coolaj86/issuer.html
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolaj86:pre-issuer-rewrite
Branches Tags
coolaj86:master
coolaj86:playground
coolaj86:v1.2
coolaj86:remember-me
coolaj86:v1
coolaj86:checkbox-fix
coolaj86:v1.2.2
coolaj86:v1.2.1
coolaj86:v1.0.37
coolaj86:v1.2.0
coolaj86:pre-issuer-rewrite
coolaj86:2017-09-13
coolaj86:2017-08-01
...
compare: coolaj86:master
Branches Tags
coolaj86:playground
coolaj86:master
coolaj86:v1.2
coolaj86:remember-me
coolaj86:v1
coolaj86:checkbox-fix
coolaj86:v1.2.2
coolaj86:v1.2.1
coolaj86:v1.0.37
coolaj86:v1.2.0
coolaj86:pre-issuer-rewrite
coolaj86:2017-09-13
coolaj86:2017-08-01

43 Commits
pre-issuer ... master

Author SHA1 Message Date
coolaj86
b8253fa500 update sponsor 2018-04-23 22:08:07 +00:00
AJ ONeal
25d7874104 Merge branch 'v1.2' into v1 2017-11-13 11:27:52 -07:00
AJ ONeal
a2ecd36db4 update urls 2017-11-13 11:27:50 -07:00
AJ ONeal
8c09dccd2e update urls 2017-11-10 12:21:40 -07:00
AJ ONeal
6953f535a1 Merge branch 'master' into v1.2 2017-11-10 12:18:14 -07:00
AJ ONeal
426d6a4cbe update paths and urls 2017-11-10 12:17:36 -07:00
AJ ONeal
ff5c13f3fc add standard files 2017-11-10 12:12:38 -07:00
AJ ONeal
e4a84ea0b5 begin token inspector 2017-11-08 21:55:04 +00:00
AJ ONeal
fdf7897b09 Merge branch 'checkbox-fix' into v1.2 2017-11-08 20:15:32 +00:00
John Shaver
ad454ba7b6 The grant checkboxes are now initialing correctly 2017-11-07 14:45:40 -07:00
John Shaver
40bfe2e534 Clicking grant labels now correctly toggles the check mark. 2017-11-07 14:23:26 -07:00
aj
e1701ffdd9 checkout v1.2 to match current branch 2017-10-23 23:13:05 +00:00
AJ ONeal
03f5186659 Merge branch 'master' into v1.1 2017-10-23 21:45:00 +00:00
AJ ONeal
5719f6a78e merge with daplie.me 2017-10-23 21:29:16 +00:00
tigerbot
d28ab68abc Merge branch 'issuer-rewrite' 
# Conflicts:
#	README.md
#	index.html
#	install.sh
 2017-10-19 16:49:03 -06:00
tigerbot
8bf164b5aa Merge branch 'daplie.me' 2017-10-19 16:38:28 -06:00
aj
cc066a0bcd org.oauth3 -> oauth3.org 2017-08-15 20:28:03 +00:00
aj
7d18f05baf org.oauth3 -> oauth3.org 2017-08-15 20:26:10 +00:00
aj
3c3100a851 add some scopes 2017-08-12 00:02:07 +00:00
tigerbot
3645d66f5c Merge branch 'daplie.me' into issuer-rewrite 2017-08-07 11:20:51 -06:00
AJ ONeal
e5cd4ada23 Merge branch 'daplie.me' of git.daplie.com:OAuth3/org.oauth3 into daplie.me 2017-08-01 18:27:04 +00:00
AJ ONeal
c2b6d2b7ed use proper scope names 2017-08-01 18:26:08 +00:00
AJ ONeal
1b0c5417bf cleanup 2017-08-01 18:24:38 +00:00
tigerbot
8f30d80b38 changed how the "remember me" checkbox is handled 2017-08-01 11:39:20 -06:00
tigerbot
3e81aebc4a removed funky character from the html 2017-07-27 13:06:05 -06:00
tigerbot
9b61d7c464 made some indentation in index.html more consistent 2017-07-27 11:55:03 -06:00
tigerbot
7902dea5f3 removed useless check for account existence 2017-07-26 18:16:30 -06:00
tigerbot
cd1ff73eea handled case of un-refreshable saved session 2017-07-25 16:55:12 -06:00
tigerbot
ea788bcb76 reduced duplicate parsing of location 2017-07-25 16:55:12 -06:00
Jon Lambson
dc5139686e changing back to daplie.me 2017-07-12 10:44:28 -06:00
Jon Lambson
210df2a4c8 changed to safelogin.org 2017-07-12 10:39:01 -06:00
Jon Lambson
22b1d535ca fixing error 2017-07-12 10:28:13 -06:00
Jon Lambson
1642251cb7 clearing error 2017-07-12 10:26:53 -06:00
Jon Lambson
1d02c1d424 error msg 2017-07-12 10:08:56 -06:00
Jon Lambson
d446057524 fixing typo 2017-07-12 10:00:49 -06:00
Jon Lambson
624ccf02a0 i donno 2017-07-12 09:59:07 -06:00
Jon Lambson
37bd95fd54 testing 2017-07-12 09:56:17 -06:00
Jon Lambson
837bdd80c9 fixing js 2017-07-11 16:40:36 -06:00
Jon Lambson
c588ea7d3d fixing disabled 2017-07-11 16:29:07 -06:00
Jon Lambson
e9a4ff8f9a added validation for maxLength 2017-07-11 16:09:42 -06:00
Jon Lambson
e748d8f849 removing incorrect js 2017-07-11 12:44:11 -06:00
Jon Lambson
a2364ac874 closing popup after denying app 2017-07-11 11:58:38 -06:00
Jon Lambson
acb366767a safelogin.org to daplie.me 2017-07-10 16:28:28 -06:00
12 changed files with 292 additions and 216 deletions
Show Stats Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
*.*sw*
bower_components/
assets/
.DS_Store

