coolaj86
/
issuer.html
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

reduced duplicate parsing of location

This commit is contained in:
tigerbot 2017-07-03 12:26:12 -06:00
parent dc5139686e
commit ea788bcb76
1 changed files with 25 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
js/issuer.js
View File

@ -9,7 +9,7 @@ $(function () {
var OAUTH3 = window.OAUTH3; var OAUTH3 = window.OAUTH3;
var CONFIG = { var CONFIG = {
host: OAUTH3.utils.clientUri(window.location) host: OAUTH3.clientUri(window.location)
, directives: null // will be populated before the login button appears , directives: null // will be populated before the login button appears
}; };
var loc = window.location; var loc = window.location;
@ -20,10 +20,6 @@ $(function () {
}; };
$('.js-scopes-container').html(''); $('.js-scopes-container').html('');
/*
OAUTH3._hooks.sessions.all = function (providerUri) {
};
*/
OAUTH3._hooks = { sessions: {} }; OAUTH3._hooks = { sessions: {} };
OAUTH3._hooks.sessions.get = function (providerUri, id) { OAUTH3._hooks.sessions.get = function (providerUri, id) {
return JSON.parse(window.localStorage.getItem('session-' + providerUri + (id || '')) || 'null'); return JSON.parse(window.localStorage.getItem('session-' + providerUri + (id || '')) || 'null');
@ -35,7 +31,7 @@ $(function () {
}; };
// TODO let query.parse do location.hash || location.search || location // TODO let query.parse do location.hash || location.search || location
var clientParams = OAUTH3.query.parse(window.location.hash || window.location.search); var clientParams = OAUTH3.query.parse(loc.hash || loc.search);
if (/authorization_dialog/.test(window.location.href)) { if (/authorization_dialog/.test(window.location.href)) {
// OAUTH3.lintClientParams(params, window) // OAUTH3.lintClientParams(params, window)
// OAUTH3.normalizeClientParams(params, window) // OAUTH3.normalizeClientParams(params, window)
@ -58,12 +54,12 @@ $(function () {
+ "'" + OAUTH3.url.normalize(window.document.referrer) + "'" + "'" + OAUTH3.url.normalize(window.document.referrer) + "'"
); );
} }
if (clientParams.client_uri) { if (clientParams.client_uri && clientParams.client_uri !== clientParams.client_id) {
console.warn("'client_id' should be used instead of 'client_uri'"); console.warn("'client_id' should be used instead of 'client_uri'");
} }
if (!(clientParams.client_id || clientParams.client_uri)) { if (!(clientParams.client_id || clientParams.client_uri)) {
window.alert("'response_type' must exist and be either 'token' (implicit flow) or 'code' (authorization flow)"); window.alert("'client_id' must exist as the uri identifying the client");
console.error("'response_type' must exist and be either 'token' (implicit flow) or 'code' (authorization flow)"); console.error("'client_id' must exist as the uri identifying the client");
clientParams.client_id = clientParams.client_uri = OAUTH3.url.normalize(window.document.referrer); clientParams.client_id = clientParams.client_uri = OAUTH3.url.normalize(window.document.referrer);
} }
if (!clientParams.redirect_uri) { if (!clientParams.redirect_uri) {
@ -99,11 +95,10 @@ $(function () {
} }
function getGrants(session) { function getGrants(session) {
var clientObj = OAUTH3.query.parse(loc.hash || loc.search); var clientLogo = OAUTH3.url.normalize(clientParams.client_uri) // optional relative logo ?
var clientLogo = OAUTH3.url.normalize(clientObj.client_uri) // optional relative logo ?
+ '/.well-known/oauth3/logo-128x128.png' + '/.well-known/oauth3/logo-128x128.png'
; ;
var callbackUrl;
// TODO put in directives.json or similar // TODO put in directives.json or similar
var grantDescriptions = { var grantDescriptions = {
'oauth3_authn': "Basic secure authentication" 'oauth3_authn': "Basic secure authentication"
@ -127,10 +122,10 @@ $(function () {
$('.js-client-logo').attr('src', clientLogo); $('.js-client-logo').attr('src', clientLogo);
//$('.js-user-avatar').attr('src', userAvatar); //$('.js-user-avatar').attr('src', userAvatar);
return OAUTH3.authz.scopes(CONFIG.host, session, clientObj).then(function (scopes) { return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) {
if (!scopes.pending.length) { if (!scopes.pending.length) {
// looks like we've done all of this before // looks like we've done all of this before
OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientObj, scopes); OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes);
return; return;
} }
@ -138,10 +133,12 @@ $(function () {
// TODO secure iFrame from click-jacking by requiring input? // TODO secure iFrame from click-jacking by requiring input?
// ex: input.security-code[type="text"].val(Math.random()); input.js-verify-code[placeholder="Type what you see"] // ex: input.security-code[type="text"].val(Math.random()); input.js-verify-code[placeholder="Type what you see"]
