From ea788bcb7631bf39a0c3c71683bdf5a8ae3943d8 Mon Sep 17 00:00:00 2001 From: tigerbot Date: Mon, 3 Jul 2017 12:26:12 -0600 Subject: [PATCH] reduced duplicate parsing of location --- js/issuer.js | 63 +++++++++++++++++++++------------------------------- 1 file changed, 25 insertions(+), 38 deletions(-) diff --git a/js/issuer.js b/js/issuer.js index 08c630b..bc575d2 100644 --- a/js/issuer.js +++ b/js/issuer.js @@ -9,7 +9,7 @@ $(function () { var OAUTH3 = window.OAUTH3; var CONFIG = { - host: OAUTH3.utils.clientUri(window.location) + host: OAUTH3.clientUri(window.location) , directives: null // will be populated before the login button appears }; var loc = window.location; @@ -20,10 +20,6 @@ $(function () { }; $('.js-scopes-container').html(''); - /* - OAUTH3._hooks.sessions.all = function (providerUri) { - }; - */ OAUTH3._hooks = { sessions: {} }; OAUTH3._hooks.sessions.get = function (providerUri, id) { return JSON.parse(window.localStorage.getItem('session-' + providerUri + (id || '')) || 'null'); @@ -35,7 +31,7 @@ $(function () { }; // TODO let query.parse do location.hash || location.search || location - var clientParams = OAUTH3.query.parse(window.location.hash || window.location.search); + var clientParams = OAUTH3.query.parse(loc.hash || loc.search); if (/authorization_dialog/.test(window.location.href)) { // OAUTH3.lintClientParams(params, window) // OAUTH3.normalizeClientParams(params, window) @@ -58,12 +54,12 @@ $(function () { + "'" + OAUTH3.url.normalize(window.document.referrer) + "'" ); } - if (clientParams.client_uri) { + if (clientParams.client_uri && clientParams.client_uri !== clientParams.client_id) { console.warn("'client_id' should be used instead of 'client_uri'"); } if (!(clientParams.client_id || clientParams.client_uri)) { - window.alert("'response_type' must exist and be either 'token' (implicit flow) or 'code' (authorization flow)"); - console.error("'response_type' must exist and be either 'token' (implicit flow) or 'code' (authorization flow)"); + window.alert("'client_id' must exist as the uri identifying the client"); + console.error("'client_id' must exist as the uri identifying the client"); clientParams.client_id = clientParams.client_uri = OAUTH3.url.normalize(window.document.referrer); } if (!clientParams.redirect_uri) { @@ -99,11 +95,10 @@ $(function () { } function getGrants(session) { - var clientObj = OAUTH3.query.parse(loc.hash || loc.search); - var clientLogo = OAUTH3.url.normalize(clientObj.client_uri) // optional relative logo ? + var clientLogo = OAUTH3.url.normalize(clientParams.client_uri) // optional relative logo ? + '/.well-known/oauth3/logo-128x128.png' ; - var callbackUrl; + // TODO put in directives.json or similar var grantDescriptions = { 'oauth3_authn': "Basic secure authentication" @@ -127,10 +122,10 @@ $(function () { $('.js-client-logo').attr('src', clientLogo); //$('.js-user-avatar').attr('src', userAvatar); - return OAUTH3.authz.scopes(CONFIG.host, session, clientObj).then(function (scopes) { + return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) { if (!scopes.pending.length) { // looks like we've done all of this before - OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientObj, scopes); + OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes); return; } @@ -138,10 +133,12 @@ $(function () { // TODO secure iFrame from click-jacking by requiring input? // ex: input.security-code[type="text"].val(Math.random()); input.js-verify-code[placeholder="Type what you see"] if (OAUTH3._browser.isIframe()) { - callbackUrl = clientObj.redirect_uri + '#state=' + clientObj.state + '&error=access_denied&error_description=' - + encodeURIComponent("You're requesting permission in an iframe, but the permissions have not yet been granted") - + '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED'); - location.href = callbackUrl; + location.href = clientParams.redirect_uri +'#'+ OAUTH3.query.stringify({ + state: clientParams.state + , error: 'access_denied' + , error_description: encodeURIComponent("You're requesting permission in an iframe, but the permissions have not yet been granted") + , error_uri: encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED') + }); return; } @@ -331,8 +328,6 @@ $(function () { }); getSession(CONFIG.host).then(function (session) { - var clientParams = OAUTH3.query.parse(loc.hash || loc.search); - return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) { scopes.new = acceptedScopes; return OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes); @@ -346,21 +341,17 @@ $(function () { ev.preventDefault(); ev.stopPropagation(); - var loginWinObj = OAUTH3.query.parse(loc.hash || loc.search); - var denyObj = { error: 'access_denied' , error_description: 'The user has denied access.' , error_uri: 'https://' + CONFIG.host + '/.well-known/oauth3/errors.html#/?error=access_denied' - , state: loginWinObj.state - , scope: loginWinObj.scope + , state: clientParams.state + , scope: clientParams.scope }; - window.location = loginWinObj.redirect_uri + '#' + OAUTH3.query.stringify(denyObj); + window.location = clientParams.redirect_uri + '#' + OAUTH3.query.stringify(denyObj); }; util.handleLogout = function () { - var clientParams = OAUTH3.query.parse(loc.hash || loc.search); - localStorage.clear(); clientParams.redirect_uri += '?' + OAUTH3.query.stringify({ @@ -397,16 +388,17 @@ $(function () { return getSession(CONFIG.host).then(function (session) { return getGrants(session); }, function (e) { - var clientObj = OAUTH3.query.parse(loc.hash || loc.search); // TODO select the providers the client wants to show // providers=daplie.com,facebook.com,google.com // etc // TODO let the client specify switch_user // TODO let the client specify relogin if stale if (OAUTH3._browser.isIframe()) { - var callbackUrl = clientObj.redirect_uri + '#state=' + clientObj.state + '&error=access_denied&error_description=' - + encodeURIComponent("You're requesting permission in an iframe, but the user is not yet authenticated") - + '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED'); - location.href = callbackUrl; + location.href = clientParams.redirect_uri +'#'+ OAUTH3.query.stringify({ + state: clientParams.state + , error: 'access_denied' + , error_description: encodeURIComponent("You're requesting permission in an iframe, but the user is not yet authenticated") + , error_uri: encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED') + }); } if (clientParams.subject) { $('.js-oauth3-email').val(clientParams.subject); @@ -419,10 +411,7 @@ $(function () { } // Session initialization - return OAUTH3.discover( - OAUTH3.clientUri(window.location) - , { client_uri: OAUTH3.clientUri(window.location) } - ).then(function (directives) { + return OAUTH3.discover(CONFIG.host, { client_uri: CONFIG.host }).then(function (directives) { // TODO cache directives in memory (and storage) CONFIG.directives = directives; directives.issuer = directives.issuer || (window.location.host + window.location.pathname).replace(/\/$/, ''); @@ -439,7 +428,5 @@ $(function () { } $('body').addClass('in'); - }); - });