5
CHANGELOG Normal file
View File

@ -0,0 +1,5 @@
v1.2.1 - Authorization Dialog for ID Issuer
* Resource Owner Password token exchange
* Public / Private Keypair generation
* Public key (remember device) syncing
* BUG: Remember me is not operational

41
LICENSE Normal file
View File

@ -0,0 +1,41 @@
Copyright 2017 Daplie, Inc
This is open source software; you can redistribute it and/or modify it under the
terms of either:
a) the "MIT License"
b) the "Apache-2.0 License"
MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Apache-2.0 License Summary
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

30
README.md
View File

@ -1,20 +1,30 @@
This is a WALNUT module representing the html package for oauth3.org.
issuer.html
===========
It must be installed to `/srv/walnut/packages/pages/issuer@oauth3.org`
| [oauth3.js](https://git.oauth3.org/OAuth3/oauth3.js)
| *issuer.html*
| [issuer.rest.walnut.js](https://git.oauth3.org/OAuth3/issuer.rest.walnut.js)
| [issuer.srv](https://git.oauth3.org/OAuth3/issuer.srv)
| Sponsored by [ppl](https://ppl.family)
This is a browser application which implements the issuer side of the *authorization_dialog* flow for OAuth3.
It may be used client-side only (public key or granted scope syncing will be disabled),
or will the *issuer.rest.walnut.js* APIs on the backend for full functionality.
For use with walnut it must be installed to `/opt/walnut/packages/pages/issuer@oauth3.org`
```bash
git clone git@git.daplie.com:OAuth3/issuer_oauth3.org.git /srv/walnut/packages/pages/issuer@oauth3.org
ln -s issuer@oauth3.org /srv/walnut/packages/pages/org.oauth3
pushd /srv/walnut/packages/pages/issuer@oauth3.org
git clone git@git.oauth3.org:OAuth3/org.oauth3.git /opt/walnut/packages/pages/issuer@oauth3.org
pushd /opt/walnut/packages/pages/issuer@oauth3.org
bash ./install.sh
popd
```
```bash
echo "issuer@oauth3.org" >> /srv/walnut/packages/sites/EXAMPLE.COM
echo "org.oauth3" >> /srv/walnut/packages/sites/EXAMPLE.COM
echo "issuer@oauth3.org" >> /opt/walnut/var/sites/EXAMPLE.COM
```
This uses the OAuth3 JavaScript SDK `oauth3.js` as a subpackage in `/srv/walnut/packages/pages/issuer@oauth3.org/assets/oauth3.org`.
The 'login popup' is hosted on our tardigrade proxy VM.
This uses the OAuth3 JavaScript SDK `oauth3.js` as a subpackage in
`/opt/walnut/packages/pages/issuer@oauth3.org/assets/oauth3.org`.

