From 0b0a84ca2a106c02366e0d8bbfcaef1b4d9074b1 Mon Sep 17 00:00:00 2001
From: "Arseniy Maximov (Kern0)" <localhost@kern0.ru>
Date: Fri, 19 Sep 2014 01:59:40 +0400
Subject: [PATCH 1/2] Give authcode to client if he already have token (also
 remove that token).

---
 config/http.js | 99 ++++++++++++++++++++++++++++++++++----------------
 1 file changed, 68 insertions(+), 31 deletions(-)

diff --git a/config/http.js b/config/http.js
index 99aa71f..a62f663 100644
--- a/config/http.js
+++ b/config/http.js
@@ -368,42 +368,79 @@ module.exports.http = {
 				});
 			}),
 			function (req, res) {
-				if (req.oauth2.client.redirectURI !== req.oauth2.req.redirectURI) {
-					return res.json(400, {
-						error: "wrong redirect_uri",
-						documentation_url: docs_url
-					});
-				}
+				async.waterfall([
+					function check4ActiveTokens(callback) {
+						Token.findOne({
+							clientId: req.oauth2.client.id,
+							userId: req.user.id,
+							scope: req.oauth2.client.scope
+						}).exec(function (err, token) {
+							if (err) return callback(err);
 
-				var scopes;
-				if (req.oauth2.client.scope.split(',') === req.oauth2.client.scope) {
-					scopes = req.oauth2.client.scope
-				} else {
-					scopes = req.oauth2.client.scope.split(',')
-				}
+							if (token) {
+								token.destroy(function (err) {
+									if (err) return callback(err);
 
-				if (req.oauth2.client.internal === true) {
-					Authcode.create({
-						code: gcapi.generateUID(32),
-						clientId: req.oauth2.client.id,
-						redirectURI: req.oauth2.client.redirectURI,
-						userId: req.user.id,
-						scope: req.oauth2.client.scope
-					}).exec(function (err, code) {
-						if (err) {
-							return res.serverError();
+									Authcode.create({
+										code: gcapi.generateUID(32),
+										clientId: req.oauth2.client.id,
+										redirectURI: req.oauth2.client.redirectURI,
+										userId: req.user.id,
+										scope: req.oauth2.client.scope
+									}).exec(function (err, code) {
+										if (err) {
+											return res.serverError();
+										}
+
+										res.redirect(req.oauth2.client.redirectURI + '?code=' + code.code);
+									});
+								});
+							} else {
+								callback(null);
+							}
+						});
+					},
+					function otherChecks(callback) {
+						if (req.oauth2.client.redirectURI !== req.oauth2.req.redirectURI) {
+							return res.json(400, {
+								error: "wrong redirect_uri",
+								documentation_url: docs_url
+							});
 						}
 
-						res.redirect(req.oauth2.client.redirectURI + '?code=' + code.code);
-					});
-					return;
-				}
+						var scopes;
+						if (req.oauth2.client.scope.split(',') === req.oauth2.client.scope) {
+							scopes = req.oauth2.client.scope
+						} else {
+							scopes = req.oauth2.client.scope.split(',')
+						}
 
-				res.render('dialog', {
-					transactionID: req.oauth2.transactionID,
-					user: req.user,
-					cli: req.oauth2.client,
-					scopes: scopes
+						if (req.oauth2.client.internal === true) {
+							Authcode.create({
+								code: gcapi.generateUID(32),
+								clientId: req.oauth2.client.id,
+								redirectURI: req.oauth2.client.redirectURI,
+								userId: req.user.id,
+								scope: req.oauth2.client.scope
+							}).exec(function (err, code) {
+								if (err) {
+									return res.serverError();
+								}
+
+								res.redirect(req.oauth2.client.redirectURI + '?code=' + code.code);
+							});
+							return;
+						}
+
+						res.render('dialog', {
+							transactionID: req.oauth2.transactionID,
+							user: req.user,
+							cli: req.oauth2.client,
+							scopes: scopes
+						});
+					}
+				], function (err) {
+					if (err) throw err;
 				});
 			});
 

From 64f125f501213e819accbf736bb06c40bdcc563e Mon Sep 17 00:00:00 2001
From: "Arseniy Maximov (Kern0)" <localhost@kern0.ru>
Date: Fri, 19 Sep 2014 02:24:58 +0400
Subject: [PATCH 2/2] Do not remove token; do not regenerate token if exists.

---
 config/http.js | 34 ++++++++++++----------------------
 1 file changed, 12 insertions(+), 22 deletions(-)

diff --git a/config/http.js b/config/http.js
index a62f663..3184a2e 100644
--- a/config/http.js
+++ b/config/http.js
@@ -257,13 +257,7 @@ module.exports.http = {
 									callback(null, token);
 								});
 							} else {
-								token.token = gcapi.generateUID(256);
-
-								token.save(function (err) {
-									if (err) return callback(err);
-
-									callback(null, token);
-								});
+								callback(null, token);
 							}
 
 
@@ -378,22 +372,18 @@ module.exports.http = {
 							if (err) return callback(err);
 
 							if (token) {
-								token.destroy(function (err) {
-									if (err) return callback(err);
+								Authcode.create({
+									code: gcapi.generateUID(32),
+									clientId: req.oauth2.client.id,
+									redirectURI: req.oauth2.client.redirectURI,
+									userId: req.user.id,
+									scope: req.oauth2.client.scope
+								}).exec(function (err, code) {
+									if (err) {
+										return res.serverError();
+									}
 
-									Authcode.create({
-										code: gcapi.generateUID(32),
-										clientId: req.oauth2.client.id,
-										redirectURI: req.oauth2.client.redirectURI,
-										userId: req.user.id,
-										scope: req.oauth2.client.scope
-									}).exec(function (err, code) {
-										if (err) {
-											return res.serverError();
-										}
-
-										res.redirect(req.oauth2.client.redirectURI + '?code=' + code.code);
-									});
+									res.redirect(req.oauth2.client.redirectURI + '?code=' + code.code);
 								});
 							} else {
 								callback(null);