-
Notifications
You must be signed in to change notification settings - Fork 9
/
password.js
72 lines (63 loc) · 2.16 KB
/
password.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
const logger = require('../../../lib/logger');
module.exports = (options) => ({
params: ['username', 'password'],
grantTypeFactory: function passwordGrantTypeFactory(providerInstance) {
return async function passwordGrantType(ctx, next) {
const { username, password } = ctx.oidc.params;
const account = await options.authenticateUser(username, password);
try {
if (account) {
const { AccessToken, IdToken, RefreshToken } = providerInstance;
const at = new AccessToken({
accountId: account.accountId,
clientId: ctx.oidc.client.clientId,
grantId: ctx.oidc.uuid,
scope: ctx.oidc.params.scope || '',
});
const accessToken = await at.save();
const expiresIn = AccessToken.expiresIn;
const token = new IdToken(
Object.assign({}, await Promise.resolve(account.claims())),
ctx.oidc.client
);
const refreshToken = new RefreshToken({
clientId: ctx.oidc.client.clientId,
scope: ctx.oidc.params.scope || '',
accountId: account.accountId,
grantId: ctx.oidc.uuid,
claims: {
id_token: { sub: { value: account.accountId } },
},
});
const refreshTokenValue = await refreshToken.save();
token.set('at_hash', accessToken);
token.set('rt_hash', refreshTokenValue);
token.set('sub', account.accountId);
const idToken = await token.sign();
ctx.body = {
access_token: accessToken,
expires_in: expiresIn,
token_type: 'Bearer',
id_token: idToken,
refresh_token: refreshTokenValue,
};
} else {
ctx.body = {
error: 'invalid_grant',
error_description: 'invalid credentials provided',
};
ctx.status = 400;
}
await next();
} catch (e) {
logger.error(e);
ctx.body = {
error: 'Internal Server Error',
error_description: e,
};
ctx.status = 500;
await next();
}
};
},
});