7
css/daplie-installer-overrides.css
View File

@ -12,10 +12,6 @@ html, body {
background-color: #282828;
color: #FFFFFF;
}
/*override bootstrap fade*/
.fade {
opacity: 1;
}
input.emailInput::placeholder {
font-family : Brown Regular;
font-size : 14px;
@ -445,3 +441,6 @@ span.dap-small-text.js-scope-desc.noselect {
color : #808080;
color : rgb(128, 128, 128);
}
.error-msg {
color: #FDA748;
}

BIN
img/.DS_Store vendored
View File

Binary file not shown.

66
index.html
View File

@ -11,7 +11,8 @@
<link rel="stylesheet" type="text/css" href="/css/daplie-installer-overrides.css">
</head>
<body class="fade mock-main">
<body>
<div class="fade mock-main">
<!-- STEP 1: ask the user where they want to log in -->
<!-- STEP 2: ask the user for their email -->
@ -23,8 +24,8 @@
<!-- Step 5: ask for permissions -->
<div class="dap-bordered js-userid-container">
<p class="org-title">Safelogin.org</p>
<p class="dap-centered-text dap-normal-text welcome-text center-it">Welcome to a new way to login. Safelogin.org helps you create an Internet ID that allows you to choose what info is shared about you when you login into a site or app online.</p>
<p class="org-title">daplie.me</p>
<p class="dap-centered-text dap-normal-text welcome-text center-it">Welcome to a new way to login. daplie.me helps you create an Internet ID that allows you to choose what info is shared about you when you login into a site or app online.</p>
<form method="post" action="">
<div class="form-group">
<input type="email" class="form-control dap-input js-oauth3-email emailInput" placeholder="Enter an email address to start"></input>
@ -45,7 +46,7 @@
</div>
<div class="dap-bordered js-authn">
<p class="org-title">Safelogin.org</p>
<p class="org-title">daplie.me</p>
<!-- <div class="dap-normal-text">
<span class="fa fa-3x icon-centered-3x fa-purple fa-envelope"></span>
</div>
@ -61,6 +62,7 @@
<p class="code-lasts-text">Code lasts for 15 minutes.</p>
<input type="hidden" class="js-authn-otp-uuid">
<input class="dap-input js-authn-otp-code form-control" placeholder="XXXX-XXXX-XXXX" maxlength="14"></input>
<p class="error-msg"></p>
</div>
<div class="dap-centered-div dap-space-on-top form-group">
<label class="js-remember-label dap-normal-text">
@ -70,8 +72,7 @@
<input class="js-remember-checkbox hidden" type="checkbox"></input>
</label>
</div>
<!-- <button class="dap-full-button-green js-remember-btn js-authz-remember-me">SIGN IN ONCE</button> -->
<button type="submit" class="btn btn-primary submit-btn dap-full-button-green js-remember-btn js-authz-remember-me">Submit</button>
<button type="submit" class="btn btn-primary submit-btn dap-full-button-green js-submit-code-btn" disabled>Submit</button>
<!-- <a href="./authnocode.html" target="_blank" class="btn btn-primary">Send Code Again</a> -->
<button class="btn btn-primary js-edit-email-button" type="button">Edit My Email</button>
</form>
@ -85,14 +86,14 @@
</div>
<div class="dap-bordered dap-normal-text js-authz">
<p class="org-title">Safelogin.org</p>
<p class="org-title">daplie.me</p>
<!-- <br> -->
<!-- <div class="dap-user-plus-app">
<span class="fa fa-3x fa-purple fa-user-circle"></span>
<span class="fa fa-2x fa-gray fa-plus"></span>
<img class="dap-lab-logo" src="./img/Daplie-Badge-Purple.png" alt="Daplie Labs Logo">
</div> -->
<p class="dap-centered-text dap-normal-text almost-done-text">Almost done. Now its time to set your preferences.</p>
<p class="dap-centered-text dap-normal-text almost-done-text">Almost done. Now it's time to set your preferences.</p>
<br>
<form class="js-authorization-decision" action="#">
@ -139,17 +140,60 @@
<button type="button" class="dap-full-button-green js-logout btn btn-primary">Sign Out</button>
<img src="./img/sponsored-by.png" class="sponsored-by-logo">
</div>
</div>
<div class="fade mock-bare">
<div class="container">
<div class="jumbotron">
<h1>OAuth3 Playground</h1>
</div>
<div class="row">
<div class="col-md-3">
Login Status:
</div>
<div class="col-md-9">
...
</div>
</div>
<div class="row">
<div class="col-md-3">
Current Sessions:
</div>
<div class="col-md-9">
...
</div>
</div>
<div class="row">
<div class="col-md-3">
Approved Devices:
</div>
<div class="col-md-9">
...
</div>
</div>
<div class="row">
<div class="col-md-3">
Approved Applications:
</div>
<div class="col-md-9">
...
</div>
</div>
</div>
</div>
<!--[if IE]><script src="bower_components/rsvp.js/rsvp.js"></script><![endif]-->
<script src="./js/jquery-2.2.0.min.js"></script>
<script src="./js/jquery.mask.min.js"></script>
<script src="./js/bootstrap.min.js"></script>
<script src="/assets/oauth3.org/oauth3.core.js"></script>
<script src="/assets/oauth3.org/oauth3.crypto.js"></script>
<script src="/assets/oauth3.org/oauth3.issuer.js"></script>
<script src="./js/issuer.js"></script>
<script src="./js/script.js"></script>
<script src="/assets/oauth3.org/oauth3.core.js"></script>
<script src="/assets/oauth3.org/oauth3.issuer.js"></script>
<!--script src="/assets/oauth3.org/oauth3.mock.js"></script-->
</body>
</html>

7
install.sh
View File

@ -2,14 +2,15 @@
set -e
set -u
# git clone https://git.daplie.com/OAuth3/issuer_oauth3.org.git /srv/walnut/packages/pages/issuer@oauth3.org
# git clone https://git.oauth3.org/OAuth3/issuer.html.git /srv/walnut/packages/pages/issuer@oauth3.org
# git clone https://git.oauth3.org/OAuth3/azp.html.git /srv/walnut/packages/pages/azp@oauth3.org
mkdir -p assets
if ! [ -d ./assets/oauth3.org ]; then
git clone https://git.daplie.com/OAuth3/oauth3.js.git ./assets/oauth3.org
git clone https://git.oauth3.org/OAuth3/oauth3.js.git ./assets/oauth3.org
fi
pushd ./assets/oauth3.org
git checkout v1
git checkout v1.2
git pull
popd

2
js/app.js
View File

@ -10,7 +10,7 @@ $(function () {
var auth = OAUTH3.create();
auth.init().then(function () {
$('body').addClass('in');
$('.mock-main').addClass('in');
});
auth.setProvider(providerUri).then(function () {

176
js/issuer.js
View File

@ -9,7 +9,7 @@ $(function () {
var OAUTH3 = window.OAUTH3;
var CONFIG = {
host: OAUTH3.utils.clientUri(window.location)
host: OAUTH3.clientUri(window.location)
, directives: null // will be populated before the login button appears
};
var loc = window.location;
@ -20,22 +20,8 @@ $(function () {
};
$('.js-scopes-container').html('');
/*
OAUTH3._hooks.sessions.all = function (providerUri) {
};
*/
OAUTH3._hooks = { sessions: {} };
OAUTH3._hooks.sessions.get = function (providerUri, id) {
return JSON.parse(window.localStorage.getItem('session-' + providerUri + (id || '')) || 'null');
};
OAUTH3._hooks.sessions.set = function (providerUri, newSession, id) {
window.localStorage.setItem('session-' + providerUri, JSON.stringify(newSession));
window.localStorage.setItem('session-' + providerUri + (id || newSession.id || newSession.token.id || ''), JSON.stringify(newSession));
return newSession;
};
// TODO let query.parse do location.hash || location.search || location
var clientParams = OAUTH3.query.parse(window.location.hash || window.location.search);
var clientParams = OAUTH3.query.parse(loc.hash || loc.search);
if (/authorization_dialog/.test(window.location.href)) {
// OAUTH3.lintClientParams(params, window)
// OAUTH3.normalizeClientParams(params, window)
@ -58,12 +44,12 @@ $(function () {
+ "'" + OAUTH3.url.normalize(window.document.referrer) + "'"
);
}
if (clientParams.client_uri) {
if (clientParams.client_uri && clientParams.client_uri !== clientParams.client_id) {
console.warn("'client_id' should be used instead of 'client_uri'");
}
if (!(clientParams.client_id || clientParams.client_uri)) {
window.alert("'response_type' must exist and be either 'token' (implicit flow) or 'code' (authorization flow)");
console.error("'response_type' must exist and be either 'token' (implicit flow) or 'code' (authorization flow)");
window.alert("'client_id' must exist as the uri identifying the client");
console.error("'client_id' must exist as the uri identifying the client");
clientParams.client_id = clientParams.client_uri = OAUTH3.url.normalize(window.document.referrer);
}
if (!clientParams.redirect_uri) {
@ -99,21 +85,36 @@ $(function () {
}
function getGrants(session) {
var clientObj = OAUTH3.query.parse(loc.hash || loc.search);
var clientLogo = OAUTH3.url.normalize(clientObj.client_uri) // optional relative logo ?
var clientLogo = OAUTH3.url.normalize(clientParams.client_uri) // optional relative logo ?
+ '/.well-known/oauth3/logo-128x128.png'
;
var callbackUrl;
// TODO put in directives.json or similar
var grantDescriptions = {
// deprecated
