Merge pull request #100 from evanp/ValidateNotReplayClient

Add validateNotReplayClient() method for OAuthDataProvider
ciaranj · May 28, 2012 · 1aa69bc · 1aa69bc
2 parents e1c75d2 + b34b924
commit 1aa69bc
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 9 deletions.
diff --git a/examples/in_memory_oauth_data_provider.js b/examples/in_memory_oauth_data_provider.js
@@ -174,6 +174,10 @@ OAuthDataProvider.prototype.validateNotReplay = function(accessToken, timestamp,
   callback(null, true);
 }
 
+OAuthDataProvider.prototype.validateNotReplayClient = function(consumerKey, accessToken, timestamp, nonce, callback) {
+  callback(null, true);
+}
+
 /**
   Fetch user id based on token (used to identify user in oauth calls later)
 **/

diff --git a/lib/auth.strategies/oauth/_oauthservices.js b/lib/auth.strategies/oauth/_oauthservices.js
@@ -47,7 +47,7 @@ function validateParameters(parameters, requiredParameters) {
 
 exports.OAuthServices= function(provider, legs) {
   this.provider= provider;
-  var requiredMethods = ['applicationByConsumerKey','validateNotReplay'];
+  var requiredMethods = ['applicationByConsumerKey'];
   if (legs) {
     this.legs = legs;
   }
@@ -74,8 +74,14 @@ exports.OAuthServices= function(provider, legs) {
 
     }
   }
-
 
+  this.providerProvidesValidateNotReplay= (Object.prototype.toString.call(provider.validateNotReplay) === "[object Function]");
+  this.providerProvidesValidateNotReplayClient= (Object.prototype.toString.call(provider.validateNotReplayClient) === "[object Function]");
+  if( !this.providerProvidesValidateNotReplay && !this.providerProvidesValidateNotReplayClient) {
+    throw new Error("Data provider must provide either validateNotReplay() or validateNotReplayClient()");
+  }  else {
+
+  }
 };
 
 exports.OAuthServices.prototype.tokenByTokenAndConsumer= function(token, consumerKey, callback) {
@@ -214,13 +220,23 @@ exports.OAuthServices.prototype.authorize= function(request, protocol, callback)
 
   // Given all the requestParameters and the next step function, error out if the a replay is detected
   var validateNotReplay = function(requestParameters, next) {
-    self.provider.validateNotReplay(requestParameters.oauth_token, requestParameters.oauth_timestamp, requestParameters.oauth_nonce, function(err, result) {
-      if(err) {
-        callback(new errors.OAuthUnauthorizedError('Invalid / used nonce'), null);
-      } else {
-        next();
-      }
-    });
+    if(self.providerProvidesValidateNotReplayClient) {
+      self.provider.validateNotReplayClient(requestParameters.oauth_consumer_key, requestParameters.oauth_token, requestParameters.oauth_timestamp, requestParameters.oauth_nonce, function(err, result) {
+        if(err) {
+          callback(new errors.OAuthUnauthorizedError('Invalid / used nonce'), null);
+        } else {
+          next();
+        }
+      });
+    } else {
+      self.provider.validateNotReplay(requestParameters.oauth_token, requestParameters.oauth_timestamp, requestParameters.oauth_nonce, function(err, result) {
+        if(err) {
+          callback(new errors.OAuthUnauthorizedError('Invalid / used nonce'), null);
+        } else {
+          next();
+        }
+      });
+    }
   };
 
   var getApplicationByConsumerKey = function(consumer_key, next) {