Commit f460371

authored

fix: critical scope validation bug resolved

Merge pull request #228 from jorenvandeweyer/bugfix/validate-scope

2 parents 74f07c3 + fc403c3 commit f460371Copy full SHA for f460371

File tree

+12

-12

lines changed

+12

-12

lines changed

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -187,10 +187,10 @@ class AuthorizationCodeGrantType extends AbstractGrantType {`
`187`	`187`	`* Save token.`
`188`	`188`	`*/`
`189`	`189`
`190`		`- async saveToken(user, client, authorizationCode, scope) {`
`191`		`- const validatedScope = await this.validateScope(user, client, scope);`
`192`		`- const accessToken = await this.generateAccessToken(client, user, scope);`
`193`		`- const refreshToken = await this.generateRefreshToken(client, user, scope);`
	`190`	`+ async saveToken(user, client, authorizationCode, requestedScope) {`
	`191`	`+ const validatedScope = await this.validateScope(user, client, requestedScope);`
	`192`	`+ const accessToken = await this.generateAccessToken(client, user, validatedScope);`
	`193`	`+ const refreshToken = await this.generateRefreshToken(client, user, validatedScope);`
`194`	`194`	`const accessTokenExpiresAt = await this.getAccessTokenExpiresAt();`
`195`	`195`	`const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt();`
`196`	`196`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -68,10 +68,10 @@ class ClientCredentialsGrantType extends AbstractGrantType {`
`68`	`68`	`* Save token.`
`69`	`69`	`*/`
`70`	`70`
`71`		`- async saveToken(user, client, scope) {`
`72`		`- const validatedScope = await this.validateScope(user, client, scope);`
`73`		`- const accessToken = await this.generateAccessToken(client, user, scope);`
`74`		`- const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(client, user, scope);`
	`71`	`+ async saveToken(user, client, requestedScope) {`
	`72`	`+ const validatedScope = await this.validateScope(user, client, requestedScope);`
	`73`	`+ const accessToken = await this.generateAccessToken(client, user, validatedScope);`
	`74`	`+ const accessTokenExpiresAt = await this.getAccessTokenExpiresAt(client, user, validatedScope);`
`75`	`75`	`const token = {`
`76`	`76`	`accessToken: accessToken,`
`77`	`77`	`accessTokenExpiresAt: accessTokenExpiresAt,`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -86,10 +86,10 @@ class PasswordGrantType extends AbstractGrantType {`
`86`	`86`	`* Save token.`
`87`	`87`	`*/`
`88`	`88`
`89`		`- async saveToken(user, client, scope) {`
`90`		`- const validatedScope = await this.validateScope(user, client, scope);`
`91`		`- const accessToken = await this.generateAccessToken(client, user, scope);`
`92`		`- const refreshToken = await this.generateRefreshToken(client, user, scope);`
	`89`	`+ async saveToken(user, client, requestedScope) {`
	`90`	`+ const validatedScope = await this.validateScope(user, client, requestedScope);`
	`91`	`+ const accessToken = await this.generateAccessToken(client, user, validatedScope);`
	`92`	`+ const refreshToken = await this.generateRefreshToken(client, user, validatedScope);`
`93`	`93`	`const accessTokenExpiresAt = await this.getAccessTokenExpiresAt();`
`94`	`94`	`const refreshTokenExpiresAt = await this.getRefreshTokenExpiresAt();`
`95`	`95`

Comments

(0)