#2844 fix accessCode flow

dist/oauth2-redirect.html

@@ -33,51 +33,19 @@
             if (qp.code) {
                 delete oauth2.state;
                 oauth2.auth.code = qp.code;
-                createForm(oauth2.auth, qp).submit();
+                oauth2.callback(oauth2.auth);
             } else {
                 oauth2.errCb({
                     authId: oauth2.auth.name,
                     source: "auth",
                     level: "error",
-                    message: "Authorization failed: no accessCode came from the server"
+                    message: "Authorization failed: no accessCode received from the server"
                 });
-                window.close();
             }
         } else {
             oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid});
+        }
         window.close();
     }
-    }
-
-    function createForm(auth, qp) {
-        var form = document.createElement("form");
-        var schema = auth.schema;
-        var action = schema.get("tokenUrl");
-        var name, input;
-
-        var fields = {
-            code: qp.code,
-            "redirect_uri": location.protocol + "//" + location.host + location.pathname,
-            "grant_type": "authorization_code",
-            "client_secret": auth.clientSecret,
-            "client_id": auth.clientId
-        }
-
-        for ( name in fields ) {
-            input = document.createElement("input");
-            input.name = name;
-            input.value = fields[name];
-            input.type = "hidden";
-            form.appendChild(input);
-        }
-
-
-        form.method = "POST";
-        form.action = action;
-
-        document.body.appendChild(form);
-
-        return form;
-    }
 
 </script>

dist/swagger-ui-bundle.js.map

@@ -1 +1 @@
-{"version":3,"file":"swagger-ui-bundle.js","sources":["webpack:///swagger-ui-bundle.js"],"mappings":"AAAA;AAu/FA;AA6+FA;;;;;;;;;;;;;;;;;;;;;;;;;;AA0dA;AAkoJA;AAyiCA;;;;;AAskCA;AAg2IA;AAu5GA;AAg1FA;AAwpEA;AAu+CA;AAs/CA;AA6rCA;AAu5EA;AA+5HA;;;;;;;;;;;;;;AA6wGA;AAyoIA;AAiuJA;AA8kHA;AAonGA;AAukEA;AA02DA;AA+2EA;AAuxGA;;;;;;AAu8EA;AA44FA;;;;;AAi5CA;AA2qFA;AAw2CA;AA2kCA;AAm/CA;AAwwEA;AAq8FA;;;;;;;;;AA82BA;AA2zIA;AAk4DA;AAolDA;;;;;;AA6kCA;AA8iHA;AAipGA","sourceRoot":""}
+{"version":3,"file":"swagger-ui-bundle.js","sources":["webpack:///swagger-ui-bundle.js"],"mappings":"AAAA;AAu/FA;AA6+FA;;;;;;;;;;;;;;;;;;;;;;;;;;AA0dA;AAkoJA;AAyiCA;;;;;AAskCA;AAg2IA;AAu5GA;AAg1FA;AAwpEA;AAu+CA;AAs/CA;AA6rCA;AAu5EA;AA+5HA;;;;;;;;;;;;;;AA6wGA;AAyoIA;AAiuJA;AA8kHA;AAonGA;AAukEA;AA02DA;AA+2EA;AAuxGA;;;;;;AAu8EA;AA+3FA;;;;;AAw5CA;AA2qFA;AAw2CA;AAwkCA;AAs/CA;AAwwEA;AAq8FA;;;;;;;;;AA82BA;AA2zIA;AAk4DA;AAolDA;;;;;;AA6kCA;AA8iHA;AAipGA","sourceRoot":""}

dist/swagger-ui.js.map

@@ -1 +1 @@
-{"version":3,"file":"swagger-ui.js","sources":["webpack:///swagger-ui.js"],"mappings":"AAAA;;;;;;AA0xCA;AAoyHA;AAuxHA;AAy4FA;AAktCA;AAmgCA;AA0iCA;AA+3BA","sourceRoot":""}
+{"version":3,"file":"swagger-ui.js","sources":["webpack:///swagger-ui.js"],"mappings":"AAAA;;;;;;AA0xCA;AAoyHA;AAuxHA;AAy4FA;AA2sCA;AAmgCA;AA0iCA;AA+3BA","sourceRoot":""}

src/core/oauth2-authorize.js

@@ -45,7 +45,7 @@ export default function authorize ( auth, authActions, errActions, configs ) {
   win.swaggerUIRedirectOauth2 = {
     auth: auth,
     state: state,
-    callback: authActions.preAuthorizeOauth2,
+    callback: flow === "implicit" ? authActions.preAuthorizeImplicit : authActions.authorizeAccessCode,
     errCb: errActions.newAuthErr
   }
 

