,3 @@ var authorise = module.exports = {};

if (err) {
return next(new OAuth2Error('server_error', false, err));
return next(error('server_error', false, err));
}

@@ -47,3 +47,3 @@

if (!token) {
return next(new OAuth2Error('invalid_grant', 'The access token provided is invalid.'));
return next(error('invalid_grant', 'The access token provided is invalid.'));
}

@@ -53,3 +53,3 @@

if (!token.expires || token.expires < this.now) {
return next(new OAuth2Error('invalid_grant', 'The access token provided has expired.'));
return next(error('invalid_grant', 'The access token provided has expired.'));
}

@@ -84,10 +84,10 @@

// Check exactly one method was used
var methodsUsed = (typeof headerToken !== 'undefined') + (typeof getToken !== 'undefined')
+ (typeof postToken !== 'undefined');
var methodsUsed = (headerToken !== undefined) + (getToken !== undefined) +
(postToken !== undefined);
if (methodsUsed > 1) {
return next(new OAuth2Error('invalid_request',
return next(error('invalid_request',
'Only one method may be used to authenticate at a time (Auth header, GET or POST).'));
} else if (methodsUsed === 0) {
return next(new OAuth2Error('invalid_request', 'The access token was not found'));
return next(error('invalid_request', 'The access token was not found'));
}

@@ -100,3 +100,3 @@

if (!matches) {
return next(new OAuth2Error('invalid_request', 'Malformed auth header'));
return next(error('invalid_request', 'Malformed auth header'));
}

@@ -110,3 +110,3 @@

if (req.method !== 'POST') {
return next(new OAuth2Error('invalid_request',
return next(error('invalid_request',
'When putting the token in the body, the method must be POST.'));

@@ -113,0 +113,0 @@ }

6

lib/error.js
module.exports = OAuth2Error;
/**

@@ -9,4 +11,6 @@ * Error

*/
module.exports = function (error, description, err) {
function OAuth2Error (error, description, err) {
if (!(this instanceof OAuth2Error)) return new OAuth2Error(error, description, err);
switch (error) {

@@ -13,0 +17,0 @@ case 'invalid_client':

16

lib/oauth2server.js

@@ -18,3 +18,3 @@ /**

// Required modules
var OAuth2Error = require('./error'),
var error = require('./error'),
authorise = require('./authorise'),

@@ -54,3 +54,3 @@ token = require('./token');

this.regex.grantType = new RegExp('^(' + this.grants.join('|') + ')$', 'i');
};
}

@@ -79,3 +79,3 @@ /**

} else {
allow = allow.concat(allowed['all'] || []);
allow = allow.concat(allowed.all || []);
allow = allow.concat(allowed[req.method.toLowerCase()] || []);

@@ -94,3 +94,3 @@ }

}
}
};
};

@@ -110,4 +110,6 @@

return function (err, req, res, next) {
if (!(err instanceof OAuth2Error)) {
err = new OAuth2Error('server_error', false, err);
if (err instanceof Error && err.status && err.status === 400) {
err = error('invalid_request', err.toString(), err);
} else if (!(err instanceof error)) {
err = error('server_error', false, err);
}

@@ -119,3 +121,3 @@

res.send(err.code, err);
}
};
};

35

lib/token.js
// Modules
var crypto = require('crypto'),
OAuth2Error = require('./error');
error = require('./error');

@@ -20,3 +20,3 @@ var token = module.exports = {};

if (req.method !== 'POST' || mime !== 'application/x-www-form-urlencoded') {
return next(new OAuth2Error('invalid_request',
return next(error('invalid_request',
'Method must be POST with application/x-www-form-urlencoded encoding'));

@@ -28,3 +28,3 @@ }

if (!req.oauth.grantType || !req.oauth.grantType.match(this.regex.grantType)) {
return next(new OAuth2Error('invalid_request', 'Invalid or missing grant_type parameter'));
return next(error('invalid_request', 'Invalid or missing grant_type parameter'));
}

@@ -35,3 +35,3 @@

if (!creds.client_id || !creds.client_id.match(this.regex.clientId)) {
return next(new OAuth2Error('invalid_client', 'Invalid or missing client_id parameter'));
return next(error('invalid_client', 'Invalid or missing client_id parameter'));
}

@@ -43,7 +43,7 @@

if (err) {
return next(new OAuth2Error('server_error', false, err));
return next(error('server_error', false, err));
}
if (!client) {
return next(new OAuth2Error('invalid_client', 'The client credentials are invalid'));
return next(error('invalid_client', 'The client credentials are invalid'));
}

@@ -55,3 +55,3 @@

if (!allowed) {
return next(new OAuth2Error('invalid_client',
return next(error('invalid_client',
'The grant type is unauthorised for this client_id'));

@@ -117,4 +117,3 @@ }

var invalid = function () {
next(new OAuth2Error('invalid_request',
'Invalid grant_type parameter or parameter missing'));
next(error('invalid_request', 'Invalid grant_type parameter or parameter missing'));
};

@@ -127,3 +126,3 @@

if (err && err.error && err.description) {
return next(new OAuth2Error(err.error, err.description));
return next(error(err.error, err.description));
}

@@ -134,3 +133,3 @@ if (err) return next(err);

if (!user || user.id === undefined) {
return next(new OAuth2Error('invalid_request', 'Invalid request.'))
return next(error('invalid_request', 'Invalid request.'));
}

@@ -149,3 +148,3 @@

if (!uname || !pword) {
return next(new OAuth2Error('invalid_client',
return next(error('invalid_client',
'Missing parameters. "username" and "password" are required'));

@@ -156,3 +155,3 @@ }

if (err) {
return next(new OAuth2Error('server_error', false, err));
return next(error('server_error', false, err));
}

@@ -164,3 +163,3 @@

} else {
next(new OAuth2Error('invalid_grant', 'User credentials are invalid'));
next(error('invalid_grant', 'User credentials are invalid'));
}

@@ -203,3 +202,3 @@ });

req.oauth.client.client_id, req.user.id, expires, function (err) {
if (err) return next(new OAuth2Error('server_error', false, err));
if (err) return next(error('server_error', false, err));

@@ -235,3 +234,3 @@ token.issueToken.call(oauth, req, res, next);

req.user.id, expires, function (err) {
if (err) return next(new OAuth2Error('server_error', false, err));
if (err) return next(error('server_error', false, err));

@@ -276,3 +275,3 @@ issueRefreshToken();

this.model.generateToken(type, req, function (err, generatedToken) {
if (err) return callback(new OAuth2Error('server_error'));
if (err) return callback(error('server_error'));
if (!generatedToken) return token._generateToken(callback);

@@ -288,3 +287,3 @@ callback(false, generatedToken);

crypto.randomBytes(256, function (ex, buffer) {
if (ex) return callback(new OAuth2Error('server_error'));
if (ex) return callback(error('server_error'));

@@ -291,0 +290,0 @@ callback(false, crypto.createHash('sha1').update(buffer).digest('hex'));

2

package.json
{
"name": "node-oauth2-server",
"description": "Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js",
"version": "1.2.3",
"version": "1.2.4",
"keywords": [

@@ -6,0 +6,0 @@ "oauth",

2

test/oauth2server.handle.js

@@ -68,3 +68,3 @@ /**

if (err) return done(err);
res.body.error_description.should.not.match(/the access token was not found/i)
res.body.error_description.should.not.match(/the access token was not found/i);
done();

@@ -71,0 +71,0 @@ });

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc