Merge pull request #3084 from tcaesvk/feature/oauth2-authorize-query

fix OAuth2 authorize issue + remove redundant parameters
2017-05-16 15:18:20 +03:00
parent e74989f22e c81fdaec57
commit d64e920665
1 changed files with 41 additions and 21 deletions
--- a/src/core/oauth2-authorize.js
+++ b/src/core/oauth2-authorize.js
@@ -3,26 +3,35 @@ import { btoa } from "core/utils"

 export default function authorize ( { auth, authActions, errActions, configs, authConfigs={} } ) {
  let { schema, scopes, name, clientId } = auth
-
-  let { additionalQueryStringParams } = authConfigs
-  let redirectUrl = configs.oauth2RedirectUrl
-  let scopeSeparator = authConfigs.scopeSeparator || " "
-  let state = btoa(new Date())
  let flow = schema.get("flow")
-  let url
+  let query = []

-  if (flow === "password") {
+  switch (flow) {
+    case "password":
      authActions.authorizePassword(auth)
      return
-  }

-  if (flow === "application") {
+    case "application":
      authActions.authorizeApplication(auth)
      return
+
+    case "accessCode":
+      query.push("response_type=code")
+      break
+
+    case "implicit":
+      query.push("response_type=token")
+      break
  }

+  if (typeof clientId === "string") {
+    query.push("client_id=" + encodeURIComponent(clientId))
+  }
+
+  let redirectUrl = configs.oauth2RedirectUrl
+
  // todo move to parser
-  if ( !redirectUrl ) {
+  if (typeof redirectUrl === "undefined") {
    errActions.newAuthErr( {
      authId: name,
      source: "validation",
@@ -31,20 +40,31 @@ export default function authorize ( { auth, authActions, errActions, configs, au
    })
    return
  }
+  query.push("redirect_uri=" + encodeURIComponent(redirectUrl))

-  if (flow === "implicit" || flow === "accessCode") {
-    url = schema.get("authorizationUrl") + "?response_type=" + (flow === "implicit" ? "token" : "code")
+  if (Array.isArray(scopes) && 0 < scopes.length) {
+    let scopeSeparator = authConfigs.scopeSeparator || " "
+
+    query.push("scope=" + encodeURIComponent(scopes.join(scopeSeparator)))
  }

-  url += "&redirect_uri=" + encodeURIComponent(redirectUrl)
-      + "&realm=" + encodeURIComponent(authConfigs.realm);
-      + "&scope=" + encodeURIComponent(scopes.join(scopeSeparator))
-      + "&state=" + encodeURIComponent(state)
-      + "&client_id=" + encodeURIComponent(clientId)
+  let state = btoa(new Date())
+
+  query.push("state=" + encodeURIComponent(state))
+
+  if (typeof authConfigs.realm !== "undefined") {
+    query.push("realm=" + encodeURIComponent(authConfigs.realm))
+  }
+
+  let { additionalQueryStringParams } = authConfigs

  for (let key in additionalQueryStringParams) {
-    url += "&" + key + "=" + encodeURIComponent(additionalQueryStringParams[key])
+    if (typeof additionalQueryStringParams[key] !== "undefined") {
+      query.push([key, additionalQueryStringParams[key]].map(encodeURIComponent).join("="))
    }
+  }
+
+  let url = [schema.get("authorizationUrl"), query.join("&")].join("?")

  // pass action authorizeOauth2 and authentication data through window
  // to authorize with oauth2