accounts-frontend/src/services/api/oauth.js

// @flow
/* eslint camelcase: off */
import type { Resp } from 'services/request';
import type { ApplicationType } from 'components/dev/apps';
import request from 'services/request';

export type OauthAppResponse = {
    clientId: string,
    clientSecret: string,
    type: ApplicationType,
    name: string,
    websiteUrl: string,
    createdAt: number,
    // fields for 'application' type
    countUsers?: number,
    description?: string,
    redirectUri?: string,
    // fields for 'minecraft-server' type
    minecraftServerIp?: string,
};

type OauthRequestData = {
    client_id: string,
    redirect_uri: string,
    response_type: string,
    description: string,
    scope: string,
    prompt: string,
    login_hint?: string,
    state?: string,
};

export type OauthData = {
    clientId: string,
    redirectUrl: string,
    responseType: string,
    description: string,
    scope: string,
    prompt: 'none' | 'consent' | 'select_account',
    loginHint?: string,
    state?: string
};

type FormPayloads = {
    name?: string,
    description?: string,
    websiteUrl?: string,
    redirectUri?: string,
    minecraftServerIp?: string,
};

const api = {
    validate(oauthData: OauthData) {
        return request.get(
            '/api/oauth2/v1/validate',
            getOAuthRequest(oauthData)
        ).catch(handleOauthParamsValidation);
    },

    complete(oauthData: OauthData, params: {accept?: bool} = {}): Promise<Resp<{
        success: bool,
        redirectUri: string,
    }>> {
        const query = request.buildQuery(getOAuthRequest(oauthData));

        return request.post(
            `/api/oauth2/v1/complete?${query}`,
            typeof params.accept === 'undefined' ? {} : {accept: params.accept}
        ).catch((resp = {}) => {
            if (resp.statusCode === 401 && resp.error === 'access_denied') {
                // user declined permissions
                return {
                    success: false,
                    redirectUri: resp.redirectUri,
                    originalResponse: resp.originalResponse,
                };
            }

            if (resp.status === 401 && resp.name === 'Unauthorized') {
                const error: Object = new Error('Unauthorized');
                error.unauthorized = true;
                throw error;
            }

            if (resp.statusCode === 401 && resp.error === 'accept_required') {
                const error: Object = new Error('Permissions accept required');
                error.acceptRequired = true;
                throw error;
            }

            return handleOauthParamsValidation(resp);
        });
    },

    create(type: string, formParams: FormPayloads): Promise<Resp<{success: bool, data: OauthAppResponse}>> {
        return request.post(`/api/v1/oauth2/${type}`, formParams);
    },

    update(clientId: string, formParams: FormPayloads): Promise<Resp<{success: bool, data: OauthAppResponse}>> {
        return request.put(`/api/v1/oauth2/${clientId}`, formParams);
    },

    getApp(clientId: string): Promise<Resp<OauthAppResponse>> {
        return request.get(`/api/v1/oauth2/${clientId}`);
    },

    getAppsByUser(userId: number): Promise<Resp<Array<OauthAppResponse>>> {
        return request.get(`/api/v1/accounts/${userId}/oauth2/clients`);
    },

    reset(clientId: string, regenerateSecret: bool = false): Promise<Resp<{success: bool, data: OauthAppResponse}>> {
        return request.post(`/api/v1/oauth2/${clientId}/reset${regenerateSecret ? '?regenerateSecret' : ''}`);
    },

    delete(clientId: string): Promise<Resp<{success: bool}>> {
        return request.delete(`/api/v1/oauth2/${clientId}`);
    },
};

if (window.Cypress) {
    window.oauthApi = api;
}

export default api;