'oauth3_authn': "Basic secure authentication"
, 'auth@oauth3.org': "Basic secure authentication"
, 'wallet': "Access to payments and subscriptions"
, 'bucket': "Access to file storage"
, 'db': "Access to app data"
, 'domains': "Domain registration (and Glue and NS records)" // TODO make an alias
, 'domains@oauth3.org': "Domain registration (and Glue and NS records)" // TODO make an alias
, 'domains:glue': "Glue Record management (for vanity nameservers)"
, 'domains:ns': "Name Server management"
, 'dns': "DNS records (A/AAAA, TXT, SRV, MX, etc)"
// new
, 'hello@example.com': "Hello World Example Access"
, 'authn@oauth3.org': "Basic secure authentication"
, 'wallet@oauth3.org': "Access to payments and subscriptions"
, 'bucket@oauth3.org': "Access to file storage"
, 'db@oauth3.org': "Access to app data"
, 'domains@oauth3.org': "Domain registration (and Glue and NS records)" // TODO make an alias
, 'domains:glue@oauth3.org': "Glue Record management (for vanity nameservers)"
, 'domains:ns@oauth3.org': "Name Server management"
, 'dns@oauth3.org': "DNS records (A/AAAA, TXT, SRV, MX, etc)"
, 'www@daplie.com': "Websites and webapps"
, '*': "FULL ACCOUNT ACCESS"
};
@ -127,10 +128,10 @@ $(function () {
$('.js-client-logo').attr('src', clientLogo);
//$('.js-user-avatar').attr('src', userAvatar);
return OAUTH3.authz.scopes(CONFIG.host, session, clientObj).then(function (scopes) {
return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) {
if (!scopes.pending.length) {
// looks like we've done all of this before
OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientObj, scopes);
OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes);
return;
}
@ -138,10 +139,12 @@ $(function () {
// TODO secure iFrame from click-jacking by requiring input?
// ex: input.security-code[type="text"].val(Math.random()); input.js-verify-code[placeholder="Type what you see"]
if (OAUTH3._browser.isIframe()) {
callbackUrl = clientObj.redirect_uri + '#state=' + clientObj.state + '&error=access_denied&error_description='
+ encodeURIComponent("You're requesting permission in an iframe, but the permissions have not yet been granted")
+ '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED');
location.href = callbackUrl;
location.href = clientParams.redirect_uri +'#'+ OAUTH3.query.stringify({
state: clientParams.state
, error: 'access_denied'
, error_description: encodeURIComponent("You're requesting permission in an iframe, but the permissions have not yet been granted")
, error_uri: encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED')
});
return;
}
@ -165,8 +168,13 @@ $(function () {
$scope.find('.js-scope-desc').text(grantDescriptions[scope]);
}
else {
$scope.find('.js-scope-toggle').prop('checked', false);
$scope.find('.js-scope-toggle').prop('disabled', true);
//This disables the check/checkbox when we have an unrecognized grant.
//This is disabled for testing until we can discover grants automatically.
//TODO: Enable this when grants are discoverable
//TODO: Indicate to user that this is disabled, not just unchecked.
//$scope.find('.js-scope-toggle').prop('checked', false);
//$scope.find('.check').attr("src", "./img/unpressed-check.png");
//$scope.find('.js-scope-toggle').prop('disabled', true);
$scope.find('.js-scope-desc').text(scope);
}
@ -174,9 +182,6 @@ $(function () {
});
$('.js-authz').show().addClass('in');
}, function (err) {
window.alert('grantResults: ' + err.message);
console.error('scope results', err);
});
}
