Passing validated scope into generateAccessToken. oauthjs#620

jcdogo · jcdogo · commit d1c2bda23f88 · 2020-10-12T09:39:49.000-07:00
diff --git a/lib/grant-types/authorization-code-grant-type.ts b/lib/grant-types/authorization-code-grant-type.ts
@@ -212,8 +212,8 @@ export class AuthorizationCodeGrantType extends AbstractGrantType {
     scope: string,
   ) {
     const accessScope = await this.validateScope(user, client, scope);
-    const accessToken = await this.generateAccessToken(client, user, scope);
-    const refreshToken = await this.generateRefreshToken(client, user, scope);
+    const accessToken = await this.generateAccessToken(client, user, accessScope);
+    const refreshToken = await this.generateRefreshToken(client, user, accessScope);
     const accessTokenExpiresAt = this.getAccessTokenExpiresAt();
     const refreshTokenExpiresAt = this.getRefreshTokenExpiresAt();
 
diff --git a/lib/grant-types/client-credentials-grant-type.ts b/lib/grant-types/client-credentials-grant-type.ts
@@ -65,7 +65,7 @@ export class ClientCredentialsGrantType extends AbstractGrantType {
 
   async saveToken(user: User, client: Client, scope: string) {
     const accessScope = await this.validateScope(user, client, scope);
-    const accessToken = await this.generateAccessToken(client, user, scope);
+    const accessToken = await this.generateAccessToken(client, user, accessScope);
     const accessTokenExpiresAt = this.getAccessTokenExpiresAt();
 
     const token = {
diff --git a/lib/grant-types/implicit-grant-type.ts b/lib/grant-types/implicit-grant-type.ts
@@ -48,14 +48,14 @@ export class ImplicitGrantType extends AbstractGrantType {
    */
 
   async saveToken(user: User, client: Client, scope: string) {
-    const validatedScope = await this.validateScope(user, client, scope);
-    const accessToken = await this.generateAccessToken(client, user, scope);
+    const accessScope = await this.validateScope(user, client, scope);
+    const accessToken = await this.generateAccessToken(client, user, accessScope);
     const accessTokenExpiresAt = this.getAccessTokenExpiresAt();
 
     const token = {
       accessToken,
       accessTokenExpiresAt,
-      scope: validatedScope,
+      scope: accessScope,
     } as Token;
 
     return this.model.saveToken(token, client, user);
diff --git a/lib/grant-types/password-grant-type.ts b/lib/grant-types/password-grant-type.ts
@@ -90,8 +90,8 @@ export class PasswordGrantType extends AbstractGrantType {
 
   async saveToken(user: User, client: Client, scope: string) {
     const accessScope = await this.validateScope(user, client, scope);
-    const accessToken = await this.generateAccessToken(client, user, scope);
-    const refreshToken = await this.generateRefreshToken(client, user, scope);
+    const accessToken = await this.generateAccessToken(client, user, accessScope);
+    const refreshToken = await this.generateRefreshToken(client, user, accessScope);
     const accessTokenExpiresAt = this.getAccessTokenExpiresAt();
     const refreshTokenExpiresAt = this.getRefreshTokenExpiresAt();
 
diff --git a/lib/grant-types/refresh-token-grant-type.ts b/lib/grant-types/refresh-token-grant-type.ts
@@ -135,15 +135,16 @@ export class RefreshTokenGrantType extends AbstractGrantType {
    */
 
   async saveToken(user: User, client: Client, scope: string) {
-    const accessToken = await this.generateAccessToken(client, user, scope);
-    const refreshToken = await this.generateRefreshToken(client, user, scope);
+    const accessScope = await this.validateScope(user, client, scope);
+    const accessToken = await this.generateAccessToken(client, user, accessScope);
+    const refreshToken = await this.generateRefreshToken(client, user, accessScope);
     const accessTokenExpiresAt = this.getAccessTokenExpiresAt();
     const refreshTokenExpiresAt = this.getRefreshTokenExpiresAt();
 
     const token: any = {
       accessToken,
       accessTokenExpiresAt,
-      scope,
+      scope: accessScope,
     };
 
     if (this.alwaysIssueNewRefreshToken !== false) {
diff --git a/test/unit/grant-types/refresh-token-grant-type.spec.ts b/test/unit/grant-types/refresh-token-grant-type.spec.ts
@@ -211,9 +211,6 @@ describe('RefreshTokenGrantType', () => {
           model.saveToken.firstCall.args[1].should.equal(client);
           model.saveToken.firstCall.args[2].should.equal(user);
           model.saveToken.firstCall.thisValue.should.equal(model);
-        })
-        .catch(() => {
-          should.fail('should.fail', '');
         });
     });
 
@@ -249,9 +246,6 @@ describe('RefreshTokenGrantType', () => {
           model.saveToken.firstCall.args[1].should.equal(client);
           model.saveToken.firstCall.args[2].should.equal(user);
           model.saveToken.firstCall.thisValue.should.equal(model);
-        })
-        .catch(() => {
-          should.fail('should.fail', '');
         });
     });
 
@@ -289,9 +283,6 @@ describe('RefreshTokenGrantType', () => {
           model.saveToken.firstCall.args[1].should.equal(client);
           model.saveToken.firstCall.args[2].should.equal(user);
           model.saveToken.firstCall.thisValue.should.equal(model);
-        })
-        .catch(() => {
-          should.fail('should.fail', '');
         });
     });
   });
