Skip decision step if user already authorized the client app

BuggleInc · Aug 23, 2016 · cf97f57 · cf97f57
1 parent 655f128
commit cf97f57
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 6 deletions.
diff --git a/modules/oauth2/client/controllers/oauth2.client.controller.js b/modules/oauth2/client/controllers/oauth2.client.controller.js
@@ -2,9 +2,9 @@
 
 angular.module('oauth2').controller('OAuth2Controller', OAuth2);
 
-OAuth2.$inject = ['$http', '$window', '$location', '$stateParams', 'Authentication'];
+OAuth2.$inject = ['$http', '$window', '$stateParams', 'Authentication'];
 
-function OAuth2($http, $window, $location, $stateParams, Authentication) {
+function OAuth2($http, $window, $stateParams, Authentication) {
   var oauth2 = this;
 
   oauth2.error = false;
@@ -42,7 +42,9 @@ function OAuth2($http, $window, $location, $stateParams, Authentication) {
       clientID: oauth2.clientID,
       redirectURI: oauth2.redirectURI
     }).success(function (data, status) {
-      // TODO: redirect if already code
+      if(data.code) {
+        $window.location.href = oauth2.redirectURI + '?code=' + data.code;
+      }
       oauth2.transactionID = data.transactionID;
       oauth2.clientName = data.clientName;
     }).error(function (data, status) {

diff --git a/modules/oauth2/client/views/dialog.client.view.html b/modules/oauth2/client/views/dialog.client.view.html
@@ -24,7 +24,7 @@ <h1>Authorization</h1>
         <input class="btn btn-default" type="submit" value="Deny" name="cancel" ng-disabled="oauth2.error">
       </div>
     </form>
-    <div
+    <div>
 
   </div>
 </section>
diff --git a/modules/oauth2/server/controllers/oauth2.server.controller.js b/modules/oauth2/server/controllers/oauth2.server.controller.js
@@ -9,6 +9,7 @@ var path = require('path'),
   oauth2orize = require('oauth2orize'),
   uuid = require('uuid'),
   AccessToken = mongoose.model('AccessToken'),
+  AuthorizedApplication = mongoose.model('AuthorizedApplication'),
   AuthorizationCode = mongoose.model('AuthorizationCode'),
   Client = mongoose.model('Client'),
   errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller'));
@@ -75,7 +76,18 @@ server.grant(oauth2orize.grant.code(function (client, redirectURI, user, ares, d
     if (err) {
       done(err);
     } else {
-      done(null, code);
+      var authorizedApp = new AuthorizedApplication({
+        'user': user,
+        'client': client
+      });
+
+      authorizedApp.save(function (err) {
+        if (err) {
+          done(err);
+        } else {
+          done(null, code);
+        }
+      });
     }
   });
 }));
@@ -146,6 +158,49 @@ exports.authorization = [
       }
     });
   }),
+  function (req, res, next) {
+    var
+      authCode,
+      client,
+      code,
+      searchQuery,
+      user;
+
+    client = req.oauth2.client;
+    user = req.user;
+
+    searchQuery = {
+      user: user,
+      client: client
+    };
+    AuthorizedApplication.findOne(searchQuery, function (err, authorizedApp) {
+      if(err) {
+        res.sendStatus(500);
+      }
+      if(!authorizedApp) {
+        next();
+      } else {
+        code = uuid.v4();
+
+        authCode = new AuthorizationCode({
+          'code': code,
+          'clientID': client.clientID,
+          'redirectURI': client.redirectURI,
+          'userID': user.id
+        });
+
+        authCode.save(function (err) {
+          if (err) {
+            res.sendStatus(500);
+          } else {
+            res.json({
+              code: code
+            });
+          }
+        });
+      }
+    });
+  },
   function (req, res) {
     res.json({
       transactionID: req.oauth2.transactionID,
@@ -191,7 +246,7 @@ exports.getUser = [
   passport.authenticate('bearer', { session: false }),
   function(req, res) {
     // We want to update the avatar URL for other domains
-    req.user.profileImageURL = req.headers.host + req.user.profileImageURL;
+    req.user.profileImageURL = req.headers.host + '/' + req.user.profileImageURL;
     res.json(req.user);
   }
 ];
diff --git a/modules/oauth2/server/models/authorized-application.model.js b/modules/oauth2/server/models/authorized-application.model.js
@@ -0,0 +1,23 @@
+'use strict';
+
+/**
+ * Module dependencies.
+ */
+var mongoose = require('mongoose'),
+  Schema = mongoose.Schema;
+
+/**
+ * AuthorizedApplication Schema
+ */
+var AuthorizedApplicationSchema = new Schema({
+  client: {
+    type: Schema.ObjectId,
+    ref: 'Client'
+  },
+  user: {
+    type: Schema.ObjectId,
+    ref: 'User'
+  }
+});
+
+mongoose.model('AuthorizedApplication', AuthorizedApplicationSchema);
-Original file line number
+Diff line change
@@ Expand Up / @@ -24,7 +24,7 @@ <h1>Authorization</h1> @@
             <input class="btn btn-default" type="submit" value="Deny" name="cancel" ng-disabled="oauth2.error">
           </div>
         </form>
-        <div
+        <div>
       </div>
     </section>