allow '*' scope for full account access

2017-06-01 00:25:37 +00:00 · 2017-06-01 00:25:37 +00:00 · 82b6e9d449
parent b76afe7425
commit 82b6e9d449
1 changed files with 12 additions and 1 deletions
--- a/lib/apis.js
+++ b/lib/apis.js
@ -136,6 +136,8 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) {
        req.oauth3.accountIdx = accountIdx;
        req.oauth3.ppid = ppid;
        req.oauth3.accountHash = crypto.createHash('sha1').update(accountIdx).digest('hex');
+        //console.log('[com.daplie.walnut] accountIdx:', accountIdx);
+        //console.log('[com.daplie.walnut] ppid:', ppid);

        next();
      });
@ -269,6 +271,8 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) {
          }

          return function (req, res, next) {
+            var tokenScopes;
+
            if (!(req.oauth3 || req.oauth3.token)) {
              // TODO some error generator for standard messages
              res.send({ error: { message: "You must be logged in", code: "E_NO_AUTHN" } });
@ -279,11 +283,18 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) {
              return;
            }

+            tokenScopes = req.oauth3.token.scp.split(/[,\s]+/mg);
+            if (-1 !== tokenScopes.indexOf('*')) {
+              // has full account access
+              next();
+              return;
+            }
+
            // every grant in the array must be present
            if (!grants.every(function (grant) {
              var scopes = grant.split(/\|/g);
              return scopes.some(function (scp) {
-                return req.oauth3.token.scp.split(/[,\s]+/mg).some(function (s) {
+                return tokenScopes.some(function (s) {
                  return scp === s;
                });
              });