this fix handles error in case user session is not existent

wwWallet · Apr 16, 2024 · 4d9bab9 · 4d9bab9
1 parent b1b4821
commit 4d9bab9
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 67 deletions.
diff --git a/src/openid4vci/grant_types/AuthorizationCodeGrant.ts b/src/openid4vci/grant_types/AuthorizationCodeGrant.ts
diff --git a/src/openid4vci/grant_types/PreAuthorizedCodeGrant.ts b/src/openid4vci/grant_types/PreAuthorizedCodeGrant.ts
diff --git a/src/openid4vci/utils/generateAccessToken.ts b/src/openid4vci/utils/generateAccessToken.ts
@@ -2,13 +2,18 @@ import { TokenResponseSchemaType } from '../../types/oid4vci';
 import * as crypto from 'node:crypto';
 import { AuthorizationServerState } from "../../entities/AuthorizationServerState.entity";
 import * as jose from 'jose';
+import { Request, Response } from 'express';
 const accessTokenExpirationInSeconds = 8000;
 
 
 export const keyPairPromise = jose.generateKeyPair('RSA-OAEP-256');
 
-export async function generateAccessToken(userSession: AuthorizationServerState): Promise<TokenResponseSchemaType> {
+export async function generateAccessToken(ctx: { req: Request, res: Response }): Promise<TokenResponseSchemaType | null> {
+	if (ctx.res.headersSent) {
+		return null;
+	}
 
+	const userSession = ctx.req.authorizationServerState;
 	const credentialIssuersIdentifiers: string[] = [];
 
 	if (userSession.authorization_details) {

diff --git a/src/services/OpenidForCredentialIssuingAuthorizationServerService.ts b/src/services/OpenidForCredentialIssuingAuthorizationServerService.ts
@@ -355,14 +355,24 @@ export class OpenidForCredentialIssuingAuthorizationServerService implements Ope
 	}
 
 	async tokenRequestHandler(ctx: { req: Request, res: Response }): Promise<void> {
-		ctx.res.setHeader("Cache-Control", "no-store");
 		await this.tokenRequestGrantTypeHandler(ctx);
 		await this.tokenRequestAuthorizationCodeHandler(ctx);
 		await this.tokenRequestPreAuthorizedCodeHandler(ctx);
 		// await this.tokenRequestUserPinHandler(ctx); keep this commented to not require userpin
 
-		const response = await generateAccessToken(ctx.req.authorizationServerState);
-		ctx.res.send(response);
+		try {
+			const response = await generateAccessToken(ctx);
+			if (response) {
+				ctx.res.setHeader("Cache-Control", "no-store");
+				ctx.res.send(response);
+			}
+		}
+		catch(err) {
+			console.error("Couldn't generate access token. Detailed error:");
+			console.error(err);
+			ctx.res.status(400).send({ error: "Couldn't generate access token" });
+			return;
+		}
 	}
 
 }