|
|
@ -167,10 +167,13 @@ class OAuth2Service extends SiteService { |
|
|
async processExchange (client, code, redirectUri, done) { |
|
|
async processExchange (client, code, redirectUri, done) { |
|
|
try { |
|
|
try { |
|
|
const ac = await OAuth2AuthorizationCode.findOne({ code }); |
|
|
const ac = await OAuth2AuthorizationCode.findOne({ code }); |
|
|
|
|
|
this.log.debug('process OAuth2 exchange', { client, code, redirectUri }); |
|
|
if (client.id !== ac.clientId) { |
|
|
if (client.id !== ac.clientId) { |
|
|
|
|
|
this.log.alert('OAuth2 client ID mismatch', { provided: client.id, onfile: ac.clientId }); |
|
|
return done(null, false); |
|
|
return done(null, false); |
|
|
} |
|
|
} |
|
|
if (redirectUri !== ac.redirectUri) { |
|
|
if (redirectUri !== ac.redirectUri) { |
|
|
|
|
|
this.log.alert('OAuth2 redirect mismatch', { provided: redirectUri, onfile: ac.redirectUri }); |
|
|
return done(null, false); |
|
|
return done(null, false); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@ -183,6 +186,7 @@ class OAuth2Service extends SiteService { |
|
|
}); |
|
|
}); |
|
|
await at.save(); |
|
|
await at.save(); |
|
|
|
|
|
|
|
|
|
|
|
this.log.debug('OAuth2 grant exchanged for token', { client, code, token: at.token }); |
|
|
return done(null, token); |
|
|
return done(null, token); |
|
|
} catch (error) { |
|
|
} catch (error) { |
|
|
this.log.error('failed to process OAuth2 exchange', { error }); |
|
|
this.log.error('failed to process OAuth2 exchange', { error }); |
|
|
|
