Vkontakte Auth: Change users.get to secure.checkToken (parse-communit…

…y#2880) * Change users.get to secure.checkToken You can't get user info by client token due vk restrictions. You must check token via secure.checkToken. * Configuration checks for vk auth. * Move config check to promise, remove debug log, add message to logger on error.
JeremyPlease · Oct 19, 2016 · 305b037 · 305b037
1 parent b88b0c5
commit 305b037
Showing 1 changed file with 27 additions and 8 deletions.
diff --git a/src/authDataManager/vkontakte.js b/src/authDataManager/vkontakte.js
@@ -1,28 +1,47 @@
 'use strict';
 
 // Helper functions for accessing the vkontakte API.
+
 var https = require('https');
 var Parse = require('parse/node').Parse;
+var logger = require('../logger').default;
 
 // Returns a promise that fulfills iff this user id is valid.
-function validateAuthData(authData) {
-  return request("users.get?v=V&access_token=" + authData.access_token).then(function (response) {
-    if (response && response.response && response.response[0].uid == authData.id) {
-      return;
+function validateAuthData(authData, params) {  
+  return vkOAuth2Request(params).then(function (response) {
+    if (response && response && response.access_token) {
+      return request("api.vk.com", "method/secure.checkToken?token=" + authData.access_token + "&client_secret=" + params.appSecret + "&access_token=" + response.access_token).then(function (response) {
+        if (response && response.response && response.response.user_id == authData.id) {
+          return;
+        }
+        throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Vk auth is invalid for this user.');
+      });
     }
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Vk auth is invalid for this user.');
+    logger.error('Vk Auth', 'Vk appIds or appSecret is incorrect.');
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Vk appIds or appSecret is incorrect.');
   });
 }
 
+function vkOAuth2Request(params) {
+  var promise = new Parse.Promise();
+  return promise.then(function(){
+    if (!params || !params.appIds || !params.appIds.length || !params.appSecret || !params.appSecret.length ) {
+      logger.error('Vk Auth', 'Vk auth is not configured. Missing appIds or appSecret.');
+      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Vk auth is not configured. Missing appIds or appSecret.');
+    }
+    return request("oauth.vk.com", "access_token?client_id=" + params.appIds + "&client_secret=" + params.appSecret + "&v=5.59&grant_type=client_credentials")
+  })
+}
+
 // Returns a promise that fulfills iff this app id is valid.
 function validateAppId() {
   return Promise.resolve();
 }
 
 // A promisey wrapper for api requests
-function request(path) {
+function request(host, path) {
   return new Promise(function (resolve, reject) {
-    https.get("https://api.vk.com/method/" + path, function (res) {
+    https.get("https://" + host + "/" + path, function (res) {
       var data = '';
       res.on('data', function (chunk) {
         data += chunk;
@@ -40,4 +59,4 @@ function request(path) {
 module.exports = {
   validateAppId: validateAppId,
   validateAuthData: validateAuthData
-};
+};