@ -212,19 +217,6 @@ $(function () {
// TODO loading
email = $('.js-oauth3-email').val();
return OAUTH3.authn.loginMeta(CONFIG.directives, {email: email, mock: true}).then(function (userResults) {
if (!userResults.data.error) {
console.log('User exists:', userResults);
}
if (userResults.data.error) {
$('.js-authn-show').removeAttr('disabled');
console.warn('User does not exist:', email);
console.warn('User Results:', userResults);
//window.alert('userResults: ' + userResults.data.error_description || userResults.data.error.message);
//return;
}
return OAUTH3.authn.otp(CONFIG.directives, {email: email, mock: true}).then(function (otpResults) {
if (otpResults.data.error) {
@ -240,28 +232,12 @@ $(function () {
$('.js-user-email').text(email);
});
});
};
util.rememberDevice = function (ev) {
ev.preventDefault();
ev.stopPropagation();
util.submitLoginCode({
rememberDevice: true
});
};
util.rememberDeviceNot = function (ev) {
ev.preventDefault();
ev.stopPropagation();
util.submitLoginCode({
rememberDevice: false
});
};
// Reference Implementation
util.submitLoginCode = function (opts) {
util.submitLoginCode = function (ev) {
ev.preventDefault();
ev.stopPropagation();
// TODO
// perhaps we should check that the code is valid before continuing to login (so that we don't send the key)
@ -269,7 +245,6 @@ $(function () {
// TODO
// we should be sending the public key for this device as a jwk along with the authentication
// (and how long to remember this device)
var uuid = $('.js-authn-otp-uuid').val();
var code = $('.js-authn-otp-code').val().trim();
return OAUTH3.authn.resourceOwnerPassword(CONFIG.directives, {
@ -283,13 +258,10 @@ $(function () {
// TODO should be otp_id (agnostic of uuid)
, otp_uuid: uuid
// add expiration to the refresh token and/or public key
, expire: opts.rememberDevice || (1 * 60 * 60 * 1000)
, remember_device: $('.js-remember-label').find('.js-remember-checkbox').prop('checked')
, mock: true
}).then(function (session) {
$('.js-authn').removeClass('in').hide();
function getAccount(session) {
if (session.token.sub) {
return OAUTH3.PromiseA.resolve(session);
}
@ -306,13 +278,15 @@ $(function () {
, refresh_token: (results.refresh_token || results.refreshToken)
});
});
}
return getAccount(session).then(function () {
return getGrants(session);
}).then(function (session) {
return getGrants(session).catch(function (err) {
window.alert('grantResults: ' + err.message);
console.error('scope results', err);
});
}, function (error) {
console.error(error);
$('.error-msg').text('Incorrect code');
});
};
util.acceptScopesAndLogin = function (ev) {
ev.preventDefault();
@ -329,8 +303,6 @@ $(function () {
});
getSession(CONFIG.host).then(function (session) {
var clientParams = OAUTH3.query.parse(loc.hash || loc.search);
return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) {
scopes.new = acceptedScopes;
return OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes);
@ -344,21 +316,17 @@ $(function () {
ev.preventDefault();
ev.stopPropagation();
var loginWinObj = OAUTH3.query.parse(loc.hash || loc.search);
var denyObj = {
error: 'access_denied'
, error_description: 'The user has denied access.'
, error_uri: 'https://' + CONFIG.host + '/.well-known/oauth3/errors.html#/?error=access_denied'
, state: loginWinObj.state
, scope: loginWinObj.scope
, state: clientParams.state
, scope: clientParams.scope
};
window.location = loginWinObj.redirect_uri + '#' + OAUTH3.query.stringify(denyObj);