src/core/plugins/auth/actions.js

@@ -31,7 +31,7 @@ export function logout(payload) {
   }
 }
 
-export const preAuthorizeOauth2 = (payload) => ( { authActions, errActions } ) => {
+export const preAuthorizeImplicit = (payload) => ( { authActions, errActions } ) => {
   let { auth , token, isValid } = payload
   let { schema, name } = auth
   let flow = schema.get("flow")
@@ -70,82 +70,67 @@ export function authorizeOauth2(payload) {
 
 export const authorizePassword = ( auth ) => ( { fn, authActions, errActions } ) => {
   let { schema, name, username, password, passwordType, clientId, clientSecret } = auth
-  let credentials = {
+  let form = {
     grant_type: "password",
     scopes: encodeURIComponent(auth.scopes.join(scopeSeparator))
   }
-
+  let query = {}
-
+  let headers = {}
-  let req = {
-    url: schema.get("tokenUrl"),
-    method: "post",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    query: {}
-  }
 
   if ( passwordType === "basic") {
-    req.headers.Authorization = "Basic " + btoa(username + ":" + password)
+    headers.Authorization = "Basic " + btoa(username + ":" + password)
   } else {
-    credentials = Object.assign({}, credentials,  {username} , {password})
+    Object.assign(form,  {username}, {password})
     if ( passwordType === "query") {
-      if ( clientId ) { req.query.client_id = clientId }
+      if ( clientId ) { query.client_id = clientId }
-      if ( clientSecret ) { req.query.client_secret = clientSecret }
+      if ( clientSecret ) { query.client_secret = clientSecret }
     } else {
-      credentials = Object.assign({}, credentials, {client_id: clientId}, {client_secret: clientSecret})
+      Object.assign(form, {client_id: clientId}, {client_secret: clientSecret})
     }
   }
-  req.body = buildFormData(credentials)
-  return fn.fetch(req)
-    .then(( response ) => {
-      let token = JSON.parse(response.data)
-      let error = token && ( token.error || "" )
-      let parseError = token && ( token.parseError || "" )
-
-      if ( !response.ok ) {
-        errActions.newAuthErr( {
-          authId: name,
-          level: "error",
-          source: "auth",
-          message: response.statusText
-        } )
-        return
-      }
 
-      if ( error || parseError ) {
+  return authActions.authorizeRequest({ body: buildFormData(form), url: schema.get("tokenUrl"), name, headers, query, auth})
-        errActions.newAuthErr({
-          authId: name,
-          level: "error",
-          source: "auth",
-          message: JSON.stringify(token)
-        })
-        return
-      }
-
-      authActions.authorizeOauth2({ auth, token })
-    })
-    .catch(err => { errActions.newAuthErr( err ) })
 }
 
 export const authorizeApplication = ( auth ) => ( { fn, authActions, errActions } ) => {
   let { schema, scopes, name, clientId, clientSecret } = auth
-  let credentials = {
+  let form = {
     grant_type: "client_credentials",
     client_id: clientId,
     client_secret: clientSecret,
     scope: scopes.join(scopeSeparator)
   }
 
+  return authActions.authorizeRequest({body: buildFormData(form), name, url: schema.get("tokenUrl"), auth })
+}
 
-  return fn.fetch({
+export const authorizeAccessCode = ( auth ) => ( { fn, authActions } ) => {
-    url: schema.get("tokenUrl"),
+ let { schema, name, clientId, clientSecret } = auth
-    method: "post",
+ let form = {
-    headers: {
+   grant_type: "authorization_code",
+   code: auth.code,
+   client_id: clientId,
+   client_secret: clientSecret
+ }
+
+ return authActions.authorizeRequest({body: buildFormData(form), name, url: schema.get("tokenUrl"), auth})
+
+}
+
+export const authorizeRequest = ( data ) => ( { fn, authActions, errActions } ) => {
+  let { body, query={}, headers={}, name, url, auth } = data
+
+  let _headers = Object.assign({
     "Accept":"application/json, text/plain, */*",
     "Content-Type": "application/x-www-form-urlencoded"
-    },
+  }, headers)
-    body: buildFormData(credentials)
+
+  fn.fetch({
+    url: url,
+    method: "post",
+    headers: _headers,
+    query: query,
+    body: body
   })
     .then(function (response) {
       let token = JSON.parse(response.data)
@@ -172,7 +157,7 @@ export const authorizeApplication = ( auth ) => ( { fn, authActions, errActions
         return
       }
 
-    authActions.authorizeOauth2({ auth, token })
+      authActions.authorizeOauth2({ auth, token})
     })
     .catch(err => { errActions.newAuthErr( err ) })
 }