revert(service-tokens): Revert "feat(tokens): allow using JWT grants …

…from Service Clients" This reverts commit 0a0e303.
mozilla · Oct 28, 2015 · d3cc78a · d3cc78a
1 parent 6be9ac2
commit d3cc78a
Show file tree

Hide file tree

Showing 10 changed files with 86 additions and 381 deletions.
diff --git a/config/test.json b/config/test.json
@@ -54,7 +54,7 @@
     {
       "id": "d23dbf62b82eb04e",
       "name": "Test Service Client",
-      "scope": "profile",
+      "scope": "profile:email",
       "jku": "http://127.0.0.1:9019/.well-known/public-keys"
     }
   ]

diff --git a/lib/db/index.js b/lib/db/index.js
@@ -12,7 +12,6 @@ const env = require('../env');
 const logger = require('../logging')('db');
 const klass = config.get('db.driver') === 'mysql' ?
   require('./mysql') : require('./memory');
-const unique = require('../unique');
 
 function clientEquals(configClient, dbClient) {
   var props = Object.keys(configClient);
@@ -109,32 +108,6 @@ function preClients() {
   }
 }
 
-function serviceClients() {
-  var clients = config.get('serviceClients');
-  if (clients && clients.length) {
-    logger.debug('serviceClients.loading', clients);
-
-    return P.all(clients.map(function(client) {
-      return exports.getClient(client.id).then(function(existing) {
-        if (existing) {
-          logger.verbose('seviceClients.existing', client);
-          return;
-        }
-
-        return exports.registerClient({
-          id: client.id,
-          name: client.name,
-          hashedSecret: encrypt.hash(unique.secret()),
-          imageUri: '',
-          redirectUri: '',
-          trusted: true,
-          canGrant: false
-        });
-      });
-    }));
-  }
-}
-
 var driver;
 function withDriver() {
   if (driver) {
@@ -149,7 +122,7 @@ function withDriver() {
   return p.then(function(store) {
     logger.debug('connected', { driver: config.get('db.driver') });
     driver = store;
-  }).then(exports._initialClients).then(function() {
+  }).then(preClients).then(function() {
     return driver;
   });
 }
@@ -187,5 +160,5 @@ exports.disconnect = function disconnect() {
 };
 
 exports._initialClients = function() {
-  return preClients().then(serviceClients);
+  return preClients();
 };
diff --git a/lib/db/mysql/index.js b/lib/db/mysql/index.js
@@ -363,8 +363,8 @@ MysqlStore.prototype = {
   },
   generateAccessToken: function generateAccessToken(vals) {
     var t = {
-      clientId: buf(vals.clientId),
-      userId: buf(vals.userId),
+      clientId: vals.clientId,
+      userId: vals.userId,
       email: vals.email,
       scope: Scope(vals.scope),
       token: unique.token(),

diff --git a/lib/db/mysql/patches/patch-010-011.sql b/lib/db/mysql/patches/patch-010-011.sql
diff --git a/lib/db/mysql/patches/patch-011-010.sql b/lib/db/mysql/patches/patch-011-010.sql
diff --git a/lib/db/mysql/schema.sql b/lib/db/mysql/schema.sql
@@ -41,7 +41,7 @@ CREATE TABLE IF NOT EXISTS tokens (
   FOREIGN KEY (clientId) REFERENCES clients(id) ON DELETE CASCADE,
   userId BINARY(16) NOT NULL,
   INDEX tokens_user_id(userId),
-  email VARCHAR(256),
+  email VARCHAR(256) NOT NULL,
   type VARCHAR(16) NOT NULL,
   scope VARCHAR(256) NOT NULL,
   createdAt TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,

diff --git a/lib/routes/authorization.js b/lib/routes/authorization.js
@@ -99,7 +99,11 @@ module.exports = {
   validate: {
     payload: {
       client_id: validators.clientId,
-      assertion: validators.assertion
+      assertion: Joi.string()
+        // taken from mozilla/persona/lib/validate.js
+        .min(50)
+        .max(10240)
+        .regex(/^[a-zA-Z0-9_\-\.~=]+$/)
         .required(),
       redirect_uri: Joi.string()
         .max(256),