Merge dev into pkce

Author: visvk

README.md

@@ -22,7 +22,7 @@ The *oauth2-server* module is framework-agnostic but there are several officiall
 
 - Supports `authorization_code`, `client_credentials`, `refresh_token` and `password` grant, as well as *extension grants*, with scopes.
 - Can be used with *promises*, *Node-style callbacks*, *ES6 generators* and *async*/*await* (using [Babel](https://babeljs.io)).
-- Fully [RFC 6749](https://tools.ietf.org/html/rfc6749.html) and [RFC 6750](https://tools.ietf.org/html/rfc6749.html) compliant.
+- Fully [RFC 6749](https://tools.ietf.org/html/rfc6749.html) and [RFC 6750](https://tools.ietf.org/html/rfc6750.html) compliant.
 - Implicitly supports any form of storage, e.g. *PostgreSQL*, *MySQL*, *MongoDB*, *Redis*, etc.
 - Complete [test suite](https://github.com/oauthjs/node-oauth2-server/tree/master/test).
 
@@ -63,6 +63,6 @@ npm test
 [travis-url]: https://travis-ci.org/oauthjs/node-oauth2-server
 [license-image]: https://img.shields.io/badge/license-MIT-blue.svg
 [license-url]: https://raw.githubusercontent.com/oauthjs/node-oauth2-server/master/LICENSE
-[slack-image]: https://img.shields.io/badge/slack-join-E01563.svg
-[slack-url]: https://oauthjs.slack.com
+[slack-image]: https://slack.oauthjs.org/badge.svg
+[slack-url]: https://slack.oauthjs.org
 

docs/model/spec.rst

@@ -195,7 +195,7 @@ An ``Object`` representing the access token and associated data.
 +------------------------------+--------+--------------------------------------------------+
 | token.accessToken            | String | The access token passed to ``getAccessToken()``. |
 +------------------------------+--------+--------------------------------------------------+
-| [token.accessTokenExpiresAt] | Date   | The expiry time of the access token.             |
+| token.accessTokenExpiresAt   | Date   | The expiry time of the access token.             |
 +------------------------------+--------+--------------------------------------------------+
 | [token.scope]                | String | The authorized scope of the access token.        |
 +------------------------------+--------+--------------------------------------------------+

lib/grant-types/abstract-grant-type.js

@@ -68,23 +68,15 @@ AbstractGrantType.prototype.generateRefreshToken = function(client, user, scope)
  */
 
 AbstractGrantType.prototype.getAccessTokenExpiresAt = function() {
-  var expires = new Date();
-
-  expires.setSeconds(expires.getSeconds() + this.accessTokenLifetime);
-
-  return expires;
+  return new Date(Date.now() + this.accessTokenLifetime * 1000);
 };
 
 /**
  * Get refresh token expiration date.
  */
 
 AbstractGrantType.prototype.getRefreshTokenExpiresAt = function() {
-  var expires = new Date();
-
-  expires.setSeconds(expires.getSeconds() + this.refreshTokenLifetime);
-
-  return expires;
+  return new Date(Date.now() + this.refreshTokenLifetime * 1000);
 };
 
 /**

lib/handlers/authenticate-handler.js

@@ -63,6 +63,9 @@ AuthenticateHandler.prototype.handle = function(request, response) {
     throw new InvalidArgumentError('Invalid argument: `response` must be an instance of Response');
   }
 
+  // Extend model object with request
+  this.model.request = request;
+
   return Promise.bind(this)
     .then(function() {
       return this.getTokenFromRequest(request);

lib/handlers/authorize-handler.js

@@ -83,6 +83,9 @@ AuthorizeHandler.prototype.handle = function(request, response) {
     return Promise.reject(new AccessDeniedError('Access denied: user denied access to application'));
   }
 
+  // Extend model object with request
+  this.model.request = request;
+
   var fns = [
     this.getAuthorizationCodeLifetime(),
     this.getClient(request),
@@ -101,13 +104,19 @@ AuthorizeHandler.prototype.handle = function(request, response) {
 
       return Promise.bind(this)
         .then(function() {
-          scope = this.getScope(request);
           codeChallenge = this.getCodeChallenge(request, client);
 
           if (codeChallenge) {
             codeChallengeMethod = this.getCodeChallengeMethod(request);
           }
 
+          var requestedScope = this.getScope(request);
+
+          return this.validateScope(user, client, requestedScope);
+        })
+        .then(function(validScope) {
+          scope = validScope;
+
           return this.generateAuthorizationCode(client, user, scope);
         })
         .then(function(authorizationCode) {
@@ -243,6 +252,24 @@ AuthorizeHandler.prototype.getClient = function(request) {
     });
 };
 
+/**
+ * Validate requested scope.
+ */
+AuthorizeHandler.prototype.validateScope = function(user, client, scope) {
+  if (this.model.validateScope) {
+    return promisify(this.model.validateScope, 3).call(this.model, user, client, scope)
+      .then(function (scope) {
+        if (!scope) {
+          throw new InvalidScopeError('Invalid scope: Requested scope is invalid');
+        }
+
+        return scope;
+      });
+  } else {
+    return Promise.resolve(scope);
+  }
+};
+
 /**
  * Get scope from the request.
  */

lib/handlers/token-handler.js

@@ -86,6 +86,9 @@ TokenHandler.prototype.handle = function(request, response) {
     return Promise.reject(new InvalidRequestError('Invalid request: content must be application/x-www-form-urlencoded'));
   }
 
+  // Extend model object with request
+  this.model.request = request;
+
   return Promise.bind(this)
     .then(function() {
       return this.getClient(request, response);

lib/request.js

@@ -33,14 +33,14 @@ function Request(options) {
 
   // Store the headers in lower case.
   for (var field in options.headers) {
-    if (options.headers.hasOwnProperty(field)) {
+    if (Object.prototype.hasOwnProperty.call(options.headers, field)) {
       this.headers[field.toLowerCase()] = options.headers[field];
     }
   }
 
   // Store additional properties of the request object passed in
   for (var property in options) {
-    if (options.hasOwnProperty(property) && !this[property]) {
+    if (Object.prototype.hasOwnProperty.call(options, property) && !this[property]) {
       this[property] = options[property];
     }
   }

lib/response.js

@@ -13,14 +13,14 @@ function Response(options) {
 
   // Store the headers in lower case.
   for (var field in options.headers) {
-    if (options.headers.hasOwnProperty(field)) {
+    if (Object.prototype.hasOwnProperty.call(options.headers, field)) {
       this.headers[field.toLowerCase()] = options.headers[field];
     }
   }
 
   // Store additional properties of the response object passed in
   for (var property in options) {
-    if (options.hasOwnProperty(property) && !this[property]) {
+    if (Object.prototype.hasOwnProperty.call(options, property) && !this[property]) {
       this[property] = options[property];
     }
   }