This repository was archived by the owner on Apr 3, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 108
Expand file tree
/
Copy pathoauth.js
More file actions
62 lines (51 loc) · 2.33 KB
/
oauth.js
File metadata and controls
62 lines (51 loc) · 2.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
'use strict';
const encrypt = require('../../../fxa-oauth-server/lib/encrypt');
const ScopeSet = require('fxa-shared').oauth.scopes;
// right now we only care about notifications for the following scopes
// if not a match, then we don't notify
const NOTIFICATION_SCOPES = ScopeSet.fromArray(['https://identity.mozilla.com/apps/oldsync']);
module.exports = {
newTokenNotification: async function newTokenNotification (db, oauthdb, mailer, devices, request, grant) {
const clientId = request.payload.client_id;
const scopeSet = ScopeSet.fromString(grant.scope);
const credentials = request.auth && request.auth.credentials || {};
if (! scopeSet.intersects(NOTIFICATION_SCOPES)) {
// right now we only care about notifications for the `oldsync` scope
// if not a match, then we don't do any notifications
return;
}
if (! credentials.uid) {
// this can be removed once issue #3000 has been resolved
const tokenVerify = await oauthdb.checkAccessToken({
token: grant.access_token
});
// some grant flows won't have the uid in `credentials`
credentials.uid = tokenVerify.user;
}
if (! credentials.refreshTokenId) {
// provide a refreshToken for the device creation below
credentials.refreshTokenId = encrypt.hash(grant.refresh_token).toString('hex');
}
// we set tokenVerified because the granted scope is part of NOTIFICATION_SCOPES
credentials.tokenVerified = true;
credentials.client = await oauthdb.getClientInfo(clientId);
// The following upsert gets no `deviceInfo`.
// However, `credentials.client` lets it generate a default name for the device.
await devices.upsert(request, credentials, {});
const geoData = request.app.geo;
const ip = request.app.clientAddress;
const emailOptions = {
acceptLanguage: request.app.acceptLanguage,
ip,
location: geoData.location,
service: clientId,
timeZone: geoData.timeZone,
uid: credentials.uid
};
const account = await db.account(credentials.uid);
await mailer.sendNewDeviceLoginNotification(account.emails, account, emailOptions);
}
};