if (OAUTH3._browser.isIframe()) { if (OAUTH3._browser.isIframe()) {
callbackUrl = clientObj.redirect_uri + '#state=' + clientObj.state + '&error=access_denied&error_description=' location.href = clientParams.redirect_uri +'#'+ OAUTH3.query.stringify({
+ encodeURIComponent("You're requesting permission in an iframe, but the permissions have not yet been granted") state: clientParams.state
+ '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED'); , error: 'access_denied'
location.href = callbackUrl; , error_description: encodeURIComponent("You're requesting permission in an iframe, but the permissions have not yet been granted")
, error_uri: encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED')
});
return; return;
} }
@ -331,8 +328,6 @@ $(function () {
}); });
getSession(CONFIG.host).then(function (session) { getSession(CONFIG.host).then(function (session) {
var clientParams = OAUTH3.query.parse(loc.hash || loc.search);
return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) { return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) {
scopes.new = acceptedScopes; scopes.new = acceptedScopes;
return OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes); return OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes);
@ -346,21 +341,17 @@ $(function () {
ev.preventDefault(); ev.preventDefault();
ev.stopPropagation(); ev.stopPropagation();
var loginWinObj = OAUTH3.query.parse(loc.hash || loc.search);
var denyObj = { var denyObj = {
error: 'access_denied' error: 'access_denied'
, error_description: 'The user has denied access.' , error_description: 'The user has denied access.'
, error_uri: 'https://' + CONFIG.host + '/.well-known/oauth3/errors.html#/?error=access_denied' , error_uri: 'https://' + CONFIG.host + '/.well-known/oauth3/errors.html#/?error=access_denied'
, state: loginWinObj.state , state: clientParams.state
, scope: loginWinObj.scope , scope: clientParams.scope
}; };
window.location = loginWinObj.redirect_uri + '#' + OAUTH3.query.stringify(denyObj); window.location = clientParams.redirect_uri + '#' + OAUTH3.query.stringify(denyObj);
}; };
util.handleLogout = function () { util.handleLogout = function () {
var clientParams = OAUTH3.query.parse(loc.hash || loc.search);
localStorage.clear(); localStorage.clear();
clientParams.redirect_uri += '?' + OAUTH3.query.stringify({ clientParams.redirect_uri += '?' + OAUTH3.query.stringify({
@ -397,16 +388,17 @@ $(function () {
return getSession(CONFIG.host).then(function (session) { return getSession(CONFIG.host).then(function (session) {
return getGrants(session); return getGrants(session);
}, function (e) { }, function (e) {
var clientObj = OAUTH3.query.parse(loc.hash || loc.search);
// TODO select the providers the client wants to show // TODO select the providers the client wants to show
// providers=daplie.com,facebook.com,google.com // etc // providers=daplie.com,facebook.com,google.com // etc
// TODO let the client specify switch_user // TODO let the client specify switch_user
// TODO let the client specify relogin if stale // TODO let the client specify relogin if stale
if (OAUTH3._browser.isIframe()) { if (OAUTH3._browser.isIframe()) {
var callbackUrl = clientObj.redirect_uri + '#state=' + clientObj.state + '&error=access_denied&error_description=' location.href = clientParams.redirect_uri +'#'+ OAUTH3.query.stringify({
+ encodeURIComponent("You're requesting permission in an iframe, but the user is not yet authenticated") state: clientParams.state
+ '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED'); , error: 'access_denied'
location.href = callbackUrl; , error_description: encodeURIComponent("You're requesting permission in an iframe, but the user is not yet authenticated")
, error_uri: encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED')
});
} }
if (clientParams.subject) { if (clientParams.subject) {
$('.js-oauth3-email').val(clientParams.subject); $('.js-oauth3-email').val(clientParams.subject);
@ -419,10 +411,7 @@ $(function () {
} }
// Session initialization // Session initialization
return OAUTH3.discover( return OAUTH3.discover(CONFIG.host, { client_uri: CONFIG.host }).then(function (directives) {
OAUTH3.clientUri(window.location)
, { client_uri: OAUTH3.clientUri(window.location) }
).then(function (directives) {
// TODO cache directives in memory (and storage) // TODO cache directives in memory (and storage)
CONFIG.directives = directives; CONFIG.directives = directives;
directives.issuer = directives.issuer || (window.location.host + window.location.pathname).replace(/\/$/, ''); directives.issuer = directives.issuer || (window.location.host + window.location.pathname).replace(/\/$/, '');
@ -439,7 +428,5 @@ $(function () {
} }
$('body').addClass('in'); $('body').addClass('in');
}); });
}); });