/**
 * @param {object} oauthData
 * @param {string} oauthData.clientId
 * @param {string} oauthData.redirectUrl
 * @param {string} oauthData.responseType
 * @param {string} oauthData.description
 * @param {string} oauthData.scope
 * @param {string} oauthData.state
 *
 * @return {object}
 */
function getOAuthRequest(oauthData: OauthData): OauthRequestData {
    return {
        client_id: oauthData.clientId,
        redirect_uri: oauthData.redirectUrl,
        response_type: oauthData.responseType,
        description: oauthData.description,
        scope: oauthData.scope,
        prompt: oauthData.prompt,
        login_hint: oauthData.loginHint,
        state: oauthData.state
    };
}

function handleOauthParamsValidation(resp = {}) {
    if (resp.statusCode === 400 && resp.error === 'invalid_request') {
        resp.userMessage = `Invalid request (${resp.parameter} required).`;
    } else if (resp.statusCode === 400 && resp.error === 'unsupported_response_type') {
        resp.userMessage = `Invalid response type '${resp.parameter}'.`;
    } else if (resp.statusCode === 400 && resp.error === 'invalid_scope') {
        resp.userMessage = `Invalid scope '${resp.parameter}'.`;
    } else if (resp.statusCode === 401 && resp.error === 'invalid_client') {
        resp.userMessage = 'Can not find application you are trying to authorize.';
    }

    return Promise.reject(resp);
}
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			`// @flow`
#85: fix linting errors and setup eslint to support source related test files 2017-06-08 00:10:44 +05:30			`/* eslint camelcase: off */`
Fix some flow errors 2018-05-03 10:45:09 +05:30			`import type { Resp } from 'services/request';`
#22: refactor application forms 2018-05-05 14:31:25 +05:30			`import type { ApplicationType } from 'components/dev/apps';`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`import request from 'services/request';`

Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			`export type OauthAppResponse = {`
			`clientId: string,`
			`clientSecret: string,`
#22: refactor application forms 2018-05-05 14:31:25 +05:30			`type: ApplicationType,`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			`name: string,`
			`websiteUrl: string,`
			`createdAt: number,`
			`// fields for 'application' type`
			`countUsers?: number,`
			`description?: string,`
			`redirectUri?: string,`
			`// fields for 'minecraft-server' type`
			`minecraftServerIp?: string,`
			`};`

Fix some flow errors 2018-05-03 10:45:09 +05:30			`type OauthRequestData = {`
			`client_id: string,`
			`redirect_uri: string,`
			`response_type: string,`
			`description: string,`
			`scope: string,`
			`prompt: string,`
			`login_hint?: string,`
			`state?: string,`
			`};`

			`export type OauthData = {`
			`clientId: string,`
			`redirectUrl: string,`
			`responseType: string,`
			`description: string,`
			`scope: string,`
			`prompt: 'none' \| 'consent' \| 'select_account',`
			`loginHint?: string,`
			`state?: string`
			`};`

Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			`type FormPayloads = {`
			`name?: string,`
			`description?: string,`
			`websiteUrl?: string,`
			`redirectUri?: string,`
			`minecraftServerIp?: string,`
			`};`

Some minor fixes and e2e tests for creating of website app 2018-11-10 14:33:47 +05:30			`const api = {`
Fix some flow errors 2018-05-03 10:45:09 +05:30			`validate(oauthData: OauthData) {`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`return request.get(`
#21: support /oauth2/v1 on frontend 2016-07-28 01:15:50 +05:30			`'/api/oauth2/v1/validate',`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`getOAuthRequest(oauthData)`
			`).catch(handleOauthParamsValidation);`
			`},`

Fix some flow errors 2018-05-03 10:45:09 +05:30			`complete(oauthData: OauthData, params: {accept?: bool} = {}): Promise<Resp<{`
			`success: bool,`
			`redirectUri: string,`
			`}>> {`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`const query = request.buildQuery(getOAuthRequest(oauthData));`

			`return request.post(`
#21: support /oauth2/v1 on frontend 2016-07-28 01:15:50 +05:30			`/api/oauth2/v1/complete?${query}`,
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`typeof params.accept === 'undefined' ? {} : {accept: params.accept}`
			`).catch((resp = {}) => {`
			`if (resp.statusCode === 401 && resp.error === 'access_denied') {`
			`// user declined permissions`
			`return {`
			`success: false,`
Fix some flow errors 2018-05-03 10:45:09 +05:30			`redirectUri: resp.redirectUri,`
			`originalResponse: resp.originalResponse,`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`};`
			`}`

			`if (resp.status === 401 && resp.name === 'Unauthorized') {`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			`const error: Object = new Error('Unauthorized');`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`error.unauthorized = true;`
			`throw error;`
			`}`

			`if (resp.statusCode === 401 && resp.error === 'accept_required') {`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			`const error: Object = new Error('Permissions accept required');`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`error.acceptRequired = true;`
			`throw error;`
			`}`

