Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Issue #19299 Fix XM.SimpleModel.destory function. Auth code expire lo…

…gic.
  • Loading branch information...
commit 777848b28c69eb0bc52373510cda202afa5bb79c 1 parent 4d8207a
@bendiy bendiy authored
View
28 lib/backbone-x/source/simplemodel.js
@@ -10,14 +10,14 @@ white:true*/
"use strict";
/**
- @class `XM.Model` is an abstract class designed to operate with `XT.DataSource`.
+ @class `XM.SimpleModel` is an abstract class designed to operate with `XT.DataSource`.
It should be subclassed for any specific implementation. Subclasses should
include a `recordType` the data source will use to retrieve the record.
To create a new model include `isNew` in the options:
<pre><code>
// Create a new class
- XM.MyModel = XM.Model.extend({
+ XM.MyModel = XM.SimpleModel.extend({
recordType: 'XM.MyModel'
});
@@ -30,13 +30,13 @@ white:true*/
m.fetch();
</code></pre>
- @name XM.Model
+ @name XM.SimpleModel
@description To create a new model include `isNew` in the options:
@param {Object} Attributes
@param {Object} Options
- @extends Backbone.RelationalModel
+ @extends Backbone.Model
*/
- XM.SimpleModel = Backbone.Model.extend(/** @lends XM.Model# */{
+ XM.SimpleModel = Backbone.Model.extend(/** @lends XM.SimpleModel# */{
/**
Set to true if you want an id fetched from the server when the `isNew` option
@@ -158,12 +158,24 @@ white:true*/
@returns {XT.Request|Boolean}
*/
destroy: function (options) {
- var result,
- K = XM.Model;
+ options = options ? _.clone(options) : {};
- this._wasNew = this.isNew(); // Hack so prototype call will still work
+ var model = this,
+ result,
+ success = options.success,
+ K = XM.Model;
+
+ //this._wasNew = this.isNew(); // Hack so prototype call will still work
+ this.setStatus(K.DESTROYED_DIRTY);
this.setStatus(K.BUSY_DESTROYING);
options.wait = true;
+ options.success = function (resp) {
+ if (XT.debugging) {
+ XT.log('Destroy successful');
+ }
+ XT.log('Destroy successful');
+ if (success) { success(model, resp, options); }
+ };
result = Backbone.Model.prototype.destroy.call(this, options);
delete this._wasNew;
return result;
View
7 node-datasource/oauth2/db/authorizationcodes.js
@@ -21,7 +21,7 @@ exports.find = function (code, done) {
X.log(message);
// No match or multiple which is not allowed. Send nothing.
- return done(null, null);
+ return done(new Error(message));
}
// Send that XM.Oauth2token model along.
@@ -60,6 +60,8 @@ exports.save = function (code, clientID, redirectURI, userID, scope, done) {
var authCode = new XM.Oauth2token(),
saveOptions = {},
+ today = new Date(),
+ expires = new Date(today.getTime() + (10 * 60 * 1000)), // 10 minutes from now.
initCallback = function (model, value) {
if (model.id) {
// Now that model is ready, set attributes and save.
@@ -70,7 +72,8 @@ exports.save = function (code, clientID, redirectURI, userID, scope, done) {
scope: scope,
state: "Auth Code Issued",
authCode: code,
- authCodeIssued: new Date(),
+ authCodeIssued: today,
+ authCodeExpires: expires,
tokenType: "bearer"
};
View
18 node-datasource/oauth2/oauth2.js
@@ -75,15 +75,21 @@ server.exchange(oauth2orize.exchange.code(function (client, code, redirectURI, d
db.authorizationCodes.find(code, function (err, authCode) {
if (err) { return done(err); }
if (!authCode || !client) { return done(null, false); }
- if (client.get("clientID") !== authCode.get("clientID")) { return done(null, false); }
- if (redirectURI !== authCode.get("redirectURI")) { return done(null, false); }
+ if (client.get("clientID") !== authCode.get("clientID")) { return done(new Error("Invalid clientID.")); }
+ if (redirectURI !== authCode.get("redirectURI")) { return done(new Error("Invalid redirectURI.")); }
+
+ // Auth code is only valid for 10 minutes. Has it expired yet?
+ if ((new Date(authCode.get("authCodeExpires")) - new Date()) < 0) {
+ authCode.destroy();
+ return done(new Error("Authorization code has expired."));
+ }
// Create the tokens.
var accessToken = utils.uid(256),
refreshToken = utils.uid(256),
saveOptions = {},
today = new Date(),
- expires = new Date(today.getTime() + (24 * 60 * 60 * 1000)),
+ expires = new Date(today.getTime() + (60 * 60 * 1000)), // One hour from now.
tokenAttributes = {},
tokenType = 'bearer';
@@ -91,10 +97,10 @@ server.exchange(oauth2orize.exchange.code(function (client, code, redirectURI, d
var params = {};
params.token_type = model.get("tokenType");
- // Google sends time tell expires instead of just the time it expires at, so...
- params.expires_in = (new Date() - expires) / 1000; // Seconds until the token expires.
+ // Google sends time until expires instead of just the time it expires at, so...
+ params.expires_in = Math.round(((expires - new Date()) / 1000) - 60); // Seconds until the token expires with 60 sec padding.
- // Send the tokens along.
+ // Send the tokens and params along.
return done(null, model.get("accessToken"), model.get("refreshToken"), params);
};
saveOptions.error = function (model, err) {
View
2  node-datasource/oauth2/passport.js
@@ -121,6 +121,8 @@ passport.use(new BearerStrategy(
if (err) { return done(err); }
if (!token) { return done(null, false); }
+ // TODO - Check if accessToken has expired.
+
db.users.findByUsername(token.get("user"), function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
Please sign in to comment.
Something went wrong with that request. Please try again.