@@ -27,21 +27,15 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
2727 }
2828
2929 if ( ! options . model . getAuthorizationCode ) {
30- throw new InvalidArgumentError (
31- 'Invalid argument: model does not implement `getAuthorizationCode()`' ,
32- ) ;
30+ throw new InvalidArgumentError ( 'Invalid argument: model does not implement `getAuthorizationCode()`' ) ;
3331 }
3432
3533 if ( ! options . model . revokeAuthorizationCode ) {
36- throw new InvalidArgumentError (
37- 'Invalid argument: model does not implement `revokeAuthorizationCode()`' ,
38- ) ;
34+ throw new InvalidArgumentError ( 'Invalid argument: model does not implement `revokeAuthorizationCode()`' ) ;
3935 }
4036
4137 if ( ! options . model . saveToken ) {
42- throw new InvalidArgumentError (
43- 'Invalid argument: model does not implement `saveToken()`' ,
44- ) ;
38+ throw new InvalidArgumentError ( 'Invalid argument: model does not implement `saveToken()`' ) ;
4539 }
4640
4741 super ( options ) ;
@@ -75,12 +69,7 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
7569 await this . verifyPKCE ( request , code ) ;
7670 await this . validateRedirectUri ( request , code ) ;
7771
78- return this . saveToken (
79- code . user ,
80- client ,
81- code . authorizationCode ,
82- code . scope ,
83- ) ;
72+ return this . saveToken ( code . user , client , code . authorizationCode , code . scope ) ;
8473 }
8574
8675 /**
@@ -102,45 +91,31 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
10291 const code = await this . model . getAuthorizationCode ( request . body . code ) ;
10392
10493 if ( ! code ) {
105- throw new InvalidGrantError (
106- 'Invalid grant: authorization code is invalid' ,
107- ) ;
94+ throw new InvalidGrantError ( 'Invalid grant: authorization code is invalid' ) ;
10895 }
10996
11097 if ( ! code . client ) {
111- throw new ServerError (
112- 'Server error: `getAuthorizationCode()` did not return a `client` object' ,
113- ) ;
98+ throw new ServerError ( 'Server error: `getAuthorizationCode()` did not return a `client` object' ) ;
11499 }
115100
116101 if ( ! code . user ) {
117- throw new ServerError (
118- 'Server error: `getAuthorizationCode()` did not return a `user` object' ,
119- ) ;
102+ throw new ServerError ( 'Server error: `getAuthorizationCode()` did not return a `user` object' ) ;
120103 }
121104
122105 if ( code . client . id !== client . id ) {
123- throw new InvalidGrantError (
124- 'Invalid grant: authorization code is invalid' ,
125- ) ;
106+ throw new InvalidGrantError ( 'Invalid grant: authorization code is invalid' ) ;
126107 }
127108
128109 if ( ! ( code . expiresAt instanceof Date ) ) {
129- throw new ServerError (
130- 'Server error: `expiresAt` must be a Date instance' ,
131- ) ;
110+ throw new ServerError ( 'Server error: `expiresAt` must be a Date instance' ) ;
132111 }
133112
134113 if ( code . expiresAt < new Date ( ) ) {
135- throw new InvalidGrantError (
136- 'Invalid grant: authorization code has expired' ,
137- ) ;
114+ throw new InvalidGrantError ( 'Invalid grant: authorization code has expired' ) ;
138115 }
139116
140117 if ( code . redirectUri && ! isFormat . uri ( code . redirectUri ) ) {
141- throw new InvalidGrantError (
142- 'Invalid grant: `redirect_uri` is not a valid URI' ,
143- ) ;
118+ throw new InvalidGrantError ( 'Invalid grant: `redirect_uri` is not a valid URI' ) ;
144119 }
145120
146121 return code ;
@@ -163,9 +138,7 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
163138 const method = this . getCodeChallengeMethod ( code . codeChallengeMethod ) ;
164139
165140 if ( ! this . enablePlainPKCE && method === 'plain' ) {
166- throw new InvalidRequestError (
167- 'Invalid request: `code_challenge_method` "plain" is not allowed; use "S256"' ,
168- ) ;
141+ throw new InvalidRequestError ( 'Invalid request: `code_challenge_method` "plain" is not allowed; use "S256"' ) ;
169142 }
170143
171144 if ( ! request . body . code_verifier ) {
@@ -182,9 +155,7 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
182155 } ) ;
183156
184157 if ( ! hash ) {
185- throw new ServerError (
186- 'Server error: no valid hash algorithm available to verify `code_verifier`' ,
187- ) ;
158+ throw new ServerError ( 'Server error: no valid hash algorithm available to verify `code_verifier`' ) ;
188159 }
189160
190161 // xxx: Use timingSafeEqual to prevent against timing attacks when comparing
@@ -201,21 +172,12 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
201172 }
202173
203174 hashesAreEqual ( trusted , untrusted ) {
204- const trustedBuf = Buffer . isBuffer ( trusted )
205- ? trusted
206- : Buffer . from ( trusted ) ;
207- const untrustedBuf = Buffer . isBuffer ( untrusted )
208- ? untrusted
209- : Buffer . from ( untrusted ) ;
175+ const trustedBuf = Buffer . isBuffer ( trusted ) ? trusted : Buffer . from ( trusted ) ;
176+ const untrustedBuf = Buffer . isBuffer ( untrusted ) ? untrusted : Buffer . from ( untrusted ) ;
210177 const equalLength = trustedBuf . byteLength === untrustedBuf . byteLength ;
211178 // if the buffers are the same length, compare them,
212179 // otherwise only compare with the trusted buffer but return false anyway
213- return (
214- crypto . timingSafeEqual (
215- trustedBuf ,
216- equalLength ? untrustedBuf : trustedBuf ,
217- ) && equalLength
218- ) ;
180+ return crypto . timingSafeEqual ( trustedBuf , equalLength ? untrustedBuf : trustedBuf ) && equalLength ;
219181 }
220182
221183 getCodeChallengeMethod ( method ) {
@@ -247,15 +209,11 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
247209 const redirectUri = request . body . redirect_uri || request . query . redirect_uri ;
248210
249211 if ( ! isFormat . uri ( redirectUri ) ) {
250- throw new InvalidRequestError (
251- 'Invalid request: `redirect_uri` is not a valid URI' ,
252- ) ;
212+ throw new InvalidRequestError ( 'Invalid request: `redirect_uri` is not a valid URI' ) ;
253213 }
254214
255215 if ( redirectUri !== code . redirectUri ) {
256- throw new InvalidRequestError (
257- 'Invalid request: `redirect_uri` is invalid' ,
258- ) ;
216+ throw new InvalidRequestError ( 'Invalid request: `redirect_uri` is invalid' ) ;
259217 }
260218 }
261219
@@ -273,9 +231,7 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
273231 const status = await this . model . revokeAuthorizationCode ( code ) ;
274232
275233 if ( ! status ) {
276- throw new InvalidGrantError (
277- 'Invalid grant: authorization code is invalid' ,
278- ) ;
234+ throw new InvalidGrantError ( 'Invalid grant: authorization code is invalid' ) ;
279235 }
280236
281237 return code ;
@@ -292,21 +248,9 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
292248 */
293249
294250 async saveToken ( user , client , authorizationCode , requestedScope ) {
295- const validatedScope = await this . validateScope (
296- user ,
297- client ,
298- requestedScope ,
299- ) ;
300- const accessToken = await this . generateAccessToken (
301- client ,
302- user ,
303- validatedScope ,
304- ) ;
305- const refreshToken = await this . generateRefreshToken (
306- client ,
307- user ,
308- validatedScope ,
309- ) ;
251+ const validatedScope = await this . validateScope ( user , client , requestedScope ) ;
252+ const accessToken = await this . generateAccessToken ( client , user , validatedScope ) ;
253+ const refreshToken = await this . generateRefreshToken ( client , user , validatedScope ) ;
310254 const accessTokenExpiresAt = await this . getAccessTokenExpiresAt ( ) ;
311255 const refreshTokenExpiresAt = await this . getRefreshTokenExpiresAt ( ) ;
312256
0 commit comments