			`return handleOauthParamsValidation(resp);`
			`});`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			`},`

Fix some flow errors 2018-05-03 10:45:09 +05:30			`create(type: string, formParams: FormPayloads): Promise<Resp<{success: bool, data: OauthAppResponse}>> {`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			return request.post(`/api/v1/oauth2/${type}`, formParams);
			`},`

Fix some flow errors 2018-05-03 10:45:09 +05:30			`update(clientId: string, formParams: FormPayloads): Promise<Resp<{success: bool, data: OauthAppResponse}>> {`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			return request.put(`/api/v1/oauth2/${clientId}`, formParams);
			`},`

Fix some flow errors 2018-05-03 10:45:09 +05:30			`getApp(clientId: string): Promise<Resp<OauthAppResponse>> {`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			return request.get(`/api/v1/oauth2/${clientId}`);
			`},`

Fix some flow errors 2018-05-03 10:45:09 +05:30			`getAppsByUser(userId: number): Promise<Resp<Array<OauthAppResponse>>> {`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			return request.get(`/api/v1/accounts/${userId}/oauth2/clients`);
			`},`

Fix some flow errors 2018-05-03 10:45:09 +05:30			`reset(clientId: string, regenerateSecret: bool = false): Promise<Resp<{success: bool, data: OauthAppResponse}>> {`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			return request.post(`/api/v1/oauth2/${clientId}/reset${regenerateSecret ? '?regenerateSecret' : ''}`);
			`},`

Fix some flow errors 2018-05-03 10:45:09 +05:30			`delete(clientId: string): Promise<Resp<{success: bool}>> {`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30			return request.delete(`/api/v1/oauth2/${clientId}`);
			`},`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`};`
Some minor fixes and e2e tests for creating of website app 2018-11-10 14:33:47 +05:30
			`if (window.Cypress) {`
			`window.oauthApi = api;`
			`}`

			`export default api;`

#195: add custom description support for oauth 2016-08-23 10:00:06 +05:30			`/**`
			`* @param {object} oauthData`
			`* @param {string} oauthData.clientId`
			`* @param {string} oauthData.redirectUrl`
			`* @param {string} oauthData.responseType`
			`* @param {string} oauthData.description`
			`* @param {string} oauthData.scope`
			`* @param {string} oauthData.state`
			`*`
			`* @return {object}`
			`*/`
Fix some flow errors 2018-05-03 10:45:09 +05:30			`function getOAuthRequest(oauthData: OauthData): OauthRequestData {`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`return {`
			`client_id: oauthData.clientId,`
			`redirect_uri: oauthData.redirectUrl,`
			`response_type: oauthData.responseType,`
#195: add custom description support for oauth 2016-08-23 10:00:06 +05:30			`description: oauthData.description,`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`scope: oauthData.scope,`
#48: add support for prompt and login_hint oauth params 2016-11-19 20:11:15 +05:30			`prompt: oauthData.prompt,`
			`login_hint: oauthData.loginHint,`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`state: oauthData.state`
			`};`
			`}`

			`function handleOauthParamsValidation(resp = {}) {`
			`if (resp.statusCode === 400 && resp.error === 'invalid_request') {`
Display bsod for failed oauth requests 2016-08-07 20:20:00 +05:30			resp.userMessage = `Invalid request (${resp.parameter} required).`;
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`} else if (resp.statusCode === 400 && resp.error === 'unsupported_response_type') {`
Display bsod for failed oauth requests 2016-08-07 20:20:00 +05:30			resp.userMessage = `Invalid response type '${resp.parameter}'.`;
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`} else if (resp.statusCode === 400 && resp.error === 'invalid_scope') {`
Display bsod for failed oauth requests 2016-08-07 20:20:00 +05:30			resp.userMessage = `Invalid scope '${resp.parameter}'.`;
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`} else if (resp.statusCode === 401 && resp.error === 'invalid_client') {`
Display bsod for failed oauth requests 2016-08-07 20:20:00 +05:30			`resp.userMessage = 'Can not find application you are trying to authorize.';`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`}`

Display bsod for failed oauth requests 2016-08-07 20:20:00 +05:30			`return Promise.reject(resp);`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`}`