window.location = clientParams.redirect_uri + '#' + OAUTH3.query.stringify(denyObj);
};
util.handleLogout = function () {
var clientParams = OAUTH3.query.parse(loc.hash || loc.search);
localStorage.clear();
clientParams.redirect_uri += '?' + OAUTH3.query.stringify({
@ -371,21 +339,21 @@ $(function () {
util.editEmail = function () {
$('.js-authn').hide();
$('.js-userid-container').show();
debugger;
};
//
// Page Setup
//
$('.js-authorization-dialog').hide();
$('.js-logout-container').hide();
$('.js-userid-container').hide();
$('.js-authn').hide();
$('.js-authz').hide();
$('body').on('click', '.js-logout', util.handleLogout);
$('body').on('click', '.js-authn-show', util.submitAuthEmail);
$('body').on('click', '.js-authz-remember-me', util.rememberDevice);
$('body').on('click', '.js-authz-remember-me-not', util.rememberDeviceNot);
$('body').on('click', '.js-submit-code-btn', util.submitLoginCode);
$('body').on('click', '.js-login-allow', util.acceptScopesAndLogin);
$('body').on('click', '.js-login-deny', util.closeLoginDeny);
$('body').on('click', '.js-edit-email-button', util.editEmail);
@ -394,40 +362,33 @@ $(function () {
function handleAuthorizationDialog() {
return getSession(CONFIG.host).then(function (session) {
return getGrants(session);
}, function (e) {
var clientObj = OAUTH3.query.parse(loc.hash || loc.search);
}).catch(function () {
// TODO select the providers the client wants to show
// providers=daplie.com,facebook.com,google.com // etc
// TODO let the client specify switch_user
// TODO let the client specify relogin if stale
if (OAUTH3._browser.isIframe()) {
var callbackUrl = clientObj.redirect_uri + '#state=' + clientObj.state + '&error=access_denied&error_description='
+ encodeURIComponent("You're requesting permission in an iframe, but the user is not yet authenticated")
+ '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED');
location.href = callbackUrl;
location.href = clientParams.redirect_uri +'#'+ OAUTH3.query.stringify({
state: clientParams.state
, error: 'access_denied'
, error_description: encodeURIComponent("You're requesting permission in an iframe, but the user is not yet authenticated")
, error_uri: encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED')
});
}
if (clientParams.subject) {
$('.js-oauth3-email').val(clientParams.subject);
$('.js-authn-show').prop('disabled', false);
}
$('.js-userid-container').show();
}).then(function () {
//$('body').addClass('in');
});
}
// Session initialization
return OAUTH3.discover(
OAUTH3.clientUri(window.location)
, { client_uri: OAUTH3.clientUri(window.location) }
).then(function (directives) {
return OAUTH3.discover(CONFIG.host, { client_uri: CONFIG.host }).then(function (directives) {
// TODO cache directives in memory (and storage)
CONFIG.directives = directives;
directives.issuer = directives.issuer || (window.location.host + window.location.pathname).replace(/\/$/, '');
$('.js-authorization-dialog').hide();
$('.js-logout-container').hide();
if (/authorization_dialog/.test(window.location.href)) {
$('.js-authorization-dialog').show();
handleAuthorizationDialog();
@ -436,8 +397,13 @@ $(function () {
$('.js-logout-container').show();
}
$('body').addClass('in');
if (document.location.hash.slice(1) || document.location.search) {
console.log('[DEBUG] search:', document.location.search);
console.log('[DEBUG] hash:', document.location.search);
$('.mock-main').addClass('in');
} else {
console.log('[DEBUG] not an auth window');
$('.mock-bare').addClass('in');
}
});
});

