Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: await the result returned by resourceIndicators.useGrantedResource function, in resolve_resource.js #1173

Merged
merged 1 commit into from
Jan 4, 2022

Conversation

Starrah
Copy link
Contributor

@Starrah Starrah commented Jan 3, 2022

First, thank all the contributors for your effort in building this awesome project, which helps me a lot! During my usage, I found something that maybe a minor bug.

The features.resourceIndicators.useGrantedResource function defined in the config can be async function. In fact, the default value for that is indeed an async function:

async function useGrantedResource(ctx, model) {
// @param ctx - koa request context
// @param model - depending on the request's grant_type this can be either an AuthorizationCode, BackchannelAuthenticationRequest,
// RefreshToken, or DeviceCode model instance.
return false;
}

However, when the function is called in resolver_resource.js, which is used to resolve the resource for a auth or token request, the value returned by useGrantedResource is not awaited:
case model.resource && !!config.resourceIndicators.useGrantedResource(ctx, model):

In my opinion, this is a bug, which makes the useGrantedResource configration have no effect, since !! a Promise will always equals to true.

Thank you for your review!

Copy link
Owner

@panva panva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch!

Can you please update https://github.com/panva/node-oidc-provider/blob/main/test/resource_indicators/resource_indicators.config.js#L41-L43 to be an async function? That way this fix will actually be tested.

…ce function, in resolve_resource.js

Since the useGrantedResource function can be async function (in fact the default value is indeed async function), the result of calling it must be awaited.
Or, !! a Promise object always return true.
@Starrah
Copy link
Contributor Author

Starrah commented Jan 4, 2022

Nice catch!

Can you please update https://github.com/panva/node-oidc-provider/blob/main/test/resource_indicators/resource_indicators.config.js#L41-L43 to be an async function? That way this fix will actually be tested.

Updated the test with 246ca00 (force-pushed).

@panva panva merged commit 64a8028 into panva:main Jan 4, 2022
@panva
Copy link
Owner

panva commented Jan 4, 2022

@Starrah thank you for your contribution! I'd be interested in learning about your use of oidc-provider and the resourceIndicators feature and welcome any further contribution you might have to e.g. to documentation that was difficult to process.

@github-actions github-actions bot locked and limited conversation to collaborators Apr 5, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants