From 95bc9869ade2063e26876cf84f87a8c880fd108c Mon Sep 17 00:00:00 2001
From: tigerbot <seth.gibelyou@daplie.com>
Date: Wed, 26 Jul 2017 15:52:11 -0600
Subject: [PATCH] removed `sub` as strict requirement for saving grants

---
 grants.js | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/grants.js b/grants.js
index 7ce1413..bd22eb6 100644
--- a/grants.js
+++ b/grants.js
@@ -1,7 +1,9 @@
 'use strict';
 
+var crypto = require('crypto');
 var PromiseA = require('bluebird');
 var OpErr = PromiseA.OperationalError;
+var makeB64UrlSafe = require('./common').makeB64UrlSafe;
 
 
 function trim(grant) {
@@ -39,10 +41,21 @@ function create(app) {
   };
 
   restful.saveNew = function (req, res) {
-    var promise = PromiseA.resolve().then(function () {
+    var promise = req.Store.get(req.params.sub+'/'+req.params.azp).then(function (existing) {
+      if (existing) {
+        if (req.body.sub && req.body.sub !== existing.azpSub) {
+          throw new OpErr("specified 'sub' does not agree with existing grants");
+        }
+        req.body.sub = existing.azpSub;
+      }
+
+      if (!req.body.sub) {
+        req.body.sub = makeB64UrlSafe(crypto.randomBytes(32).toString('base64'));
+      }
       if (typeof req.body.scope !== 'string' || typeof req.body.sub !== 'string') {
         throw new OpErr("malformed request: 'sub' and 'scope' must be strings");
       }
+
       return req.Store.find({ azpSub: req.body.sub });
     }).then(function (existing) {
       if (existing.length) {