Bug 1597933 - don't pass string constants to determine OAuth refresh token or not. r=Fallen
authorMagnus Melin <mkmelin+mozilla@iki.fi>
Thu, 21 Nov 2019 10:45:59 +0200
changeset 37586 9b0f8cb7ffc12c4317f40a7e27fd223f951f8690
parent 37585 ff646df746848ce1be66849629e62acf3892b5a3
child 37587 42ac954abcd09689cd9325c02dbda168baab96f6
push id396
push userclokep@gmail.com
push dateMon, 06 Jan 2020 23:11:57 +0000
reviewersFallen
bugs1597933
Bug 1597933 - don't pass string constants to determine OAuth refresh token or not. r=Fallen
mailnews/base/util/OAuth2.jsm
--- a/mailnews/base/util/OAuth2.jsm
+++ b/mailnews/base/util/OAuth2.jsm
@@ -21,19 +21,16 @@ function OAuth2(aBaseURI, aScope, aAppKe
   this.consumerKey = aAppKey;
   this.consumerSecret = aAppSecret;
   this.scope = aScope;
   this.extraAuthParams = [];
 
   this.log = Log4Moz.getConfiguredLogger("TBOAuth");
 }
 
-OAuth2.CODE_AUTHORIZATION = "authorization_code";
-OAuth2.CODE_REFRESH = "refresh_token";
-
 OAuth2.prototype = {
   consumerKey: null,
   consumerSecret: null,
   completionURI: "http://localhost",
   requestWindowURI: "chrome://messenger/content/browserRequest.xul",
   requestWindowFeatures: "chrome,private,centerscreen,width=980,height=750",
   requestWindowTitle: "",
   scope: null,
@@ -44,17 +41,17 @@ OAuth2.prototype = {
 
   connect(aSuccess, aFailure, aWithUI, aRefresh) {
     this.connectSuccessCallback = aSuccess;
     this.connectFailureCallback = aFailure;
 
     if (!aRefresh && this.accessToken) {
       aSuccess();
     } else if (this.refreshToken) {
-      this.requestAccessToken(this.refreshToken, OAuth2.CODE_REFRESH);
+      this.requestAccessToken(this.refreshToken, true);
     } else {
       if (!aWithUI) {
         aFailure('{ "error": "auth_noui" }');
         return;
       }
       if (gConnecting[this.authURI]) {
         aFailure("Window already open");
         return;
@@ -171,38 +168,47 @@ OAuth2.prototype = {
     delete this._browserRequest;
   },
 
   // @see RFC 6749 section 4.1.2: Authorization Response
   onAuthorizationReceived(aURL) {
     this.log.info("OAuth2 authorization received: url=" + aURL);
     let params = new URLSearchParams(aURL.split("?", 2)[1]);
     if (params.has("code")) {
-      this.requestAccessToken(params.get("code"), OAuth2.CODE_AUTHORIZATION);
+      this.requestAccessToken(params.get("code"), false);
     } else {
       this.onAuthorizationFailed(null, aURL);
     }
   },
 
   onAuthorizationFailed(aError, aData) {
     this.connectFailureCallback(aData);
   },
 
-  requestAccessToken(aCode, aType) {
+  /**
+   * Request a new access token, or refresh an existing one.
+   * @param {string} aCode - The token issued to the client.
+   * @param {boolean} aRefresh - Whether it's a refresh of a token or not.
+   */
+  requestAccessToken(aCode, aRefresh) {
+    // @see RFC 6749 section 4.1.3. Access Token Request
+    // @see RFC 6749 section 6. Refreshing an Access Token
+
     let params = [
       ["client_id", this.consumerKey],
       ["client_secret", this.consumerSecret],
-      ["grant_type", aType],
     ];
 
-    if (aType == OAuth2.CODE_AUTHORIZATION) {
+    if (aRefresh) {
+      params.push(["grant_type", "refresh_token"]);
+      params.push(["refresh_token", aCode]);
+    } else {
+      params.push(["grant_type", "authorization_code"]);
       params.push(["code", aCode]);
       params.push(["redirect_uri", this.completionURI]);
-    } else if (aType == OAuth2.CODE_REFRESH) {
-      params.push(["refresh_token", aCode]);
     }
 
     let options = {
       postData: params,
       onLoad: this.onAccessTokenReceived.bind(this),
       onError: this.onAccessTokenFailed.bind(this),
     };
     httpRequest(this.tokenURI, options);