in Modules/device-path.js [29:185]
function requestUserCodeProcessing(event, callback) {
//Search for an Authorization request related to the provided user code
var DynamoDBParams = {
ExpressionAttributeValues: {
":User_code": {
S: event.queryStringParameters.code
}
},
KeyConditionExpression: "User_code = :User_code",
IndexName: process.env.DYNAMODB_USERCODE_INDEX,
TableName: process.env.DYNAMODB_TABLE
};
common.dynamodb.query(DynamoDBParams, function(err, data) {
if (err) {
//There was an error retrieving the Authorization request
console.log("User code does not exist: " + event.queryStringParameters.code);
console.log(err, err.stack);
common.returnExpiredUserCodeError(callback);
} else {
console.log("successful response");
//If no result is returned
if (data.Items.length == 0) {
console.log("no User code was returned");
common.returnExpiredUserCodeError(callback);
//If too much result is returned
} else if (data.Items.length > 1) {
console.log("Too much User code returned from the request");
common.returnExpiredUserCodeError(callback);
//If only one result is returned
} else {
var Device_code_ctx = data.Items[0].Device_code.S;
//If the Authorization request is already expired, authorized, or denied
if (data.Items[0].Status.S == "expired" || data.Items[0].Status.S == "authorized" || data.Items[0].Status.S == "denied") {
console.log("The Device code has already expired or been used");
common.returnExpiredUserCodeError(callback);
//If the Authorization request has not the expired status but has a lifetime that is greater than the maximum one
} else if (Date.now() > parseInt(data.Items[0].Max_expiry.S)) {
console.log("User Code has expired");
//Update the Authorization request to expire
DynamoDBParams = {
ExpressionAttributeNames: {
"#Status": "Status"
},
ExpressionAttributeValues: {
":status": {
S: "expired"
}
},
Key: {
"Device_code": {
S: Device_code_ctx
}
},
ReturnValues: "ALL_NEW",
TableName: process.env.DYNAMODB_TABLE,
UpdateExpression: "SET #Status = :status"
};
common.dynamodb.updateItem(DynamoDBParams, function(err, data) {
if (err) {
//There was an error updating the Authorization request
console.log("User Code has expired but an error occurend when updating the DB");
console.log(err, err.stack);
common.returnExpiredUserCodeError(callback);
} else {
//Update was successfull, we return an HTML message to the end-user
console.log("User Code has expired and DB has been updated");
common.returnExpiredUserCodeError(callback);
}
});
//If the code has not been redeemed and is still valid
} else {
console.log("User Code is valid and action is Authorize = " + event.queryStringParameters.authorize );
//Retrieving the OIDC authenticated user attributes set by ALB
var payload = common.base64UrlDecode(event.headers["x-amzn-oidc-data"].split('.')[1]);
//If the end-user "Authorized" the Authorization request
if (event.queryStringParameters.authorize == 'true') {
//Update the Status and Subject of the Authorization request
DynamoDBParams = {
ExpressionAttributeNames: {
"#Status": "Status",
"#Subject": "Subject"
},
ExpressionAttributeValues: {
":status": {
S: "authorized"
},
":subject": {
S: JSON.parse(payload).username
}
},
Key: {
"Device_code": {
S: Device_code_ctx
}
},
ReturnValues: "ALL_NEW",
TableName: process.env.DYNAMODB_TABLE,
UpdateExpression: "SET #Status = :status, #Subject = :subject"
};
common.dynamodb.updateItem(DynamoDBParams, function(err, data) {
if (err) {
//There was an error updating the Authorization request
console.log("Unable to set state to autorized for User Code");
console.log(err, err.stack);
common.returnHTMLError(400, "<H1>Error, can't update status</H1>", callback);
} else {
//Update was successfull, follwoing up with the Authroization path
authzP.processAllow(data.Attributes.Client_id.S, data.Attributes.Device_code.S, callback, common.dynamodb);
}
});
//If the end-user "Denied" the Authorization request
} else if (event.queryStringParameters.authorize == 'false') {
console.log("User Code is valid and action is Authorize = " + event.queryStringParameters.authorize );
//Update the Status and Subject of the Authorization request
DynamoDBParams = {
ExpressionAttributeNames: {
"#Status": "Status",
"#Subject": "Subject"
},
ExpressionAttributeValues: {
":status": {
S: "denied"
},
":subject": {
S: JSON.parse(payload).username
}
},
Key: {
"Device_code": {
S: Device_code_ctx
}
},
ReturnValues: "ALL_NEW",
TableName: process.env.DYNAMODB_TABLE,
UpdateExpression: "SET #Status = :status, #Subject = :subject"
};
common.dynamodb.updateItem(DynamoDBParams, function(err, data) {
if (err) {
//There was an error updating the Authorization request
console.log("Unable to set state to autorized for User Code");
common.returnHTMLError(400, "<H1>Error, can't update status</H1>", callback);
}
else {
//Update was successfull, returning an HTML SUCCESS message
common.returnHTMLSuccess("<H1>Thanks, Device has been unauthorized.</H1>", callback);
}
});
//If the operation is not supported
} else {
console.log("Unsupported Authorization option");
common.returnHTMLError(400, "<H1>Error, can't update status</H1>", callback);
}
}
}
}
});
}