Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #100 from evanp/ValidateNotReplayClient

Add validateNotReplayClient() method for OAuthDataProvider
  • Loading branch information...
commit 1aa69bcf5be06050f12daee55ae702c456c1d2e9 2 parents e1c75d2 + b34b924
@ciaranj authored
View
4 examples/in_memory_oauth_data_provider.js
@@ -174,6 +174,10 @@ OAuthDataProvider.prototype.validateNotReplay = function(accessToken, timestamp,
callback(null, true);
}
+OAuthDataProvider.prototype.validateNotReplayClient = function(consumerKey, accessToken, timestamp, nonce, callback) {
+ callback(null, true);
+}
+
/**
Fetch user id based on token (used to identify user in oauth calls later)
**/
View
34 lib/auth.strategies/oauth/_oauthservices.js
@@ -47,7 +47,7 @@ function validateParameters(parameters, requiredParameters) {
exports.OAuthServices= function(provider, legs) {
this.provider= provider;
- var requiredMethods = ['applicationByConsumerKey','validateNotReplay'];
+ var requiredMethods = ['applicationByConsumerKey'];
if (legs) {
this.legs = legs;
}
@@ -74,8 +74,14 @@ exports.OAuthServices= function(provider, legs) {
}
}
-
+ this.providerProvidesValidateNotReplay= (Object.prototype.toString.call(provider.validateNotReplay) === "[object Function]");
+ this.providerProvidesValidateNotReplayClient= (Object.prototype.toString.call(provider.validateNotReplayClient) === "[object Function]");
+ if( !this.providerProvidesValidateNotReplay && !this.providerProvidesValidateNotReplayClient) {
+ throw new Error("Data provider must provide either validateNotReplay() or validateNotReplayClient()");
+ } else {
+
+ }
};
exports.OAuthServices.prototype.tokenByTokenAndConsumer= function(token, consumerKey, callback) {
@@ -214,13 +220,23 @@ exports.OAuthServices.prototype.authorize= function(request, protocol, callback)
// Given all the requestParameters and the next step function, error out if the a replay is detected
var validateNotReplay = function(requestParameters, next) {
- self.provider.validateNotReplay(requestParameters.oauth_token, requestParameters.oauth_timestamp, requestParameters.oauth_nonce, function(err, result) {
- if(err) {
- callback(new errors.OAuthUnauthorizedError('Invalid / used nonce'), null);
- } else {
- next();
- }
- });
+ if(self.providerProvidesValidateNotReplayClient) {
+ self.provider.validateNotReplayClient(requestParameters.oauth_consumer_key, requestParameters.oauth_token, requestParameters.oauth_timestamp, requestParameters.oauth_nonce, function(err, result) {
+ if(err) {
+ callback(new errors.OAuthUnauthorizedError('Invalid / used nonce'), null);
+ } else {
+ next();
+ }
+ });
+ } else {
+ self.provider.validateNotReplay(requestParameters.oauth_token, requestParameters.oauth_timestamp, requestParameters.oauth_nonce, function(err, result) {
+ if(err) {
+ callback(new errors.OAuthUnauthorizedError('Invalid / used nonce'), null);
+ } else {
+ next();
+ }
+ });
+ }
};
var getApplicationByConsumerKey = function(consumer_key, next) {
Please sign in to comment.
Something went wrong with that request. Please try again.