75
js/script.js
View File

@ -47,50 +47,59 @@ $('body').on('click', '.js-remember-label', function (ev) {
$('body').on('click', '.check', function () {
'use strict';
var $img = $(this);
if($img.attr("src") === "./img/pressed-check.png") {
$img.attr("src", "./img/unpressed-check.png");
$img.removeClass("is-checked");
} else if($img.attr("src") === "./img/unpressed-check.png") {
$img.attr("src", "./img/pressed-check.png");
$img.addClass("is-checked");
}
});
$('body').on('click', '.js-auth-li-enabled', function (ev) {
'use strict';
ev.preventDefault();
ev.stopPropagation();
var $this = $(this);
if ($this.find('.js-auth-checkbox').is(':checked') === true) {
$this.find('.js-auth-checkbox').prop( "checked", false );
var $hiddenCheckbox = $this.find('.js-auth-checkbox');
var $img = $this.find('.check');
var newStatus = $hiddenCheckbox.prop('checked') ? "unchecked" : "checked";
if(newStatus === 'checked') {
$img.attr('src', './img/pressed-check.png');
$img.addClass("is-checked");
$hiddenCheckbox.prop( "checked", true );
} else {
$this.find('.js-auth-checkbox').prop( "checked", true );
$img.attr("src", "./img/unpressed-check.png");
$img.removeClass("is-checked");
$hiddenCheckbox.prop( "checked", false );
}
});
// $('body').on('keyup keypress', '.js-authn-otp-code', function (e) {
// 'use strict';
// var keyCode = e.keyCode || e.which;
// var regex = new RegExp('^[0-9 \-]+$');
// var key = String.fromCharCode(!e.charCode ? e.which : e.charCode);
// var oauthCode = $(this).val().split('-').join('').replace(/\s/g, '');
//
// if (!regex.test(key)) {
// event.preventDefault();
// return false;
// }
//
// if (oauthCode.length > 0) {
// oauthCode = oauthCode.match(new RegExp('.{1,4}', 'g')).join("-");
// }
//
// $(this).val(oauthCode);
//
// if($(this).val().length === $(this).attr("maxlength")){
// $('.submit-btn').prop("disabled", false);
// }
// });
$('body').on('keyup keypress', '.js-authn-otp-code', function (e) {
'use strict';
// var keyCode = e.keyCode || e.which;
// var regex = new RegExp('^[0-9 \-]+$');
// var key = String.fromCharCode(!e.charCode ? e.which : e.charCode);
// var oauthCode = $(this).val().split('-').join('').replace(/\s/g, '');
//
// if (!regex.test(key)) {
// event.preventDefault();
// return false;
// }
//
// if (oauthCode.length > 0) {
// oauthCode = oauthCode.match(new RegExp('.{1,4}', 'g')).join("-");
// }
//
// $(this).val(oauthCode);
//
// if($(this).val().length === $(this).attr("maxlength")){
// $('.submit-btn').prop("disabled", false);
// }
if ($(this).val().length === 14) {
$('.submit-btn').prop('disabled', false);
} else {
$('.error-msg').empty();
$('.submit-btn').prop('disabled', true);
}
});
$('.js-authn-otp-code').mask('####-####-####');