From 66850535d369ed2a86b8df58d778fe71ae857b1c Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 5 Dec 2017 22:18:03 +0000 Subject: [PATCH] delete expired token cookies --- lib/oauth3.js | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/lib/oauth3.js b/lib/oauth3.js index 63f1427..ff7f942 100644 --- a/lib/oauth3.js +++ b/lib/oauth3.js @@ -22,6 +22,10 @@ function generateRescope(req, Models, decoded, fullPpid, ppid) { if (!result || !result.sub || !decoded.iss) { // XXX BUG XXX TODO swap this external ppid for an internal (and ask user to link with existing profile) //req.oauth3.accountIdx = fullPpid; + console.log(decoded); + console.log(decoded.iss); + console.log(fullPpid); + console.log(ppid); throw new Error("internal / external ID swapping not yet implemented. TODO: " + "No profile found with that credential. Would you like to create a new profile or link to an existing profile?"); } @@ -198,6 +202,14 @@ function verifyToken(token) { try { return jwt.verify(token, require('jwk-to-pem')(res.data), opts); } catch (err) { + if ('TokenExpiredError' === err.code) { + return PromiseA.reject({ + message: 'TokenExpiredError: jwt expired' + , code: 'E_TOKEN_EXPIRED' + , url: 'https://oauth3.org/docs/errors#E_TOKEN_EXPIRED' + }); + } + return PromiseA.reject({ message: 'token verification failed' , code: 'E_INVALID_TOKEN' @@ -220,7 +232,8 @@ function deepFreeze(obj) { function cookieOauth3(Models, req, res, next) { req.oauth3 = {}; - var token = req.cookies.jwt; + var cookieName = 'jwt'; + var token = req.cookies[cookieName]; req.oauth3.encodedToken = token; req.oauth3.verifyAsync = function (jwt) { @@ -251,6 +264,11 @@ function cookieOauth3(Models, req, res, next) { next(); return; } + if ('E_TOKEN_EXPIRED' === err.code) { + res.clearCookie(cookieName); + next(); + return; + } console.error('[walnut] cookie lib/oauth3 error:'); console.error(err); res.send(err);